Bug 1335825 - [RFE] IOMMU support in DPDK for Vhost-user using IOTLB caching
Summary: [RFE] IOMMU support in DPDK for Vhost-user using IOTLB caching
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openvswitch
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Timothy Redaelli
QA Contact: Bob Fubel
Ioanna Gkioka
: 1283262 (view as bug list)
Depends On: 1451862
Blocks: 1477926 1283104 1288337 1522700
TreeView+ depends on / blocked
Reported: 2016-05-13 10:07 UTC by Amnon Ilan
Modified: 2018-06-21 13:37 UTC (History)
12 users (show)

Fixed In Version: openvswitch-2.9.0-19.el7fdp
Doc Type: Enhancement
Doc Text:
IOMMU support added in the DPDK Vhost-user backend This update adds IOMMU support in the Data Plane Development Kit (DPDK) Vhost-user backend and now guests can securely access host-user ports from user space. As a result, the guest Kernel or other processes in memory are protected against malicious Virtio-user space drivers.
Clone Of:
: 1451862 (view as bug list)
Last Closed: 2018-06-21 13:36:35 UTC

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:1962 None None None 2018-06-21 13:37:49 UTC
Red Hat Bugzilla 1340726 None None None 2019-07-31 13:22:38 UTC

Internal Links: 1340726

Description Amnon Ilan 2016-05-13 10:07:50 UTC
DPDK should properly support IOMMU when using Vhost-user, in order to allow guests to securely access vhost-user ports from user space.
This will be implemented using the IOTLB caching approach in vhost user.

Comment 3 Amnon Ilan 2017-02-07 13:34:23 UTC
*** Bug 1283262 has been marked as a duplicate of this bug. ***

Comment 5 Maxime Coquelin 2017-08-31 12:31:30 UTC
V1 of the series posted upstream:

Comment 6 Maxime Coquelin 2017-10-12 16:26:08 UTC
Series merged upstream, will be in DPDK v17.11-rc1.

Comment 7 Maxime Coquelin 2018-01-09 09:46:33 UTC
The change being in DPDK's vhost-user library, moving to Openvswitch component.
The change is released in DPDK v17.11 LTS.

Comment 14 Ioanna Gkioka 2018-03-19 09:26:13 UTC
The openvwitch component is delivered through the fast datapath channel, it is not documented in release notes.

Comment 16 Bob Fubel 2018-06-14 14:50:39 UTC
Tested in openvswitch-2.9.0-37.el7fdp.x86_64
Bound vfio without the iommu override.
was able to pass traffic between nic's.

[root@localhost ~]# rpm -qa |grep dpdk
[root@localhost ~]# 

root@localhost ~]# dmesg |grep IOMMU
[    0.000000] DMAR: IOMMU enabled
[    0.155453] DMAR-IR: IOAPIC id 0 under DRHD base  0xfed90000 IOMMU 0
[root@localhost ~]# 

[root@localhost ~]# cat /sys/module/vfio/parameters/enable_unsafe_noiommu_mode

[root@localhost ~]# driverctl -v list-overrides
0000:00:03.0 vfio-pci (Virtio network device)
0000:00:09.0 vfio-pci (Virtio network device)
[root@localhost ~]# 

Passing traffic with Xena 2544 test suite.

Comment 18 errata-xmlrpc 2018-06-21 13:36:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.