> I think the whole process of VFIO binding maybe needs at least a second > thought regarding corner cases and security. > > 1) in the setup process, there currently is no mechanism that checks if the > Device to be used has other devices in the > same iommu group that need to be bound to VFIO too. Otherwise using VFIO will > fail. > I think currently, it only works if the network device is the only one in its > iommu group. > > 2) Right now everything inside /dev/vfio/ is granted to the all users, right? > Maybe this leads to (security) issues if VFIO > is in active use by other non-dpdk processes for other PCIe devices.
I believe that's how VFIO is meant to be used. At least according to VFIO documentation, located here: https://www.kernel.org/doc/Documentation/vfio.txt Regarding 1), this can only be done by unbinding the device from the host driver and binding it to vfio-pci, which can't be done by the user. If the device is not bound to vfio-pci, we have no way of knowing if it belongs to this or that IOMMU group. Regarding 2), as noted above, the administrator should set up VFIO devices. While I agree that the way setup.sh sets up VFIO security permissions is not ideal, it's really there to cover the most common use case. An administrator can always set up VFIO on his own, granting permissions as needed. Thanks, Anatoly
