patches for DPDK stable branches
 help / color / mirror / Atom feed
From: Kevin Traynor <ktraynor@redhat.com>
To: David Marchand <david.marchand@redhat.com>
Cc: Anatoly Burakov <anatoly.burakov@intel.com>,
	dpdk stable <stable@dpdk.org>
Subject: [dpdk-stable] patch 'mem: fix allocation in container with SELinux' has been queued to LTS release 18.11.11
Date: Thu,  5 Nov 2020 12:39:50 +0000	[thread overview]
Message-ID: <20201105124015.306404-43-ktraynor@redhat.com> (raw)
In-Reply-To: <20201105124015.306404-1-ktraynor@redhat.com>

Hi,

FYI, your patch has been queued to LTS release 18.11.11

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 11/10/20. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable-queue

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable-queue/commit/2a3e5d6205c2087e1879dceb1bd573bccab4469a

Thanks.

Kevin.

---
From 2a3e5d6205c2087e1879dceb1bd573bccab4469a Mon Sep 17 00:00:00 2001
From: David Marchand <david.marchand@redhat.com>
Date: Thu, 10 Sep 2020 18:24:07 +0200
Subject: [PATCH] mem: fix allocation in container with SELinux

[ upstream commit aa48ddf4f0d2a9f90cd9247ac779ced55588c27a ]

This is something we encountered while working in an OpenShift
environment with SELinux enabled.
In this environment, a DPDK application could create/write to hugepage
files but removing them was refused.
This resulted in dirty files being reused when starting a new DPDK
application and triggered random crashes / erratic behavior.

Getting a SELinux setup can be a challenge, and even more if you add
containers to the picture :-).
So here is a reproducer for the interested testers:

  # cat >wrap.c <<EOF
  #define _GNU_SOURCE
  #include <dlfcn.h>
  #include <errno.h>
  #include <stdio.h>
  #include <string.h>
  #include <sys/stat.h>
  #include <sys/types.h>
  #include <unistd.h>

  int unlink(const char *pathname)
  {
  	static int (*orig)(const char *pathname) = NULL;
  	struct stat st;

  	if (orig == NULL)
  		orig = dlsym(RTLD_NEXT, "unlink");
  	if (strstr(pathname, "rtemap_") != NULL &&
			stat(pathname, &st) == 0) {
  		fprintf(stderr, "### refused unlink for %s\n",
  			pathname);
  		errno = EACCES;
  		return -1;
  	}
  	fprintf(stderr, "### called unlink for %s\n", pathname);
  	return orig(pathname);
  }

  int unlinkat(int dirfd, const char *pathname, int flags)
  {
  	static int (*orig)(int dirfd, const char *pathname, int flags) =
  		NULL;
  	struct stat st;

  	if (orig == NULL)
  		orig = dlsym(RTLD_NEXT, "unlinkat");
  	if (strstr(pathname, "rtemap_") != NULL &&
  			fstatat(dirfd, pathname, &st, flags) == 0) {
  		fprintf(stderr, "### refused unlinkat for %s\n",
  			pathname);
  		errno = EACCES;
  		return -1;
  	}
  	fprintf(stderr, "### called unlinkat for %s\n", pathname);
  	return orig(dirfd, pathname, flags);
  }
  EOF

  # gcc -fPIC -shared  -o libwrap.so wrap.c -ldl
  # \rm /dev/hugepages/rtemap*

  # # First run is fine
  # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i
  [...]
  Configuring Port 0 (socket 0)
  Port 0: 24:6E:96:3C:52:D8
  Checking link statuses...
  Done
  testpmd>

  # # Second run we have dirty memory
  # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i
  [...]
  ### refused unlinkat for rtemap_0
  [...]
  Port 0 is now not stopped
  Please stop the ports first
  Done
  testpmd>

Removing hugepage files is done in multiple places and the memory
allocation code is complex.
This fix tries to do the minimum and avoids touching other paths.

If trying to remove the hugepage file before allocating a page fails,
the error is reported to the caller and the user will see a memory
allocation error log.

