From mboxrd@z Thu Jan 1 00:00:00 1970 From: Wenzhuo Lu Subject: [PATCH] doc: Malicious Driver Detection not supported by ixgbe Date: Wed, 24 Feb 2016 13:33:04 +0800 Message-ID: <1456291984-7309-1-git-send-email-wenzhuo.lu@intel.com> To: dev@dpdk.org Return-path: Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 4D79B2B9E for ; Wed, 24 Feb 2016 06:33:13 +0100 (CET) List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Signed-off-by: Wenzhuo Lu --- doc/guides/nics/ixgbe.rst | 21 +++++++++++++++++++++ doc/guides/rel_notes/release_16_04.rst | 24 ++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/doc/guides/nics/ixgbe.rst b/doc/guides/nics/ixgbe.rst index 8cae299..aac5586 100644 --- a/doc/guides/nics/ixgbe.rst +++ b/doc/guides/nics/ixgbe.rst @@ -147,6 +147,27 @@ The following MACROs are used for these three features: * ETH_TXQ_FLAGS_NOXSUMTCP +Malicious Driver Detection not Supported by ixgbe +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +On Intel x550 series NICs, HW supports a feature called MDD (Malcicious +Driver Detection). +MDD is used to check the behavior of the VF driver. It means when transmitting +packets, the VF must use the advanced context descriptor and set it correctly. +And VF must set the CC (Check Context) bit either. +DPDK PF doesn't support MDD. We may hit problem in this scenario kernel PF + +DPDK VF. If user enables MDD in kernel PF, DPDK VF will not work. Because +kernel PF thinks the VF is malicious. But actually it's not. The only reason +is the VF doesn't act as MDD required. +There's significant performance impact to support MDD. DPDK should check if +the advanced context descriptor should be set and set it. And DPDK has to ask +the info about the header length from the upper layer, because parsing the +packet itself is not acceptale. So, it's too expensive to support MDD. +When using kernel PF + DPDK VF on x550, please make sure using the kernel +driver that disables MDD or can disable MDD. (Some kernel driver can use +this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disable +it by default.) + Sample Application Notes ~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/doc/guides/rel_notes/release_16_04.rst b/doc/guides/rel_notes/release_16_04.rst index 5786f74..df81c54 100644 --- a/doc/guides/rel_notes/release_16_04.rst +++ b/doc/guides/rel_notes/release_16_04.rst @@ -90,6 +90,30 @@ This section should contain new known issues in this release. Sample format: tense. Add information on any known workarounds. +Restriction +----------- + +* **Malicious Driver Detection is not supported by ixgbe** + + On Intel x550 series NICs, HW supports a feature called MDD (Malcicious + Driver Detection). + MDD is used to check the behavior of the VF driver. It means when transmitting + packets, the VF must use the advanced context descriptor and set it correctly. + And VF must set the CC (Check Context) bit either. + DPDK PF doesn't support MDD. We may hit problem in this scenario kernel PF + + DPDK VF. If user enables MDD in kernel PF, DPDK VF will not work. Because + kernel PF thinks the VF is malicious. But actually it's not. The only reason + is the VF doesn't act as MDD required. + There's significant performance impact to support MDD. DPDK should check if + the advanced context descriptor should be set and set it. And DPDK has to ask + the info about the header length from the upper layer, because parsing the + packet itself is not acceptale. So, it's too expensive to support MDD. + When using kernel PF + DPDK VF on x550, please make sure using the kernel + driver that disables MDD or can disable MDD. (Some kernel driver can use + this CLI 'insmod ixgbe.ko MDD=0,0' to disable MDD. Some kernel driver disable + it by default.) + + API Changes ----------- -- 1.9.3