From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id E57428D36 for ; Wed, 30 Sep 2015 19:39:47 +0200 (CEST) Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (Postfix) with ESMTPS id 08B8E8E69C; Wed, 30 Sep 2015 17:39:47 +0000 (UTC) Received: from redhat.com (ovpn-116-83.ams2.redhat.com [10.36.116.83]) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with SMTP id t8UHdhn1029518; Wed, 30 Sep 2015 13:39:44 -0400 Date: Wed, 30 Sep 2015 20:39:43 +0300 From: "Michael S. Tsirkin" To: Stephen Hemminger Message-ID: <20150930203712-mutt-send-email-mst@redhat.com> References: <56079527.3000802@cloudius-systems.com> <20150927123914-mutt-send-email-mst@redhat.com> <560ABF25.9030300@cloudius-systems.com> <20150929235122-mutt-send-email-mst@redhat.com> <20150929144616.4e70b44c@urahara> <20150930004714-mutt-send-email-mst@redhat.com> <560BBB62.3050502@cloudius-systems.com> <20150930102807.6e681bca@urahara> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150930102807.6e681bca@urahara> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24 Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Sep 2015 17:39:48 -0000 On Wed, Sep 30, 2015 at 10:28:07AM -0700, Stephen Hemminger wrote: > On Wed, 30 Sep 2015 13:37:22 +0300 > Vlad Zolotarov wrote: > > > > > > > On 09/30/15 00:49, Michael S. Tsirkin wrote: > > > On Tue, Sep 29, 2015 at 02:46:16PM -0700, Stephen Hemminger wrote: > > >> On Tue, 29 Sep 2015 23:54:54 +0300 > > >> "Michael S. Tsirkin" wrote: > > >> > > >>> On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote: > > >>>> The security breach motivation u brought in "[RFC PATCH] uio: > > >>>> uio_pci_generic: Add support for MSI interrupts" thread seems a bit weak > > >>>> since one u let the userland access to the bar it may do any funny thing > > >>>> using the DMA engine of the device. This kind of stuff should be prevented > > >>>> using the iommu and if it's enabled then any funny tricks using MSI/MSI-X > > >>>> configuration will be prevented too. > > >>>> > > >>>> I'm about to send the patch to main Linux mailing list. Let's continue this > > >>>> discussion there. > > >>>> > > >>> Basically UIO shouldn't be used with devices capable of DMA. > > >>> Use VFIO for that (yes, this implies an emulated or PV IOMMU). > > > > If there is an IOMMU in the picture there shouldn't be any problem to > > use UIO with DMA capable devices. > > > > >>> I don't think this can change. > > >> Given there is no PV IOMMU and even if there was it would be too slow for DPDK > > >> use, I can't accept that. > > > QEMU does allow emulating an iommu. > > > > Amazon's EC2 xen HV doesn't. At least today. Therefore VFIO is not an > > option there. And again, it's a general issue not DPDK specific. > > Today one has to develop some proprietary modules (like igb_uio) to > > workaround the issue and this is lame. IMHO uio_pci_generic should > > be fixed to be able to properly work within any virtualized environment > > and not only with KVM. > > > > Also VMware (bigger problem) has no IOMMU emulation. > Other environments as well (Windriver, GCE) have noe IOMMU. Because the use-case of userspace drivers is not important enough? Without an IOMMU, there's no way to have secure userspace drivers. -- MST