From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f67.google.com (mail-wm0-f67.google.com [74.125.82.67]) by dpdk.org (Postfix) with ESMTP id 25B817D96 for ; Thu, 27 Jul 2017 12:48:41 +0200 (CEST) Received: by mail-wm0-f67.google.com with SMTP id t138so4336746wmt.4 for ; Thu, 27 Jul 2017 03:48:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=SM15q+/wm6YKanFB7RCUNWNfctFteJeYg67LPxiJPdw=; b=s2q2RM2/OxVsT/Y2UvFjyPkydZJDUhfbHe+40U2+7fy79WIdw63tmpo+hhvOmZpWiJ oFqvA1R7FFljiHMWtUtWAQTwGtOQWDw4Gf7E+rs4fCPKyC4Og00pzESVTvlgM2pJaIKx mq9FfjWtBTIzJA3+/1UjbQU4FtFbjPQ3NBH63mUipYZsiCKH4f7QUFX7IBCU4PbBYUVV o1Ruuu0Lt6/VKcMgiSax5jvLGCp1TKQuIlRtUBHuUF4A7rikfczuQcJ/5AsuREwC1o0E MoDTYOlFoe2WCtApsnW0Hws9O7eKiUWOFdi3pJ2Q1qXASEInI6GDjD76DO+f/YNGNIxF x1Yw== X-Gm-Message-State: AIVw110i6GDRctNmtjzfSYnjRp0ybRao8Srtno/tNNEhaU8jZ1vXyUA5 4MKKOuKgl3p6Tw== X-Received: by 10.28.228.84 with SMTP id b81mr3032866wmh.133.1501152521628; Thu, 27 Jul 2017 03:48:41 -0700 (PDT) Received: from [192.168.64.116] (bzq-82-81-101-184.red.bezeqint.net. [82.81.101.184]) by smtp.gmail.com with ESMTPSA id a3sm23856740wra.17.2017.07.27.03.48.34 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 27 Jul 2017 03:48:40 -0700 (PDT) To: Bruce Richardson Cc: Shahaf Shuler , =?UTF-8?Q?N=c3=a9lio_Laranjeiro?= , "dev@dpdk.org" , Yongseok Koh , Roy Shterman , Alexander Solganik , Leon Romanovsky References: <75d08202-1882-7660-924c-b6dbb4455b88@grimberg.me> <20170717210222.j4dwxiujqdlqhlp2@shalom> <85c0b1d9-bbf3-c6ab-727f-f508c5e5f584@grimberg.me> <20170720135548.qlkjnmzthd2vep5e@shalom> <957f84fe-199a-e016-c21c-ab54a732e561@grimberg.me> <67476089-ba6e-905c-0fdd-3a1551de97d4@grimberg.me> <0874aa20-27c1-190e-ebba-7fa075eaac7a@grimberg.me> <20170724134447.GB2848@bricha3-MOBL3.ger.corp.intel.com> From: Sagi Grimberg Message-ID: <299ae471-67a5-4b8d-6596-1cb996006d90@grimberg.me> Date: Thu, 27 Jul 2017 13:48:30 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170724134447.GB2848@bricha3-MOBL3.ger.corp.intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] Question on mlx5 PMD txq memory registration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jul 2017 10:48:42 -0000 >> Well, this is a fair argument, but without a *complete* solution for all >> of dpdk peripherals, it has very little merit (if at all). A badly >> written code can just as easily crash a server by passing a mbuf to >> a crypto device or another network device that co-exists with mlx5. >> >> So, while I understand the argument, I think its value is not worth the >> hassle that mlx5_pmd needs to take to achieve it. Did this come from a >> real requirement (from a real implementation)? >> > Would using VFIO (and the IOMMU) not allow us to provide an equivalent > level of security to what is provided by the current scheme? mlx5 does not take over the device with vfio, it simply asks the kernel to setup resources for it and sets a mac steering rule to direct traffic to its own rings. Also, I'm not aware of any way to enforce iommu is enabled. > From what I > see on-list there are a few folks already looking into that area, and > taking advantage of the IOMMU should improve security of all devices in > DPDK. I agree that this can be improved in dpdk, I was simply arguing that mlx5 guarantees alone are not very valuable, especially considering the work-arounds taken in mlx5 to achieve it. mlx5 can be converted to take over the device with vfio and simply not deal with memory registration aspects, but that is really up to mlx5 maintainers.