On 11/24/2017 12:58 PM, Kavanagh, Mark B wrote:
>> From: Kevin Traynor [mailto:[email protected]]
>> Sent: Friday, November 24, 2017 11:31 AM
>> To: Kavanagh, Mark B <[email protected]>; [email protected]
>> Cc: [email protected]
>> Subject: Re: [ovs-dev] [PATCH 2/2] netdev-dpdk: add support for vhost IOMMU
>> feature
>>
>> On 11/16/2017 11:01 AM, Mark Kavanagh wrote:
>>> DPDK v17.11 introduces support for the vHost IOMMU feature.
>>> This is a security feature, that restricts the vhost memory
>>> that a virtio device may access.
>>>
>>> This feature also enables the vhost REPLY_ACK protocol, the
>>> implementation of which is known to work in newer versions of
>>> QEMU (i.e. v2.10.0), but is buggy in older versions (v2.7.0 -
>>> v2.9.0, inclusive). As such, the feature is disabled by default
>>> in (and should remain so, for the aforementioned older QEMU
>>> verions). Starting with QEMU v2.9.1, vhost-iommu-support can
>>> safely be enabled, even without having an IOMMU device, with
>>> no performance penalty.
>>>
>>> This patch adds a new vhost port option, vhost-iommu-support,
>>> to allow enablement of the vhost IOMMU feature:
>>>
>>> $ ovs-vsctl add-port br0 vhost-client-1 \
>>> -- set Interface vhost-client-1 type=dpdkvhostuserclient \
>>> options:vhost-server-path=$VHOST_USER_SOCKET_PATH \
>>> options:vhost-iommu-support=true
>>>
>>> Note that support for this feature is only implemented for vhost
>>> user client ports (since vhost user ports are considered deprecated).
>>>
>>> Signed-off-by: Mark Kavanagh <[email protected]>
>>> Acked-by: Maxime Coquelin <[email protected]>
>>> Acked-by: Ciara Loftus <[email protected]>
>>> ---
>>> Documentation/topics/dpdk/vhost-user.rst | 21 +++++++++++++++++++++
>>> NEWS | 1 +
>>> lib/netdev-dpdk.c | 29 ++++++++++++++++++++++++++---
>>> vswitchd/vswitch.xml | 10 ++++++++++
>>> 4 files changed, 58 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/Documentation/topics/dpdk/vhost-user.rst
>> b/Documentation/topics/dpdk/vhost-user.rst
>>> index 5347995..8dff901 100644
>>> --- a/Documentation/topics/dpdk/vhost-user.rst
>>> +++ b/Documentation/topics/dpdk/vhost-user.rst
>>> @@ -250,6 +250,27 @@ Once the vhost-user-client ports have been added to the
>> switch, they must be
>>> added to the guest. Like vhost-user ports, there are two ways to do this:
>> using
>>> QEMU directly, or using libvirt. Only the QEMU case is covered here.
>>>
>>> +vhost-user client IOMMU
>>> +~~~~~~~~~~~~~~~~~~~~~~~
>>> +It is possible to enable IOMMU support for vHost User client ports. This is
>>> +a feature which restricts the vhost memory that a virtio device can access,
>> and
>>> +as such is useful in deployments in which security is a concern. IOMMU mode
>> may
>>> +be enabled on the command line::
>>> +
>>> + $ ovs-vsctl add-port br0 vhost-client-1 \
>>> + -- set Interface vhost-client-1 type=dpdkvhostuserclient \
>>> + options:vhost-server-path=$VHOST_USER_SOCKET_PATH \
>>> + options:vhost-iommu-support=true
>>> +
>>> +.. important::
>>> +
>>> + Enabling the IOMMU feature also enables the vhost user reply-ack
>> protocol;
>>> + this is known to work on QEMU v2.10.0, but is buggy on older versions
>>> + (2.7.0 - 2.9.0, inclusive). Consequently, the IOMMU feaure is disabled
>> by
>>> + default (and should remain so if using the aforementioned versions of
>> QEMU).
>>> + Starting with QEMU v2.9.1, vhost-iommu-support can safely be enabled,
>> even
>>> + without having an IOMMU device, with no performance penalty.
