[openstack-dev] "Evil" Firmware
chris.friesen at windriver.com
Fri Jan 17 00:16:02 UTC 2014
On 01/16/2014 05:12 PM, CARVER, PAUL wrote:
> Jumping back to an earlier part of the discussion, it occurs to me
> that this has broader implications. There's some discussion going on
> under the heading of Neutron with regard to PCI passthrough. I
> imagine it's under Neutron because of a desire to provide passthrough
> access to NICs, but given some of the activity around GPU based
> computing it seems like sooner or later someone is going to try to
> offer multi-tenant cloud servers with the ability to do GPU based
> computing if they haven't already.
I'd expect that the situation with PCI passthrough may be a bit
different, at least in the common case.
The usual scenario is to use SR-IOV to have a single physical device
expose a bunch of virtual functions, and then a virtual function is
passed through into a guest.
The physical function is the one with the "real" PCI config space, so as
long as the host controls it then there should be minimal risk from the
guests since they have limited access via the virtual
functions--typically mostly just message-passing to the physical function.
More information about the OpenStack-dev