On Thu, 2 Feb 2017 13:18:55 +0700 harry tulus <harrytulu...@gmail.com> wrote:
> What's the different pci-stub of vfio exactly? pci-stub is a dummy driver. AIUI it was originally developed because the original KVM device assignment didn't actually bind to the assigned device as a host driver, it simply grabbed the device and started using it. Likewise, since KVM isn't a proper device driver, another host driver could attempt to bind to the device while KVM had it assigned to a user. The pci-stub driver was introduced to occupy the driver slot for the device while KVM made use of it. There are two reasons this can still be useful with vfio. One is that pci-stub is often built into the kernel (it really should be even though some distros get this wrong), this allows it to bind to devices earlier than drivers that are loadable modules. With this setup we can instruct pci-stub to bind to devices before the host driver can get to them so we can keep the device in a pristine state for assignment to a guest. The other lesser use case with vfio is with IOMMU grouping. If you have a group with multiple devices all the devices in the group must be bound to compatible drivers or else vfio will consider the group non-viable. This is intended to prevent host drivers within the same group as a user controlled device as they would not be isolated from each other. With pci-stub, we know this driver does not initiate any DMA on behalf of the host, so we consider it compatible. Thus if you have endpoints in your IOMMU group that you need to do something with to make the group viable, but you want to make sure the user doesn't have access to it, you can bind the device to pci-stub. This adds a little bit of extra protection vs binding the device to vfio-pci as a compromised user could not simply open other devices within the group that are bound to vfio-pci through the vfio interface. As opposed to pci-stub, vfio is a complete interface for userspace drivers. It provides secure, isolated, IOMMU protected access to the device. There's an entire document in the kernel (Documentation/vfio.txt) describing vfio. If you have further question, please ask. Thanks, Alex _______________________________________________ vfio-users mailing list vfio-users@redhat.com https://www.redhat.com/mailman/listinfo/vfio-users
