On Tue, Oct 07, 2025 at 06:51:47AM +0000, Zhi Wang wrote: > > You'd have to be more specific, I didn't see really any mediation > > stuff in the vfio driver to explain why the VF in the VM would act so > > differently that it "couldn't work" > > From the device vendor’s perspective, we have no support or use case for > a bare-metal VF model, not now and not in the foreseeable future.
Again be specific, exactly what mediation in vfio is missing. > Even hypothetically, such support would not come from nova-core.ko, > since that would defeat the purpose of maintaining a trimmed-down > kernel module where minimizing the attack surface and preserving > strict security boundaries are primary design goals. Nonsense. If you moved stuff from vfio to noca-core it doesn't change the "trimmed-down" nature one bit. I'm strongly against adding that profiling stuff to vfio, and I'm not hearing any reasons why nova is special and it must be done that way. Jason
