From: "Xie, Huawei" <huawei.xie@intel.com>
To: Pavel Fedin <p.fedin@samsung.com>,
'Yuanhan Liu' <yuanhan.liu@linux.intel.com>
Cc: "dev@dpdk.org" <dev@dpdk.org>,
'Ilya Maximets' <i.maximets@samsung.com>,
'Dyasly Sergey' <s.dyasly@samsung.com>
Subject: Re: [dpdk-dev] problem vhost-user sockets
Date: Tue, 15 Dec 2015 16:37:02 +0000 [thread overview]
Message-ID: <C37D651A908B024F974696C65296B57B4C54268C@SHSMSX101.ccr.corp.intel.com> (raw)
In-Reply-To: <00cd01d13743$e1a7c4a0$a4f74de0$@samsung.com>
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Pavel Fedin
> Sent: Tuesday, December 15, 2015 10:21 PM
> To: 'Yuanhan Liu'
> Cc: dev@dpdk.org; 'Ilya Maximets'; 'Dyasly Sergey'
> Subject: Re: [dpdk-dev] problem vhost-user sockets
>
> Hello!
>
> > I'm thinking you can't simply unlink a file given by a user inside
> > a libraray unconditionaly. Say, what if a user gives a wrong socket
> > path?
Exactly, Yuanhan. The initial thinking is it is the user's responsibility to provide a clean running environment and I try to avoid the dpdk app touch something that others might be using.
>
> Well... We can improve the security by checking that:
>
> a) The file exists and it's a socket.
> b) Nobody is listening on it.
>
> > I normally write a short script to handle it automatically.
Yes, the same to me.
>
> I know, you can always hack up some kludges, just IMHO it's not
> production-grade solution. What if you are cloud administrator, and
> you have 1000 users, each of them using 100 vhost-user interfaces?
> List all of them in some script? Too huge job, i would say.
> And without it the thing just appears to be too fragile, requiring
> manual maintenance after a single stupid failure.
Pavel:
I totally understand your pain, it also brings trouble to ourselves when debugging, but I want to follow the best practice. Btw I don't see the trouble with the script here. The users should know clearly where and how to do the cleanup. Normally the socket files should all reside in one single directory.
For the checking you mentioned above, even the existing file has nobody listening on it, in theory there is no guarantee others might not use it. Of course, for this specific case, the chance is rare.
>From another point of view, DPDK huge re-creates rte_map files even if it exists. :).
We are open to this. Let us consider more and gather more comments.
>
> Kind regards,
> Pavel Fedin
> Expert Engineer
> Samsung Electronics Research center Russia
>
next prev parent reply other threads:[~2015-12-15 16:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-15 12:41 Pavel Fedin
2015-12-15 14:04 ` Yuanhan Liu
2015-12-15 14:21 ` Pavel Fedin
2015-12-15 16:37 ` Xie, Huawei [this message]
2015-12-16 1:31 ` Yuanhan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C37D651A908B024F974696C65296B57B4C54268C@SHSMSX101.ccr.corp.intel.com \
--to=huawei.xie@intel.com \
--cc=dev@dpdk.org \
--cc=i.maximets@samsung.com \
--cc=p.fedin@samsung.com \
--cc=s.dyasly@samsung.com \
--cc=yuanhan.liu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).