From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bruce.richardson@intel.com>
Received: from mga01.intel.com (mga01.intel.com [192.55.52.88])
 by dpdk.org (Postfix) with ESMTP id E3D651F5
 for <dev@dpdk.org>; Mon, 24 Jul 2017 15:44:52 +0200 (CEST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
 by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 24 Jul 2017 06:44:51 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.40,407,1496127600"; d="scan'208";a="1154718450"
Received: from bricha3-mobl3.ger.corp.intel.com ([10.237.221.72])
 by orsmga001.jf.intel.com with SMTP; 24 Jul 2017 06:44:48 -0700
Received: by  (sSMTP sendmail emulation); Mon, 24 Jul 2017 14:44:48 +0100
Date: Mon, 24 Jul 2017 14:44:47 +0100
From: Bruce Richardson <bruce.richardson@intel.com>
To: Sagi Grimberg <sagi@grimberg.me>
Cc: Shahaf Shuler <shahafs@mellanox.com>,
 =?iso-8859-1?Q?N=E9lio?= Laranjeiro <nelio.laranjeiro@6wind.com>,
 "dev@dpdk.org" <dev@dpdk.org>, Yongseok Koh <yskoh@mellanox.com>,
 Roy Shterman <roys@lightbitslabs.com>,
 Alexander Solganik <sashas@lightbitslabs.com>,
 Leon Romanovsky <leonro@mellanox.com>
Message-ID: <20170724134447.GB2848@bricha3-MOBL3.ger.corp.intel.com>
References: <75d08202-1882-7660-924c-b6dbb4455b88@grimberg.me>
 <20170717210222.j4dwxiujqdlqhlp2@shalom>
 <85c0b1d9-bbf3-c6ab-727f-f508c5e5f584@grimberg.me>
 <20170720135548.qlkjnmzthd2vep5e@shalom>
 <957f84fe-199a-e016-c21c-ab54a732e561@grimberg.me>
 <VI1PR05MB314963FFD3B58C1E9559C68BC3A70@VI1PR05MB3149.eurprd05.prod.outlook.com>
 <67476089-ba6e-905c-0fdd-3a1551de97d4@grimberg.me>
 <VI1PR05MB31499E3669E1D55080863BD0C3BA0@VI1PR05MB3149.eurprd05.prod.outlook.com>
 <0874aa20-27c1-190e-ebba-7fa075eaac7a@grimberg.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <0874aa20-27c1-190e-ebba-7fa075eaac7a@grimberg.me>
Organization: Intel Research and =?iso-8859-1?Q?De=ACvel?=
 =?iso-8859-1?Q?opment?= Ireland Ltd.
User-Agent: Mutt/1.8.3 (2017-05-23)
Subject: Re: [dpdk-dev] Question on mlx5 PMD txq memory registration
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jul 2017 13:44:53 -0000

On Sun, Jul 23, 2017 at 12:03:41PM +0300, Sagi Grimberg wrote:
> 
> > > I don't understand the security argument. Its completely private to the
> > > driver. anything under librte is equivalent to an OS wrt networking, so I fail to
> > > see what is the security feature your talking about.
> > 
> > You are correct that as a root you are able to do whatever you want on the server.
> > The security I refer to is to protect against badly written code.
> > 
> > The fact the PMD only registers the mempools, and use the device engine to translate the VA, provide some protection.
> > For example, one DPDK process will not be able to access the memory of other DPDK process *by mistake*.
> 
> Well, this is a fair argument, but without a *complete* solution for all
> of dpdk peripherals, it has very little merit (if at all). A badly
> written code can just as easily crash a server by passing a mbuf to
> a crypto device or another network device that co-exists with mlx5.
> 
> So, while I understand the argument, I think its value is not worth the
> hassle that mlx5_pmd needs to take to achieve it. Did this come from a
> real requirement (from a real implementation)?
> 
Would using VFIO (and the IOMMU) not allow us to provide an equivalent
level of security to what is provided by the current scheme? From what I
see on-list there are a few folks already looking into that area, and
taking advantage of the IOMMU should improve security of all devices in
DPDK.

/Bruce