From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <yliu@fridaylinux.org>
Received: from new2-smtp.messagingengine.com (new2-smtp.messagingengine.com
 [66.111.4.224]) by dpdk.org (Postfix) with ESMTP id ECB0F1B2BA
 for <dev@dpdk.org>; Mon,  6 Nov 2017 14:36:41 +0100 (CET)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailnew.nyi.internal (Postfix) with ESMTP id 6AA7B111F;
 Mon,  6 Nov 2017 08:36:41 -0500 (EST)
Received: from frontend1 ([10.202.2.160])
 by compute1.internal (MEProxy); Mon, 06 Nov 2017 08:36:41 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fridaylinux.org;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=
 fm1; bh=JLRuYrOuHbgT0Y/2QrjOpbXgiNdPjKsrctxBhG+6dX0=; b=HK7jGBZD
 71EGINwc2Ym7EPQGVDxmO495odPPpN0tyGtKTvZpm958ZF97YcJPKfsv9+6ZoXhQ
 2jYCkTnS3uoxfN4Idv8A98GZimaErVotGJspdMXSRKD0eyrPaAhXf2C3JziszzlY
 fzhd88ne2KkWuHTOF9in+d0RZwPLikJLIv/GkRsZCtCAI5O9UqXi8p6TZdBADL/u
 ruLEDPOBn19U2PY/yfP+Gm6jemH9qhyz4wRVhmvMiqVZfNu+nJwgeBXUX9frLsLl
 3zWXBKOQefRd0zeB1hwDkJh8maJ+9evRvkvtibl94B5NloFMmdl1ar0L9DVWP2mZ
 b0SbgL3nquNa/w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc; s=fm1; bh=JLRuYrOuHbgT0Y/2QrjOpbXgiNdPj
 KsrctxBhG+6dX0=; b=n3uyneb+eiEke77XdBFiqwE/n2XzsG7u1cHl48DqtYGEg
 5Wj9+rrq8hyA41WLS6WP2B6UyMgMtFU3mKv3PtQn7qdp627yVx+cA1Lwbz1mgZ35
 zvMv+k5Yqt2ON/8uRi3MEiRPnVoCdg6mSzBG0JBk25euV+ZbJrFQqedDvvXOUfSU
 UlzJE2TEMee8E0ULaARTpBXyowZH0m6u4Qm6XKqOC0lbYE1aLqSM9foQZ+52msfI
 e+AfMxmy5ohvDL4P02PoxTYjHhBmuWofCLH0TJBD/1STndJxfQ4/e/++NKwQ8NkF
 ISYGyMuJB+1iz7ViJm1F/2jV0G2YoRI1rvwNy1OQg==
X-ME-Sender: <xms:aWUAWt05yBDrcwtoduf99XAUj0HRGCwKlAN0lBRqRK6YU8PlNm4O1w>
Received: from yliu-home (unknown [222.64.173.197])
 by mail.messagingengine.com (Postfix) with ESMTPA id CBA3B7F8F6;
 Mon,  6 Nov 2017 08:36:39 -0500 (EST)
Date: Mon, 6 Nov 2017 21:36:31 +0800
From: Yuanhan Liu <yliu@fridaylinux.org>
To: Maxime Coquelin <maxime.coquelin@redhat.com>
Cc: Thomas Monjalon <thomas@monjalon.net>,
 "Kavanagh, Mark B" <mark.b.kavanagh@intel.com>,
 "dev@dpdk.org" <dev@dpdk.org>, "Horton, Remy" <remy.horton@intel.com>,
 "Bie, Tiwei" <tiwei.bie@intel.com>, "mst@redhat.com" <mst@redhat.com>,
 "jfreiman@redhat.com" <jfreiman@redhat.com>,
 "vkaplans@redhat.com" <vkaplans@redhat.com>,
 "jasowang@redhat.com" <jasowang@redhat.com>,
 "Mcnamara, John" <john.mcnamara@intel.com>,
 "Loftus, Ciara" <ciara.loftus@intel.com>,
 "Stokes, Ian" <ian.stokes@intel.com>
Message-ID: <20171106133631.GH12931@yliu-home>
References: <20171005083627.27828-1-maxime.coquelin@redhat.com>
 <20171005083627.27828-2-maxime.coquelin@redhat.com>
 <DC5AD7FA266D86499789B1BCAEC715F8D3A3F76F@irsmsx105.ger.corp.intel.com>
 <c38aaef2-af71-ea03-fd65-27b08f999e00@redhat.com>
 <20171103130510.GB12931@yliu-home>
 <a3f851f8-f8d6-0302-12b3-79731ac60bfe@redhat.com>
 <20171106120043.GE12931@yliu-home>
 <da0c371e-f734-d1b1-034b-12c131ab1edb@redhat.com>
 <20171106122457.GG12931@yliu-home>
 <d79764f2-cd0b-c2fa-02d9-66ea62345295@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <d79764f2-cd0b-c2fa-02d9-66ea62345295@redhat.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Subject: Re: [dpdk-dev] [PATCH v3 01/19] Revert "vhost: workaround MQ fails
 to startup"
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Nov 2017 13:36:42 -0000

