| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2203508.9fHWaBTJ5E@xps>
Date: Tue, 11 Feb 2020 14:57:44 +0100
From: Thomas Monjalon <thomas@...jalon.net>
To: Alex Williamson <alex.williamson@...hat.com>
Cc: dev@...k.org, kvm@...r.kernel.org, linux-pci@...r.kernel.org,
linux-kernel@...r.kernel.org, dev@...k.org, mtosatti@...hat.com,
Luca Boccassi <bluca@...ian.org>,
"Richardson, Bruce" <bruce.richardson@...el.com>,
cohuck@...hat.com, Vamsi Attunuru <vattunuru@...vell.com>,
Jerin Jacob <jerinjacobk@...il.com>
Subject: Re: [dpdk-dev] [RFC PATCH 0/7] vfio/pci: SR-IOV support
11/02/2020 12:18, Jerin Jacob:
> On Wed, Feb 5, 2020 at 4:35 AM Alex Williamson wrote:
> >
> > There seems to be an ongoing desire to use userspace, vfio-based
> > drivers for both SR-IOV PF and VF devices. The fundamental issue
> > with this concept is that the VF is not fully independent of the PF
> > driver. Minimally the PF driver might be able to deny service to the
> > VF, VF data paths might be dependent on the state of the PF device,
> > or the PF my have some degree of ability to inspect or manipulate the
> > VF data. It therefore would seem irresponsible to unleash VFs onto
> > the system, managed by a user owned PF.
> >
> > We address this in a few ways in this series. First, we can use a bus
> > notifier and the driver_override facility to make sure VFs are bound
> > to the vfio-pci driver by default. This should eliminate the chance
> > that a VF is accidentally bound and used by host drivers. We don't
> > however remove the ability for a host admin to change this override.
> >
> > The next issue we need to address is how we let userspace drivers
> > opt-in to this participation with the PF driver. We do not want an
> > admin to be able to unwittingly assign one of these VFs to a tenant
> > that isn't working in collaboration with the PF driver. We could use
> > IOMMU grouping, but this seems to push too far towards tightly coupled
> > PF and VF drivers. This series introduces a "VF token", implemented
> > as a UUID, as a shared secret between PF and VF drivers. The token
> > needs to be set by the PF driver and used as part of the device
> > matching by the VF driver. Provisions in the code also account for
> > restarting the PF driver with active VF drivers, requiring the PF to
> > use the current token to re-gain access to the PF.
>
> Thanks Alex for the series. DPDK realizes this use-case through, an out of
> tree igb_uio module, for non VFIO devices. Supporting this use case, with
> VFIO, will be a great enhancement for DPDK as we are planning to
> get rid of out of tree modules any focus only on userspace aspects.
[..]
> Regarding the use case where PF bound to DPDK/VFIO and
> VF bound to DPDK/VFIO are _two different_ processes then sharing the UUID
> will be a little tricky thing in terms of usage. But if that is the
> purpose of bringing UUID to the equation then it fine.
>
> Overall this series looks good to me. We can test the next non-RFC
> series and give
> Tested-by by after testing with DPDK.
[..]
> > Please comment. In particular, does this approach meet the DPDK needs
> > for userspace PF and VF drivers, with the hopefully minor hurdle of
> > sharing a token between drivers. The token is of course left to
> > userspace how to manage, and might be static (and not very secret) for
> > a given set of drivers. Thanks,
Thanks Alex, it looks to be a great improvement.
In the meantime, DPDK is going to move igb_uio (an out-of-tree
Linux kernel module) from the main DPDK repository to a side-repo.
This move and this patchset will hopefully encourage using VFIO.
As Jerin said, DPDK prefers relying on upstream Linux modules.
Powered by blists - more mailing lists