RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1283242 - [RFE] VFIO (no-IOMMU) support in dpdk virtio-pmd
Summary: [RFE] VFIO (no-IOMMU) support in dpdk virtio-pmd
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: dpdk
Version: 7.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: 7.4
Assignee: Victor Kaplansky
QA Contact: Sitong Liu
Yehuda Zimmerman
URL:
Whiteboard:
Depends On:
Blocks: 1283104 1395265
TreeView+ depends on / blocked
 
Reported: 2015-11-18 13:52 UTC by Amnon Ilan
Modified: 2018-11-30 08:09 UTC (History)
13 users (show)

Fixed In Version: DPDK 16.04
Doc Type: Enhancement
Doc Text:
Support for *VFIO-NOIOMMU* was added to *dpdk* This update provides *dpdk virtio-pmd* to support *VFIO-NOIOMMU*. This support is a step towards allowing usage of the *dpdk* driver securely from the user space on a KVM guest. This will prevent the driver from having full access to all guest memory (including the guest kernel and other user processes) and prevent a user space bug from causing a kernel crash. Note: This update only enables usage of *VFIO* on the guest and does not provide full protection of kernel guest memory. Full protection will be provided in a later update.
Clone Of:
Environment:
Last Closed: 2018-11-30 08:09:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Amnon Ilan 2015-11-18 13:52:17 UTC 
Description of problem:

The current dpdk virtio-pmd does not support VFIO. 
This support is required in order to be able to use the dpdk driver 
securely from user space on the KVM guest. Otherwise, the driver has full access to all guest memory (including guest kernel and other user processes) so that a user space bug can cause a kernel crash.
Performance needs to be compatible with running DPDK on bare metal for device assignment and to existing insecure virtio-pmd when using vhost-user
Comment 1 Amnon Ilan 2015-11-18 14:11:43 UTC 
Correction on performance: Performance needs to be compatible with existing insecure virtio-pmd when using vhost-user (not with bare metal)
Comment 2 Amnon Ilan 2016-05-13 09:21:25 UTC 
Support for VFIO-NOIOMMU was added to DPDH 16.04.
DPDK can now work with VFIO:
1. For now: using RTE_VFIO_NOIOMMU, which uses VFIO but has no 
   IOMMU, and hence it is not supported by RH (just a temporary solution).
2. In future: using the normal RTE_VFIO_TYPE1 once vIOMMU is implemented 
   in VFIO.

Bug#1335808 is tracking the vIOMMU implementation that will enable it in 
qemu.
Comment 3 Amnon Ilan 2016-05-13 09:28:53 UTC 
Bug#1299662 added support for the No-IOMMU mode in the VFIO driver.
Comment 8 Victor Kaplansky 2017-06-08 10:13:26 UTC 
Looks OK, maybe only to add, that full support is expected in 7.4
Note You need to log in before you can comment on or make changes to this bug.