06/09/2019 11:12, vattun...@marvell.com: > From: Vamsi Attunuru <vattun...@marvell.com> > > The DPDK use case such as VF representer or OVS offload etc > would call for PF and VF PCIe devices to bind vfio-pci > module to enable IOMMU protection. > > In addition to vSwitch use case, unlike, other PCI class of > devices, Network class of PCIe devices would have additional > responsibility on the PF devices such as promiscuous mode support > etc. > > The above use cases demand VFIO needs bound to PF and its > VF devices. This is use case is not supported in Linux kernel, > due to a security issue where it is possible to have > DoS in case if VF attached to guest over vfio-pci and netdev > kernel driver runs on it and which something VF representer > would like to enable it. > > Since we can not differentiate, the vfio-pci bounded VF devices > runs DPDK application or netdev driver in guest, we can not > introduce any scheme to fix DoS case and therefore not have > proper support of this in the upstream kernel. > > The igb_uio enables such PF and VF binding support for > non-iommu devices to make VF representer or OVS offload > run on non-iommu devices with DoS vulnerability for netdev driver > as VF. > > This kernel module, facilitate to enable SRIOV on PF devices, > therefore, to run both PF and VF devices in VFIO mode knowing > its impacts like igb_uio driver functions of non-iommu devices. > > Signed-off-by: Vamsi Attunuru <vattun...@marvell.com> > Signed-off-by: Jerin Jacob <jer...@marvell.com>
Sorry I fail to properly understand the explanation above. Please try to split in shorter sentences. About the request to add an out-of-tree Linux kernel driver, I guess Jerin is well aware that we don't want such anymore.
