From: Bruce Richardson <bruce.richardson@intel.com>
To: Sagi Grimberg <sagi@grimberg.me>
Cc: "Shahaf Shuler" <shahafs@mellanox.com>,
"Nélio Laranjeiro" <nelio.laranjeiro@6wind.com>,
"dev@dpdk.org" <dev@dpdk.org>,
"Yongseok Koh" <yskoh@mellanox.com>,
"Roy Shterman" <roys@lightbitslabs.com>,
"Alexander Solganik" <sashas@lightbitslabs.com>,
"Leon Romanovsky" <leonro@mellanox.com>
Subject: Re: [dpdk-dev] Question on mlx5 PMD txq memory registration
Date: Mon, 24 Jul 2017 14:44:47 +0100 [thread overview]
Message-ID: <20170724134447.GB2848@bricha3-MOBL3.ger.corp.intel.com> (raw)
In-Reply-To: <0874aa20-27c1-190e-ebba-7fa075eaac7a@grimberg.me>
On Sun, Jul 23, 2017 at 12:03:41PM +0300, Sagi Grimberg wrote:
>
> > > I don't understand the security argument. Its completely private to the
> > > driver. anything under librte is equivalent to an OS wrt networking, so I fail to
> > > see what is the security feature your talking about.
> >
> > You are correct that as a root you are able to do whatever you want on the server.
> > The security I refer to is to protect against badly written code.
> >
> > The fact the PMD only registers the mempools, and use the device engine to translate the VA, provide some protection.
> > For example, one DPDK process will not be able to access the memory of other DPDK process *by mistake*.
>
> Well, this is a fair argument, but without a *complete* solution for all
> of dpdk peripherals, it has very little merit (if at all). A badly
> written code can just as easily crash a server by passing a mbuf to
> a crypto device or another network device that co-exists with mlx5.
>
> So, while I understand the argument, I think its value is not worth the
> hassle that mlx5_pmd needs to take to achieve it. Did this come from a
> real requirement (from a real implementation)?
>
Would using VFIO (and the IOMMU) not allow us to provide an equivalent
level of security to what is provided by the current scheme? From what I
see on-list there are a few folks already looking into that area, and
taking advantage of the IOMMU should improve security of all devices in
DPDK.
/Bruce
next prev parent reply other threads:[~2017-07-24 13:44 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-17 13:29 Sagi Grimberg
2017-07-17 21:02 ` Nélio Laranjeiro
2017-07-19 6:21 ` Sagi Grimberg
2017-07-20 13:55 ` Nélio Laranjeiro
2017-07-20 14:06 ` Sagi Grimberg
2017-07-20 15:20 ` Shahaf Shuler
2017-07-20 16:22 ` Sagi Grimberg
2017-07-23 8:17 ` Shahaf Shuler
2017-07-23 9:03 ` Sagi Grimberg
2017-07-24 13:44 ` Bruce Richardson [this message]
2017-07-27 10:48 ` Sagi Grimberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170724134447.GB2848@bricha3-MOBL3.ger.corp.intel.com \
--to=bruce.richardson@intel.com \
--cc=dev@dpdk.org \
--cc=leonro@mellanox.com \
--cc=nelio.laranjeiro@6wind.com \
--cc=roys@lightbitslabs.com \
--cc=sagi@grimberg.me \
--cc=sashas@lightbitslabs.com \
--cc=shahafs@mellanox.com \
--cc=yskoh@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).