[dpdk-dev,v4,06/12] net/failsafe: add flexible device definition
Checks
Commit Message
Add the "exec" device type.
The parameters given to this type of device will be executed in a shell.
The output of this command is then used as a definition for a device.
That command can be re-interpreted if the related device is not
plugged-in. It allows for a device definition to react to system
changes (e.g. changing PCI bus for a given device).
Signed-off-by: Gaetan Rivet <gaetan.rivet@6wind.com>
Acked-by: Olga Shern <olgas@mellanox.com>
---
doc/guides/nics/fail_safe.rst | 20 +++++++
drivers/net/failsafe/failsafe_args.c | 99 +++++++++++++++++++++++++++++++++
drivers/net/failsafe/failsafe_ether.c | 7 +++
drivers/net/failsafe/failsafe_private.h | 4 ++
4 files changed, 130 insertions(+)
Comments
On Mon, 29 May 2017 15:42:18 +0200
Gaetan Rivet <gaetan.rivet@6wind.com> wrote:
>
> +- **exec(<shell command>)** parameter
> +
> + This parameter allows the user to provide a command to the fail-safe PMD to
> + execute and define a sub-device.
> + It is done within a regular shell context.
> + The first line of its output is read by the fail-safe PMD and otherwise
> + interpreted as if passed by the regular **dev** parameter.
> + Any other line is discarded.
> + If the command fail or output an incorrect string, the sub-device is not
> + initialized.
> + All commas within the ``shell command`` are replaced by spaces before
> + executing the command. This helps using scripts to specify devices.
> +
Exec from a DPDK application seems like possible security hole since most DPDK applications
have to run as root.
> static int
> +fs_execute_cmd(struct sub_device *sdev, char *cmdline)
> +{
> + FILE *fp;
> + /* store possible newline as well */
> + char output[DEVARGS_MAXLEN + 1];
> + size_t len;
> + int old_err;
> + int ret;
> +
> + assert(cmdline != NULL || sdev->cmdline != NULL);
> + if (sdev->cmdline == NULL) {
> + char *new_str;
> + size_t i;
> +
> + len = strlen(cmdline) + 1;
> + new_str = rte_realloc(sdev->cmdline, len,
> + RTE_CACHE_LINE_SIZE);
> + if (new_str == NULL) {
> + ERROR("Command line allocation failed");
> + return -ENOMEM;
> + }
Using rte_malloc for cmdline is way over optimizing. rte_malloc comes from huge page area
which is limited. The only reason to use it is if the memory needs to be shared by primary/slave.
Also rte_malloc has much less protection (memleak checkers, guards etc) compared to regular malloc.
On Wed, May 31, 2017 at 08:19:36AM -0700, Stephen Hemminger wrote:
> On Mon, 29 May 2017 15:42:18 +0200
> Gaetan Rivet <gaetan.rivet@6wind.com> wrote:
>
> >
> > +- **exec(<shell command>)** parameter
> > +
> > + This parameter allows the user to provide a command to the fail-safe PMD to
> > + execute and define a sub-device.
> > + It is done within a regular shell context.
> > + The first line of its output is read by the fail-safe PMD and otherwise
> > + interpreted as if passed by the regular **dev** parameter.
> > + Any other line is discarded.
> > + If the command fail or output an incorrect string, the sub-device is not
> > + initialized.
> > + All commas within the ``shell command`` are replaced by spaces before
> > + executing the command. This helps using scripts to specify devices.
> > +
>
> Exec from a DPDK application seems like possible security hole since most DPDK applications
> have to run as root.
>
>
Users will run scripts or other programs that will launch fail-safe
instances. If a user launches a script over the fail-safe to configure
it or under it to detect devices, security seems at the same level?
