On Wed, Sep 30, 2015 at 03:16:04PM +0300, Vlad Zolotarov wrote: > > > On 09/30/15 15:03, Michael S. Tsirkin wrote: > >On Wed, Sep 30, 2015 at 02:53:19PM +0300, Vlad Zolotarov wrote: > >> > >>On 09/30/15 14:41, Michael S. Tsirkin wrote: > >>>On Wed, Sep 30, 2015 at 02:26:01PM +0300, Vlad Zolotarov wrote: > >>>>The whole idea is to bypass kernel. Especially for networking... > >>>... on dumb hardware that doesn't support doing that securely. > >>On a very capable HW that supports whatever security requirements needed > >>(e.g. 82599 Intel's SR-IOV VF devices). > >Network card type is irrelevant as long as you do not have an IOMMU, > >otherwise you would just use e.g. VFIO. > > Sorry, but I don't follow your logic here - Amazon EC2 environment is a > example where there *is* iommu but it's not virtualized > and thus VFIO is > useless and there is an option to use directly assigned SR-IOV networking > device there where using the kernel drivers impose a performance impact > compared to user space UIO-based user space kernel bypass mode of usage. How > is it irrelevant? Could u, pls, clarify your point? >
So it's not even dumb hardware, it's another piece of software that forces an "all or nothing" approach where either device has access to all VM memory, or none. And this, unfortunately, leaves you with no secure way to allow userspace drivers. So it makes even less sense to add insecure work-arounds in the kernel. It seems quite likely that by the time the new kernel reaches production X years from now, EC2 will have a virtual iommu. > > > >>>Colour me unimpressed. > >>>