From: Don Dutile <ddutile@redhat.com>
To: Ben Hutchings <bhutchings@solarflare.com>
Cc: Chris Friesen <chris.friesen@genband.com>,
David Miller <davem@davemloft.net>,
yuvalmin@broadcom.com, gregory.v.rose@intel.com,
netdev@vger.kernel.org, linux-pci@vger.kernel.org
Subject: Re: New commands to configure IOV features
Date: Fri, 20 Jul 2012 16:15:57 -0400 [thread overview]
Message-ID: <5009BC7D.9000608@redhat.com> (raw)
In-Reply-To: <1342814473.2678.65.camel@bwh-desktop.uk.solarflarecom.com>
On 07/20/2012 04:01 PM, Ben Hutchings wrote:
> On Fri, 2012-07-20 at 13:29 -0600, Chris Friesen wrote:
>> On 07/20/2012 11:42 AM, Ben Hutchings wrote:
>>>
>>> The ethtool API is typically used for net device operations that can be
>>> largely devolved to individual drivers, and which the network stack can
>>> mostly ignore (though offload features are an historical exception to
>>> this). It started with Ethernet link settings, but many operations are
>>> applicable (and implemented by) other types of network device.
>>
>> That (potentially) accounts for all network devices, but it leaves all
>> the other devices that could export virtual functions.
>>
>> Why should I need to use a different API to enable virtual functions on
>> my network device and my storage controller?
>
> Indeed; I was merely making the point that it would be quite valid to
> use that means for setting VF network parameters for any network device
> that supports IOV.
>
Yes, I read Ben's reply as supporting the proposition of VF enablement
at the PCI level.
>> (And why should "ethtool" or "ip" care that it's a virtual function?)
>
> VFs may be assigned to a guest which is not fully trusted by the
> hypervisor or privileged domain. (This can sometimes be true for PFs
> too, depending on the capabilities of the hypervisor and guest OS.)
> Some configuration may therefore need to be done via a trusted PF.
>
Correct! The security domain (for KVM) is the host, thus, the host
assignes VF attributes *before* they are given to the guest.... The guest
is just a consumer, at least that's been my experience with VF devices to date,
but I could see how an improper VF design could allow untrusted/guest
(ethtool/netlink) ops on the VF.
>> What Don and I are suggesting is that the concept of virtual functions
>> is a PCI thing, so it should be dealt with at the PCI layer. Regardless
>> of the type of device the export of virtual functions is conceptually
>> the same thing, so it should use the same API.
>>
>> Once the device exists, then domain-specific APIs would be used to
>> configure it the same way that they would configure a physical device.
>
> To an extent, but not entirely.
>
> Currently, the assigned MAC address and (optional) VLAN tag for each
> networking VF are configured via the PF net device (though this is done
> though the rtnetlink API rather than ethtool).
Yes, through the PF, which is suppose to remain in the trusted host/hypervisor
domain. (Do a 'man ip' on RHEL6 and look at 'ip link set' where it then mentions
the parameter 'vf'.).
>
> Ben.
>
next prev parent reply other threads:[~2012-07-20 20:16 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-05-07 11:17 New commands to configure IOV features Yuval Mintz
2012-05-07 15:16 ` Greg Rose
2012-06-26 12:21 ` Yuval Mintz
2012-06-26 16:13 ` Alexander Duyck
2012-06-26 17:19 ` Greg Rose
2012-07-01 11:09 ` Yuval Mintz
2012-07-09 18:39 ` Ben Hutchings
2012-07-09 21:13 ` Chris Friesen
2012-07-16 9:19 ` Yuval Mintz
2012-07-17 19:29 ` Don Dutile
2012-07-17 21:08 ` Chris Friesen
2012-07-17 21:11 ` David Miller
2012-07-20 15:27 ` Chris Friesen
2012-07-20 15:56 ` Don Dutile
2012-07-20 17:42 ` Ben Hutchings
2012-07-20 19:29 ` Chris Friesen
2012-07-20 20:01 ` Ben Hutchings
2012-07-20 20:15 ` Don Dutile [this message]
2012-07-20 23:42 ` Chris Friesen
2012-07-21 0:52 ` Rose, Gregory V
2012-07-23 14:03 ` Don Dutile
2012-07-23 15:09 ` Chris Friesen
2012-07-23 17:06 ` Rose, Gregory V
2012-07-23 18:36 ` Stephen Hemminger
2012-07-23 18:40 ` Rose, Gregory V
2012-09-19 11:07 ` Yuval Mintz
2012-09-19 15:53 ` Greg Rose
2012-09-19 19:44 ` Ben Hutchings
2012-09-19 22:17 ` Yinghai Lu
2012-09-19 22:46 ` Ben Hutchings
2012-09-20 0:19 ` Yinghai Lu
2012-09-20 1:23 ` Ben Hutchings
2012-09-20 2:27 ` Yinghai Lu
2012-09-20 3:08 ` Subhendu Ghosh
2012-09-20 15:39 ` Rose, Gregory V
2012-09-21 5:50 ` Yinghai Lu
2012-09-21 17:35 ` Ben Hutchings
2012-09-21 19:23 ` Yinghai Lu
2012-09-21 18:06 ` Don Dutile
2012-09-21 19:49 ` Yinghai Lu
2012-09-21 20:08 ` Don Dutile
2012-09-23 15:49 ` Yuval Mintz
2012-09-24 17:37 ` Don Dutile
2012-09-30 6:39 ` Yuval Mintz
2012-10-01 14:12 ` Don Dutile
2012-09-19 17:49 ` David Miller
2012-07-23 16:37 ` Rose, Gregory V
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5009BC7D.9000608@redhat.com \
--to=ddutile@redhat.com \
--cc=bhutchings@solarflare.com \
--cc=chris.friesen@genband.com \
--cc=davem@davemloft.net \
--cc=gregory.v.rose@intel.com \
--cc=linux-pci@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=yuvalmin@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).