[dpdk-dev] Running DPDK as an unprivileged user

Walker, Benjamin benjamin.walker at intel.com
Wed Jan 4 22:35:44 CET 2017


On Wed, 2017-01-04 at 11:11 +0100, Thomas Monjalon wrote:
> 2017-01-03 22:50, Walker, Benjamin:
> > 1) Physical addresses cannot be exposed to unprivileged users due to
> > security
> > concerns (the fallout of rowhammer). Therefore, systems without an IOMMU can
> > only support privileged users. I think this is probably fine.
> > 2) The IOCTL from vfio to pin the memory is tied to specifying the DMA
> > address
> > and programming the IOMMU. This is unfortunate - systems without an IOMMU
> > still
> > want to do the pinning, but they need to be given the physical address
> > instead
> > of specifying a DMA address.
> > 3) Not all device types, particularly in virtualization environments,
> > support
> > vfio today. These devices have no way to explicitly pin memory.
> 
> In VM we can use VFIO-noiommu. Is it helping for mapping?

There does not appear to be a vfio IOCTL that pins memory without also
programming the IOMMU, so vfio-noiommu is broken in the same way that uio is for
drivers that require physical memory.


More information about the dev mailing list