[dpdk-dev] [PATCH v1 1/1] kernel/linux: introduce vfio_pf kernel module
Thomas Monjalon
thomas at monjalon.net
Fri Sep 6 11:45:03 CEST 2019
06/09/2019 11:12, vattunuru at marvell.com:
> From: Vamsi Attunuru <vattunuru at marvell.com>
>
> The DPDK use case such as VF representer or OVS offload etc
> would call for PF and VF PCIe devices to bind vfio-pci
> module to enable IOMMU protection.
>
> In addition to vSwitch use case, unlike, other PCI class of
> devices, Network class of PCIe devices would have additional
> responsibility on the PF devices such as promiscuous mode support
> etc.
>
> The above use cases demand VFIO needs bound to PF and its
> VF devices. This is use case is not supported in Linux kernel,
> due to a security issue where it is possible to have
> DoS in case if VF attached to guest over vfio-pci and netdev
> kernel driver runs on it and which something VF representer
> would like to enable it.
>
> Since we can not differentiate, the vfio-pci bounded VF devices
> runs DPDK application or netdev driver in guest, we can not
> introduce any scheme to fix DoS case and therefore not have
> proper support of this in the upstream kernel.
>
> The igb_uio enables such PF and VF binding support for
> non-iommu devices to make VF representer or OVS offload
> run on non-iommu devices with DoS vulnerability for netdev driver
> as VF.
>
> This kernel module, facilitate to enable SRIOV on PF devices,
> therefore, to run both PF and VF devices in VFIO mode knowing
> its impacts like igb_uio driver functions of non-iommu devices.
>
> Signed-off-by: Vamsi Attunuru <vattunuru at marvell.com>
> Signed-off-by: Jerin Jacob <jerinj at marvell.com>
Sorry I fail to properly understand the explanation above.
Please try to split in shorter sentences.
About the request to add an out-of-tree Linux kernel driver,
I guess Jerin is well aware that we don't want such anymore.
More information about the dev
mailing list