diff mbox series

[3/3] eal/linux: Check hugepage access permissions

Message ID 20250506175010.1141585-4-jfree@FreeBSD.org (mailing list archive)
State New
Delegated to: Thomas Monjalon
Headers
Series EAL memory fixes |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/Intel-compilation success Compilation OK
ci/iol-marvell-Functional success Functional Testing PASS
ci/aws-unit-testing success Unit Testing PASS
ci/github-robot: build success github build: passed
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-abi-testing success Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS
ci/intel-Testing success Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/intel-Functional success Functional PASS

Commit Message

Jake Freeland May 6, 2025, 5:50 p.m. UTC 
Currently, hugepage mountpoints will be used irrespective of permissions,
leading to potential EACCES errors during memory allocation. Fix this by
not using a mountpoint if we do not have read/write permissions on it.

Signed-off-by: Jake Freeland <jfree@FreeBSD.org>
---
 lib/eal/linux/eal_hugepage_info.c | 6 ++++++
 1 file changed, 6 insertions(+)

Comments

Stephen Hemminger May 7, 2025, 8:52 a.m. UTC | #1 
Please don't split message a across multiple lines.
Open and access are not the same in all security checks, so not a great
idea.
Some analyzer tools may flag as time of check, time of use issue.

On Wed, May 7, 2025, 02:50 Jake Freeland <jfree@freebsd.org> wrote:

> Currently, hugepage mountpoints will be used irrespective of permissions,
> leading to potential EACCES errors during memory allocation. Fix this by
> not using a mountpoint if we do not have read/write permissions on it.
>
> Signed-off-by: Jake Freeland <jfree@FreeBSD.org>
> ---
>  lib/eal/linux/eal_hugepage_info.c | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/lib/eal/linux/eal_hugepage_info.c
> b/lib/eal/linux/eal_hugepage_info.c
> index d47a19c56a..dbfa38b05c 100644
> --- a/lib/eal/linux/eal_hugepage_info.c
> +++ b/lib/eal/linux/eal_hugepage_info.c
> @@ -260,6 +260,12 @@ get_hugepage_dir(uint64_t hugepage_sz, char *hugedir,
> int len)
>                                 continue;
>                 }
>
> +               if (access(splitstr[MOUNTPT], R_OK | W_OK) < 0) {
> +                       EAL_LOG(NOTICE, "Missing r/w permissions on huge
> dir: "
> +                           "'%s'. Skipping it", splitstr[MOUNTPT]);
> +                       continue;
> +               }
> +
>                 /*
>                  * If no --huge-dir option has been given, we're done.
>                  */
> -
>

>
Jake Freeland May 7, 2025, 4:09 p.m. UTC | #2 
On Wed May 7, 2025 at 3:52 AM CDT, Stephen Hemminger wrote:
> Please don't split message a across multiple lines.
> Open and access are not the same in all security checks, so not a great
> idea.

What do you mean by this? In this case, access() is just verifying that
we can read and write to the hugepage directory. What extra security
check does open() perform that would be needed here?

Keep in mind that open() will still be used to open the hugepages and
perform it’s own checks later on. The purpose of this access() call is
to avoid saving inaccessible hugepage paths up front.

> Some analyzer tools may flag as time of check, time of use issue.

If this access() check succeeds (i.e. we have r/w access) and the
permissions of the hugepage directory change to read-only before we call
open(), then open() will fail like it does without this patch. This
seems like reasonable behavior to me and is better than having no
initial r/w check at all.

Thanks,
Jake Freeland

>
> On Wed, May 7, 2025, 02:50 Jake Freeland <jfree@freebsd.org> wrote:
>
> > Currently, hugepage mountpoints will be used irrespective of permissions,
> > leading to potential EACCES errors during memory allocation. Fix this by
> > not using a mountpoint if we do not have read/write permissions on it.
> >
> > Signed-off-by: Jake Freeland <jfree@FreeBSD.org>
> > ---
> >  lib/eal/linux/eal_hugepage_info.c | 6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> > diff --git a/lib/eal/linux/eal_hugepage_info.c
> > b/lib/eal/linux/eal_hugepage_info.c
> > index d47a19c56a..dbfa38b05c 100644
> > --- a/lib/eal/linux/eal_hugepage_info.c
> > +++ b/lib/eal/linux/eal_hugepage_info.c
> > @@ -260,6 +260,12 @@ get_hugepage_dir(uint64_t hugepage_sz, char *hugedir,
> > int len)
> >                                 continue;
> >                 }
> >
> > +               if (access(splitstr[MOUNTPT], R_OK | W_OK) < 0) {
> > +                       EAL_LOG(NOTICE, "Missing r/w permissions on huge
> > dir: "
> > +                           "'%s'. Skipping it", splitstr[MOUNTPT]);
> > +                       continue;
> > +               }
> > +
> >                 /*
> >                  * If no --huge-dir option has been given, we're done.
> >                  */
> > -
> >
>
> >
diff mbox series

Patch

diff --git a/lib/eal/linux/eal_hugepage_info.c b/lib/eal/linux/eal_hugepage_info.c
index d47a19c56a..dbfa38b05c 100644
--- a/lib/eal/linux/eal_hugepage_info.c
+++ b/lib/eal/linux/eal_hugepage_info.c
@@ -260,6 +260,12 @@  get_hugepage_dir(uint64_t hugepage_sz, char *hugedir, int len)
 				continue;
 		}
 
+		if (access(splitstr[MOUNTPT], R_OK | W_OK) < 0) {
+			EAL_LOG(NOTICE, "Missing r/w permissions on huge dir: "
+			    "'%s'. Skipping it", splitstr[MOUNTPT]);
+			continue;
+		}
+
 		/*
 		 * If no --huge-dir option has been given, we're done.
 		 */