Re: [PATCH v2] doc: Malicious Driver Detection not supported by ixgbe

[Thomas Monjalon <thomas.monjalon@6wind.com>]

2016-02-26 12:48, Wenzhuo Lu:
> --- a/doc/guides/nics/ixgbe.rst
> +++ b/doc/guides/nics/ixgbe.rst
> @@ -147,6 +147,26 @@ The following MACROs are used for these three features:
>  
>  *   ETH_TXQ_FLAGS_NOXSUMTCP
>  
> +Malicious Driver Detection not Supported by ixgbe
> +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Why is it in the vector PMD section?

> +
> +The Intel x550 series NICs support a feature called MDD (Malcicious
> +Driver Detection) which checks the behavior of the VF driver.
> +If this feature is enabled, the VF must use the advanced context descriptor
> +correctly and set the CC (Check Context) bit.
> +DPDK PF doesn't support MDD, but kernel PF does. We may hit problem in this
> +scenario kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will
> +not work. Because kernel PF thinks the VF is malicious. But actually it's not.
> +The only reason is the VF doesn't act as MDD required.
> +There's significant performance impact to support MDD. DPDK should check if
> +the advanced context descriptor should be set and set it. And DPDK has to ask
> +the info about the header length from the upper layer, because parsing the
> +packet itself is not acceptale. So, it's too expensive to support MDD.
> +When using kernel PF + DPDK VF on x550, please make sure using the kernel
> +driver that disables MDD or can disable MDD. (Some kernel driver can use
> +this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disables
> +it by default.)
> +
>  
>  Sample Application Notes
>  ~~~~~~~~~~~~~~~~~~~~~~~~
> diff --git a/doc/guides/rel_notes/release_16_04.rst b/doc/guides/rel_notes/release_16_04.rst
> index 5786f74..0647896 100644
> --- a/doc/guides/rel_notes/release_16_04.rst
> +++ b/doc/guides/rel_notes/release_16_04.rst
> @@ -90,6 +90,29 @@ This section should contain new known issues in this release. Sample format:
>    tense. Add information on any known workarounds.
>  
>  
> +Restriction
> +-----------
> +
> +* **Malicious Driver Detection is not supported by ixgbe**
> +
> +  The Intel x550 series NICs support a feature called MDD (Malcicious
> +  Driver Detection) which checks the behavior of the VF driver.
> +  If this feature is enabled, the VF must use the advanced context descriptor
> +  correctly and set the CC (Check Context) bit.
> +  DPDK PF doesn't support MDD, but kernel PF does. We may hit problem in this
> +  scenario kernel PF + DPDK VF. If user enables MDD in kernel PF, DPDK VF will
> +  not work. Because kernel PF thinks the VF is malicious. But actually it's not.
> +  The only reason is the VF doesn't act as MDD required.
> +  There's significant performance impact to support MDD. DPDK should check if
> +  the advanced context descriptor should be set and set it. And DPDK has to ask
> +  the info about the header length from the upper layer, because parsing the
> +  packet itself is not acceptale. So, it's too expensive to support MDD.
> +  When using kernel PF + DPDK VF on x550, please make sure using the kernel
> +  driver that disables MDD or can disable MDD. (Some kernel driver can use
> +  this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disables
> +  it by default.)

Why repeating the whole explanation in the release notes?
I think the ixgbe doc is enough to say that a kernel option is required.