Received: by 10.192.165.156 with SMTP id m28csp1036656imm; Thu, 19 Apr 2018 11:41:52 -0700 (PDT) X-Google-Smtp-Source: AIpwx490QjzwWcghInS/ssluqvPHmMGu0VpkcPf23m0ri0BTkEECUTGF2sEfpleoXqkEdNbpoInY X-Received: by 2002:a17:902:51ee:: with SMTP id y101-v6mr6924183plh.359.1524163312666; Thu, 19 Apr 2018 11:41:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1524163312; cv=none; d=google.com; s=arc-20160816; b=o1tLcTQyzTItCHbyoczAtXfyv5ab6bgUDnXtPqWTFlKrdC95ifEttUYp/54Y3I3dzE g8lSOS6GmN5GgI9Nzv/VOdTLzMi8T7ROZ659NiwyFxmAnt4FNmCUjjlPD3ylRs1EQffn hkvDGXIgqu57wzoXm4U3Mye+VWlVnlzhSB8ZOV1n80IHuRjWtQWXLhLXcbIk7IslEyFl eEdq80tmA2HEs2m8sJ0Ic1macx+ZllwRhwl3nm0IZtAbn7+B9NTm+XWzJ8uMIuIRtWJw aLEhj5O13THUwQVHdfKuC25LM59sM0DTFAjtE+htyoMvhxSY9e1eWehXV55H1Y2UVSEF jFVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :arc-authentication-results; bh=IsjVsq5cEWNmIH4w+8WE3rABdTKkaxsgA28PVNTFS0Y=; b=yx/VV8WcyvDUjApd4zVcNcZ6eBeekiXqetpH2amuW/fvMWne6/yRej/Mq2HMJLTOZ4 BwBmFg2eb/W988H4B8wWL0Xa2Syv8Ok3VxLIBarb7k1kqCXdAGOFHBOyEVJ88v8luyRN Ih450a5EmZGke75pqrFBxQ4fjvVzehlY5yBJHdlp5PtRfJ/3HLjHyoO5iDgkb4vtpMMY rSDHodAAlDIvMGPJzi2qyWg8Uz+NB7a9BOPu8vBjUxR14K5TYMHI5bRIKz+7dTy6me2N oW5Ef1kjZyN7o7BeOU16J5SA6tBnherOPMkgcOj3BVmctrZ8wVZ712pnUMe9L5Ln2SN8 3WAg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e9si3607719pgn.17.2018.04.19.11.41.38; Thu, 19 Apr 2018 11:41:52 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753298AbeDSSk1 (ORCPT + 99 others); Thu, 19 Apr 2018 14:40:27 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:55854 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752908AbeDSSkZ (ORCPT ); Thu, 19 Apr 2018 14:40:25 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 22F684072458; Thu, 19 Apr 2018 18:40:25 +0000 (UTC) Received: from redhat.com (ovpn-120-175.rdu2.redhat.com [10.10.120.175]) by smtp.corp.redhat.com (Postfix) with SMTP id 2DE682166BAE; Thu, 19 Apr 2018 18:40:24 +0000 (UTC) Date: Thu, 19 Apr 2018 21:40:23 +0300 From: "Michael S. Tsirkin" To: Jason Wang Cc: Tiwei Bie , alex.williamson@redhat.com, ddutile@redhat.com, alexander.h.duyck@intel.com, virtio-dev@lists.oasis-open.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, virtualization@lists.linux-foundation.org, netdev@vger.kernel.org, dan.daly@intel.com, cunming.liang@intel.com, zhihong.wang@intel.com, jianfeng.tan@intel.com, xiao.w.wang@intel.com Subject: Re: [RFC] vhost: introduce mdev based hardware vhost backend Message-ID: <20180419212911-mutt-send-email-mst@kernel.org> References: <20180402152330.4158-1-tiwei.bie@intel.com> <622f4bd7-1249-5545-dc5a-5a92b64f5c26@redhat.com> <20180410045723.rftsb7l4l3ip2ioi@debian> <30a63fff-7599-640a-361f-a27e5783012a@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <30a63fff-7599-640a-361f-a27e5783012a@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Thu, 19 Apr 2018 18:40:25 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.5]); Thu, 19 Apr 2018 18:40:25 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'mst@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 10, 2018 at 03:25:45PM +0800, Jason Wang wrote: > > > > One problem is that, different virtio ring compatible devices > > > > may have different device interfaces. That is to say, we will > > > > need different drivers in QEMU. It could be troublesome. And > > > > that's what this patch trying to fix. The idea behind this > > > > patch is very simple: mdev is a standard way to emulate device > > > > in kernel. > > > So you just move the abstraction layer from qemu to kernel, and you still > > > need different drivers in kernel for different device interfaces of > > > accelerators. This looks even more complex than leaving it in qemu. As you > > > said, another idea is to implement userspace vhost backend for accelerators > > > which seems easier and could co-work with other parts of qemu without > > > inventing new type of messages. > > I'm not quite sure. Do you think it's acceptable to > > add various vendor specific hardware drivers in QEMU? > > > > I don't object but we need to figure out the advantages of doing it in qemu > too. > > Thanks To be frank kernel is exactly where device drivers belong. DPDK did move them to userspace but that's merely a requirement for data path. *If* you can have them in kernel that is best: - update kernel and there's no need to rebuild userspace - apps can be written in any language no need to maintain multiple libraries or add wrappers - security concerns are much smaller (ok people are trying to raise the bar with IOMMUs and such, but it's already pretty good even without) The biggest issue is that you let userspace poke at the device which is also allowed by the IOMMU to poke at kernel memory (needed for kernel driver to work). Yes, maybe if device is not buggy it's all fine, but it's better if we do not have to trust the device otherwise the security picture becomes more murky. I suggested attaching a PASID to (some) queues - see my old post "using PASIDs to enable a safe variant of direct ring access". Then using IOMMU with VFIO to limit access through queue to corrent ranges of memory. -- MST