[dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance

[Stephen Hemminger]

On Wed, 30 Sep 2015 13:37:22 +0300
Vlad Zolotarov <vladz at cloudius-systems.com> wrote:

> 
> 
> On 09/30/15 00:49, Michael S. Tsirkin wrote:
> > On Tue, Sep 29, 2015 at 02:46:16PM -0700, Stephen Hemminger wrote:
> >> On Tue, 29 Sep 2015 23:54:54 +0300
> >> "Michael S. Tsirkin" <mst at redhat.com> wrote:
> >>
> >>> On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote:
> >>>> The security breach motivation u brought in "[RFC PATCH] uio:
> >>>> uio_pci_generic: Add support for MSI interrupts" thread seems a bit weak
> >>>> since one u let the userland access to the bar it may do any funny thing
> >>>> using the DMA engine of the device. This kind of stuff should be prevented
> >>>> using the iommu and if it's enabled then any funny tricks using MSI/MSI-X
> >>>> configuration will be prevented too.
> >>>>
> >>>> I'm about to send the patch to main Linux mailing list. Let's continue this
> >>>> discussion there.
> >>>>    
> >>> Basically UIO shouldn't be used with devices capable of DMA.
> >>> Use VFIO for that (yes, this implies an emulated or PV IOMMU).
> 
> If there is an IOMMU in the picture there shouldn't be any problem to 
> use UIO with DMA capable devices.
> 
> >>> I don't think this can change.
> >> Given there is no PV IOMMU and even if there was it would be too slow for DPDK
> >> use, I can't accept that.
> > QEMU does allow emulating an iommu.
> 
> Amazon's EC2 xen HV doesn't. At least today. Therefore VFIO is not an 
> option there. And again, it's a general issue not DPDK specific.
> Today one has to develop some proprietary modules (like igb_uio) to 
> workaround the issue and this is lame. IMHO uio_pci_generic should
> be fixed to be able to properly work within any virtualized environment 
> and not only with KVM.
> 

Also VMware (bigger problem) has no IOMMU emulation.
Other environments as well (Windriver, GCE) have noe IOMMU.