Soft Patch Panel
 help / color / mirror / Atom feed
* [spp] [Bug 442] disable ASLR is been highly recommended
@ 2020-04-06  6:19 bugzilla
  2020-04-08  1:04 ` bugzilla
                   ` (13 more replies)
  0 siblings, 14 replies; 15+ messages in thread
From: bugzilla @ 2020-04-06  6:19 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

            Bug ID: 442
           Summary: disable ASLR is been highly recommended
           Product: SPP
           Version: unspecified
          Hardware: All
               URL: http://doc.dpdk.org/spp/setup/getting_started.html
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Normal
         Component: main
          Assignee: yasufum.o@gmail.com
          Reporter: vipin.varghese@intel.com
                CC: spp@dpdk.org
  Target Milestone: ---

section: 1.1.3
reason: running primary-secondary recommendation is stated as `disable ASLR`

the recommended way should be to try `--base-virtaddr and
--single-file-segments`

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
@ 2020-04-08  1:04 ` bugzilla
  2020-04-08  2:37 ` bugzilla
                   ` (12 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-04-08  1:04 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

Itsuro Oda (oda@valinux.co.jp) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |oda@valinux.co.jp

--- Comment #1 from Itsuro Oda (oda@valinux.co.jp) ---
It is a work around that is necessary to use vhost PMD from secondary processes
at the moment.
There is a case that a secondary process try to free a mempool that was created
by another secondary process (although it is not intentional). The free
function address that is registered at the creation is used to free mempool. If
the free function address is different among secondary processes, segmentation
fault will occur at freeing mempool.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
  2020-04-08  1:04 ` bugzilla
@ 2020-04-08  2:37 ` bugzilla
  2020-04-08  2:40 ` bugzilla
                   ` (11 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-04-08  2:37 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #2 from Vipin Varghese (vipin.varghese@intel.com) ---
here are my thoughts

There are 3 mentioned use cases with SPP

a. RING - can work with base-virtaddr
b. PCAP - can work with base-virtaddr
c. VHOST - primary-secondary on the same os works with base-virtaddr

explained use case:
a. vhost - primary on host os and secondary on host os. 

why not look for MEM-IF copy/zero-copy mode instead of VHOST PMD is not used in
guest (in your use cases).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
  2020-04-08  1:04 ` bugzilla
  2020-04-08  2:37 ` bugzilla
@ 2020-04-08  2:40 ` bugzilla
  2020-07-13  2:31 ` bugzilla
                   ` (10 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-04-08  2:40 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #3 from Vipin Varghese (vipin.varghese@intel.com) ---
If the argument is usign VHOST between primary on host and secondary on guest,
please explain.

1. how does ASLR on primary (host) affect secondary (guest)? 
2. is not zero-copy disabled on RX side in guest for security reason?
3. there are no mention in
`https://doc.dpdk.org/spp/setup/performance_opt.html#optimizing-qemu-performance`
for rx zero copy or tx zero copy.

can you please explain the context please.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (2 preceding siblings ...)
  2020-04-08  2:40 ` bugzilla
@ 2020-07-13  2:31 ` bugzilla
  2020-07-20  1:28 ` bugzilla
                   ` (9 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-13  2:31 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

masahiro nemoto (masahiro.nemoto.es@s1.ntt-tx.co.jp) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |masahiro.nemoto.es@s1.ntt-t
                   |                            |x.co.jp

--- Comment #4 from masahiro nemoto (masahiro.nemoto.es@s1.ntt-tx.co.jp) ---
Hello Vipin,

Apologize about my late reply.

First of all, we have tried '--base-virtaddr and --single-file-segments' option
when starting primary process using DPDK20.02, ASLR enabled.

1. Result with DPDK20.02
Segmentation fault was observed when two secondary process(spp_vf) try to use
vhost.

2. Result with DPDK20.05
Segmentaion fault was NOT observed with the same condition above.

3. Analysis
Vhost related bug is fixed and merged from DPDK20.05 and this maybe the cause
difference of results.
(commit 7470f845c17ac27ce08b22f3c024169e51ade990)

4. Document impact
- Document for SPP 20.02, ASLR disable can NOT be deleted.
- Document for SPP 20.05 or onward, ASLR disable can be deleted(but should be
tested carefully)

What do you think?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (3 preceding siblings ...)
  2020-07-13  2:31 ` bugzilla
@ 2020-07-20  1:28 ` bugzilla
  2020-07-28  3:59 ` bugzilla
                   ` (8 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-20  1:28 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #5 from Vipin Varghese (vipin.varghese@intel.com) ---
Hi Masahiro,

I am not clear with your email or explanation. let me explain

1. status of ticket is `unconfirmed`. This is not right understanding from SPP
as there are issues as explained on `2020-04-06`.

