From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by dpdk.org (Postfix) with ESMTP id 0E8352BDB for ; Fri, 26 Feb 2016 05:48:45 +0100 (CET) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga103.fm.intel.com with ESMTP; 25 Feb 2016 20:48:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.22,498,1449561600"; d="scan'208";a="895083155" Received: from shvmail01.sh.intel.com ([10.239.29.42]) by orsmga001.jf.intel.com with ESMTP; 25 Feb 2016 20:48:43 -0800 Received: from shecgisg004.sh.intel.com (shecgisg004.sh.intel.com [10.239.29.89]) by shvmail01.sh.intel.com with ESMTP id u1Q4mgIC016267; Fri, 26 Feb 2016 12:48:42 +0800 Received: from shecgisg004.sh.intel.com (localhost [127.0.0.1]) by shecgisg004.sh.intel.com (8.13.6/8.13.6/SuSE Linux 0.8) with ESMTP id u1Q4mcik029557; Fri, 26 Feb 2016 12:48:40 +0800 Received: (from wenzhuol@localhost) by shecgisg004.sh.intel.com (8.13.6/8.13.6/Submit) id u1Q4mc8o029553; Fri, 26 Feb 2016 12:48:38 +0800 From: Wenzhuo Lu To: dev@dpdk.org Date: Fri, 26 Feb 2016 12:48:37 +0800 Message-Id: <1456462117-29522-1-git-send-email-wenzhuo.lu@intel.com> X-Mailer: git-send-email 1.7.4.1 In-Reply-To: <1456291984-7309-1-git-send-email-wenzhuo.lu@intel.com> References: <1456291984-7309-1-git-send-email-wenzhuo.lu@intel.com> Subject: [dpdk-dev] [PATCH v2] doc: Malicious Driver Detection not supported by ixgbe X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Feb 2016 04:48:46 -0000 Announce that Malicious Driver Detection is not supported. V2: *Rework the words. Signed-off-by: Wenzhuo Lu --- doc/guides/nics/ixgbe.rst | 20 ++++++++++++++++++++ doc/guides/rel_notes/release_16_04.rst | 23 +++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/doc/guides/nics/ixgbe.rst b/doc/guides/nics/ixgbe.rst index 8cae299..7218cdd 100644 --- a/doc/guides/nics/ixgbe.rst +++ b/doc/guides/nics/ixgbe.rst @@ -147,6 +147,26 @@ The following MACROs are used for these three features: * ETH_TXQ_FLAGS_NOXSUMTCP +Malicious Driver Detection not Supported by ixgbe +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The Intel x550 series NICs support a feature called MDD (Malcicious +Driver Detection) which checks the behavior of the VF driver. +If this feature is enabled, the VF must use the advanced context descriptor +correctly and set the CC (Check Context) bit. +DPDK PF doesn't support MDD, but kernel PF does. We may hit problem in this +scenario kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will +not work. Because kernel PF thinks the VF is malicious. But actually it's not. +The only reason is the VF doesn't act as MDD required. +There's significant performance impact to support MDD. DPDK should check if +the advanced context descriptor should be set and set it. And DPDK has to ask +the info about the header length from the upper layer, because parsing the +packet itself is not acceptale. So, it's too expensive to support MDD. +When using kernel PF + DPDK VF on x550, please make sure using the kernel +driver that disables MDD or can disable MDD. (Some kernel driver can use +this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disables +it by default.) + Sample Application Notes ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_16_04.rst b/doc/guides/rel_notes/release_16_04.rst index 5786f74..0647896 100644 --- a/doc/guides/rel_notes/release_16_04.rst +++ b/doc/guides/rel_notes/release_16_04.rst @@ -90,6 +90,29 @@ This section should contain new known issues in this release. Sample format: tense. Add information on any known workarounds. +Restriction +----------- + +* **Malicious Driver Detection is not supported by ixgbe** + + The Intel x550 series NICs support a feature called MDD (Malcicious + Driver Detection) which checks the behavior of the VF driver. + If this feature is enabled, the VF must use the advanced context descriptor + correctly and set the CC (Check Context) bit. + DPDK PF doesn't support MDD, but kernel PF does. We may hit problem in this + scenario kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will + not work. Because kernel PF thinks the VF is malicious. But actually it's not. + The only reason is the VF doesn't act as MDD required. + There's significant performance impact to support MDD. DPDK should check if + the advanced context descriptor should be set and set it. And DPDK has to ask + the info about the header length from the upper layer, because parsing the + packet itself is not acceptale. So, it's too expensive to support MDD. + When using kernel PF + DPDK VF on x550, please make sure using the kernel + driver that disables MDD or can disable MDD. (Some kernel driver can use + this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disables + it by default.) + + API Changes ----------- -- 1.9.3