From patchwork Fri Jul 3 10:23:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 72972 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 06819A0519; Fri, 3 Jul 2020 12:23:46 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 2BF301DB24; Fri, 3 Jul 2020 12:23:44 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 872F71DB21 for ; Fri, 3 Jul 2020 12:23:43 +0200 (CEST) IronPort-SDR: UxzSCilmAXAKfb0mhvR9ewBmF7evBJzWOk69q6aWdr5VauRxA/QBtiYoAX+IK0Cd9Fe8JjnXSJ h1nwsJrty/7A== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="147142694" X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="147142694" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 03:23:42 -0700 IronPort-SDR: MoXcVSYPVuw1gX99itNu3i3aNLG3T8loGz1VBMkfok/JkqXO9O0dhbhgJjs+6kKSomc8TnL7+6 WMNME2Gr1vUA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="481984293" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 03 Jul 2020 03:23:41 -0700 From: Bruce Richardson To: thomas@monjalon.net Cc: dev@dpdk.org, Bruce Richardson Date: Fri, 3 Jul 2020 11:23:29 +0100 Message-Id: <20200703102332.1101232-2-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200703102332.1101232-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200703102332.1101232-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v3 1/4] eal: remove unnecessary null-termination in plugin path X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Since strlcpy always null-terminates, and the buffer is zeroed before copy anyway, there is no need to explicitly zero the end of the character array, or to limit the bytes that strlcpy can write. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 24b223ebf..75e8839c3 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -352,8 +352,7 @@ eal_plugin_add(const char *path) return -1; } memset(solib, 0, sizeof(*solib)); - strlcpy(solib->name, path, PATH_MAX-1); - solib->name[PATH_MAX-1] = 0; + strlcpy(solib->name, path, PATH_MAX); TAILQ_INSERT_TAIL(&solib_list, solib, next); return 0; From patchwork Fri Jul 3 10:23:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 72973 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id EFAA4A0519; Fri, 3 Jul 2020 12:23:52 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 642761DB34; Fri, 3 Jul 2020 12:23:49 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id F33481DB34 for ; Fri, 3 Jul 2020 12:23:47 +0200 (CEST) IronPort-SDR: G5ofdbotU2Sd97G1UQtf9h74WM90plZep8Sh4zIj0wYeTiTvr+bGIHVD9Ic7BNG7ZTjMUFNwsK IktlZm90ls1A== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="147142703" X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="147142703" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 03:23:47 -0700 IronPort-SDR: 2l8GkOCNrG5Fgx/bgNNvIXhXi6lN7sd93mJ5JlWyU8Fy83Qr8KkaUOBYOiLWSpd49+afRlvwpg 8+CY/hxTDxZg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="481984314" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 03 Jul 2020 03:23:46 -0700 From: Bruce Richardson To: thomas@monjalon.net Cc: dev@dpdk.org, Bruce Richardson Date: Fri, 3 Jul 2020 11:23:30 +0100 Message-Id: <20200703102332.1101232-3-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200703102332.1101232-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200703102332.1101232-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v3 2/4] eal: load only shared libs from driver plugin directories X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When we pass a "-d" flag to EAL pointing to a directory, we attempt to load all files in that directory as driver plugins, irrespective of file type. This procludes using e.g. the build/drivers directory, as a driver source since it contains static libs and other files as well as the shared objects. By filtering out any files whose filename does not end in ".so", we can improve usability by allowing other non-driver files to be present in the driver directory. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 75e8839c3..176a98561 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -378,9 +378,15 @@ eal_plugindir_init(const char *path) while ((dent = readdir(d)) != NULL) { struct stat sb; + int nlen = strnlen(dent->d_name, sizeof(dent->d_name)); + + /* check if name ends in .so */ + if (strcmp(&dent->d_name[nlen - 3], ".so") != 0) + continue; snprintf(sopath, sizeof(sopath), "%s/%s", path, dent->d_name); + /* if a regular file, add to list to load */ if (!(stat(sopath, &sb) == 0 && S_ISREG(sb.st_mode))) continue; From patchwork Fri Jul 3 10:23:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 72974 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 52A8CA0519; Fri, 3 Jul 2020 12:24:00 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AEE361DB3C; Fri, 3 Jul 2020 12:23:52 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 37BD01DB3C for ; Fri, 3 Jul 2020 12:23:51 +0200 (CEST) IronPort-SDR: V9rCE+EirZSw3ziJ1GNgvDJEGwv0LWIAuIzAvRxIpHRkP0uHNJD/4DGZIy5LKAcUvJgwyYYWvJ clLttb8CTgfg== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="147142714" X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="147142714" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 03:23:50 -0700 IronPort-SDR: EKgJI/oLBGsDLBeds4BRHj7CsXjrH5FPYIagkiddhx9ZtRs+yqYyZUd8Z7g+LRdbOTZ3SHPueD 8TJerLRcNe4w== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="481984331" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 03 Jul 2020 03:23:49 -0700 From: Bruce Richardson To: thomas@monjalon.net Cc: dev@dpdk.org, Bruce Richardson Date: Fri, 3 Jul 2020 11:23:31 +0100 Message-Id: <20200703102332.1101232-4-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200703102332.1101232-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200703102332.1101232-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v3 3/4] eal: forbid loading drivers from insecure paths