Bug 1283242 – [RFE] VFIO (no-IOMMU) support in dpdk virtio-pmd

Bug 1283242 - [RFE] VFIO (no-IOMMU) support in dpdk virtio-pmd

Summary:	[RFE] VFIO (no-IOMMU) support in dpdk virtio-pmd

Status:	POST

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	dpdk (Show other bugs)
Sub Component:
Version:	7.3
Hardware:	Unspecified Unspecified

Priority	high Severity unspecified
Target Milestone:	rc
Target Release:	7.4
Assigned To:	Victor Kaplansky
QA Contact:	Pei Zhang
Docs Contact:	Yehuda Zimmerman

URL:
Whiteboard:
Keywords:	Extras, FutureFeature

Depends On:
Blocks:	1283104 1395265
	Show dependency tree / graph

Reported:	2015-11-18 08:52 EST by Amnon Ilan
Modified:	2017-06-08 06:13 EDT (History)
CC List:	15 users (show)

See Also:
Fixed In Version:	DPDK 16.04
Doc Type:	Enhancement
Doc Text:	Support for VFIO-NOIOMMU was added to dpdk This update provides dpdk virtio-pmd to support VFIO-NOIOMMU. This support is a step towards allowing usage of the dpdk driver securely from the user space on a KVM guest. This will prevent the driver from having full access to all guest memory (including the guest kernel and other user processes) and prevent a user space bug from causing a kernel crash. Note: This update only enables usage of VFIO on the guest and does not provide full protection of kernel guest memory. Full protection will be provided in a later update.
Story Points:	---
Clone Of:
Environment:
Last Closed:
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Amnon Ilan 2015-11-18 08:52:17 EST

Description of problem:

The current dpdk virtio-pmd does not support VFIO. 
This support is required in order to be able to use the dpdk driver 
securely from user space on the KVM guest. Otherwise, the driver has full access to all guest memory (including guest kernel and other user processes) so that a user space bug can cause a kernel crash.
Performance needs to be compatible with running DPDK on bare metal for device assignment and to existing insecure virtio-pmd when using vhost-user

Comment 1 Amnon Ilan 2015-11-18 09:11:43 EST

Correction on performance: Performance needs to be compatible with existing insecure virtio-pmd when using vhost-user (not with bare metal)

Comment 2 Amnon Ilan 2016-05-13 05:21:25 EDT

Support for VFIO-NOIOMMU was added to DPDH 16.04.
DPDK can now work with VFIO:
1. For now: using RTE_VFIO_NOIOMMU, which uses VFIO but has no 
   IOMMU, and hence it is not supported by RH (just a temporary solution).
2. In future: using the normal RTE_VFIO_TYPE1 once vIOMMU is implemented 
   in VFIO.

Bug#1335808 is tracking the vIOMMU implementation that will enable it in 
qemu.

Comment 3 Amnon Ilan 2016-05-13 05:28:53 EDT

Bug#1299662 added support for the No-IOMMU mode in the VFIO driver.

Comment 8 Victor Kaplansky 2017-06-08 06:13:26 EDT

Looks OK, maybe only to add, that full support is expected in 7.4

Note You need to log in before you can comment on or make changes to this bug.