From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stephen@networkplumber.org>
Received: from mail-pa0-f48.google.com (mail-pa0-f48.google.com
 [209.85.220.48]) by dpdk.org (Postfix) with ESMTP id AFDD756B7
 for <dev@dpdk.org>; Tue, 29 Sep 2015 23:46:07 +0200 (CEST)
Received: by padhy16 with SMTP id hy16so17207952pad.1
 for <dev@dpdk.org>; Tue, 29 Sep 2015 14:46:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to
 :references:mime-version:content-type:content-transfer-encoding;
 bh=WKNFP5WQmig02uoGnpxhYVGidwy9+/CXnD20Bn7f9xY=;
 b=QACC/wGSx3xoQ4l8GdVuuEabD8rMH7abhGJqRWYbfpmJxDAUJdmm5+eyz9iTjUrw/e
 5JKDTVXp47cAWtf3liPyJE+6bI+qBCXOL/ONocb+MiqfOkh/atoeA5XJzEs60ySCJ+5Z
 FDEBtUZYXh5DnGDP1Gvb9zU9W8eyRwxAsDicXAu0Y+vstXM189PHehk1f6wrRHpuRHlR
 CjxrWb3HxWThEXNEA9JN7/wzdxsGk431S2La3K0h5NLarswFVCKkyL/KbLECCsZYDhgT
 KYU+8d7ClqKrLYL124/OWT5kbcY9oyBu5WxdVJrQOzhzC3I2UPvvJajh2H+oOtOWpH7E
 t4tw==
X-Gm-Message-State: ALoCoQlOaQp//xR1Mu3u9vIQJkaBR78wMzsafL+pnJ1GBAA0MTtftHn9S3tLbwratFzl6xpWN2sZ
X-Received: by 10.68.57.175 with SMTP id j15mr352412pbq.34.1443563166940;
 Tue, 29 Sep 2015 14:46:06 -0700 (PDT)
Received: from urahara (static-50-53-82-155.bvtn.or.frontiernet.net.
 [50.53.82.155])
 by smtp.gmail.com with ESMTPSA id a17sm27385112pbu.55.2015.09.29.14.46.06
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 29 Sep 2015 14:46:06 -0700 (PDT)
Date: Tue, 29 Sep 2015 14:46:16 -0700
From: Stephen Hemminger <stephen@networkplumber.org>
To: "Michael S. Tsirkin" <mst@redhat.com>
Message-ID: <20150929144616.4e70b44c@urahara>
In-Reply-To: <20150929235122-mutt-send-email-mst@redhat.com>
References: <56079527.3000802@cloudius-systems.com>
 <20150927123914-mutt-send-email-mst@redhat.com>
 <560ABF25.9030300@cloudius-systems.com>
 <20150929235122-mutt-send-email-mst@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to
 uio_pci_generic on Amazon instance
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 21:46:08 -0000

On Tue, 29 Sep 2015 23:54:54 +0300
"Michael S. Tsirkin" <mst@redhat.com> wrote:

> On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote:
> > The security breach motivation u brought in "[RFC PATCH] uio:
> > uio_pci_generic: Add support for MSI interrupts" thread seems a bit weak
> > since one u let the userland access to the bar it may do any funny thing
> > using the DMA engine of the device. This kind of stuff should be prevented
> > using the iommu and if it's enabled then any funny tricks using MSI/MSI-X
> > configuration will be prevented too.
> > 
> > I'm about to send the patch to main Linux mailing list. Let's continue this
> > discussion there.
> >   
> 
> Basically UIO shouldn't be used with devices capable of DMA.
> Use VFIO for that (yes, this implies an emulated or PV IOMMU).
> I don't think this can change.

Given there is no PV IOMMU and even if there was it would be too slow for DPDK
use, I can't accept that.