On Tue, Jun 27, 2023 at 01:36:50PM +0200, Maxime Coquelin wrote: > This small series enables virtio-net device type in VDUSE. > With it, basic operation have been tested, both with > virtio-vdpa and vhost-vdpa using DPDK Vhost library series > adding VDUSE support using split rings layout (merged in > DPDK v23.07-rc1). > > Control queue support (and so multiqueue) has also been > tested, but requires a Kernel series from Jason Wang > relaxing control queue polling [1] to function reliably. > > [1]: > https://lore.kernel.org/lkml/cacgkmetgrxn3ppwsdo4oosnssljfembez0wvjgrr3whu+qa...@mail.gmail.com/T/ > > RFC -> v1 changes: > ================== > - Fail device init if it does not support VERSION_1 (Jason)
So I can put this in next, the issue I think is that of security: currently selinux can if necessary block access to creating virtio block devices. But if we have more than one type we need a way for selinux to block specific types. Can be a patch on top but pls work to address. Another question is that with this userspace can inject packets directly into net stack. Should we check CAP_NET_ADMIN or such? > Maxime Coquelin (2): > vduse: validate block features only with block devices > vduse: enable Virtio-net device type > > drivers/vdpa/vdpa_user/vduse_dev.c | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) > > -- > 2.41.0 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
