From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7423EA00C5; Sun, 5 Jul 2020 19:50:52 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B13621DA2A; Sun, 5 Jul 2020 19:50:51 +0200 (CEST) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) by dpdk.org (Postfix) with ESMTP id 2A5C21DA16 for ; Sun, 5 Jul 2020 19:50:50 +0200 (CEST) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 7BD995C00B9; Sun, 5 Jul 2020 13:50:49 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Sun, 05 Jul 2020 13:50:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=fm1; bh= aCEJhuTnGib8NaBcYdi5uJDOH1w4D2pxja+ZzMcAV5g=; b=iHaMBShcnUmTm/zs MDGSA8T1rN9CpJXVEIVpNY0BXkt3PeWSK1uPYOpNrSGhl5Sus6DPYKyEBZW/CLTU GoW8iGmgopkNABaParEbtTaDkcZd1TxxktkKrD4+eyqjVo9nnt3s3Y+Ao0J41H2Q uJKdnoGJU56HdfmBq1E6dhW0UoWLs57GItHfaZ16WKuqhEJJPRNOAGlt6/S3jICy PbYlhhV6cH9zyd3ZVbL9wqVlOPGCLxmFX4gPuwpVStFlYCSQ//fE1f8cMSptUf7W gpT19BYQmz/FZZD7y4yjlTklfqbTtlxrumO7u97vuQxNbub2LLsO155pYKxLgRHs g54evw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=aCEJhuTnGib8NaBcYdi5uJDOH1w4D2pxja+ZzMcAV 5g=; b=RtFVCm71UjIqY5S0KWZwbS+ItR713E39qXVJJFSmFdn2lhmZd/h7hDswZ BKwLFAK5fBcQrWb0ipLKhzm8x/hwXFatEykipMIuuiq/ToH7xr9tVQrWwpXkNPsk InFBlbIow0qEkVur2pFWqfc81ae0rlaAZBm8KVYOIDnJcmyjG1rxt5u+0409oU8K p+Hxo7SJiao2H4Q01NML7gvy/1qqHLSiSp91Mu0MbDb6cYHlB8wTB1uMib4FZ4H5 CQCLuGELTLaJhrJJY2FLFpx30epyLRTd9wJgiL+HKMmRDPsVks0Hv3eqNAceQDL+ EfrWDUnuhtvsQujm3p6aKJkvM5Mag== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedruddugdduvddtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhephffvufffkfgjfhgggfgtsehtufertddttddvnecuhfhrohhmpefvhhhomhgr shcuofhonhhjrghlohhnuceothhhohhmrghssehmohhnjhgrlhhonhdrnhgvtheqnecugg ftrfgrthhtvghrnhepudeggfdvfeduffdtfeeglefghfeukefgfffhueejtdetuedtjeeu ieeivdffgeehnecukfhppeejjedrudefgedrvddtfedrudekgeenucevlhhushhtvghruf hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthhhomhgrshesmhhonhhjrghl ohhnrdhnvght X-ME-Proxy: Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184]) by mail.messagingengine.com (Postfix) with ESMTPA id 4AB963280063; Sun, 5 Jul 2020 13:50:48 -0400 (EDT) From: Thomas Monjalon To: Bruce Richardson Cc: dev@dpdk.org, david.marchand@redhat.com Date: Sun, 05 Jul 2020 19:50:46 +0200 Message-ID: <1620554.AQiSdEimYf@thomas> In-Reply-To: <20200703102332.1101232-1-bruce.richardson@intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200703102332.1101232-1-bruce.richardson@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] [PATCH v3 0/4] improve runtime loading of shared drivers X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 03/07/2020 12:23, Bruce Richardson: > This set includes a number of small improvements for handling the loading > of drivers at runtime using the EAL -d flag. > > It limits the loading of files to only those files which end in .so, which > means that one can pass in the whole "drivers/" subfolder from a meson > build and not get an error when DPDK trys to load a .a file. > > It also puts in some basic permission checking to ensure that no drivers > are loaded from a world-writable location on the filesystem, which would be > a potential security hole on a mis-configured system. > > v3: adjusted commit titles based on Thomas' feedback > skip over any paths which are not relative/absolute - assume any found > from system directories by linker must be secure. > > v2: rebased to fix errors on apply > fixed one checkpatch issue. > > Bruce Richardson (4): > eal: remove unnecessary null-termination in plugin path > eal: load only shared libs from driver plugin directories > eal: forbid loading drivers from insecure paths > eal: cache last directory permissions checked Applied, thanks