On Wed, Sep 30, 2015 at 08:39:43PM +0300, Michael S. Tsirkin wrote:
> On Wed, Sep 30, 2015 at 10:28:07AM -0700, Stephen Hemminger wrote:
> > On Wed, 30 Sep 2015 13:37:22 +0300
> > Vlad Zolotarov <vladz at cloudius-systems.com> wrote:
> >
> > >
> > >
> > > On 09/30/15 00:49, Michael S. Tsirkin wrote:
> > > > On Tue, Sep 29, 2015 at 02:46:16PM -0700, Stephen Hemminger wrote:
> > > >> On Tue, 29 Sep 2015 23:54:54 +0300
> > > >> "Michael S. Tsirkin" <mst at redhat.com> wrote:
> > > >>
> > > >>> On Tue, Sep 29, 2015 at 07:41:09PM +0300, Vlad Zolotarov wrote:
> > > >>>> The security breach motivation u brought in "[RFC PATCH] uio:
> > > >>>> uio_pci_generic: Add support for MSI interrupts" thread seems a bit
> > > >>>> weak
> > > >>>> since one u let the userland access to the bar it may do any funny
> > > >>>> thing
> > > >>>> using the DMA engine of the device. This kind of stuff should be
> > > >>>> prevented
> > > >>>> using the iommu and if it's enabled then any funny tricks using
> > > >>>> MSI/MSI-X
> > > >>>> configuration will be prevented too.
> > > >>>>
> > > >>>> I'm about to send the patch to main Linux mailing list. Let's
> > > >>>> continue this
> > > >>>> discussion there.
> > > >>>>
> > > >>> Basically UIO shouldn't be used with devices capable of DMA.
> > > >>> Use VFIO for that (yes, this implies an emulated or PV IOMMU).
> > >
> > > If there is an IOMMU in the picture there shouldn't be any problem to
> > > use UIO with DMA capable devices.
> > >
> > > >>> I don't think this can change.
> > > >> Given there is no PV IOMMU and even if there was it would be too slow
> > > >> for DPDK
> > > >> use, I can't accept that.
> > > > QEMU does allow emulating an iommu.
> > >
> > > Amazon's EC2 xen HV doesn't. At least today. Therefore VFIO is not an
> > > option there. And again, it's a general issue not DPDK specific.
> > > Today one has to develop some proprietary modules (like igb_uio) to
> > > workaround the issue and this is lame. IMHO uio_pci_generic should
> > > be fixed to be able to properly work within any virtualized environment
> > > and not only with KVM.
> > >
> >
> > Also VMware (bigger problem) has no IOMMU emulation.
> > Other environments as well (Windriver, GCE) have noe IOMMU.
>
> Because the use-case of userspace drivers is not important enough?
Because "secure" userspace drivers is not important enough.
> Without an IOMMU, there's no way to have secure userspace drivers.
>
People use VMs as an application containers, not as a machine that needs
to be secured for multiuser scenario.
--
Gleb.
