[openstack-dev] "Evil" Firmware
ijw.ubuntu at cack.org.uk
Fri Jan 17 12:17:08 UTC 2014
On 17 January 2014 01:16, Chris Friesen <chris.friesen at windriver.com> wrote:
> On 01/16/2014 05:12 PM, CARVER, PAUL wrote:
> Jumping back to an earlier part of the discussion, it occurs to me
>> that this has broader implications. There's some discussion going on
>> under the heading of Neutron with regard to PCI passthrough. I
>> imagine it's under Neutron because of a desire to provide passthrough
>> access to NICs, but given some of the activity around GPU based
>> computing it seems like sooner or later someone is going to try to
>> offer multi-tenant cloud servers with the ability to do GPU based
>> computing if they haven't already.
> I'd expect that the situation with PCI passthrough may be a bit different,
> at least in the common case.
> The usual scenario is to use SR-IOV to have a single physical device
> expose a bunch of virtual functions, and then a virtual function is passed
> through into a guest.
That entirely depends on the card in question. Some cards support SRIOV
and some don't (you wouldn't normally use SRIOV on a GPU, as I understand
it, though you might reasonably expect it on a modern network card). Even
on cards that do support SRIOV there's nothing stopping you assigning the
But from the discussion here it seems that (whole card passthrough) +
(reprorgrammable firmware) would be the danger, and programmatically
there's no way to tell from the passthrough code in Nova whether any given
card has programmable firmware. It's a fairly safe bet you can't reprogram
firmware permanently from a VF, agreed.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev