From patchwork Thu Jun 18 13:50:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71725 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 4B83DA04A5; Thu, 18 Jun 2020 15:51:12 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D61CB1BF58; Thu, 18 Jun 2020 15:51:06 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id CD4041BED6 for ; Thu, 18 Jun 2020 15:51:04 +0200 (CEST) IronPort-SDR: WPUZhgFv2t1fXTPob03HCzrZ/a+e9+Sd6bShZhsEhC7zTXUrVoL2xzCgSdjt/GAPKVr9x1RkDT sBLQ3NU+6ylg== X-IronPort-AV: E=McAfee;i="6000,8403,9655"; a="204065784" X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="204065784" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jun 2020 06:51:04 -0700 IronPort-SDR: NWs38Yrhf7bK17PZmgfoX7dARPJv/nky09z4TwF2ErE9QcOVw2qiuHxDi01jHt6YVckF06CBMM 4RNhL5B0Xjpg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="477200693" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 18 Jun 2020 06:51:03 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Thu, 18 Jun 2020 14:50:46 +0100 Message-Id: <20200618135049.489773-2-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200618135049.489773-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH 1/4] eal: remove unnecessary null-termination X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Since strlcpy always null-terminates, and the buffer is zeroed before copy anyway, there is no need to explicitly zero the end of the character array, or to limit the bytes that strlcpy can write. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 8f2cbd1c6..6fbe9b5db 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -322,8 +322,7 @@ eal_plugin_add(const char *path) return -1; } memset(solib, 0, sizeof(*solib)); - strlcpy(solib->name, path, PATH_MAX-1); - solib->name[PATH_MAX-1] = 0; + strlcpy(solib->name, path, PATH_MAX); TAILQ_INSERT_TAIL(&solib_list, solib, next); return 0; From patchwork Thu Jun 18 13:50:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71726 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A9721A04A5; Thu, 18 Jun 2020 15:51:20 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 46CB11BF5F; Thu, 18 Jun 2020 15:51:08 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 492131BF5B for ; Thu, 18 Jun 2020 15:51:07 +0200 (CEST) IronPort-SDR: kp7Of3MHoiEqXEcVRzJ33GnIMe+S140QfGNWrOkirQ67a0PEZCkB5PFKsYFbHTSMq76tHR/B3F Gu9p99NvlAXQ== X-IronPort-AV: E=McAfee;i="6000,8403,9655"; a="204065794" X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="204065794" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jun 2020 06:51:06 -0700 IronPort-SDR: wH6MZE5fWatvSI9ZtMOxuivBVFLimsAIHPRIlzQUG0g0UEc399VuU9Xjui40lF+i9S1E9lupGs qlKWWcUQh2TA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="477200701" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 18 Jun 2020 06:51:05 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Thu, 18 Jun 2020 14:50:47 +0100 Message-Id: <20200618135049.489773-3-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200618135049.489773-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH 2/4] eal: only load shared libs from driver plugin directory X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When we pass a "-d" flag to EAL pointing to a directory, we attempt to load all files in that directory as driver plugins, irrespective of file type. This procludes using e.g. the build/drivers directory, as a driver source since it contains static libs and other files as well as the shared objects. By filtering out any files whose filename does not end in ".so", we can improve usability by allowing other non-driver files to be present in the driver directory. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 6fbe9b5db..7aef6df4c 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -347,9 +347,15 @@ eal_plugindir_init(const char *path) while ((dent = readdir(d)) != NULL) { struct stat sb; + int nlen = strnlen(dent->d_name, sizeof(dent->d_name)); + + /* check if name ends in .so */ + if (strcmp(&dent->d_name[nlen - 3], ".so") != 0) + continue; snprintf(sopath, sizeof(sopath), "%s/%s", path, dent->d_name); + /* if a regular file, add to list to load */ if (!(stat(sopath, &sb) == 0 && S_ISREG(sb.st_mode))) continue; From patchwork Thu Jun 18 13:50:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71727 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8BAB3A04A5; Thu, 18 Jun 2020 15:51:29 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 945591BF75; Thu, 18 Jun 2020 15:51:15 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 976621BF31 for ; Thu, 18 Jun 2020 15:51:13 +0200 (CEST) IronPort-SDR: HyGyLcF6ODp8085+aUPjSjARwaCfTmA1u6YVk4kNk/agSfp42ueawag8jFPT9grRlhRDj8HTeg Kjf4FSnqk4bA== X-IronPort-AV: E=McAfee;i="6000,8403,9655"; a="204065806" X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="204065806" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jun 2020 06:51:12 -0700 IronPort-SDR: RD6CxQuZx/BWM4Gumx5Nj0ZZWiuatWViTOPMrXh92HXs0zemyBjkkh469bTMQiQBW2ejZnlUsG CsC8siurzEgA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="477200739" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 18 Jun 2020 06:51:11 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Thu, 18 Jun 2020 14:50:48 +0100 Message-Id: <20200618135049.489773-4-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200618135049.489773-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH 3/4] eal: don't load drivers from insecure paths X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Any paths on the system which are world-writable are insecure and should not be used for loading drivers. Therefore check each driver path before loading it and error out on insecure ones. