Bug 1335825

Summary: [RFE] IOMMU support in DPDK for Vhost-user using IOTLB caching
Product: Red Hat Enterprise Linux 7 Reporter: Amnon Ilan <ailan>
Component: openvswitchAssignee: Timothy Redaelli <tredaelli>
Status: CLOSED ERRATA QA Contact: Bob Fubel <bfubel>
Severity: medium Docs Contact: Ioanna Gkioka <igkioka>
Priority: medium    
Version: 7.3CC: ailan, atragler, ctrautma, fleitner, jhsiao, jsuchane, maxime.coquelin, ovs-qe, ovs-team, pezhang, pvauter, tredaelli
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openvswitch-2.9.0-19.el7fdp Doc Type: Enhancement
Doc Text:
IOMMU support added in the DPDK Vhost-user backend This update adds IOMMU support in the Data Plane Development Kit (DPDK) Vhost-user backend and now guests can securely access host-user ports from user space. As a result, the guest Kernel or other processes in memory are protected against malicious Virtio-user space drivers.
 Story Points: ---
Clone Of:
: 1451862 (view as bug list) Environment:
Last Closed: 2018-06-21 13:36:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1451862    
Bug Blocks: 1283104, 1288337, 1477926, 1522700    

Description Amnon Ilan 2016-05-13 10:07:50 UTC 
DPDK should properly support IOMMU when using Vhost-user, in order to allow guests to securely access vhost-user ports from user space.
This will be implemented using the IOTLB caching approach in vhost user.
Comment 3 Amnon Ilan 2017-02-07 13:34:23 UTC 
*** Bug 1283262 has been marked as a duplicate of this bug. ***
Comment 5 Maxime Coquelin 2017-08-31 12:31:30 UTC 
V1 of the series posted upstream:
http://dpdk.org/ml/archives/dev/2017-August/073918.html
Comment 6 Maxime Coquelin 2017-10-12 16:26:08 UTC 
Series merged upstream, will be in DPDK v17.11-rc1.
Comment 7 Maxime Coquelin 2018-01-09 09:46:33 UTC 
The change being in DPDK's vhost-user library, moving to Openvswitch component.
The change is released in DPDK v17.11 LTS.
Comment 14 Ioanna Gkioka 2018-03-19 09:26:13 UTC 
The openvwitch component is delivered through the fast datapath channel, it is not documented in release notes.
Comment 16 Bob Fubel 2018-06-14 14:50:39 UTC 
Tested in openvswitch-2.9.0-37.el7fdp.x86_64
Bound vfio without the iommu override.
was able to pass traffic between nic's.

openvswitch-2.9.0-37.el7fdp.x86_64
[root@localhost ~]# rpm -qa |grep dpdk
dpdk-17.11-10.el7fdb.x86_64
dpdk-tools-17.11-10.el7fdb.x86_64
[root@localhost ~]# 

root@localhost ~]# dmesg |grep IOMMU
[    0.000000] DMAR: IOMMU enabled
[    0.155453] DMAR-IR: IOAPIC id 0 under DRHD base  0xfed90000 IOMMU 0
[root@localhost ~]# 

[root@localhost ~]# cat /sys/module/vfio/parameters/enable_unsafe_noiommu_mode
N


[root@localhost ~]# driverctl -v list-overrides
0000:00:03.0 vfio-pci (Virtio network device)
0000:00:09.0 vfio-pci (Virtio network device)
[root@localhost ~]# 

Passing traffic with Xena 2544 test suite.
Comment 18 errata-xmlrpc 2018-06-21 13:36:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1962