From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 0EE6EA00C3;
	Wed,  7 Dec 2022 18:48:56 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id A393A410FB;
	Wed,  7 Dec 2022 18:48:55 +0100 (CET)
Received: from mta-174-87-135.smtp-out.sparkpostmail.com
 (mta-174-87-135.smtp-out.sparkpostmail.com [192.174.87.135])
 by mails.dpdk.org (Postfix) with ESMTP id DD62140156
 for <dev@dpdk.org>; Wed,  7 Dec 2022 18:48:53 +0100 (CET)
X-MSFBL: 7aN2+bP9h/mq3yr6TEQh2g+RtGclsM7GgrSGn+u28to=|eyJtZXNzYWdlX2lkIjo
 iNjM5MDA0ZDI5MDYzYTkxNDllYTEiLCJjdXN0b21lcl9pZCI6IjQ4OTI3IiwidGV
 uYW50X2lkIjoic3BjIiwiciI6ImRldkBkcGRrLm9yZyIsInN1YmFjY291bnRfaWQ
 iOiIwIn0=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail1.yoursunny.com;
 s=scph1018; t=1670435332; i=@mail1.yoursunny.com;
 bh=anq+z0616V2krOtq+Y+5zpkGjiexa7JLKc5YiqnQVBI=;
 h=From:Date:Message-ID:Subject:To:Cc:Content-Type:List-Unsubscribe:
 From:To:Cc:Subject;
 b=AAJWoBR399eTsaV4PilXYZ5DFZizWoBLf4fGA1eZVSRjAFzHGi0vfXWp67f3ZANFR
 vLdgAuc0GfQW/RaGwPTnOv/x9kdqaGZ1kac0Pz6DjgHRwkN5LAZQD5EFsFFSxEY3Pm
 oNKta8px6cvT5yT/jIK2sLt5v2cwT+8TiDSgWJAU=
Authentication-Results: gc.mta1vsmtp.cc.prd.sparkpost smtp.user=<hidden>;
 auth=pass (PLAIN)
Received: from [209.85.167.48] ([209.85.167.48:33486]
 helo=mail-lf1-f48.google.com)
 by gc.mta1vsmtp.cc.prd.sparkpost (envelope-from <git@mail1.yoursunny.com>)
 (ecelerity 4.4.0.17999 r(msys-ecelerity:tags/4.4.0.45)) with ESMTPSA
 (cipher=AES-128-GCM) 
 id E9/1A-11898-402D0936; Wed, 07 Dec 2022 17:48:52 +0000
Received: by mail-lf1-f48.google.com with SMTP id j4so29899140lfk.0
 for <dev@dpdk.org>; Wed, 07 Dec 2022 09:48:52 -0800 (PST)
X-Gm-Message-State: ANoB5pnm5ENWugBObZBqTbHzwhITAiwaORvWM3I9p/eSDRtFYNThrjqN
 6NOTDf+iUpROhrwgIoc7YKh9D4XVP7fcJ/mQsYA=
X-Google-Smtp-Source: AA0mqf7mZOlR8nODxedHT5n0F1mtRBZaQtIjbS2aLVcmsKqualbjlVfZG2hsCJjvh0gInFAziRN4kHWIZI3kmiN6p9k=
X-Received: by 2002:a05:6512:3f89:b0:4ac:660b:1f02 with SMTP id
 x9-20020a0565123f8900b004ac660b1f02mr28282625lfa.9.1670435330728; Wed, 07 Dec
 2022 09:48:50 -0800 (PST)
MIME-Version: 1.0
References: <c07a5f1185773040@cs.arizona.edu> <c07a6b1cb6d446ec@cs.arizona.edu>
 <7046cb75-75e7-8be6-9efc-f37b70a1f2df@amd.com>
In-Reply-To: <7046cb75-75e7-8be6-9efc-f37b70a1f2df@amd.com>
From: Junxiao Shi <git@mail1.yoursunny.com>
Date: Wed, 7 Dec 2022 12:48:39 -0500
X-Gmail-Original-Message-ID: <CANsAqf7RSxonqqXaEC9nSDdde6_L0WnAdY-5WuZnBQWOK9C6xw@mail.gmail.com>
Message-ID: <CANsAqf7RSxonqqXaEC9nSDdde6_L0WnAdY-5WuZnBQWOK9C6xw@mail.gmail.com>
Subject: Re: [PATCH v2] net/memif: change socket listener owner uid/gid
To: Ferruh Yigit <ferruh.yigit@amd.com>
Cc: dev@dpdk.org
Content-Type: multipart/alternative; boundary="000000000000827fc405ef408843"
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

--000000000000827fc405ef408843
Content-Type: text/plain; charset="UTF-8"

Hi Ferruh

> On 12/7/2022 2:41 PM, Junxiao Shi wrote:
> > This allows a DPDK application running with root privilege to create a
> > memif socket listener with non-root owner uid and gid, which can be
> > connected from client applications running without root privilege.
> >
>
> Do you have an easy way to test unprivileged memif client?

This has been tested with NDN-DPDK software.
https://github.com/usnistgov/ndn-dpdk revision
311de078aa4dc3ea28db5f8858e70a1bef7b9ccd

The systemd service is running as root and it uses DPDK with the owner-uid
and owner-gid args.
The ndndpdk-godemo command is running as unprivileged process.
Directory /run/ndn still needs to be created by root.

