Bug 1283242 - [RFE] VFIO (no-IOMMU) support in dpdk virtio-pmd
[RFE] VFIO (no-IOMMU) support in dpdk virtio-pmd
Status: POST
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: dpdk (Show other bugs)
7.3
Unspecified Unspecified
high Severity unspecified
: rc
: 7.4
Assigned To: Victor Kaplansky
Pei Zhang
Yehuda Zimmerman
: Extras, FutureFeature
Depends On:
Blocks: 1283104 1395265
  Show dependency treegraph
 
Reported: 2015-11-18 08:52 EST by Amnon Ilan
Modified: 2017-06-08 06:13 EDT (History)
15 users (show)

See Also:
Fixed In Version: DPDK 16.04
Doc Type: Enhancement
Doc Text:
Support for *VFIO-NOIOMMU* was added to *dpdk* This update provides *dpdk virtio-pmd* to support *VFIO-NOIOMMU*. This support is a step towards allowing usage of the *dpdk* driver securely from the user space on a KVM guest. This will prevent the driver from having full access to all guest memory (including the guest kernel and other user processes) and prevent a user space bug from causing a kernel crash. Note: This update only enables usage of *VFIO* on the guest and does not provide full protection of kernel guest memory. Full protection will be provided in a later update.
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Amnon Ilan 2015-11-18 08:52:17 EST
Description of problem:

The current dpdk virtio-pmd does not support VFIO. 
This support is required in order to be able to use the dpdk driver 
securely from user space on the KVM guest. Otherwise, the driver has full access to all guest memory (including guest kernel and other user processes) so that a user space bug can cause a kernel crash.
Performance needs to be compatible with running DPDK on bare metal for device assignment and to existing insecure virtio-pmd when using vhost-user
Comment 1 Amnon Ilan 2015-11-18 09:11:43 EST
Correction on performance: Performance needs to be compatible with existing insecure virtio-pmd when using vhost-user (not with bare metal)
Comment 2 Amnon Ilan 2016-05-13 05:21:25 EDT
Support for VFIO-NOIOMMU was added to DPDH 16.04.
DPDK can now work with VFIO:
1. For now: using RTE_VFIO_NOIOMMU, which uses VFIO but has no 
   IOMMU, and hence it is not supported by RH (just a temporary solution).
2. In future: using the normal RTE_VFIO_TYPE1 once vIOMMU is implemented 
   in VFIO.

Bug#1335808 is tracking the vIOMMU implementation that will enable it in 
qemu.
Comment 3 Amnon Ilan 2016-05-13 05:28:53 EDT
Bug#1299662 added support for the No-IOMMU mode in the VFIO driver.
Comment 8 Victor Kaplansky 2017-06-08 06:13:26 EDT
Looks OK, maybe only to add, that full support is expected in 7.4

Note You need to log in before you can comment on or make changes to this bug.