On Fri, 6 Sep 2019 14:42:30 +0530 <vattun...@marvell.com> wrote: > From: Vamsi Attunuru <vattun...@marvell.com> > > The DPDK use case such as VF representer or OVS offload etc > would call for PF and VF PCIe devices to bind vfio-pci > module to enable IOMMU protection. > > In addition to vSwitch use case, unlike, other PCI class of > devices, Network class of PCIe devices would have additional > responsibility on the PF devices such as promiscuous mode support > etc. > > The above use cases demand VFIO needs bound to PF and its > VF devices. This is use case is not supported in Linux kernel, > due to a security issue where it is possible to have > DoS in case if VF attached to guest over vfio-pci and netdev > kernel driver runs on it and which something VF representer > would like to enable it. > > Since we can not differentiate, the vfio-pci bounded VF devices > runs DPDK application or netdev driver in guest, we can not > introduce any scheme to fix DoS case and therefore not have > proper support of this in the upstream kernel. > > The igb_uio enables such PF and VF binding support for > non-iommu devices to make VF representer or OVS offload > run on non-iommu devices with DoS vulnerability for netdev driver > as VF. > > This kernel module, facilitate to enable SRIOV on PF devices, > therefore, to run both PF and VF devices in VFIO mode knowing > its impacts like igb_uio driver functions of non-iommu devices. > > Signed-off-by: Vamsi Attunuru <vattun...@marvell.com> > Signed-off-by: Jerin Jacob <jer...@marvell.com>
NAK Having kernel drivers not in upstream kernel is a long term maintenance and security risk. Please work with upstream kernel developers to get this merged there.