These commands can perform a full test:

git clone https://github.com/usnistgov/ndn-dpdk.git
cd ndn-dpdk
./docs/ndndpdk-depends.sh --dpdk-patch=26031
corepack pnpm install
make
sudo make install
sudo dpdk-hugepages.py --setup 8G
sudo ndndpdk-ctrl systemd start
jq -n {} | ndndpdk-ctrl activate-forwarder
sudo mkdir -p /run/ndn
ndndpdk-godemo pingserver --name /A
ndndpdk-godemo pingclient --name /A

You can see packets flowing through.
Run `ls -l /run/ndn` and check the uid:gid of socket files too.


>
> > Signed-off-by: Junxiao Shi <git@mail1.yoursunny.com>
>
> <...>
>
> > @@ -1827,47 +1859,58 @@ rte_pmd_memif_probe(struct rte_vdev_device
*vdev)
> >       flags |= ETH_MEMIF_FLAG_SOCKET_ABSTRACT;
> >
> >       kvlist = rte_kvargs_parse(rte_vdev_device_args(vdev),
valid_arguments);
> > +     if (kvlist == NULL) {
> > +             MIF_LOG(ERR, "Invalid kvargs key");
> > +             ret = -EINVAL;
> > +             goto exit;
> > +     }
>
> Thanks Junxiao for updating this, but since it is not really related to
> this patch, can you please separate it to another patch?

These are reverted and will be submitted separately in the future.

--000000000000827fc405ef408843
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto">Hi Ferruh<br>
<br>
&gt; On 12/7/2022 2:41 PM, Junxiao Shi wrote:<br>
&gt; &gt; This allows a DPDK application running with root privilege to cre=
ate a<br>
&gt; &gt; memif socket listener with non-root owner uid and gid, which can =
be<br>
&gt; &gt; connected from client applications running without root privilege=
.<br>
&gt; &gt;<br>
&gt;<br>
&gt; Do you have an easy way to test unprivileged memif client?<br>
<br>
This has been tested with NDN-DPDK software.<br>
<a href=3D"https://github.com/usnistgov/ndn-dpdk" rel=3D"noreferrer norefer=
rer" target=3D"_blank">https://github.com/usnistgov/ndn-dpdk</a> revision 3=
11de078aa4dc3ea28db5f8858e70a1bef7b9ccd<br>
<br>
The systemd service is running as root and it uses DPDK with the owner-uid =
and owner-gid args.<br>
The ndndpdk-godemo command is running as unprivileged process.<br>
Directory /run/ndn still needs to be created by root.<br>
<br>
These commands can perform a full test:<br>
<br>
git clone <a href=3D"https://github.com/usnistgov/ndn-dpdk.git" rel=3D"nore=
ferrer noreferrer" target=3D"_blank">https://github.com/usnistgov/ndn-dpdk.=
git</a><br>
cd ndn-dpdk<br>
./docs/ndndpdk-depends.sh --dpdk-patch=3D26031<br>
corepack pnpm install<br>
make<br>
sudo make install<br>
sudo dpdk-hugepages.py --setup 8G<br>
sudo ndndpdk-ctrl systemd start<br>
jq -n {} | ndndpdk-ctrl activate-forwarder<br>
sudo mkdir -p /run/ndn<br>
ndndpdk-godemo pingserver --name /A<br>
ndndpdk-godemo pingclient --name /A<br>
<br>
You can see packets flowing through.<br>
Run `ls -l /run/ndn` and check the uid:gid of socket files too.<br>
<br>
<br>
&gt;<br>
&gt; &gt; Signed-off-by: Junxiao Shi &lt;<a href=3D"mailto:git@mail1.yoursu=
nny.com" target=3D"_blank" rel=3D"noreferrer">git@mail1.yoursunny.com</a>&g=
t;<br>
&gt;<br>
&gt; &lt;...&gt;<br>
&gt;<br>
&gt; &gt; @@ -1827,47 +1859,58 @@ rte_pmd_memif_probe(struct rte_vdev_devic=
e *vdev)<br>
&gt; &gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0flags |=3D ETH_MEMIF_FLAG_SOCKET_ABSTRA=
CT;<br>
&gt; &gt;<br>
&gt; &gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0kvlist =3D rte_kvargs_parse(rte_vdev_de=
vice_args(vdev), valid_arguments);<br>
&gt; &gt; +=C2=A0 =C2=A0 =C2=A0if (kvlist =3D=3D NULL) {<br>
&gt; &gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0MIF_LOG(ERR, &qu=
ot;Invalid kvargs key&quot;);<br>
&gt; &gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ret =3D -EINVAL;=
<br>
&gt; &gt; +=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0goto exit;<br>
&gt; &gt; +=C2=A0 =C2=A0 =C2=A0}<br>
&gt;<br>
&gt; Thanks Junxiao for updating this, but since it is not really related t=
o<br>
&gt; this patch, can you please separate it to another patch?<br>
<br>
These are reverted and will be submitted separately in the future.<br></div=
>

--000000000000827fc405ef408843--