From patchwork Mon Jun 22 14:33:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71980 X-Patchwork-Delegate: david.marchand@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1BCC4A0519; Mon, 22 Jun 2020 16:33:56 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 3EEE91D718; Mon, 22 Jun 2020 16:33:50 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 496A91D708 for ; Mon, 22 Jun 2020 16:33:46 +0200 (CEST) IronPort-SDR: TNIh9CZm/pZB2HqOWkk8AksMPC2BmwF+VFTVkLoKhM718rxVwk08hWizSRirAYwhRX7C0hY8qL 4DZHb+rFeQPQ== X-IronPort-AV: E=McAfee;i="6000,8403,9659"; a="228427979" X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="228427979" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2020 07:33:45 -0700 IronPort-SDR: Uof5TA0yP32UylLoN9Lj1+mNUslq0ahVOpuggKHdjvWduc2HNjOq3ht1/qOZeatsSuy2CzmFAZ l2hv1ALngO7w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="300860098" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga004.fm.intel.com with ESMTP; 22 Jun 2020 07:33:44 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Mon, 22 Jun 2020 15:33:34 +0100 Message-Id: <20200622143337.562637-2-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200622143337.562637-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200622143337.562637-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v2 1/4] eal: remove unnecessary null-termination X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Since strlcpy always null-terminates, and the buffer is zeroed before copy anyway, there is no need to explicitly zero the end of the character array, or to limit the bytes that strlcpy can write. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 0546beb3a..551507af1 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -326,8 +326,7 @@ eal_plugin_add(const char *path) return -1; } memset(solib, 0, sizeof(*solib)); - strlcpy(solib->name, path, PATH_MAX-1); - solib->name[PATH_MAX-1] = 0; + strlcpy(solib->name, path, PATH_MAX); TAILQ_INSERT_TAIL(&solib_list, solib, next); return 0; From patchwork Mon Jun 22 14:33:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71981 X-Patchwork-Delegate: david.marchand@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 146F9A0519; Mon, 22 Jun 2020 16:34:03 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B486C1D724; Mon, 22 Jun 2020 16:33:53 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 207071D711 for ; Mon, 22 Jun 2020 16:33:47 +0200 (CEST) IronPort-SDR: Gi/K1PsXVphQvkzUQhLy5h7mi+gG2aO1by64F67QaxWD96mP8VXML/yUZn9vQxOf8fRlQZAgrB LTKNr2V9Esmw== X-IronPort-AV: E=McAfee;i="6000,8403,9659"; a="228427996" X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="228427996" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2020 07:33:47 -0700 IronPort-SDR: d75q8Ehpi4sabWfzVr86vcOyIBn3MR1V0962jBAF0dJgzTF0CPDZyT9twy6nO9YlFeW4KLYy4i I5RM9VpQP2dg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="300860115" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga004.fm.intel.com with ESMTP; 22 Jun 2020 07:33:46 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Mon, 22 Jun 2020 15:33:35 +0100 Message-Id: <20200622143337.562637-3-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200622143337.562637-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200622143337.562637-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v2 2/4] eal: only load shared libs from driver plugin directory X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When we pass a "-d" flag to EAL pointing to a directory, we attempt to load all files in that directory as driver plugins, irrespective of file type. This procludes using e.g. the build/drivers directory, as a driver source since it contains static libs and other files as well as the shared objects. By filtering out any files whose filename does not end in ".so", we can improve usability by allowing other non-driver files to be present in the driver directory. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 551507af1..1a836d70f 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -352,9 +352,15 @@ eal_plugindir_init(const char *path) while ((dent = readdir(d)) != NULL) { struct stat sb; + int nlen = strnlen(dent->d_name, sizeof(dent->d_name)); + + /* check if name ends in .so */ + if (strcmp(&dent->d_name[nlen - 3], ".so") != 0) + continue; snprintf(sopath, sizeof(sopath), "%s/%s", path, dent->d_name); + /* if a regular file, add to list to load */ if (!(stat(sopath, &sb) == 0 && S_ISREG(sb.st_mode))) continue; From patchwork Mon Jun 22 14:33:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71982 X-Patchwork-Delegate: david.marchand@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C0412A0519; Mon, 22 Jun 2020 16:34:13 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 812BC1D729; Mon, 22 Jun 2020 16:33:55 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 09EFE1D716 for ; Mon, 22 Jun 2020 16:33:49 +0200 (CEST) IronPort-SDR: vw6CL2zcbpto1UJflzOOqF2C/yptk48bvNKzDnkX4iYAv+a8y8z8LUuuMMzsYxH7UneqrVRcuY 5/ROuw6OECXg== X-IronPort-AV: E=McAfee;i="6000,8403,9659"; a="228428012" X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="228428012" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2020 07:33:49 -0700 IronPort-SDR: H3CIvCp8Vc7hCItWQ1j/u5CJURMikIqB4eH50JXfZiXaitSsZFMXdZsnQR737lKYknw48kIfgk HJGqElxykd4A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="300860139" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga004.fm.intel.com with ESMTP; 22 Jun 2020 07:33:48 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Mon, 22 Jun 2020 15:33:36 +0100 Message-Id: <20200622143337.562637-4-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200622143337.562637-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200622143337.562637-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v2 3/4] eal: don't load drivers from insecure paths X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Any paths on the system which are world-writable are insecure and should not be used for loading drivers. Therefore check each driver path before loading it and error out on insecure ones. Signed-off-by: Bruce Richardson --- v2: rebased to latest head to fix errors on apply in CI testing --- lib/librte_eal/common/eal_common_options.c | 77 +++++++++++++++++++--- 1 file changed, 69 insertions(+), 8 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 1a836d70f..6978e6744 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -15,6 +15,7 @@ #include #ifndef RTE_EXEC_ENV_WINDOWS #include +#include #endif #include #include @@ -332,7 +333,14 @@ eal_plugin_add(const char *path) return 0; } -#ifndef RTE_EXEC_ENV_WINDOWS +#ifdef RTE_EXEC_ENV_WINDOWS +int +eal_plugins_init(void) +{ + return 0; +} +#else + static int eal_plugindir_init(const char *path) { @@ -372,12 +380,67 @@ eal_plugindir_init(const char *path) /* XXX this ignores failures from readdir() itself */ return (dent == NULL) ? 0 : -1; } -#endif + +static int +verify_perms(const char *dirpath) +{ + struct stat st; + + /* if not root, check down one level first */ + if (strcmp(dirpath, "/") != 0) { + char copy[PATH_MAX]; + + strlcpy(copy, dirpath, PATH_MAX); + if (verify_perms(dirname(copy)) != 0) + return -1; + } + + /* call stat to check for permissions and ensure not world writable */ + if (stat(dirpath, &st) != 0) { + RTE_LOG(ERR, EAL, "Error with stat on %s, %s\n", + dirpath, strerror(errno)); + return -1; + } + if (st.st_mode & S_IWOTH) { + RTE_LOG(ERR, EAL, + "Error, directory path %s is world-writable and insecure\n", + dirpath); + return -1; + } + + return 0; +} + +static void * +eal_dlopen(const char *pathname) +{ + void *retval = NULL; + char *realp = realpath(pathname, NULL); + + if (realp == NULL) { + RTE_LOG(ERR, EAL, "Error with realpath, %s\n", strerror(errno)); + goto out; + } + if (strnlen(realp, PATH_MAX) == PATH_MAX) { + RTE_LOG(ERR, EAL, "Error, driver path greater than PATH_MAX\n"); + goto out; + } + + /* do permissions checks */ + if (verify_perms(realp) != 0) + goto out; + + retval = dlopen(realp, RTLD_NOW); + if (retval == NULL) + RTE_LOG(ERR, EAL, "%s\n", dlerror()); +out: + free(realp); + return retval; +} int eal_plugins_init(void) { -#ifndef RTE_EXEC_ENV_WINDOWS struct shared_driver *solib = NULL; struct stat sb; @@ -397,17 +460,15 @@ eal_plugins_init(void) } else { RTE_LOG(DEBUG, EAL, "open shared lib %s\n", solib->name); - solib->lib_handle = dlopen(solib->name, RTLD_NOW); - if (solib->lib_handle == NULL) { - RTE_LOG(ERR, EAL, "%s\n", dlerror()); + solib->lib_handle = eal_dlopen(solib->name); + if (solib->lib_handle == NULL) return -1; - } } } -#endif return 0; } +#endif /* * Parse the coremask given as argument (hexadecimal string) and fill From patchwork Mon Jun 22 14:33:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71983 X-Patchwork-Delegate: david.marchand@redhat.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6459BA0519; Mon, 22 Jun 2020 16:34:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 8C1FA1D731; Mon, 22 Jun 2020 16:33:58 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id E49851D71F for ; Mon, 22 Jun 2020 16:33:52 +0200 (CEST) IronPort-SDR: yVAmIWReg+ntW6S8nT934SDVFwHxaMa10ZdvR4a8gKCmNi7Es/1NOwLwL/16ViihXLIhYl0ty/ iOqGTuLvP9pQ== X-IronPort-AV: E=McAfee;i="6000,8403,9659"; a="228428032" X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="228428032" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 22 Jun 2020 07:33:52 -0700 IronPort-SDR: cFeRAkjbIt6vVK0duax740bz8ulc7ifsnY7fAoZ3kndp6J9W6ecGeyz+ra6I/w4xpa9ncEpItR le2zBnjgxCJw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,267,1589266800"; d="scan'208";a="300860168" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga004.fm.intel.com with ESMTP; 22 Jun 2020 07:33:51 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Mon, 22 Jun 2020 15:33:37 +0100 Message-Id: <20200622143337.562637-5-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200622143337.562637-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200622143337.562637-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v2 4/4] eal: cache last directory permissions checked X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When loading a directory of drivers, we check the same hierarchy multiple times. If we just cache the last directory checked, this avoids repeated checks of the same path, since all drivers in that path have been added to the list consecutively. Signed-off-by: Bruce Richardson --- V2: Fix checkpatch issue for unnecessary else. --- lib/librte_eal/common/eal_common_options.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 6978e6744..e6b2a195f 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -388,11 +388,17 @@ verify_perms(const char *dirpath) /* if not root, check down one level first */ if (strcmp(dirpath, "/") != 0) { + static __thread char last_dir_checked[PATH_MAX]; char copy[PATH_MAX]; + const char *dir; strlcpy(copy, dirpath, PATH_MAX); - if (verify_perms(dirname(copy)) != 0) - return -1; + dir = dirname(copy); + if (strncmp(dir, last_dir_checked, PATH_MAX) != 0) { + if (verify_perms(dir) != 0) + return -1; + strlcpy(last_dir_checked, dir, PATH_MAX); + } } /* call stat to check for permissions and ensure not world writable */