On 09/30/2015 03:27 PM, Michael S. Tsirkin wrote: > On Wed, Sep 30, 2015 at 03:16:04PM +0300, Vlad Zolotarov wrote: >> >> On 09/30/15 15:03, Michael S. Tsirkin wrote: >>> On Wed, Sep 30, 2015 at 02:53:19PM +0300, Vlad Zolotarov wrote: >>>> On 09/30/15 14:41, Michael S. Tsirkin wrote: >>>>> On Wed, Sep 30, 2015 at 02:26:01PM +0300, Vlad Zolotarov wrote: >>>>>> The whole idea is to bypass kernel. Especially for networking... >>>>> ... on dumb hardware that doesn't support doing that securely. >>>> On a very capable HW that supports whatever security requirements needed >>>> (e.g. 82599 Intel's SR-IOV VF devices). >>> Network card type is irrelevant as long as you do not have an IOMMU, >>> otherwise you would just use e.g. VFIO. >> Sorry, but I don't follow your logic here - Amazon EC2 environment is a >> example where there *is* iommu but it's not virtualized >> and thus VFIO is >> useless and there is an option to use directly assigned SR-IOV networking >> device there where using the kernel drivers impose a performance impact >> compared to user space UIO-based user space kernel bypass mode of usage. How >> is it irrelevant? Could u, pls, clarify your point? >> > So it's not even dumb hardware, it's another piece of software > that forces an "all or nothing" approach where either > device has access to all VM memory, or none. > And this, unfortunately, leaves you with no secure way to > allow userspace drivers.
Some setups don't need security (they are single-user, single application). But do need a lot of performance (like 5X-10X performance). An example is OpenVSwitch, security doesn't help it at all and if you force it to use the kernel drivers you cripple it. Also, I'm root. I can do anything I like, including loading a patched pci_uio_generic. You're not providing _any_ security, you're simply making life harder for users. > So it makes even less sense to add insecure work-arounds in the kernel. > It seems quite likely that by the time the new kernel reaches > production X years from now, EC2 will have a virtual iommu. I can adopt a new kernel tomorrow. I have no influence on EC2.
