Do all NICs in the Mellanox ConnectX-6 DX portfolio enable Intel's DDIO?

anirudhs · November 23, 2020, 12:42pm

From the product brief, I see only some models offer Socket Direct which help enable DDIO on multi socket and bypass UPI/QPI.

I can’t find if the NIC I have (MCX623106AN-CDAT) supports Intel’s DDIO on the same socket.

Is there a way to toggle this feature on and off?

Thanks,

Anirudh

march · November 24, 2020, 7:12am

Hi,

You are right, this feature is used only when the card is a socket direct model.

Intel:

In general, Intel DDIO technology can enable NIC to do I/O operation directly to the CPU’s cache, and not to main memory as usually done.

RDMA goal is to do I/O with no CPU intervention (to/from host main memory). By definition cache is HW shared resource, for multiple processes.

Hence using both features can lead to potential vulnerabilities like information disclosure.

Mellanox:

On ConnectX-4Lx/ConnectX-5 we do not allow accessing our internal caches directly from the wire. This means that this vulnerability is not related to our products.

More theoretical info on potential attack:

There are two attacks vector:

Using the NIC RDMA as an attack vector to perform side channel attack on Intel DDIO. This is very possible attack scenario, depends on the application in use.
In this scenario the attack is on the server and not on our product.
Using the NIC RDMA as an attack vector to perform side channel attack on BlueField L3 cache. External software does not have direct access to the ARM memory. The assumption we made that only cloud provider can run the applications, and ARM memory and caches are dedicated to the cloud provider and are not shared with users. In other words, application running on ARM are trusted, managed by a trusteed entity like cloud provider.
This can be mitigated in BlueField3 when L3 cache will probably be per cluster and not shared.

I cannot find any other inforation related to the usage of DDIO by other cards model

Regards

Marc

anirudhs · November 24, 2020, 5:04pm

Thanks for the speedy response Marc!

You mention the vulnerability on ConnectX-4Lx/ConnectX-5

Does this apply to the ConnectX-6 DX as well, assuming a non-socket direct model?

Can you point me to a resource which documents this as well?

Regards,

Anirudh

Topic		Replies	Views
Disable DDIO for a NIC InfiniBand/VPI Adapter Cards	2	912	July 28, 2021
ConnectX-6 VPI Socket Direct 2x with DPDK - supported by mlx5? Adapters and Cables	4	315	September 17, 2019
How to flash a generic firmware to ConnectX6-DX board? Mellanox OFED	8	1259	December 16, 2023
DPDK bonding with Mellanox ConnectX-3 supported? Software And Drivers dpdk	3	1261	March 27, 2019
ConnectX-6 Dx testpmd: No probed ethernet devices BlueField dpdk	5	1684	March 10, 2023
GPUDirect question - cudaDeviceCanAccessPeer information CUDA Programming and Performance	9	4075	January 2, 2020
About VMA support with Connectx-6 VPI HCAs Mellanox OFED vma	3	1319	April 27, 2022
Memory error when passing ConnectX-4+ NIC to VM Mellanox OFED kernel , driver , sr-iov-virtualization-solutions	1	1290	January 31, 2023
DPDK 21.11 : coexist capability of pmd with kernel network interfaces Application Accelerator Software	3	1276	January 9, 2024
ConnectX-5 error: Failed to write to /dev/nvme-fabrics: Invalid cross-device link Ethernet Adapter Cards lspci	4	2787	January 21, 2019

Do all NICs in the Mellanox ConnectX-6 DX portfolio enable Intel's DDIO?

Related topics