From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <stephen@networkplumber.org> Received: from mail-pa0-f48.google.com (mail-pa0-f48.google.com [209.85.220.48]) by dpdk.org (Postfix) with ESMTP id AFDD756B7 for <dev@dpdk.org>; Tue, 29 Sep 2015 23:46:07 +0200 (CEST) Received: by padhy16 with SMTP id hy16so17207952pad.1 for <dev@dpdk.org>; Tue, 29 Sep 2015 14:46:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=WKNFP5WQmig02uoGnpxhYVGidwy9+/CXnD20Bn7f9xY=; b=QACC/wGSx3xoQ4l8GdVuuEabD8rMH7abhGJqRWYbfpmJxDAUJdmm5+eyz9iTjUrw/e 5JKDTVXp47cAWtf3liPyJE+6bI+qBCXOL/ONocb+MiqfOkh/atoeA5XJzEs60ySCJ+5Z FDEBtUZYXh5DnGDP1Gvb9zU9W8eyRwxAsDicXAu0Y+vstXM189PHehk1f6wrRHpuRHlR CjxrWb3HxWThEXNEA9JN7/wzdxsGk431S2La3K0h5NLarswFVCKkyL/KbLECCsZYDhgT KYU+8d7ClqKrLYL124/OWT5kbcY9oyBu5WxdVJrQOzhzC3I2UPvvJajh2H+oOtOWpH7E t4tw== X-Gm-Message-State: ALoCoQlOaQp//xR1Mu3u9vIQJkaBR78wMzsafL+pnJ1GBAA0MTtftHn9S3tLbwratFzl6xpWN2sZ X-Received: by 10.68.57.175 with SMTP id j15mr352412pbq.34.1443563166940; Tue, 29 Sep 2015 14:46:06 -0700 (PDT) Received: from urahara (static-50-53-82-155.bvtn.or.frontiernet.net. [50.53.82.155]) by smtp.gmail.com with ESMTPSA id a17sm27385112pbu.55.2015.09.29.14.46.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Sep 2015 14:46:06 -0700 (PDT) Date: Tue, 29 Sep 2015 14:46:16 -0700 From: Stephen Hemminger <stephen@networkplumber.org> To: "Michael S. Tsirkin" <mst@redhat.com> Message-ID: <20150929144616.4e70b44c@urahara> In-Reply-To: <20150929235122-mutt-send-email-mst@redhat.com> References: <56079527.3000802@cloudius-systems.com> <20150927123914-mutt-send-email-mst@redhat.com> <560ABF25.9030300@cloudius-systems.com> <20150929235122-mutt-send-email-mst@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: "dev@dpdk.org" <dev@dpdk.org> Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK <dev.dpdk.org> List-Unsubscribe: <http://dpdk.org/ml/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://dpdk.org/ml/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <http://dpdk.org/ml/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> X-List-Received-Date: Tue, 29 Sep 2015 21:46:08 -0000 On Tue, 29 Sep 2015 23:54:54 +0300 "Michael S. Tsirkin" <mst@redhat.com> wrote: > On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote: > > The security breach motivation u brought in "[RFC PATCH] uio: > > uio_pci_generic: Add support for MSI interrupts" thread seems a bit weak > > since one u let the userland access to the bar it may do any funny thing > > using the DMA engine of the device. This kind of stuff should be prevented > > using the iommu and if it's enabled then any funny tricks using MSI/MSI-X > > configuration will be prevented too. > > > > I'm about to send the patch to main Linux mailing list. Let's continue this > > discussion there. > > > > Basically UIO shouldn't be used with devices capable of DMA. > Use VFIO for that (yes, this implies an emulated or PV IOMMU). > I don't think this can change. Given there is no PV IOMMU and even if there was it would be too slow for DPDK use, I can't accept that.