Message ID | 20200622143337.562637-1-bruce.richardson@intel.com (mailing list archive) |
---|---|
Headers |
Return-Path: <dev-bounces@dpdk.org> X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A5F58A0519; Mon, 22 Jun 2020 16:33:47 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id A79761D70C; Mon, 22 Jun 2020 16:33:46 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 35A221D708 for <dev@dpdk.org>; Mon, 22 Jun 2020 16:33:45 +0200 (CEST) IronPort-SDR: 3zUEeQPUcz+JoVrf6NIYxec/UhDHjKx4b0//jc9Hc3ZUHjOg3bDk5q+IDE9yCWlEC8VuXR+T4S sZAwCfMVcaMQ== X-IronPort-AV: E=McAfee;i="6000,8403,9659"; a="228427960" X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="228427960" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2020 07:33:43 -0700 IronPort-SDR: YA3R+wO8FHch4wPI2YYqupYBWAt9ABGsMlSJhowE81NpH6oZx0unDboEaW9Jm3Hozep5BlUnHd IP5hdJg9ryfw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="300860076" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga004.fm.intel.com with ESMTP; 22 Jun 2020 07:33:42 -0700 From: Bruce Richardson <bruce.richardson@intel.com> To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson <bruce.richardson@intel.com> Date: Mon, 22 Jun 2020 15:33:33 +0100 Message-Id: <20200622143337.562637-1-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200618135049.489773-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v2 0/4] improve runtime loading of shared drivers X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> |
Series | improve runtime loading of shared drivers | |
Message
Bruce Richardson
June 22, 2020, 2:33 p.m. UTC
This set includes a number of small improvements for handling the loading of drivers at runtime using the EAL -d flag. It limits the loading of files to only those files which end in .so, which means that one can pass in the whole "drivers/" subfolder from a meson build and not get an error when DPDK trys to load a .a file. It also puts in some basic permission checking to ensure that no drivers are loaded from a world-writable location on the filesystem, which would be a potential security hole on a mis-configured system. v2: rebased to fix errors on apply fixed one checkpatch issue. Bruce Richardson (4): eal: remove unnecessary null-termination eal: only load shared libs from driver plugin directory eal: don't load drivers from insecure paths eal: cache last directory permissions checked lib/librte_eal/common/eal_common_options.c | 92 +++++++++++++++++++--- 1 file changed, 82 insertions(+), 10 deletions(-)
Comments
22/06/2020 16:33, Bruce Richardson: > This set includes a number of small improvements for handling the loading > of drivers at runtime using the EAL -d flag. > > It limits the loading of files to only those files which end in .so, which > means that one can pass in the whole "drivers/" subfolder from a meson > build and not get an error when DPDK trys to load a .a file. > > It also puts in some basic permission checking to ensure that no drivers > are loaded from a world-writable location on the filesystem, which would be > a potential security hole on a mis-configured system. > > v2: rebased to fix errors on apply > fixed one checkpatch issue. > > Bruce Richardson (4): > eal: remove unnecessary null-termination > eal: only load shared libs from driver plugin directory > eal: don't load drivers from insecure paths > eal: cache last directory permissions checked There is an error when running devtools/test-null.sh: EAL: Error with realpath, No such file or directory EAL: FATAL: Cannot init plugins
22/06/2020 16:33, Bruce Richardson: > Bruce Richardson (4): > eal: remove unnecessary null-termination Maybe add scope of the change with "in plugin path" ? > eal: only load shared libs from driver plugin directory I suggest: "eal: load only shared libraries from plugin directory" > eal: don't load drivers from insecure paths I don't know why, I don't like titles starting with "don't". I suggest: "eal: forbid plugin from insecure path" > eal: cache last directory permissions checked
On Thu, Jul 02, 2020 at 11:16:51PM +0200, Thomas Monjalon wrote: > 22/06/2020 16:33, Bruce Richardson: > > Bruce Richardson (4): > > eal: remove unnecessary null-termination > > Maybe add scope of the change with "in plugin path" ? > > > eal: only load shared libs from driver plugin directory > > I suggest: "eal: load only shared libraries from plugin directory" > > > eal: don't load drivers from insecure paths > > I don't know why, I don't like titles starting with "don't". > I suggest: "eal: forbid plugin from insecure path" > > > eal: cache last directory permissions checked > Will adjust for v3
On Thu, Jul 02, 2020 at 11:13:02PM +0200, Thomas Monjalon wrote: > 22/06/2020 16:33, Bruce Richardson: > > This set includes a number of small improvements for handling the loading > > of drivers at runtime using the EAL -d flag. > > > > It limits the loading of files to only those files which end in .so, which > > means that one can pass in the whole "drivers/" subfolder from a meson > > build and not get an error when DPDK trys to load a .a file. > > > > It also puts in some basic permission checking to ensure that no drivers > > are loaded from a world-writable location on the filesystem, which would be > > a potential security hole on a mis-configured system. > > > > v2: rebased to fix errors on apply > > fixed one checkpatch issue. > > > > Bruce Richardson (4): > > eal: remove unnecessary null-termination > > eal: only load shared libs from driver plugin directory > > eal: don't load drivers from insecure paths > > eal: cache last directory permissions checked > > There is an error when running devtools/test-null.sh: > > EAL: Error with realpath, No such file or directory > EAL: FATAL: Cannot init plugins > Yes, I missed the fact that we can load drivers without paths letting dlopen search system directories. I think we can assume system dirs are secure, and so can just skip any permission checks in case where we can't get the realpath of the filename passed in. Fixed in v3.