inter VM / PF-VF communication

inter VM / PF-VF communication

[Sagar Borikar]

All,

Sorry if I am not keeping up on the subject but wanted to know whether
there is any effort going on for inter VM communication / PF-VF
communication (in case of SR-IOV)
I see that most of SR-IOV capable NIC supports mailboxes for that
purpose to avoid the security hole.
Xen has virtual device implementation for the same. Should I presume
that such kind of effort is not on the radar and HW needs to own the
responsibility of filling the loop holes in security threats imposed
by VF?

Thanks
Sagar

Re: inter VM / PF-VF communication

[Anthony Liguori]

On 09/22/2011 10:23 AM, Sagar Borikar wrote:
> All,
>
> Sorry if I am not keeping up on the subject but wanted to know whether
> there is any effort going on for inter VM communication / PF-VF
> communication (in case of SR-IOV)
> I see that most of SR-IOV capable NIC supports mailboxes for that
> purpose to avoid the security hole.
> Xen has virtual device implementation for the same. Should I presume
> that such kind of effort is not on the radar and HW needs to own the
> responsibility of filling the loop holes in security threats imposed
> by VF?

I'm not aware of any vendor these days that actually requires a PV driver for 
PF-VF communications.  I know some toyed with the idea years ago but I thought 
malboxes have become defacto standard.

Is there a specific card you think needs a pv mailbox?

Regards,

Anthony Liguori

>
> Thanks
> Sagar
> --
> To unsubscribe from this list: send the line "unsubscribe kvm" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: inter VM / PF-VF communication

[Sagar Borikar]

> I'm not aware of any vendor these days that actually requires a PV driver
> for PF-VF communications.  I know some toyed with the idea years ago but I
> thought malboxes have become defacto standard.
May be because Intel started the mailbox implementation ;). But just
wondering from hypervisor point of view, shouldn't their be any way to
communicate between PF and VF? It may also lead to unraveling loop
holes in security issues that a rogue VF driver can do.

Do you also say that Linux would depend upon HW for this? Although I
see couple of papers for PF-VF communication in KVM through mmio and
virtual pci devices to guest..
> Is there a specific card you think needs a pv mailbox?
>
> Regards,
>
> Anthony Liguori
>
>>
>> Thanks
>> Sagar
>> --
>> To unsubscribe from this list: send the line "unsubscribe kvm" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>

Re: inter VM / PF-VF communication

[Chris Wright]

* Sagar Borikar (sagar.borikar@gmail.com) wrote:
> Sorry if I am not keeping up on the subject but wanted to know whether
> there is any effort going on for inter VM communication / PF-VF
> communication (in case of SR-IOV)
> I see that most of SR-IOV capable NIC supports mailboxes for that
> purpose to avoid the security hole.
> Xen has virtual device implementation for the same. Should I presume
> that such kind of effort is not on the radar and HW needs to own the
> responsibility of filling the loop holes in security threats imposed
> by VF?

We do not support this, and had no plans to.  Most cards have managed to
do this in hw.

thanks,
-chris