[dpdk-dev] [PATCH v3 01/19] Revert "vhost: workaround MQ fails to startup"
    Yuanhan Liu 
    yliu at fridaylinux.org
       
    Mon Nov  6 14:36:31 CET 2017
    
    
  
On Mon, Nov 06, 2017 at 01:50:35PM +0100, Maxime Coquelin wrote:
> 
> 
> On 11/06/2017 01:24 PM, Yuanhan Liu wrote:
> >On Mon, Nov 06, 2017 at 01:07:15PM +0100, Maxime Coquelin wrote:
> >>
> >>
> >>On 11/06/2017 01:00 PM, Yuanhan Liu wrote:
> >>>On Fri, Nov 03, 2017 at 03:28:36PM +0100, Maxime Coquelin wrote:
> >>>>
> >>>>
> >>>>On 11/03/2017 02:05 PM, Yuanhan Liu wrote:
> >>>>>On Thu, Nov 02, 2017 at 10:40:26AM +0100, Maxime Coquelin wrote:
> >>>>>>>Moving from QEMU v2.7.0 to v2.10.0 resolves the issue. However, herein lies the issue: QEMU v2.10.0 was only released in August of this year; anecdotally, we know that many OvS-DPDK customers use older versions of QEMU (typically, v2.7.0), and are likely un[able|willing] to move. With this patch, a hard dependency on QEMU v2.10 is created for users who want to use the vHU multiq feature in DPDK v17.11 (and subsequently, the upcoming OvS v2.9.0), which IMO will likely be unacceptable for many.
> >>>>>>
> >>>>>>Do you mean that upstream Qemu v2.7.0 is used in production?
> >>>>>>I would expect the customers to use a distro Qemu which should contain
> >>>>>>relevant fixes, or follow upstream's stable branches.
> >>>>>>
> >>>>>>FYI, Qemu v2.9.1 contains a backport of the fix.
> >>>>>>
> >>>>>>>One potential solution to this problem is to introduce a compile-time option that would allow the user to [dis|en]able the VHOST_USER_PROTOCOL_F_REPLY_ACK feature - is that something that would be acceptable to you Maxime?
> >>>>>>
> >>>>>>Yes, that's one option, but:
> >>>>>>1. VHOST_USER_PROTOCOL_F_REPLY_ACK enabled should be the default
> >>>>>>2. VHOST_USER_PROTOCOL_F_REPLY_ACK disabled will be less extensively
> >>>>>>tested.
> >>>>>>
> >>>>>>Yuanhan, what do you think?
> >>>>>
> >>>>>My suggestion is to still disable it by default. Qemu 2.7 - 2.9 (inclusive)
> >>>>>is a pretty big range, that I think quite many people would hit this issue
> >>>>Ok, then what about adding a new flag to rte_vhost_driver_register(), as
> >>>>done for tx zero copy to enable IOMMU feature?
> >>>>If flag is unset, then we mask out both IOMMU virtio feature flag and
> >>>>REPLY_ACK protocol feature flag.
> >>>>
> >>>>For a while this flag will be unset by default, not to break these
> >>>>deprecated and unmaintained Qemu versions. But I think at some point
> >>>>we should make it enabled by default, as it would be sad not to benefit
> >>>>from this security feature.
> >>>
> >>>This sounds good to me.
> >>
> >>Actually, I have posted a different patch, so that we don't have API
> >>change for this. Upstream OVS can disable IOMMU feature, which will in
> >>turn disable REPLY-ACK protocol feature if they want to.
> >
> >Sorry I missed that. So the REPLY-ACK will still be enabled by default and
> >you leave the choice to the users to disable it, explicitly? This doesn't
> >sound the best to me. We now know that it breaks OVS, but other users may
> >hit the same issue again without any awareness.
> >
> >Also, I know this feature brings good benefits on security. But IIRC, you
> >mentioned that it became barely un-usable with Linux kernel virtio-net
> >driver.
> >
> > From the two points, I think let's make it be disable by default now?
> 
> What concerns me is that hasn't been replied yet is when will we consider
> Qemu 2.7.0-Qemu v2.9.0 (Qemu v2.9.1 being fixed) old enough
> to enable it by default? Knowing that Qemu 2.7.x/2.8.x are already
> end of life uptream.
I can't tell. But there are probably something we could do. For example, we
could introduce a vhost pmd option, to enable the IOMMU feature. If the user
concerns about the security, he could use such option. By default, let's still
disable it. Meanwhile, OVS may could also add such an option.
	--yliu
    
    
More information about the dev
mailing list