From: Alex Williamson <alex.williamson@redhat.com>
To: Haggai Eran <haggaie@mellanox.com>
Cc: "Tian, Kevin" <kevin.tian@intel.com>,
Ilya Lesokhin <ilyal@mellanox.com>,
"kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"linux-pci@vger.kernel.org" <linux-pci@vger.kernel.org>,
"bhelgaas@google.com" <bhelgaas@google.com>,
Noa Osherovich <noaos@mellanox.com>,
Or Gerlitz <ogerlitz@mellanox.com>,
Liran Liss <liranl@mellanox.com>
Subject: Re: [PATCH v2 0/2] VFIO SRIOV support
Date: Mon, 25 Jul 2016 09:07:50 -0600 [thread overview]
Message-ID: <20160725090750.2786ab5f@t450s.home> (raw)
In-Reply-To: <613c4470-d899-2698-dfe5-9dbb2388787e@mellanox.com>
On Mon, 25 Jul 2016 10:53:56 +0300
Haggai Eran <haggaie@mellanox.com> wrote:
> On 7/19/2016 10:43 PM, Alex Williamson wrote:
> > Thinking about this further, it seems that trying to create this IOV
> > enablement interface through a channel which is explicitly designed to
> > interact with an untrusted and potentially malicious user is the wrong
> > approach. We already have an interface for a trusted entity to enable
> > VFs, it's through pci-sysfs. Therefore if we were to use something like
> > libvirt to orchestrate the lifecycle of the VFs, I think we remove a
> > lot of the problems. In this case QEMU would virtualize the SR-IOV
> > capability (maybe this is along the lines of what Kevin was thinking),
> > but that virtualization would take a path out through the QEMU QMP
> > interface to execute the SR-IOV change on the device rather than going
> > through the vfio kernel interface. A management tool like libvirt
> > would then need to translate that into sysfs operations to create the
> > VFs and do whatever we're going to do with them (device_add them back
> > to the VM, make them available to a peer VM, make them available to
> > the host *gasp*). VFIO in the kernel would need to add SR-IOV
> > support, but the only automatic SR-IOV path would be to disable IOV
> > when the PF is released, enabling would only occur through sysfs. We
> > would probably need a new pci-sysfs interface to manage the driver for
> > newly created VFs though to avoid default host drivers
> > (sriov_driver_override?). In this model QEMU is essentially just
> > making requests to other userspace entities to perform actions and how
> > those actions are performed can be left to userspace policy, not kernel
> > policy. I think this would still satisfy the development use case, the
> > enabling path just takes a different route where privileged userspace
> > is more intimately involved in the process. Thoughts? Thanks,
>
> I understand the desire to use a different interface such as sysfs for
> the trusted user-space component. I'm not sure though how using
> sriov_driver_override solves the issues we have been discussing. After
> SR-IOV is enabled by libvirt, it is still possible for the administrator
> (or another trusted daemon racing with libvirt) to open the VFs with
> VFIO before libvirt had a chance to open them and send them to QEMU.
>
> Are you okay with that?
If a privileged entity like libvirt is creating VFs on behalf of a
user, it's going to be that entity's responsibility to claim ownership
of all those created VFs. sriov_driver_override is just one suggestion
that might help facilitate that. Others might be necessary, but
ultimately it's not the kernel's problem to work out which entity gets
to take ownership of those devices, that's a userspace problem, just as
it is already today. Thanks,
Alex
next prev parent reply other threads:[~2016-07-25 15:07 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-19 12:16 [PATCH v2 0/2] VFIO SRIOV support Ilya Lesokhin
2016-06-19 12:16 ` [PATCH v2 1/2] PCI: Extend PCI IOV API Ilya Lesokhin
2016-06-19 14:10 ` kbuild test robot
2016-06-19 12:16 ` [PATCH v2 2/2] VFIO: Add support for SR-IOV extended capablity Ilya Lesokhin
2016-06-19 23:07 ` kbuild test robot
2016-06-20 17:37 ` [PATCH v2 0/2] VFIO SRIOV support Alex Williamson
2016-06-21 7:19 ` Ilya Lesokhin
2016-06-21 15:45 ` Alex Williamson
2016-07-14 14:53 ` Ilya Lesokhin
2016-07-14 17:03 ` Alex Williamson
2016-07-17 10:05 ` Haggai Eran
2016-07-18 21:34 ` Alex Williamson
2016-07-19 7:06 ` Tian, Kevin
2016-07-19 15:10 ` Alex Williamson
2016-07-19 19:43 ` Alex Williamson
2016-07-21 5:51 ` Tian, Kevin
2016-07-25 7:53 ` Haggai Eran
2016-07-25 15:07 ` Alex Williamson [this message]
2016-07-25 15:34 ` Ilya Lesokhin
2016-07-25 15:58 ` Alex Williamson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160725090750.2786ab5f@t450s.home \
--to=alex.williamson@redhat.com \
--cc=bhelgaas@google.com \
--cc=haggaie@mellanox.com \
--cc=ilyal@mellanox.com \
--cc=kevin.tian@intel.com \
--cc=kvm@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=liranl@mellanox.com \
--cc=noaos@mellanox.com \
--cc=ogerlitz@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).