From: Don Dutile <ddutile@redhat.com>
To: Ben Hutchings <bhutchings@solarflare.com>
Cc: Chris Friesen <chris.friesen@genband.com>,
David Miller <davem@davemloft.net>,
yuvalmin@broadcom.com, gregory.v.rose@intel.com,
netdev@vger.kernel.org, linux-pci@vger.kernel.org
Subject: Re: New commands to configure IOV features
Date: Fri, 20 Jul 2012 16:15:57 -0400 [thread overview]
Message-ID: <5009BC7D.9000608@redhat.com> (raw)
In-Reply-To: <1342814473.2678.65.camel@bwh-desktop.uk.solarflarecom.com>
On 07/20/2012 04:01 PM, Ben Hutchings wrote:
> On Fri, 2012-07-20 at 13:29 -0600, Chris Friesen wrote:
>> On 07/20/2012 11:42 AM, Ben Hutchings wrote:
>>>
>>> The ethtool API is typically used for net device operations that can be
>>> largely devolved to individual drivers, and which the network stack can
>>> mostly ignore (though offload features are an historical exception to
>>> this). It started with Ethernet link settings, but many operations are
>>> applicable (and implemented by) other types of network device.
>>
>> That (potentially) accounts for all network devices, but it leaves all
>> the other devices that could export virtual functions.
>>
>> Why should I need to use a different API to enable virtual functions on
>> my network device and my storage controller?
>
> Indeed; I was merely making the point that it would be quite valid to
> use that means for setting VF network parameters for any network device
> that supports IOV.
>
Yes, I read Ben's reply as supporting the proposition of VF enablement
at the PCI level.
>> (And why should "ethtool" or "ip" care that it's a virtual function?)
>
> VFs may be assigned to a guest which is not fully trusted by the
> hypervisor or privileged domain. (This can sometimes be true for PFs
> too, depending on the capabilities of the hypervisor and guest OS.)
> Some configuration may therefore need to be done via a trusted PF.
>
Correct! The security domain (for KVM) is the host, thus, the host
assignes VF attributes *before* they are given to the guest.... The guest
is just a consumer, at least that's been my experience with VF devices to date,
but I could see how an improper VF design could allow untrusted/guest
(ethtool/netlink) ops on the VF.
>> What Don and I are suggesting is that the concept of virtual functions
>> is a PCI thing, so it should be dealt with at the PCI layer. Regardless
>> of the type of device the export of virtual functions is conceptually
>> the same thing, so it should use the same API.
>>
>> Once the device exists, then domain-specific APIs would be used to
>> configure it the same way that they would configure a physical device.
>
> To an extent, but not entirely.
>
> Currently, the assigned MAC address and (optional) VLAN tag for each
> networking VF are configured via the PF net device (though this is done
> though the rtnetlink API rather than ethtool).
Yes, through the PF, which is suppose to remain in the trusted host/hypervisor
domain. (Do a 'man ip' on RHEL6 and look at 'ip link set' where it then mentions
the parameter 'vf'.).
>
> Ben.
>
next prev parent reply other threads:[~2012-07-20 20:16 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-07 11:17 New commands to configure IOV features Yuval Mintz
2012-05-07 15:16 ` Greg Rose
2012-06-26 12:21 ` Yuval Mintz
2012-06-26 16:13 ` Alexander Duyck
2012-06-26 17:19 ` Greg Rose
2012-07-01 11:09 ` Yuval Mintz
2012-07-09 18:39 ` Ben Hutchings
2012-07-09 21:13 ` Chris Friesen
2012-07-16 9:19 ` Yuval Mintz
2012-07-17 19:29 ` Don Dutile
2012-07-17 21:08 ` Chris Friesen
2012-07-17 21:11 ` David Miller
2012-07-20 15:27 ` Chris Friesen
2012-07-20 15:56 ` Don Dutile
2012-07-20 17:42 ` Ben Hutchings
2012-07-20 19:29 ` Chris Friesen
2012-07-20 20:01 ` Ben Hutchings
2012-07-20 20:15 ` Don Dutile [this message]
2012-07-20 23:42 ` Chris Friesen
2012-07-21 0:52 ` Rose, Gregory V
2012-07-23 14:03 ` Don Dutile
2012-07-23 15:09 ` Chris Friesen
2012-07-23 17:06 ` Rose, Gregory V
2012-07-23 18:36 ` Stephen Hemminger
2012-07-23 18:40 ` Rose, Gregory V
2012-09-19 11:07 ` Yuval Mintz
2012-09-19 15:53 ` Greg Rose
2012-09-19 19:44 ` Ben Hutchings
2012-09-19 22:17 ` Yinghai Lu
2012-09-19 22:46 ` Ben Hutchings
2012-09-20 0:19 ` Yinghai Lu
2012-09-20 1:23 ` Ben Hutchings
2012-09-20 2:27 ` Yinghai Lu
2012-09-20 3:08 ` Subhendu Ghosh
2012-09-20 15:39 ` Rose, Gregory V
2012-09-20 15:39 ` Rose, Gregory V
2012-09-21 5:50 ` Yinghai Lu
2012-09-21 17:35 ` Ben Hutchings
2012-09-21 19:23 ` Yinghai Lu
2012-09-21 18:06 ` Don Dutile
2012-09-21 18:06 ` Don Dutile
2012-09-21 19:49 ` Yinghai Lu
2012-09-21 20:08 ` Don Dutile
2012-09-21 20:08 ` Don Dutile
2012-09-23 15:49 ` Yuval Mintz
2012-09-24 17:37 ` Don Dutile
2012-09-24 17:37 ` Don Dutile
2012-09-30 6:39 ` Yuval Mintz
2012-10-01 14:12 ` Don Dutile
2012-10-01 14:12 ` Don Dutile
2012-09-19 17:49 ` David Miller
2012-07-23 16:37 ` Rose, Gregory V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5009BC7D.9000608@redhat.com \
--to=ddutile@redhat.com \
--cc=bhutchings@solarflare.com \
--cc=chris.friesen@genband.com \
--cc=davem@davemloft.net \
--cc=gregory.v.rose@intel.com \
--cc=linux-pci@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yuvalmin@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.