On Sun, Jul 23, 2017 at 12:03:41PM +0300, Sagi Grimberg wrote: > > > > I don't understand the security argument. Its completely private to the > > > driver. anything under librte is equivalent to an OS wrt networking, so I > > > fail to > > > see what is the security feature your talking about. > > > > You are correct that as a root you are able to do whatever you want on the > > server. > > The security I refer to is to protect against badly written code. > > > > The fact the PMD only registers the mempools, and use the device engine to > > translate the VA, provide some protection. > > For example, one DPDK process will not be able to access the memory of > > other DPDK process *by mistake*. > > Well, this is a fair argument, but without a *complete* solution for all > of dpdk peripherals, it has very little merit (if at all). A badly > written code can just as easily crash a server by passing a mbuf to > a crypto device or another network device that co-exists with mlx5. > > So, while I understand the argument, I think its value is not worth the > hassle that mlx5_pmd needs to take to achieve it. Did this come from a > real requirement (from a real implementation)? > Would using VFIO (and the IOMMU) not allow us to provide an equivalent level of security to what is provided by the current scheme? From what I see on-list there are a few folks already looking into that area, and taking advantage of the IOMMU should improve security of all devices in DPDK.
/Bruce
