From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg0-f44.google.com (mail-pg0-f44.google.com [74.125.83.44]) by dpdk.org (Postfix) with ESMTP id 4AA5337A6 for ; Fri, 30 Dec 2016 02:14:56 +0100 (CET) Received: by mail-pg0-f44.google.com with SMTP id y62so119675006pgy.1 for ; Thu, 29 Dec 2016 17:14:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pjH/mg6cK/47uZ1ltqodKWxfdmQwpAQQyblfv7r4MwY=; b=XHf8JLnziAZtoeHQynXC9Z0cwyLJRNEYSBY7yIIq7tVpaVJL6k1MWJIFDGwKjhll1l Sqw4Z+Y2iIyCsRh/0TpZkUWYFypQ2k9uFry4MblxJYnOMo1fe0CfbhlqyjSCrXDH3yW1 Ts9xWyDLPSrf2MbCMEXfh40v8BynEqk0IXbQ3UXFlZNy361XGtOpjiFScRjadl4h6hyh jCLKUzuSf/hYbqdTZ0EMUFpk63OOC0Uyd15BoybXoELlMD/J+/YM3XGC1a6hsV4T/Pmq cvaa23KXqV/YX9YfEOV9KWo2DQ58gAh+h8FunMmROLWr5x4TaZijfBkAockTPc/YTjYi ZrEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pjH/mg6cK/47uZ1ltqodKWxfdmQwpAQQyblfv7r4MwY=; b=qEqxn6ZpGJ/9K85XHR6+s0Lb61W8uXejkxlVqxxHAcEwCfxyVsj9dniOSb067fQts8 rUI32j2Mo4XwdxmUqdW/hKgh42ZGfIHea5qQoJSVcvzk8LFIerzxqQuKLErtyKbQjBli 0ud1NxgOAmQWqMa2X8qaShQLKtj4JEeghLg4MeuWO+HYTnx6DsB52YjMcJsX9mweVGLS oZCSWoroksoOLE1QnL2fva7bu52H3CY4vYoe5xbTrOVL3v/w8R3yG2MnDSGusnAMg6wa 5KW0x/utnJDBP9d4wnUJlL/gTnuYC6lZlnH0jC+2a3huHInF/QIccMWw1X7MShbwMLHj LuQA== X-Gm-Message-State: AIkVDXKrt0sR+Ch3KATrP2GBeSLHkbM+qm1utEJlds5ldBdohK4i8dDuQROSkErWzQ2RvQ== X-Received: by 10.99.56.17 with SMTP id f17mr77354454pga.72.1483060495479; Thu, 29 Dec 2016 17:14:55 -0800 (PST) Received: from xeon-e3 (204-195-18-65.wavecable.com. [204.195.18.65]) by smtp.gmail.com with ESMTPSA id n17sm107525720pfg.80.2016.12.29.17.14.54 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 29 Dec 2016 17:14:55 -0800 (PST) Date: Thu, 29 Dec 2016 17:14:53 -0800 From: Stephen Hemminger To: "Walker, Benjamin" Cc: "dev@dpdk.org" Message-ID: <20161229171453.57a4326a@xeon-e3> In-Reply-To: <1483044080.11975.1.camel@intel.com> References: <1483044080.11975.1.camel@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] Running DPDK as an unprivileged user X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2016 01:14:56 -0000 On Thu, 29 Dec 2016 20:41:21 +0000 "Walker, Benjamin" wrote: > The first open question I have is whether DPDK should allow > uio at all on recent (4.x) kernels. My current understanding > is that there is no way to pin memory and hugepages can now > be moved around, so uio would be unsafe. What does the > community think here? DMA access without IOMMU (ie UIO) is not safe from a security point of view. A malicious app could program device (like Ethernet NIC) to change its current privledge level in kernel memory. Therefore ignore UIO as an option if you want to allow unprivileged access. But there are many many systems without working IOMMU. Not just broken motherboards, but virtualization environments (Xen, Hyper-V, and KVM until very recently) where IOMMU is no going to work. In these environments, DPDK is still useful where the security risks are known. If kernel broke pinning of hugepages, then it is an upstream kernel bug. > > My second question is whether the user should be allowed to > mix uio and vfio usage simultaneously. For vfio, the > physical addresses are really DMA addresses and are best > when arbitrarily chosen to appear sequential relative to > their virtual addresses. For uio, they are physical > addresses and are not chosen at all. It seems that these two > things are in conflict and that it will be difficult, ugly, > and maybe impossible to resolve the simultaneous use of > both. Unless application is running as privileged user (ie root), UIO is not going to work. Therefore don't worry about mixed environment.