>>> +
>>> Adding vhost-user-client ports to the guest (QEMU)
>>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>>
>>> diff --git a/NEWS b/NEWS
>>> index 74e59bf..c15dc24 100644
>>> --- a/NEWS
>>> +++ b/NEWS
>>> @@ -14,6 +14,7 @@ Post-v2.8.0
>>> * Add support for compiling OVS with the latest Linux 4.13 kernel
>>> - DPDK:
>>> * Add support for DPDK v17.11
>>> + * Add support for vHost IOMMU feature
>>>
>>> v2.8.0 - 31 Aug 2017
>>> --------------------
>>> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
>>> index ed5bf62..2e9633a 100644
>>> --- a/lib/netdev-dpdk.c
>>> +++ b/lib/netdev-dpdk.c
>>> @@ -1424,15 +1424,29 @@ netdev_dpdk_vhost_client_set_config(struct netdev
>> *netdev,
>>> {
>>> struct netdev_dpdk *dev = netdev_dpdk_cast(netdev);
>>> const char *path;
>>> + bool iommu_enable;
>>> + bool request_reconfigure = false;
>>> + uint64_t vhost_driver_flags_prev = dev->vhost_driver_flags;
>>>
>>> ovs_mutex_lock(&dev->mutex);
>>> if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT)) {
>>> path = smap_get(args, "vhost-server-path");
>>> if (path && strcmp(path, dev->vhost_id)) {
>>> strcpy(dev->vhost_id, path);
>>> - netdev_request_reconfigure(netdev);
>>> + request_reconfigure = true;
>>> }
>>> }
>>> +
>>> + iommu_enable = smap_get_bool(args, "vhost-iommu-support", false);
>>> + if (iommu_enable)
>>> + dev->vhost_driver_flags |= RTE_VHOST_USER_IOMMU_SUPPORT;
>>> + else
>>> + dev->vhost_driver_flags &= ~RTE_VHOST_USER_IOMMU_SUPPORT;
>>> + if (vhost_driver_flags_prev != dev->vhost_driver_flags)
>>> + request_reconfigure = true;
>>> +
>>> + if (request_reconfigure)
>>> + netdev_request_reconfigure(netdev);
>>> ovs_mutex_unlock(&dev->mutex);
>>>
>>> return 0;
>>> @@ -3326,9 +3340,18 @@ netdev_dpdk_vhost_client_reconfigure(struct netdev
>> *netdev)
>>> */
>>> if (!(dev->vhost_driver_flags & RTE_VHOST_USER_CLIENT)
>>> && strlen(dev->vhost_id)) {
>>> + /* Enable vhost IOMMU, if it was requested.
>>> + * XXX: the 'flags' variable is required, as not all vhost backend
>>> + * features are currently supported by OvS; in time, it should be
>>> + * possible to invoke rte_vhost_driver_register(), passing
>>> + * dev->vhost_driver_flags directly as a parameter to same.
>>> + */
>>
>> Can you elaborate on this? I only see vhost_driver_flags used to
>> indicate support for client and iommu, so I'm not sure the need for the
>> flags variable.
>
> Hey Kevin,
>
> There's also RTE_VHOST_USER_DEQUEUE_ZERO_COPY, which isn't supported yet.
>
Sure, but that is never set in OVS, so it would not be enabled by using
the vhost_driver_flag directly. That is what is done for the vhostuser
port case. If support (and the bit) was enabled in the future, then we
would want to pass it down to the rte_vhost_driver_register() also.
thanks,
Kevin.
> Thanks,
> Mark
>
>>
>>> + uint64_t flags = RTE_VHOST_USER_CLIENT;
>>> + if (dev->vhost_driver_flags & RTE_VHOST_USER_IOMMU_SUPPORT)
>>> + flags |= RTE_VHOST_USER_IOMMU_SUPPORT;
>>> +
>>> /* Register client-mode device */
>>> - err = rte_vhost_driver_register(dev->vhost_id,
>>> - RTE_VHOST_USER_CLIENT);
>>> + err = rte_vhost_driver_register(dev->vhost_id, flags);
>>> if (err) {
>>> VLOG_ERR("vhost-user device setup failure for device %s\n",
>>> dev->vhost_id);
>>> diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml
>>> index c145e1a..a633226 100644
>>> --- a/vswitchd/vswitch.xml
>>> +++ b/vswitchd/vswitch.xml
>>> @@ -2654,6 +2654,16 @@ ovs-vsctl add-port br0 p0 -- set Interface p0
>> type=patch options:peer=p1 \
>>> </p>
>>> </column>
>>>
>>> + <column name="options" key="vhost-iommu-support"
>>> + type='{"type": "boolean"}'>
>>> + <p>
>>> + The value specifies whether IOMMU support is enabled for a vHost
>> User
>>> + client mode device that has been or will be created by QEMU.
>>> + Only supported by dpdkvhostuserclient interfaces. If not
>> specified or
>>> + an incorrect value is specified, defaults to 'false'.
>>> + </p>
>>> + </column>
>>> +
>>> <column name="options" key="n_rxq_desc"
>>> type='{"type": "integer", "minInteger": 1, "maxInteger":
>> 4096}'>
>>> <p>
>>>
>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
