[dpdk-dev] Having troubles binding an SR-IOV VF to uio_pci_generic on Amazon instance
Vlad Zolotarov
vladz at cloudius-systems.com
Wed Sep 30 14:50:09 CEST 2015
On 09/30/15 15:27, Michael S. Tsirkin wrote:
> On Wed, Sep 30, 2015 at 03:16:04PM +0300, Vlad Zolotarov wrote:
>>
>> On 09/30/15 15:03, Michael S. Tsirkin wrote:
>>> On Wed, Sep 30, 2015 at 02:53:19PM +0300, Vlad Zolotarov wrote:
>>>> On 09/30/15 14:41, Michael S. Tsirkin wrote:
>>>>> On Wed, Sep 30, 2015 at 02:26:01PM +0300, Vlad Zolotarov wrote:
>>>>>> The whole idea is to bypass kernel. Especially for networking...
>>>>> ... on dumb hardware that doesn't support doing that securely.
>>>> On a very capable HW that supports whatever security requirements needed
>>>> (e.g. 82599 Intel's SR-IOV VF devices).
>>> Network card type is irrelevant as long as you do not have an IOMMU,
>>> otherwise you would just use e.g. VFIO.
>> Sorry, but I don't follow your logic here - Amazon EC2 environment is a
>> example where there *is* iommu but it's not virtualized
>> and thus VFIO is
>> useless and there is an option to use directly assigned SR-IOV networking
>> device there where using the kernel drivers impose a performance impact
>> compared to user space UIO-based user space kernel bypass mode of usage. How
>> is it irrelevant? Could u, pls, clarify your point?
>>
> So it's not even dumb hardware, it's another piece of software
> that forces an "all or nothing" approach where either
> device has access to all VM memory, or none.
> And this, unfortunately, leaves you with no secure way to
> allow userspace drivers.
UIO is not secure even today so what are we arguing about? ;)
Adding MSI/MSI-X support won't change this state, so, pls., discard the
security argument unless u thing that UIO is completely secure piece of
software today. In the later case, could u, pls., clarify what would
prevent the userspace program to configure a DMA controller via
registers and do whatever it wants?
How not virtualizing iommu forces "all or nothing" approach? What
insecure in relying on HV to control the iommu and not letting the VF
any access to it?
As far as I see it - there isn't any security problem here at all. The
only problem I see here is that dumb current uio_pci_generic
implementation forces people to go and invent the workarounds instead of
having a proper MSI/MSI-X support implemented. And as I've mentioned
above it has nothing to do with security because there is no such thing
as security (on the UIO driver level) when we talk about UIO - it has to
be ensured by some other entity like HV.
>
> So it makes even less sense to add insecure work-arounds in the kernel.
> It seems quite likely that by the time the new kernel reaches
> production X years from now, EC2 will have a virtual iommu.
I'd bet that new kernel would reach production long before Amazon does
that... ;)
>
>
>>>>> Colour me unimpressed.
>>>>>
More information about the dev
mailing list