From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com [209.85.220.52]) by dpdk.org (Postfix) with ESMTP id 51BC73787 for ; Wed, 30 Sep 2015 19:27:58 +0200 (CEST) Received: by pacex6 with SMTP id ex6so46638665pac.0 for ; Wed, 30 Sep 2015 10:27:57 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=BFbE6Gt7+ir6steWV4m9+hwRU7gEWoZ4CzOXhOjXJCk=; b=fbxyPhervqU+l9fxVQUTpxsQhc3qPHiWL2WTNCPBeiahKOtv6zzClnaHdYiSMaHF9t 4iAN1PCuzQFETdxY3DBOwOTB3oJtjc3EbU9R+xsD6bxKVjpJ7dR7rHVP8k1LmeEhYZVv w5kZ+rconnRjERq7+Ybob91+5z9LOnoTFEs9TbUuYCzMlgDB6tJezuyT+FrHE8i+9zH/ P+aY2127VjdoiK3VREu9ZyEGScmZEU6kXbfOJowo0KZYxO2U+PncdylxgYRhWql7D+j+ fNdjcunTl+vkxDnjm8YKC+YC8YHNeO4pn097AUxiz5CeWZxKc7c1oPjDzYLJjIU9NNDe TULQ== X-Gm-Message-State: ALoCoQngxN11/YUf9jwqOdHzjszt4ODMDzZCjDG2PEr1OQ1C0tXr80rhWG2gH+hhly0ZA8MeBUBI X-Received: by 10.68.113.37 with SMTP id iv5mr6141326pbb.2.1443634077627; Wed, 30 Sep 2015 10:27:57 -0700 (PDT) Received: from urahara (static-50-53-82-155.bvtn.or.frontiernet.net. [50.53.82.155]) by smtp.gmail.com with ESMTPSA id l16sm1815471pbq.22.2015.09.30.10.27.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Sep 2015 10:27:57 -0700 (PDT) Date: Wed, 30 Sep 2015 10:28:07 -0700 From: Stephen Hemminger To: Vlad Zolotarov Message-ID: <20150930102807.6e681bca@urahara> In-Reply-To: <560BBB62.3050502@cloudius-systems.com> References: <56079527.3000802@cloudius-systems.com> <20150927123914-mutt-send-email-mst@redhat.com> <560ABF25.9030300@cloudius-systems.com> <20150929235122-mutt-send-email-mst@redhat.com> <20150929144616.4e70b44c@urahara> <20150930004714-mutt-send-email-mst@redhat.com> <560BBB62.3050502@cloudius-systems.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: "dev@dpdk.org" , "Michael S. Tsirkin" Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2015 17:27:58 -0000 On Wed, 30 Sep 2015 13:37:22 +0300 Vlad Zolotarov wrote: > > > On 09/30/15 00:49, Michael S. Tsirkin wrote: > > On Tue, Sep 29, 2015 at 02:46:16PM -0700, Stephen Hemminger wrote: > >> On Tue, 29 Sep 2015 23:54:54 +0300 > >> "Michael S. Tsirkin" wrote: > >> > >>> On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote: > >>>> The security breach motivation u brought in "[RFC PATCH] uio: > >>>> uio_pci_generic: Add support for MSI interrupts" thread seems a bit weak > >>>> since one u let the userland access to the bar it may do any funny thing > >>>> using the DMA engine of the device. This kind of stuff should be prevented > >>>> using the iommu and if it's enabled then any funny tricks using MSI/MSI-X > >>>> configuration will be prevented too. > >>>> > >>>> I'm about to send the patch to main Linux mailing list. Let's continue this > >>>> discussion there. > >>>> > >>> Basically UIO shouldn't be used with devices capable of DMA. > >>> Use VFIO for that (yes, this implies an emulated or PV IOMMU). > > If there is an IOMMU in the picture there shouldn't be any problem to > use UIO with DMA capable devices. > > >>> I don't think this can change. > >> Given there is no PV IOMMU and even if there was it would be too slow for DPDK > >> use, I can't accept that. > > QEMU does allow emulating an iommu. > > Amazon's EC2 xen HV doesn't. At least today. Therefore VFIO is not an > option there. And again, it's a general issue not DPDK specific. > Today one has to develop some proprietary modules (like igb_uio) to > workaround the issue and this is lame. IMHO uio_pci_generic should > be fixed to be able to properly work within any virtualized environment > and not only with KVM. > Also VMware (bigger problem) has no IOMMU emulation. Other environments as well (Windriver, GCE) have noe IOMMU.