Re: [virtio-dev] Re: [PATCH 0/5] virtio: introduce SUSPEND bit and vq state

["Michael S. Tsirkin" <mst@redhat.com>]

On Wed, Sep 20, 2023 at 01:41:00PM +0000, Parav Pandit wrote:
> 
> > From: Michael S. Tsirkin <mst@redhat.com>
> > Sent: Wednesday, September 20, 2023 6:12 PM
> 
> > And Parav same goes for you - can you summarize Zhu Lingshan's position?
> 
> Below is my summary about Zhu Lingshan's position:
> 
> One line summary of his position in my view:
> 
> 0. Use inband device migration only, use mediation, mediation is secure, but AQ is not secure.
> 
> Details of his position in my view:
> 
> 1. Device migration must be done through VF itself by suspending specific vqs and the VF device both.
> 2. When device migration is done using #1, it must be done using mediation approach in hypervisor.
> 
> 3. When migration is done using inband mediation it is more secure than AQ approach.
> (as opposed to AQ of the owner device who enables/disables SR-IOV).
> 
> 4. AQ is not secure.
> But,
> 5. AQ and admin commands can be built on top of his proposal #1, even if AQ is less secure. Opposing statements...
> 
> 6. Dirty page tracking and inflight descriptors tracking to be done in his v1. but he does not want to review such coverage in [1].
> 
> 8. Since his series does not cover any device context migration and does not talk anything about it, 
> I deduce that he plans to use cvq for setting ups RSS and other fields using inband CVQ of the VF.
> This further limit the solution to only net device, ignoring rest of the other 20+ device types, where all may not have the CVQ.
> 
> 9. trapping and emulation of following objects: AQ, CVQ, virtio config space, PCI FLR flow in hypervisor is secure, but when if AQ of the PF do far small work of it, AQ is not secure.
> 
> 10. Any traps proposed in #9 mostly do not work with future TDISP as TDISP do not bifurcate the device, so ignore them for now to promote inband migration.
> 
> 11. He do not show interest in collaboration (even after requesting few times) to see if we can produce common commands that may work for both passthrough (without mediation) and using mediation for nested case.
> 
> 12. Some how register access on single physical card for the PFs and VFs gives better QoS guarantee than virtqueue as registers can scale infinitely no matter how many VFs or for multiple VQs because it is per VF.
> 
> [1] https://lore.kernel.org/virtio-comment/20230909142911.524407-7-parav@nvidia.com/T/#md9fcfa1ba997463de8c7fb8c6d1786b224b0bead


OK so with this summary in mind, can you find any advantages to
inband+mediation that are real or do you just see disadvantages? And
it's a tricky question because I can see some advantages ;)


-- 
MST