> > static int
> > +fs_execute_cmd(struct sub_device *sdev, char *cmdline)
> > +{
> > + FILE *fp;
> > + /* store possible newline as well */
> > + char output[DEVARGS_MAXLEN + 1];
> > + size_t len;
> > + int old_err;
> > + int ret;
> > +
> > + assert(cmdline != NULL || sdev->cmdline != NULL);
> > + if (sdev->cmdline == NULL) {
> > + char *new_str;
> > + size_t i;
> > +
> > + len = strlen(cmdline) + 1;
> > + new_str = rte_realloc(sdev->cmdline, len,
> > + RTE_CACHE_LINE_SIZE);
> > + if (new_str == NULL) {
> > + ERROR("Command line allocation failed");
> > + return -ENOMEM;
> > + }
>
> Using rte_malloc for cmdline is way over optimizing. rte_malloc comes from huge page area
> which is limited. The only reason to use it is if the memory needs to be shared by primary/slave.
> Also rte_malloc has much less protection (memleak checkers, guards etc) compared to regular malloc.
>
I agree, it should be changed.
@@ -91,6 +91,19 @@ Fail-safe command line parameters
additional sub-device parameters if need be. They will be passed on to the
sub-device.
+- **exec(<shell command>)** parameter
+
+ This parameter allows the user to provide a command to the fail-safe PMD to
+ execute and define a sub-device.
+ It is done within a regular shell context.
+ The first line of its output is read by the fail-safe PMD and otherwise
+ interpreted as if passed by the regular **dev** parameter.
+ Any other line is discarded.
+ If the command fail or output an incorrect string, the sub-device is not
+ initialized.
+ All commas within the ``shell command`` are replaced by spaces before
+ executing the command. This helps using scripts to specify devices.
+
- **mac** parameter [MAC address]
This parameter allows the user to set a default MAC address to the fail-safe
@@ -126,6 +139,13 @@ This section shows some example of using **testpmd** with a fail-safe PMD.
--vdev='net_failsafe0,mac=de:ad:be:ef:01:02,dev(84:00.0),dev(net_ring0,nodeaction=r1:0:CREATE)' -- \
-i
+#. Start testpmd using a flexible device definition
+
+ .. code-block:: console
+
+ $RTE_TARGET/build/app/testpmd -c 0xff -n 4 --no-pci \
+ --vdev='net_failsafe0,exec(echo 84:00.0)' -- -i
+
Using the Fail-safe PMD from an application
-------------------------------------------
@@ -30,6 +30,8 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+
+#include <assert.h>
#include <string.h>
#include <errno.h>
@@ -96,6 +98,75 @@ fs_parse_device(struct sub_device *sdev, char *args)
return 0;
}
+static void
+fs_sanitize_cmdline(char *args)
+{
+ size_t len;
+
+ len = strnlen(args, DEVARGS_MAXLEN);
+ args[len - 1] = '\0';
+}
+
+static int
+fs_execute_cmd(struct sub_device *sdev, char *cmdline)
+{
+ FILE *fp;
+ /* store possible newline as well */
+ char output[DEVARGS_MAXLEN + 1];
+ size_t len;
+ int old_err;
+ int ret;
+
+ assert(cmdline != NULL || sdev->cmdline != NULL);
+ if (sdev->cmdline == NULL) {
+ char *new_str;
+ size_t i;
+
+ len = strlen(cmdline) + 1;
+ new_str = rte_realloc(sdev->cmdline, len,
+ RTE_CACHE_LINE_SIZE);
+ if (new_str == NULL) {
+ ERROR("Command line allocation failed");
+ return -ENOMEM;
