lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 22 Jun 2017 10:59:35 -0600
From:   Alex Williamson <alex.williamson@...hat.com>
To:     Nitin Saxena <nitin.lnx@...il.com>
Cc:     linux-kernel@...r.kernel.org, qemu-devel <qemu-devel@...gnu.org>,
        Peter Xu <peterx@...hat.com>
Subject: Re: Query on VFIO in Virtual machine

[cc +qemu-devel, +peterx]

On Thu, 22 Jun 2017 22:18:06 +0530
Nitin Saxena <nitin.lnx@...il.com> wrote:

> Hi,
> 
> I have a PCI device connected as an endpoint to Intel host machine.
> The requirement is to run dpdk like user space data path application
> in VM using PCI PF passthrough (SRIOV disabled). This application
> works fine on host kernel and uses VFIO to get MSIX interrupts from
> PCI device. We are trying to run this existing application in VM using
> PCI passthrough. This application has capability to use
> VFIO_IOMMU_TYPE1 as wells as VFIO_NOIOMMU.
> 
> On Intel host machine VT-d has been enabled and using virt-manager PCI
> device PF is assigned to the VM. This makes virt-manager to implicitly
> binds PCI device PF to vfio with vfio_iommu_type1. The VM LINUX kernel
> was booted with intel_iommu=on as boot parameter.
> 
> My question: Is it possible that vfio can coexist in host (by
> virt-manager) as well as VM (by application)? If yes, does application
> running inside VM needs to configure VFIO with iommu_type=IOMMU or
> iommu_type=no-iommu.
> 
> In VM I tried inserting vfio_iommu_type1.ko kernel module which failed
> with "No such device error". Thats why I am confused whether my
> requirement is legitimate or not. What could be the best solution?

This is really more of a QEMU question.  In order to use
vfio_iommu_type1 in the guest, you need an iommu in the guest.  The
most recent release of QEMU supports this with an emulated VT-d
device.  Therefore if you create a VM with emulated VT-d and a device
assigned through vfio-pci, you can expose it to userspace in the VM with
physical iommu protection.  Without an iommu in the VM, you'd be
limited to no-iommu support for VM userspace, the physical iommu would
only protect the device to the extent of VM memory, no to specific
userspace mappings within the VM.  Thanks,

Alex

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