From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf0-f180.google.com (mail-pf0-f180.google.com [209.85.192.180]) by dpdk.org (Postfix) with ESMTP id CCD431BBE for ; Wed, 24 Feb 2016 18:04:17 +0100 (CET) Received: by mail-pf0-f180.google.com with SMTP id q63so15920121pfb.0 for ; Wed, 24 Feb 2016 09:04:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=aqaGaRt9hC66qxJ1wXeJRYCcuQqwbpzlRIr3EymJha8=; b=scJBz+frCjb+F+dknBMdaHjHJr40KYTaCEvasf1lyTy3ujQJJi6nKHFTryiAHHhYv+ qZsV0JkNxtWX3rJ+v3fbZRXsbChQRWTGtbclWZfnehQQpAgHZSgrVi/GGrlNkbK9H9xz Iyi8PGDiFHtwf8wLQFOB+r0A/W0MMQbOTemimoQ4/rnP7aryJKevuMaUivEu5gmiv4V4 XWZvIEyg9jxnS7d91bfWKsbnm0SllUvSbhQTruI/92e8OK7VYKPndzUfFmMbXLVvRqz2 SpwIQCAuG8YJgIq72JLWAuAL3wRex9gIJaxrVRLH83c7BivobEG/1ETCglRpikXMO/k7 WZYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=aqaGaRt9hC66qxJ1wXeJRYCcuQqwbpzlRIr3EymJha8=; b=b0MujIgZi8hyRFPJD59brt4Ws3YvsVwd+yR3T8Tv01Ui59tb/+Juqzvrnz1fbAv98S spHc4/GqJAI2kFoSLbgstDimmbr785GjPO/8XSu3KmoFj354jWrlFf8fxsb3xljrHJPe xxhuCRu7tzho5VuJSi4ghrVUZHRKTGoN9SSkUOt3s1kolZ/EIHEbV40oLBkV6WEHhlce FrPutCY/zQdx88hovRP5uTduEJ3VwwuwqLQXyzlCT/5xcRfyNkQyzrodm0DV+G7fdeie 7CLHbA+yTQS94Yc6QHccu5RAeBvHAjnVQHUpPCMUtIqwb5xq7R89lI05sqB7xg2UYHAp eApA== X-Gm-Message-State: AG10YOTF/i4mWR0BxLH4S/Z/YQn75AQ1zXLP+9YNcxaEcHm0u5Ja4CSM7lmmMaBYwASfhQ== X-Received: by 10.98.76.80 with SMTP id z77mr56091487pfa.121.1456333457135; Wed, 24 Feb 2016 09:04:17 -0800 (PST) Received: from xeon-e3 (static-50-53-82-155.bvtn.or.frontiernet.net. [50.53.82.155]) by smtp.gmail.com with ESMTPSA id 67sm6342029pfi.2.2016.02.24.09.04.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Feb 2016 09:04:16 -0800 (PST) Date: Wed, 24 Feb 2016 09:04:29 -0800 From: Stephen Hemminger To: Wenzhuo Lu Message-ID: <20160224090429.68caf903@xeon-e3> In-Reply-To: <1456291984-7309-1-git-send-email-wenzhuo.lu@intel.com> References: <1456291984-7309-1-git-send-email-wenzhuo.lu@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: dev@dpdk.org Subject: Re: [dpdk-dev] [PATCH] doc: Malicious Driver Detection not supported by ixgbe X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Feb 2016 17:04:18 -0000 On Wed, 24 Feb 2016 13:33:04 +0800 Wenzhuo Lu wrote: > + On Intel x550 series NICs, HW supports a feature called MDD (Malcicious > + Driver Detection). > + MDD is used to check the behavior of the VF driver. It means when transmitting > + packets, the VF must use the advanced context descriptor and set it correctly. > + And VF must set the CC (Check Context) bit either. This is hard sentence to read, why not reword as: The Intel x550 series NIC's support1 a feature called MDD (Malcicious Driver Detection) which checks the behavior of the VF driver. If this feature is enabled, the VF must use the advanced context descriptor correctly and set the CC (Check Context) bit. > + DPDK PF doesn't support MDD. We may hit problem in this scenario kernel PF + > + DPDK VF. If user enables MDD in kernel PF, DPDK VF will not work. Because > + kernel PF thinks the VF is malicious. But actually it's not. The only reason > + is the VF doesn't act as MDD required. > + There's significant performance impact to support MDD. DPDK should check if > + the advanced context descriptor should be set and set it. And DPDK has to ask > + the info about the header length from the upper layer, because parsing the > + packet itself is not acceptale. So, it's too expensive to support MDD. > + When using kernel PF + DPDK VF on x550, please make sure using the kernel > + driver that disables MDD or can disable MDD. (Some kernel driver can use > + this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disable > + it by default.) > +