2. the usage of `--base-virtaddr and --single-file-segments` issue is better
explained in the ticket
`https://github.com/vipinpv85/DPDK_SURICATA-4_1_1/issues/5`

3. I do not see what arguments are passed for `--base-virtaddr`

4. As explained in comment-3, `If the argument is using VHOST between primary
on host and secondary on guest, please explain how ASLR affects Primary (host)
and secondary (guest)` 


hence I humbly reqest you to please explain what is that you are trying to
convey.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (4 preceding siblings ...)
  2020-07-20  1:28 ` bugzilla
@ 2020-07-28  3:59 ` bugzilla
  2020-07-29  0:52 ` bugzilla
                   ` (7 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-28  3:59 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

Hideyuki Yamashita (yamashita.hideyuki@ntt-tx.co.jp) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |CONFIRMED
                 CC|                            |yamashita.hideyuki@ntt-tx.c
                   |                            |o.jp

--- Comment #6 from Hideyuki Yamashita (yamashita.hideyuki@ntt-tx.co.jp) ---
Hello Vipin,

First of all, I fully agree with the opinion you said in this ticket.
Thus I will update status of ticket to "confirmed".

With using DPDK20.02, we did NOT touch about ASLR
because we have problem with the following problematic case.
We are planning to improve document in the future update.

(problematic case)
With ASLR enabled, 2nd secondary process(spp_nfv) which is started in host
encounters "Segmentation Fault" .

Best Regards,
Hideyuki Yamashita

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (5 preceding siblings ...)
  2020-07-28  3:59 ` bugzilla
@ 2020-07-29  0:52 ` bugzilla
  2020-07-30  2:39 ` bugzilla
                   ` (6 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-29  0:52 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #7 from Vipin Varghese (vipin.varghese@intel.com) ---
Hi Hideyuku,

thank you for confirming and agreeing into look into to avoid `ASLR disable`.

`We are planning to improve document in the future update.`
[VV] thank you

`(problematic case) With ASLR enabled, 2nd secondary process(spp_nfv) which is
started in host encounters "Segmentation Fault" .`
[VV] are you able to narrow down the cause of issue? 

I believe the new documentation will not be recommending `section: 1.1.3
reason: running primary-secondary recommendation is stated as `disable ASLR``

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (6 preceding siblings ...)
  2020-07-29  0:52 ` bugzilla
@ 2020-07-30  2:39 ` bugzilla
  2020-07-30  2:40 ` bugzilla
                   ` (5 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-30  2:39 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #8 from Hideyuki Yamashita (yamashita.hideyuki@ntt-tx.co.jp) ---
Created attachment 111
  --> https://bugs.dpdk.org/attachment.cgi?id=111&action=edit
spp-primary log (related with comment#8)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (7 preceding siblings ...)
  2020-07-30  2:39 ` bugzilla
@ 2020-07-30  2:40 ` bugzilla
  2020-07-30  2:41 ` bugzilla
                   ` (4 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-30  2:40 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #9 from Hideyuki Yamashita (yamashita.hideyuki@ntt-tx.co.jp) ---
Created attachment 112
  --> https://bugs.dpdk.org/attachment.cgi?id=112&action=edit
spp-secondary(nfv1) log (related with comment#8)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (8 preceding siblings ...)
  2020-07-30  2:40 ` bugzilla
@ 2020-07-30  2:41 ` bugzilla
  2020-07-30  2:42 ` bugzilla
                   ` (3 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-30  2:41 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #10 from Hideyuki Yamashita (yamashita.hideyuki@ntt-tx.co.jp) ---
Created attachment 113
  --> https://bugs.dpdk.org/attachment.cgi?id=113&action=edit
spp-secondary(nfv2) log (related with comment#8)

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (9 preceding siblings ...)
  2020-07-30  2:41 ` bugzilla
@ 2020-07-30  2:42 ` bugzilla
  2020-07-30  6:05 ` bugzilla
                   ` (2 subsequent siblings)
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-30  2:42 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #11 from Hideyuki Yamashita (yamashita.hideyuki@ntt-tx.co.jp) ---
Hello Vipin,

Thanks for your answer.

    `(problematic case) With ASLR enabled, 2nd secondary process(spp_nfv) which
is started in host encounters >"Segmentation Fault" .`
    [VV] are you able to narrow down the cause of issue?