+ }
+ sdev->cmdline = new_str;
+ snprintf(sdev->cmdline, len, "%s", cmdline);
+ /* Replace all commas in the command line by spaces */
+ for (i = 0; i < len; i++)
+ if (sdev->cmdline[i] == ',')
+ sdev->cmdline[i] = ' ';
+ }
+ DEBUG("'%s'", sdev->cmdline);
+ old_err = errno;
+ fp = popen(sdev->cmdline, "r");
+ if (fp == NULL) {
+ ret = errno;
+ ERROR("popen: %s", strerror(errno));
+ errno = old_err;
+ return ret;
+ }
+ /* We only read one line */
+ if (fgets(output, sizeof(output) - 1, fp) == NULL) {
+ DEBUG("Could not read command output");
+ return -ENODEV;
+ }
+ fs_sanitize_cmdline(output);
+ ret = fs_parse_device(sdev, output);
+ if (ret) {
+ ERROR("Parsing device '%s' failed", output);
+ goto ret_pclose;
+ }
+ret_pclose:
+ ret = pclose(fp);
+ if (ret) {
+ ret = errno;
+ ERROR("pclose: %s", strerror(errno));
+ errno = old_err;
+ return ret;
+ }
+ return ret;
+}
+
static int
fs_parse_device_param(struct rte_eth_dev *dev, const char *param,
uint8_t head)
@@ -130,6 +201,14 @@ fs_parse_device_param(struct rte_eth_dev *dev, const char *param,
ret = fs_parse_device(sdev, args);
if (ret)
goto free_args;
+ } else if (strncmp(param, "exec", 4) == 0) {
+ ret = fs_execute_cmd(sdev, args);
+ if (ret == -ENODEV) {
+ DEBUG("Reading device info from command line failed");
+ ret = 0;
+ }
+ if (ret)
+ goto free_args;
} else {
ERROR("Unrecognized device type: %.*s", (int)b, param);
return -EINVAL;
@@ -331,6 +410,8 @@ failsafe_args_free(struct rte_eth_dev *dev)
uint8_t i;
FOREACH_SUBDEV(sdev, i, dev) {
+ rte_free(sdev->cmdline);
+ sdev->cmdline = NULL;
free(sdev->devargs.args);
sdev->devargs.args = NULL;
}
@@ -361,3 +442,21 @@ failsafe_args_count_subdevice(struct rte_eth_dev *dev,
return fs_parse_sub_devices(fs_count_device,
dev, params);
}
+
+int
+failsafe_args_parse_subs(struct rte_eth_dev *dev)
+{
+ struct sub_device *sdev;
+ uint8_t i;
+ int ret = 0;
+
+ FOREACH_SUBDEV(sdev, i, dev) {
+ if (sdev->state >= DEV_PARSED)
+ continue;
+ if (sdev->cmdline)
+ ret = fs_execute_cmd(sdev, sdev->cmdline);
+ if (ret == 0)
+ sdev->state = DEV_PARSED;
+ }
+ return 0;
+}
@@ -188,6 +188,13 @@ failsafe_eth_dev_state_sync(struct rte_eth_dev *dev)
int ret;
uint8_t i;
+ if (PRIV(dev)->state < DEV_PARSED)
+ return 0;
+
+ ret = failsafe_args_parse_subs(dev);
+ if (ret)
+ return ret;
+
if (PRIV(dev)->state < DEV_PROBED)
return 0;
ret = failsafe_eal_init(dev);
@@ -44,6 +44,7 @@
#define PMD_FAILSAFE_PLUG_IN_POLL_KVARG "hotplug_poll"
#define PMD_FAILSAFE_PARAM_STRING \
"dev(<ifc>)," \
+ "exec(<shell command>)," \
"mac=mac_addr," \
"hotplug_poll=u64" \
""
@@ -87,6 +88,8 @@ struct sub_device {
struct rte_eth_dev *edev;
/* Device state machine */
enum dev_state state;
+ /* Some device are defined as a command line */
+ char *cmdline;
};
struct fs_priv {
@@ -135,6 +138,7 @@ uint16_t failsafe_tx_burst(void *txq,
int failsafe_args_parse(struct rte_eth_dev *dev, const char *params);
void failsafe_args_free(struct rte_eth_dev *dev);
int failsafe_args_count_subdevice(struct rte_eth_dev *dev, const char *params);
+int failsafe_args_parse_subs(struct rte_eth_dev *dev);
/* EAL */