From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mst@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 5135058EF
 for <dev@dpdk.org>; Tue, 29 Sep 2015 22:54:58 +0200 (CEST)
Received: from int-mx13.intmail.prod.int.phx2.redhat.com
 (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26])
 by mx1.redhat.com (Postfix) with ESMTPS id 2EA938E3E9;
 Tue, 29 Sep 2015 20:54:57 +0000 (UTC)
Received: from redhat.com (ovpn-116-28.ams2.redhat.com [10.36.116.28])
 by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id
 t8TKsseQ009744; Tue, 29 Sep 2015 16:54:55 -0400
Date: Tue, 29 Sep 2015 23:54:54 +0300
From: "Michael S. Tsirkin" <mst@redhat.com>
To: Vlad Zolotarov <vladz@cloudius-systems.com>
Message-ID: <20150929235122-mutt-send-email-mst@redhat.com>
References: <56079527.3000802@cloudius-systems.com>
 <20150927123914-mutt-send-email-mst@redhat.com>
 <560ABF25.9030300@cloudius-systems.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <560ABF25.9030300@cloudius-systems.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26
Cc: "dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to
 uio_pci_generic on Amazon instance
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Sep 2015 20:54:58 -0000

On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote:
> The security breach motivation u brought in "[RFC PATCH] uio:
> uio_pci_generic: Add support for MSI interrupts" thread seems a bit weak
> since one u let the userland access to the bar it may do any funny thing
> using the DMA engine of the device. This kind of stuff should be prevented
> using the iommu and if it's enabled then any funny tricks using MSI/MSI-X
> configuration will be prevented too.
> 
> I'm about to send the patch to main Linux mailing list. Let's continue this
> discussion there.
> 

Basically UIO shouldn't be used with devices capable of DMA.
Use VFIO for that (yes, this implies an emulated or PV IOMMU).
I don't think this can change.

> >
> >I think that DPDK should be fixed to not require uio_pci_generic
> >for VF devices (or any devices without INT#x).
> >
> >If DPDK requires a place-holder driver, the pci-stub driver should
> >do this adequately. See ./drivers/pci/pci-stub.c
> >