On Mon, Nov 06, 2017 at 01:50:35PM +0100, Maxime Coquelin wrote:
> 
> 
> On 11/06/2017 01:24 PM, Yuanhan Liu wrote:
> >On Mon, Nov 06, 2017 at 01:07:15PM +0100, Maxime Coquelin wrote:
> >>
> >>
> >>On 11/06/2017 01:00 PM, Yuanhan Liu wrote:
> >>>On Fri, Nov 03, 2017 at 03:28:36PM +0100, Maxime Coquelin wrote:
> >>>>
> >>>>
> >>>>On 11/03/2017 02:05 PM, Yuanhan Liu wrote:
> >>>>>On Thu, Nov 02, 2017 at 10:40:26AM +0100, Maxime Coquelin wrote:
> >>>>>>>Moving from QEMU v2.7.0 to v2.10.0 resolves the issue. However, herein lies the issue: QEMU v2.10.0 was only released in August of this year; anecdotally, we know that many OvS-DPDK customers use older versions of QEMU (typically, v2.7.0), and are likely un[able|willing] to move. With this patch, a hard dependency on QEMU v2.10 is created for users who want to use the vHU multiq feature in DPDK v17.11 (and subsequently, the upcoming OvS v2.9.0), which IMO will likely be unacceptable for many.
> >>>>>>
> >>>>>>Do you mean that upstream Qemu v2.7.0 is used in production?
> >>>>>>I would expect the customers to use a distro Qemu which should contain
> >>>>>>relevant fixes, or follow upstream's stable branches.
> >>>>>>
> >>>>>>FYI, Qemu v2.9.1 contains a backport of the fix.
> >>>>>>
> >>>>>>>One potential solution to this problem is to introduce a compile-time option that would allow the user to [dis|en]able the VHOST_USER_PROTOCOL_F_REPLY_ACK feature - is that something that would be acceptable to you Maxime?
> >>>>>>
> >>>>>>Yes, that's one option, but:
> >>>>>>1. VHOST_USER_PROTOCOL_F_REPLY_ACK enabled should be the default
> >>>>>>2. VHOST_USER_PROTOCOL_F_REPLY_ACK disabled will be less extensively
> >>>>>>tested.
> >>>>>>
> >>>>>>Yuanhan, what do you think?
> >>>>>
> >>>>>My suggestion is to still disable it by default. Qemu 2.7 - 2.9 (inclusive)
> >>>>>is a pretty big range, that I think quite many people would hit this issue
> >>>>Ok, then what about adding a new flag to rte_vhost_driver_register(), as
> >>>>done for tx zero copy to enable IOMMU feature?
> >>>>If flag is unset, then we mask out both IOMMU virtio feature flag and
> >>>>REPLY_ACK protocol feature flag.
> >>>>
> >>>>For a while this flag will be unset by default, not to break these
> >>>>deprecated and unmaintained Qemu versions. But I think at some point
> >>>>we should make it enabled by default, as it would be sad not to benefit
> >>>>from this security feature.
> >>>
> >>>This sounds good to me.
> >>
> >>Actually, I have posted a different patch, so that we don't have API
> >>change for this. Upstream OVS can disable IOMMU feature, which will in
> >>turn disable REPLY-ACK protocol feature if they want to.
> >
> >Sorry I missed that. So the REPLY-ACK will still be enabled by default and
> >you leave the choice to the users to disable it, explicitly? This doesn't
> >sound the best to me. We now know that it breaks OVS, but other users may
> >hit the same issue again without any awareness.
> >
> >Also, I know this feature brings good benefits on security. But IIRC, you
> >mentioned that it became barely un-usable with Linux kernel virtio-net
> >driver.
> >
> > From the two points, I think let's make it be disable by default now?
> 
> What concerns me is that hasn't been replied yet is when will we consider
> Qemu 2.7.0-Qemu v2.9.0 (Qemu v2.9.1 being fixed) old enough
> to enable it by default? Knowing that Qemu 2.7.x/2.8.x are already
> end of life uptream.

I can't tell. But there are probably something we could do. For example, we
could introduce a vhost pmd option, to enable the IOMMU feature. If the user
concerns about the security, he could use such option. By default, let's still
disable it. Meanwhile, OVS may could also add such an option.

	--yliu