From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id D3C542956 for ; Thu, 25 Feb 2016 02:52:38 +0100 (CET) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga104.fm.intel.com with ESMTP; 24 Feb 2016 17:13:36 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.22,496,1449561600"; d="scan'208";a="894108843" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by orsmga001.jf.intel.com with ESMTP; 24 Feb 2016 17:13:36 -0800 Received: from shsmsx151.ccr.corp.intel.com (10.239.6.50) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.248.2; Wed, 24 Feb 2016 17:13:36 -0800 Received: from shsmsx102.ccr.corp.intel.com ([169.254.2.232]) by SHSMSX151.ccr.corp.intel.com ([169.254.3.18]) with mapi id 14.03.0248.002; Thu, 25 Feb 2016 09:13:34 +0800 From: "Lu, Wenzhuo" To: Stephen Hemminger Thread-Topic: [dpdk-dev] [PATCH] doc: Malicious Driver Detection not supported by ixgbe Thread-Index: AQHRbsToWTQ87jvmf02F4HvzPHjLbp865zKAgAEOmAA= Date: Thu, 25 Feb 2016 01:13:33 +0000 Message-ID: <6A0DE07E22DDAD4C9103DF62FEBC0909034353EC@shsmsx102.ccr.corp.intel.com> References: <1456291984-7309-1-git-send-email-wenzhuo.lu@intel.com> <20160224090429.68caf903@xeon-e3> In-Reply-To: <20160224090429.68caf903@xeon-e3> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.127.40] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "dev@dpdk.org" Subject: Re: [dpdk-dev] [PATCH] doc: Malicious Driver Detection not supported by ixgbe X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Feb 2016 01:52:39 -0000 Hi Stephen, > -----Original Message----- > From: Stephen Hemminger [mailto:stephen@networkplumber.org] > Sent: Thursday, February 25, 2016 1:04 AM > To: Lu, Wenzhuo > Cc: dev@dpdk.org > Subject: Re: [dpdk-dev] [PATCH] doc: Malicious Driver Detection not suppo= rted > by ixgbe >=20 > On Wed, 24 Feb 2016 13:33:04 +0800 > Wenzhuo Lu wrote: >=20 > > + On Intel x550 series NICs, HW supports a feature called MDD > > + (Malcicious Driver Detection). > > + MDD is used to check the behavior of the VF driver. It means when > > + transmitting packets, the VF must use the advanced context descripto= r and > set it correctly. > > + And VF must set the CC (Check Context) bit either. >=20 > This is hard sentence to read, why not reword as: >=20 > The Intel x550 series NIC's support1 a feature called MDD (Malcicious Dri= ver > Detection) which checks the behavior of the VF driver. > If this feature is enabled, the VF must use the advanced context descript= or > correctly and set the CC (Check Context) bit. Thanks for the suggestion. I'll try to make it better :) >=20 >=20 > > + DPDK PF doesn't support MDD. We may hit problem in this scenario > > + kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will > > + not work. Because kernel PF thinks the VF is malicious. But > > + actually it's not. The only reason is the VF doesn't act as MDD requ= ired. > > + There's significant performance impact to support MDD. DPDK should > > + check if the advanced context descriptor should be set and set it. > > + And DPDK has to ask the info about the header length from the upper > > + layer, because parsing the packet itself is not acceptale. So, it's = too > expensive to support MDD. > > + When using kernel PF + DPDK VF on x550, please make sure using the > > + kernel driver that disables MDD or can disable MDD. (Some kernel > > + driver can use this CLI 'insmod ixgbe.ko MDD=3D0,0' to disable MDD. > > + Some kernel driver disable it by default.) > > +