IOMMU support added in the DPDK Vhost-user backend
This update adds IOMMU support in the Data Plane Development Kit (DPDK) Vhost-user backend and now guests can securely access host-user ports from user space. As a result, the guest Kernel or other processes in memory are protected against malicious Virtio-user space drivers.
DPDK should properly support IOMMU when using Vhost-user, in order to allow guests to securely access vhost-user ports from user space.
This will be implemented using the IOTLB caching approach in vhost user.
*** Bug 1283262 has been marked as a duplicate of this bug. ***
V1 of the series posted upstream:
Series merged upstream, will be in DPDK v17.11-rc1.
The change being in DPDK's vhost-user library, moving to Openvswitch component.
The change is released in DPDK v17.11 LTS.
The openvwitch component is delivered through the fast datapath channel, it is not documented in release notes.
Tested in openvswitch-2.9.0-37.el7fdp.x86_64
Bound vfio without the iommu override.
was able to pass traffic between nic's.
[root@localhost ~]# rpm -qa |grep dpdk
root@localhost ~]# dmesg |grep IOMMU
[ 0.000000] DMAR: IOMMU enabled
[ 0.155453] DMAR-IR: IOAPIC id 0 under DRHD base 0xfed90000 IOMMU 0
[root@localhost ~]# cat /sys/module/vfio/parameters/enable_unsafe_noiommu_mode
[root@localhost ~]# driverctl -v list-overrides
0000:00:03.0 vfio-pci (Virtio network device)
0000:00:09.0 vfio-pci (Virtio network device)
Passing traffic with Xena 2544 test suite.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.