From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 7423EA00C5;
	Sun,  5 Jul 2020 19:50:52 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id B13621DA2A;
	Sun,  5 Jul 2020 19:50:51 +0200 (CEST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com
 [66.111.4.26]) by dpdk.org (Postfix) with ESMTP id 2A5C21DA16
 for <dev@dpdk.org>; Sun,  5 Jul 2020 19:50:50 +0200 (CEST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47])
 by mailout.nyi.internal (Postfix) with ESMTP id 7BD995C00B9;
 Sun,  5 Jul 2020 13:50:49 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute7.internal (MEProxy); Sun, 05 Jul 2020 13:50:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h=
 from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding:content-type; s=fm1; bh=
 aCEJhuTnGib8NaBcYdi5uJDOH1w4D2pxja+ZzMcAV5g=; b=iHaMBShcnUmTm/zs
 MDGSA8T1rN9CpJXVEIVpNY0BXkt3PeWSK1uPYOpNrSGhl5Sus6DPYKyEBZW/CLTU
 GoW8iGmgopkNABaParEbtTaDkcZd1TxxktkKrD4+eyqjVo9nnt3s3Y+Ao0J41H2Q
 uJKdnoGJU56HdfmBq1E6dhW0UoWLs57GItHfaZ16WKuqhEJJPRNOAGlt6/S3jICy
 PbYlhhV6cH9zyd3ZVbL9wqVlOPGCLxmFX4gPuwpVStFlYCSQ//fE1f8cMSptUf7W
 gpT19BYQmz/FZZD7y4yjlTklfqbTtlxrumO7u97vuQxNbub2LLsO155pYKxLgRHs
 g54evw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-transfer-encoding:content-type
 :date:from:in-reply-to:message-id:mime-version:references
 :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm3; bh=aCEJhuTnGib8NaBcYdi5uJDOH1w4D2pxja+ZzMcAV
 5g=; b=RtFVCm71UjIqY5S0KWZwbS+ItR713E39qXVJJFSmFdn2lhmZd/h7hDswZ
 BKwLFAK5fBcQrWb0ipLKhzm8x/hwXFatEykipMIuuiq/ToH7xr9tVQrWwpXkNPsk
 InFBlbIow0qEkVur2pFWqfc81ae0rlaAZBm8KVYOIDnJcmyjG1rxt5u+0409oU8K
 p+Hxo7SJiao2H4Q01NML7gvy/1qqHLSiSp91Mu0MbDb6cYHlB8wTB1uMib4FZ4H5
 CQCLuGELTLaJhrJJY2FLFpx30epyLRTd9wJgiL+HKMmRDPsVks0Hv3eqNAceQDL+
 EfrWDUnuhtvsQujm3p6aKJkvM5Mag==
X-ME-Sender: <xms:-BICX3urZi6Glacq606G79Hz_iwbTrKCAz0Buz10wrXPKif91H1TiA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddugdduvddtucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhephffvufffkfgjfhgggfgtsehtufertddttddvnecuhfhrohhmpefvhhhomhgr
 shcuofhonhhjrghlohhnuceothhhohhmrghssehmohhnjhgrlhhonhdrnhgvtheqnecugg
 ftrfgrthhtvghrnhepudeggfdvfeduffdtfeeglefghfeukefgfffhueejtdetuedtjeeu
 ieeivdffgeehnecukfhppeejjedrudefgedrvddtfedrudekgeenucevlhhushhtvghruf
 hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthhhomhgrshesmhhonhhjrghl
 ohhnrdhnvght
X-ME-Proxy: <xmx:-BICX4ehIQeTYqXLVI3-pbOk5sOA7wJiIMHsjaIcSmDwcEPoExi-Tw>
 <xmx:-BICX6xoRTK9XlRcfSr28Rde6qFk8TWvFGhzvl-KWUB-m9ALBi7tlQ>
 <xmx:-BICX2OFC69otr_TwHXWrLFUll1srUhARUyj2RP0KsiB0jDkNinauA>
 <xmx:-RICX0Le728sl8Cv-2CQUrt90o27nBQm3yGj6t6oo2DKNPyTl8ucGg>
Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184])
 by mail.messagingengine.com (Postfix) with ESMTPA id 4AB963280063;
 Sun,  5 Jul 2020 13:50:48 -0400 (EDT)
From: Thomas Monjalon <thomas@monjalon.net>
To: Bruce Richardson <bruce.richardson@intel.com>
Cc: dev@dpdk.org, david.marchand@redhat.com
Date: Sun, 05 Jul 2020 19:50:46 +0200
Message-ID: <1620554.AQiSdEimYf@thomas>
In-Reply-To: <20200703102332.1101232-1-bruce.richardson@intel.com>
References: <20200618135049.489773-1-bruce.richardson@intel.com>
 <20200703102332.1101232-1-bruce.richardson@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Subject: Re: [dpdk-dev] [PATCH v3 0/4] improve runtime loading of shared
	drivers
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

03/07/2020 12:23, Bruce Richardson:
> This set includes a number of small improvements for handling the loading
> of drivers at runtime using the EAL -d flag.
> 
> It limits the loading of files to only those files which end in .so, which
> means that one can pass in the whole "drivers/" subfolder from a meson
> build and not get an error when DPDK trys to load a .a file.
> 
> It also puts in some basic permission checking to ensure that no drivers
> are loaded from a world-writable location on the filesystem, which would be
> a potential security hole on a mis-configured system.
> 
> v3: adjusted commit titles based on Thomas' feedback
>     skip over any paths which are not relative/absolute - assume any found
>     from system directories by linker must be secure.
> 
> v2: rebased to fix errors on apply
>     fixed one checkpatch issue.
> 
> Bruce Richardson (4):
>   eal: remove unnecessary null-termination in plugin path
>   eal: load only shared libs from driver plugin directories
>   eal: forbid loading drivers from insecure paths
>   eal: cache last directory permissions checked

Applied, thanks