On 09/30/15 15:03, Michael S. Tsirkin wrote: > On Wed, Sep 30, 2015 at 02:53:19PM +0300, Vlad Zolotarov wrote: >> >> On 09/30/15 14:41, Michael S. Tsirkin wrote: >>> On Wed, Sep 30, 2015 at 02:26:01PM +0300, Vlad Zolotarov wrote: >>>> The whole idea is to bypass kernel. Especially for networking... >>> ... on dumb hardware that doesn't support doing that securely. >> On a very capable HW that supports whatever security requirements needed >> (e.g. 82599 Intel's SR-IOV VF devices). > Network card type is irrelevant as long as you do not have an IOMMU, > otherwise you would just use e.g. VFIO.
Sorry, but I don't follow your logic here - Amazon EC2 environment is a example where there *is* iommu but it's not virtualized and thus VFIO is useless and there is an option to use directly assigned SR-IOV networking device there where using the kernel drivers impose a performance impact compared to user space UIO-based user space kernel bypass mode of usage. How is it irrelevant? Could u, pls, clarify your point? > >>> Colour me unimpressed. >>>
