On Thu, Dec 14, 2017 at 05:39:19PM +0100, Maxime Coquelin wrote: > > > On 12/14/2017 05:27 PM, Michael S. Tsirkin wrote: > > On Thu, Dec 14, 2017 at 03:46:56PM +0000, Stefan Hajnoczi wrote: > > > On Wed, Dec 13, 2017 at 10:50:11PM +0100, Maxime Coquelin wrote: > > > > On 12/13/2017 09:08 PM, Stefan Hajnoczi wrote: > > > > > On Wed, Dec 13, 2017 at 3:01 PM, Michael S. Tsirkin <m...@redhat.com> > > > > > wrote: > > > > > > On Wed, Dec 13, 2017 at 12:35:21PM +0000, Stefan Hajnoczi wrote: > > > > > > > I'm not saying that DPDK should use libvhost-user. I'm saying > > > > > > > that it's > > > > > > > easy to add vfio vhost-pci support (for the PCI adapter I > > > > > > > described) to > > > > > > > DPDK. This patch series would require writing a completely new > > > > > > > slave > > > > > > > for vhost-pci because the device interface is so different from > > > > > > > vhost-user. > > > > > > > > > > > > The main question is how appropriate is the vhost user protocol > > > > > > for passing to guests. And I am not sure at this point. > > > > > > > > > > > > Someone should go over vhost user messages and see whether they are > > > > > > safe > > > > > > to pass to guest. If most are then we can try the transparent > > > > > > approach. > > > > > > If most aren't then we can't and might as well use the proposed > > > > > > protocol > > > > > > which at least has code behind it. > > > > > > > > > > I have done that: > > > > > > > > > ... > > > > > * VHOST_USER_SET_MEM_TABLE > > > > > > > > > > Set up BARs before sending a VHOST_USER_SET_MEM_TABLE to the > > > > > guest. > > > > > > > > It would require to filter out userspace_addr from the payload not to > > > > leak other QEMU process VAs to the guest. > > > > > > QEMU's vhost-user master implementation is insecure because it leaks > > > QEMU process VAs. This also affects vhost-user host processes, not just > > > vhost-pci. > > > > > > The QEMU vhost-user master could send an post-IOMMU guest physical > > > addresses whereever the vhost-user protocol specification says "user > > > address". That way no address space information is leaked although it > > > does leak IOMMU mappings. > > > > > > If we want to hide the IOMMU mappings too then we need another logical > > > address space (kind a randomized ramaddr_t). > > > > > > Anyway, my point is that the current vhost-user master implementation is > > > insecure and should be fixed. vhost-pci doesn't need to worry about > > > this issue. > > > > > > Stefan > > > > I was going to make this point too. It does not look like anyone uses > > userspace_addr. It might have been a mistake to put it there - > > maybe we should have reused it for map offset. > > > > It does not look like anyone uses this for anything. > > > > How about we put zero, or a copy of the GPA there? > > > > > > It is used when no iommu for the ring addresses, and when iommu is used > for the IOTLB update messages. > > Maxime
How do clients use it? Why won't GPA do just as well? -- MST