X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Any paths on the system which are world-writable are insecure and should not be used for loading drivers. Therefore, whenever an absolute or relative driver path is passed to EAL, check for world-writability and don't load any drivers from that path if it is insecure. Drivers loaded from system locations i.e. those passed without any path info and found automatically by the loader, are excluded from these checks as system paths are assumed to be secure. Signed-off-by: Bruce Richardson --- v3: add exception for case where we don't have a relative/absolute path we can access. Just assume system directories are secure. --- lib/librte_eal/common/eal_common_options.c | 85 ++++++++++++++++++++-- 1 file changed, 77 insertions(+), 8 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 176a98561..6c63b9364 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -15,6 +15,7 @@ #include #ifndef RTE_EXEC_ENV_WINDOWS #include +#include #endif #include #include @@ -358,7 +359,14 @@ eal_plugin_add(const char *path) return 0; } -#ifndef RTE_EXEC_ENV_WINDOWS +#ifdef RTE_EXEC_ENV_WINDOWS +int +eal_plugins_init(void) +{ + return 0; +} +#else + static int eal_plugindir_init(const char *path) { @@ -398,12 +406,75 @@ eal_plugindir_init(const char *path) /* XXX this ignores failures from readdir() itself */ return (dent == NULL) ? 0 : -1; } -#endif + +static int +verify_perms(const char *dirpath) +{ + struct stat st; + + /* if not root, check down one level first */ + if (strcmp(dirpath, "/") != 0) { + char copy[PATH_MAX]; + + strlcpy(copy, dirpath, PATH_MAX); + if (verify_perms(dirname(copy)) != 0) + return -1; + } + + /* call stat to check for permissions and ensure not world writable */ + if (stat(dirpath, &st) != 0) { + RTE_LOG(ERR, EAL, "Error with stat on %s, %s\n", + dirpath, strerror(errno)); + return -1; + } + if (st.st_mode & S_IWOTH) { + RTE_LOG(ERR, EAL, + "Error, directory path %s is world-writable and insecure\n", + dirpath); + return -1; + } + + return 0; +} + +static void * +eal_dlopen(const char *pathname) +{ + void *retval = NULL; + char *realp = realpath(pathname, NULL); + + if (realp == NULL && errno == ENOENT) { + /* not a full or relative path, try a load from system dirs */ + retval = dlopen(pathname, RTLD_NOW); + if (retval == NULL) + RTE_LOG(ERR, EAL, "%s\n", dlerror()); + return retval; + } + if (realp == NULL) { + RTE_LOG(ERR, EAL, "Error with realpath for %s, %s\n", + pathname, strerror(errno)); + goto out; + } + if (strnlen(realp, PATH_MAX) == PATH_MAX) { + RTE_LOG(ERR, EAL, "Error, driver path greater than PATH_MAX\n"); + goto out; + } + + /* do permissions checks */ + if (verify_perms(realp) != 0) + goto out; + + retval = dlopen(realp, RTLD_NOW); + if (retval == NULL) + RTE_LOG(ERR, EAL, "%s\n", dlerror()); +out: + free(realp); + return retval; +} int eal_plugins_init(void) { -#ifndef RTE_EXEC_ENV_WINDOWS struct shared_driver *solib = NULL; struct stat sb; @@ -423,17 +494,15 @@ eal_plugins_init(void) } else { RTE_LOG(DEBUG, EAL, "open shared lib %s\n", solib->name); - solib->lib_handle = dlopen(solib->name, RTLD_NOW); - if (solib->lib_handle == NULL) { - RTE_LOG(ERR, EAL, "%s\n", dlerror()); + solib->lib_handle = eal_dlopen(solib->name); + if (solib->lib_handle == NULL) return -1; - } } } -#endif return 0; } +#endif /* * Parse the coremask given as argument (hexadecimal string) and fill From patchwork Fri Jul 3 10:23:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 72975 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id E6C74A0519; Fri, 3 Jul 2020 12:24:07 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E0EC51DB45; Fri, 3 Jul 2020 12:23:55 +0200 (CEST) Received: from mga03.intel.com (mga03.intel.com [134.134.136.65]) by dpdk.org (Postfix) with ESMTP id 9FEB51DB45 for ; Fri, 3 Jul 2020 12:23:54 +0200 (CEST) IronPort-SDR: G8ymC//d9P2PQ+eDyGWsvpyhyK4j235tu+wu78rRlLYsKrPBixNHIgOA89B7QtAMgwaUYORzir TWt1wS4Mo5HQ== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="147142724" X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="147142724" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 03:23:54 -0700 IronPort-SDR: iinpLMZf6WRgTxeZbqR7iJsuyTroFLn0Ll9qXqzxgNMtixnXU9Y02Beo4J/5yEhJ2BF5mARJ+b iHmxEgUT6wBw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="481984342" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 03 Jul 2020 03:23:52 -0700 From: Bruce Richardson To: thomas@monjalon.net Cc: dev@dpdk.org, Bruce Richardson Date: Fri, 3 Jul 2020 11:23:32 +0100 Message-Id: <20200703102332.1101232-5-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200703102332.1101232-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200703102332.1101232-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH v3 4/4] eal: cache last directory permissions checked X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When loading a directory of drivers, we check the same hierarchy multiple times. If we just cache the last directory checked, this avoids repeated checks of the same path, since all drivers in that path have been added to the list consecutively. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 6c63b9364..85d5ba723 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -414,11 +414,17 @@ verify_perms(const char *dirpath) /* if not root, check down one level first */ if (strcmp(dirpath, "/") != 0) { + static __thread char last_dir_checked[PATH_MAX]; char copy[PATH_MAX]; + const char *dir; strlcpy(copy, dirpath, PATH_MAX); - if (verify_perms(dirname(copy)) != 0) - return -1; + dir = dirname(copy); + if (strncmp(dir, last_dir_checked, PATH_MAX) != 0) { + if (verify_perms(dir) != 0) + return -1; + strlcpy(last_dir_checked, dir, PATH_MAX); + } } /* call stat to check for permissions and ensure not world writable */