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 75 ++++++++++++++++++++-- 1 file changed, 69 insertions(+), 6 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 7aef6df4c..2a62a1342 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -15,6 +15,7 @@ #include #ifndef RTE_EXEC_ENV_WINDOWS #include +#include #endif #include #include @@ -368,10 +369,74 @@ eal_plugindir_init(const char *path) return (dent == NULL) ? 0 : -1; } +#ifdef RTE_EXEC_ENV_WINDOWS +int +eal_plugins_init(void) +{ + return 0; +} +#else + +static int +verify_perms(const char *dirpath) +{ + struct stat st; + + /* if not root, check down one level first */ + if (strcmp(dirpath, "/") != 0) { + char copy[PATH_MAX]; + + strlcpy(copy, dirpath, PATH_MAX); + if (verify_perms(dirname(copy)) != 0) + return -1; + } + + /* call stat to check for permissions and ensure not world writable */ + if (stat(dirpath, &st) != 0) { + RTE_LOG(ERR, EAL, "Error with stat on %s, %s\n", + dirpath, strerror(errno)); + return -1; + } + if (st.st_mode & S_IWOTH) { + RTE_LOG(ERR, EAL, + "Error, directory path %s is world-writable and insecure\n", + dirpath); + return -1; + } + + return 0; +} + +static void * +eal_dlopen(const char *pathname) +{ + void *retval = NULL; + char *realp = realpath(pathname, NULL); + + if (realp == NULL) { + RTE_LOG(ERR, EAL, "Error with realpath, %s\n", strerror(errno)); + goto out; + } + if (strnlen(realp, PATH_MAX) == PATH_MAX) { + RTE_LOG(ERR, EAL, "Error, driver path greater than PATH_MAX\n"); + goto out; + } + + /* do permissions checks */ + if (verify_perms(realp) != 0) + goto out; + + retval = dlopen(realp, RTLD_NOW); + if (retval == NULL) + RTE_LOG(ERR, EAL, "%s\n", dlerror()); +out: + free(realp); + return retval; +} + int eal_plugins_init(void) { -#ifndef RTE_EXEC_ENV_WINDOWS struct shared_driver *solib = NULL; struct stat sb; @@ -391,17 +456,15 @@ eal_plugins_init(void) } else { RTE_LOG(DEBUG, EAL, "open shared lib %s\n", solib->name); - solib->lib_handle = dlopen(solib->name, RTLD_NOW); - if (solib->lib_handle == NULL) { - RTE_LOG(ERR, EAL, "%s\n", dlerror()); + solib->lib_handle = eal_dlopen(solib->name); + if (solib->lib_handle == NULL) return -1; - } } } return 0; -#endif } +#endif /* * Parse the coremask given as argument (hexadecimal string) and fill From patchwork Thu Jun 18 13:50:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bruce Richardson X-Patchwork-Id: 71728 Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C1092A04A5; Thu, 18 Jun 2020 15:51:37 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D293E1BF7D; Thu, 18 Jun 2020 15:51:17 +0200 (CEST) Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id 57A461BF72 for ; Thu, 18 Jun 2020 15:51:15 +0200 (CEST) IronPort-SDR: D0KMl0wqfyM2aCQsJhpUdn4ahBQ7CC2nAptn7EwQBgPTIjyuJM+Xc4F4SpSF1xaZCQlZlllAlQ RbmKaIwXCIyQ== X-IronPort-AV: E=McAfee;i="6000,8403,9655"; a="204065810" X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="204065810" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Jun 2020 06:51:14 -0700 IronPort-SDR: GY7IWhlR9SNFBVILeABocNHN6Iv+dM/jSnY69wgwflJbCs2NGExdCTno4cDnYrLTtEeEaB5Lef HrxLgXScQFxA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,526,1583222400"; d="scan'208";a="477200748" Received: from silpixa00399126.ir.intel.com ([10.237.222.84]) by fmsmga006.fm.intel.com with ESMTP; 18 Jun 2020 06:51:13 -0700 From: Bruce Richardson To: dev@dpdk.org Cc: thomas@monjalon.net, david.marchand@redhat.com, Bruce Richardson Date: Thu, 18 Jun 2020 14:50:49 +0100 Message-Id: <20200618135049.489773-5-bruce.richardson@intel.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200618135049.489773-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> MIME-Version: 1.0 Subject: [dpdk-dev] [PATCH 4/4] eal: cache last directory permissions checked X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" When loading a directory of drivers, we check the same hierarchy multiple times. If we just cache the last directory checked, this avoids repeated checks of the same path, since all drivers in that path have been added to the list consecutively. Signed-off-by: Bruce Richardson --- lib/librte_eal/common/eal_common_options.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/librte_eal/common/eal_common_options.c b/lib/librte_eal/common/eal_common_options.c index 2a62a1342..0901b493c 100644 --- a/lib/librte_eal/common/eal_common_options.c +++ b/lib/librte_eal/common/eal_common_options.c @@ -384,11 +384,18 @@ verify_perms(const char *dirpath) /* if not root, check down one level first */ if (strcmp(dirpath, "/") != 0) { + static __thread char last_dir_checked[PATH_MAX]; char copy[PATH_MAX]; + const char *dir; strlcpy(copy, dirpath, PATH_MAX); - if (verify_perms(dirname(copy)) != 0) - return -1; + dir = dirname(copy); + if (strncmp(dir, last_dir_checked, PATH_MAX) != 0) { + if (verify_perms(dir) != 0) + return -1; + else + strlcpy(last_dir_checked, dir, PATH_MAX); + } } /* call stat to check for permissions and ensure not world writable */