From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f44.google.com (mail-wm0-f44.google.com [74.125.82.44]) by dpdk.org (Postfix) with ESMTP id 82E622C50 for ; Sun, 6 Mar 2016 23:26:22 +0100 (CET) Received: by mail-wm0-f44.google.com with SMTP id p65so86118770wmp.1 for ; Sun, 06 Mar 2016 14:26:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=6wind-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:organization:user-agent :in-reply-to:references:mime-version:content-transfer-encoding; bh=iF/NbG1eJVZnDnw/FQ7bqNxYcchxOVIGUPpjq0UWmjg=; b=DH33zF/pjo19I2G47mm+SdXzFG/Edx57zPzwfB5GHTuxY2BlWBhFIn4hRQdpvlyXQK 0DUzyRA/SQaCUtJQmLINf3cqA0xfgBq4ou74hK+uM/kWRNqJRKkwHLz+bUjQFbtv+nub 7OP1TvATsOP/AAsGMQpRpmDiM0ywLR6a3b4g92VIICT6a1tJTwrnyb2RUm9jQy5xJO3R +kioniQQmIwhnyIdu+A5nyEmXLytpOtNuZZhu85m9ut/+/UJVLXjoV360emMXZFQmpUX TxNhUJJKg9qs91SO/2/ZQj1LonLAyqmuVEOGCz4cf2yIDXW7LF4QRNtfGjyDq0uNyuBY k3aQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:organization :user-agent:in-reply-to:references:mime-version :content-transfer-encoding; bh=iF/NbG1eJVZnDnw/FQ7bqNxYcchxOVIGUPpjq0UWmjg=; b=bXTrcN4dwDXdiiJdrM8s6CUEENSHmJKB8Nj4fqoUfUgRv5wQbq6BTxg5poFQO5V6wf X3q0y1EWdYQ9wUmhNkqUf8MsiTNwUfF7q1HqokjZKAlH6cQXVOThTpmiX4BF/Wnq8KvP all2XPNGiarFCqEq0UR/2MWV7PxkoVPZXHWr3S+R9/q6/T0yKaEWxLctL4Ax6W/BjGrU nUTFcUiMMcF2lsrS8dnIZo1Qs8MitvWmRkNJava/st7TqRV4fRGQny6whwfFBqVHhcbk QuKeru2NFOdubZxJiDeL/VgbF066vgECMHFqUpGXmwzbKGuV2VDHK5eCwA1s3ZkCaE/o 0QLg== X-Gm-Message-State: AD7BkJIAIIiWaTBedGeDrZLlobOx0t0sdq08Zn6yLgNDdOtXbj9DUQs16/e98Dg7ETko5n/i X-Received: by 10.194.76.72 with SMTP id i8mr19294795wjw.117.1457303182337; Sun, 06 Mar 2016 14:26:22 -0800 (PST) Received: from xps13.localnet (171.36.101.84.rev.sfr.net. [84.101.36.171]) by smtp.gmail.com with ESMTPSA id z6sm10619521wme.9.2016.03.06.14.26.21 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 06 Mar 2016 14:26:21 -0800 (PST) From: Thomas Monjalon To: Wenzhuo Lu Date: Sun, 06 Mar 2016 23:24:44 +0100 Message-ID: <3090594.zNmFQBUITj@xps13> Organization: 6WIND User-Agent: KMail/4.14.10 (Linux/4.1.6-1-ARCH; KDE/4.14.11; x86_64; ; ) In-Reply-To: <1456462117-29522-1-git-send-email-wenzhuo.lu@intel.com> References: <1456291984-7309-1-git-send-email-wenzhuo.lu@intel.com> <1456462117-29522-1-git-send-email-wenzhuo.lu@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Cc: dev@dpdk.org Subject: Re: [dpdk-dev] [PATCH v2] doc: Malicious Driver Detection not supported by ixgbe X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Mar 2016 22:26:22 -0000 2016-02-26 12:48, Wenzhuo Lu: > --- a/doc/guides/nics/ixgbe.rst > +++ b/doc/guides/nics/ixgbe.rst > @@ -147,6 +147,26 @@ The following MACROs are used for these three features: > > * ETH_TXQ_FLAGS_NOXSUMTCP > > +Malicious Driver Detection not Supported by ixgbe > +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Why is it in the vector PMD section? > + > +The Intel x550 series NICs support a feature called MDD (Malcicious > +Driver Detection) which checks the behavior of the VF driver. > +If this feature is enabled, the VF must use the advanced context descriptor > +correctly and set the CC (Check Context) bit. > +DPDK PF doesn't support MDD, but kernel PF does. We may hit problem in this > +scenario kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will > +not work. Because kernel PF thinks the VF is malicious. But actually it's not. > +The only reason is the VF doesn't act as MDD required. > +There's significant performance impact to support MDD. DPDK should check if > +the advanced context descriptor should be set and set it. And DPDK has to ask > +the info about the header length from the upper layer, because parsing the > +packet itself is not acceptale. So, it's too expensive to support MDD. > +When using kernel PF + DPDK VF on x550, please make sure using the kernel > +driver that disables MDD or can disable MDD. (Some kernel driver can use > +this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disables > +it by default.) > + > > Sample Application Notes > ~~~~~~~~~~~~~~~~~~~~~~~~ > diff --git a/doc/guides/rel_notes/release_16_04.rst b/doc/guides/rel_notes/release_16_04.rst > index 5786f74..0647896 100644 > --- a/doc/guides/rel_notes/release_16_04.rst > +++ b/doc/guides/rel_notes/release_16_04.rst > @@ -90,6 +90,29 @@ This section should contain new known issues in this release. Sample format: > tense. Add information on any known workarounds. > > > +Restriction > +----------- > + > +* **Malicious Driver Detection is not supported by ixgbe** > + > + The Intel x550 series NICs support a feature called MDD (Malcicious > + Driver Detection) which checks the behavior of the VF driver. > + If this feature is enabled, the VF must use the advanced context descriptor > + correctly and set the CC (Check Context) bit. > + DPDK PF doesn't support MDD, but kernel PF does. We may hit problem in this > + scenario kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will > + not work. Because kernel PF thinks the VF is malicious. But actually it's not. > + The only reason is the VF doesn't act as MDD required. > + There's significant performance impact to support MDD. DPDK should check if > + the advanced context descriptor should be set and set it. And DPDK has to ask > + the info about the header length from the upper layer, because parsing the > + packet itself is not acceptale. So, it's too expensive to support MDD. > + When using kernel PF + DPDK VF on x550, please make sure using the kernel > + driver that disables MDD or can disable MDD. (Some kernel driver can use > + this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disables > + it by default.) Why repeating the whole explanation in the release notes? I think the ixgbe doc is enough to say that a kernel option is required.