Using DPDK20.02 with ASLR enabled,
Segmentaion fault takes place.
You can find it in spp-secondary_2.log line 4074.

Using DPDK20.05, this does not happen
with the same test conditions.

BR,
Hideyuki Yamashita

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (10 preceding siblings ...)
  2020-07-30  2:42 ` bugzilla
@ 2020-07-30  6:05 ` bugzilla
  2020-08-03  1:46 ` bugzilla
  2020-08-03  4:45 ` bugzilla
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-07-30  6:05 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #12 from Vipin Varghese (vipin.varghese@intel.com) ---
Hi Hideyuki,

I am getting confused because

1. as per the documentation and update `It is a work around that is necessary
to use vhost PMD from secondary processes at the moment.`. So it si recommended
to have ASLR disabled. 

2. with `Using DPDK20.02 with ASLR enabled, Segmentaion fault takes place.`,
but the recommendation from SPP team is to disable.

3. with `PDK20.05, this does not happen with the same test conditions.` which
means ASLR is enabled.


My recommendation is disabling ASLR for `rte_eth_rx/tx` is not the right
approach.
If we agree, then SPP and documentation should not state to dsiable ASLR

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (11 preceding siblings ...)
  2020-07-30  6:05 ` bugzilla
@ 2020-08-03  1:46 ` bugzilla
  2020-08-03  4:45 ` bugzilla
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-08-03  1:46 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

--- Comment #13 from Hideyuki Yamashita (yamashita.hideyuki@ntt-tx.co.jp) ---
Hello Vipin,

Thanks for your answer.

SPP20.02 only supports using DPDK20.02.
This idea is from first release of SPP and we are not planning to change it
without special reasons.
About DPDK20.05, we will release SPP20.05 within this release,
we are planning to change description related with ASLR.

Thanks!

Best Regards,
Hideyuki Yamashita

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

* [spp] [Bug 442] disable ASLR is been highly recommended
  2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
                   ` (12 preceding siblings ...)
  2020-08-03  1:46 ` bugzilla
@ 2020-08-03  4:45 ` bugzilla
  13 siblings, 0 replies; 15+ messages in thread
From: bugzilla @ 2020-08-03  4:45 UTC (permalink / raw)
  To: spp

https://bugs.dpdk.org/show_bug.cgi?id=442

Vipin Varghese (vipin.varghese@intel.com) changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|Normal                      |High
           Severity|normal                      |critical

--- Comment #14 from Vipin Varghese (vipin.varghese@intel.com) ---
Hi Hideyuki,

note: the Bugzilla is raised for the current documentation available
`https://doc.dpdk.org/spp/setup/getting_started.html?highlight=aslr`.

as per the documentation

```
SPP is a DPDK multi-process application and there are a number of limitations .

Address-Space Layout Randomization (ASLR) is a security feature for memory
protection, but may cause a failure of memory mapping while starting
multi-process application as discussed in dpdk-dev .

ASLR can be disabled by assigning kernel.randomize_va_space to 0, or be enabled
by assigning it to 2.
```

Q&A:

Thanks for your answer.
[VV] I have asked a question, is ASLR to be enabled or disabled.


SPP20.02 only supports using DPDK20.02. This idea is from first release of SPP
and we are not planning to change it without special reasons.
[VV] From this statement your recommendation is to disable the same.

Why have you shared `2. with `Using DPDK20.02 with ASLR enabled, Segmentaion
fault takes place.`, but the recommendation from SPP team is to disable.`

I am changing the priority to high and critical, waiting for the update from
SPP team.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] 15+ messages in thread

end of thread, other threads:[~2020-08-03  4:45 UTC | newest]

Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-06  6:19 [spp] [Bug 442] disable ASLR is been highly recommended bugzilla
2020-04-08  1:04 ` bugzilla
2020-04-08  2:37 ` bugzilla
2020-04-08  2:40 ` bugzilla
2020-07-13  2:31 ` bugzilla
2020-07-20  1:28 ` bugzilla
2020-07-28  3:59 ` bugzilla
2020-07-29  0:52 ` bugzilla
2020-07-30  2:39 ` bugzilla
2020-07-30  2:40 ` bugzilla
2020-07-30  2:41 ` bugzilla
2020-07-30  2:42 ` bugzilla
2020-07-30  6:05 ` bugzilla
2020-08-03  1:46 ` bugzilla
2020-08-03  4:45 ` bugzilla

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).