Fixes: 582bed1e1d1d ("mem: support mapping hugepages at runtime")

Signed-off-by: David Marchand <david.marchand@redhat.com>
Acked-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
 lib/librte_eal/linuxapp/eal/eal_memalloc.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/lib/librte_eal/linuxapp/eal/eal_memalloc.c b/lib/librte_eal/linuxapp/eal/eal_memalloc.c
index 518314d89c..dea2b5ec93 100644
--- a/lib/librte_eal/linuxapp/eal/eal_memalloc.c
+++ b/lib/librte_eal/linuxapp/eal/eal_memalloc.c
@@ -420,4 +420,19 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi,
 
 		if (fd < 0) {
+			/* A primary process is the only one creating these
+			 * files. If there is a leftover that was not cleaned
+			 * by clear_hugedir(), we must *now* make sure to drop
+			 * the file or we will remap old stuff while the rest
+			 * of the code is built on the assumption that a new
+			 * page is clean.
+			 */
+			if (rte_eal_process_type() == RTE_PROC_PRIMARY &&
+					unlink(path) == -1 &&
+					errno != ENOENT) {
+				RTE_LOG(DEBUG, EAL, "%s(): could not remove '%s': %s\n",
+					__func__, path, strerror(errno));
+				return -1;
+			}
+
 			fd = open(path, O_CREAT | O_RDWR, 0600);
 			if (fd < 0) {
-- 
2.26.2

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2020-11-05 12:38:55.073275999 +0000
+++ 0043-mem-fix-allocation-in-container-with-SELinux.patch	2020-11-05 12:38:54.244896023 +0000
@@ -1 +1 @@
-From aa48ddf4f0d2a9f90cd9247ac779ced55588c27a Mon Sep 17 00:00:00 2001
+From 2a3e5d6205c2087e1879dceb1bd573bccab4469a Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit aa48ddf4f0d2a9f90cd9247ac779ced55588c27a ]
+
@@ -96 +97,0 @@
-Cc: stable@dpdk.org
@@ -101 +102 @@
- lib/librte_eal/linux/eal_memalloc.c | 15 +++++++++++++++
+ lib/librte_eal/linuxapp/eal/eal_memalloc.c | 15 +++++++++++++++
@@ -104,5 +105,5 @@
-diff --git a/lib/librte_eal/linux/eal_memalloc.c b/lib/librte_eal/linux/eal_memalloc.c
-index db60e79975..40a5c4aa1d 100644
---- a/lib/librte_eal/linux/eal_memalloc.c
-+++ b/lib/librte_eal/linux/eal_memalloc.c
-@@ -330,4 +330,19 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi,
+diff --git a/lib/librte_eal/linuxapp/eal/eal_memalloc.c b/lib/librte_eal/linuxapp/eal/eal_memalloc.c
+index 518314d89c..dea2b5ec93 100644
+--- a/lib/librte_eal/linuxapp/eal/eal_memalloc.c
++++ b/lib/librte_eal/linuxapp/eal/eal_memalloc.c
+@@ -420,4 +420,19 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi,


  parent reply	other threads:[~2020-11-05 12:41 UTC|newest]

Thread overview: 72+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-05 12:39 [dpdk-stable] patch 'bus/pci: remove duplicate declaration' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/failsafe: fix double space in warning log' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/netvsc: fix multiple channel Rx' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/netvsc: fix stale value after free' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/mlx5: remove unused log macros' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/bnxt: fix endianness while setting L4 destination port' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/iavf: downgrade error log' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'ethdev: remove redundant license text' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/i40e/base: fix function header arguments' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/i40e/base: fix Rx only for unicast promisc on VLAN' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/tap: free mempool when closing' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/dpaa2: fix misuse of interface index' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/cxgbe: fix duplicate MAC addresses in MPS TCAM' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/nfp: expand device info get' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app/testpmd: fix name of bitrate library in meson build' " Kevin Traynor
2020-11-05 13:22   ` David Marchand
2020-11-11 10:44     ` Kevin Traynor
2020-11-11 10:50       ` Kevin Traynor
2020-11-11 11:51         ` Luca Boccassi
2020-11-05 12:39 ` [dpdk-stable] patch 'gso: fix payload unit size for UDP' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'doc: improve multiport PF in nfp guide' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/sfc/base: fix tunnel configuration' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'vhost: fix IOTLB mempool single-consumer flag' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/qede: fix milliseconds sleep macro' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/ena/base: use min/max macros with type conversion' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/ena/base: specify delay operations' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/ena/base: fix release of wait event' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/i40e: fix byte counters' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/ixgbe: fix VF reset HW error handling' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/bnxt: fix shift operation' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/bnxt: fix queue get info' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'mempool/octeontx: fix aura to pool mapping' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/fm10k: fix memory leak when thresh check fails' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app/testpmd: fix port id check in Tx VLAN command' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app/testpmd: fix VLAN configuration on failure' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app/testpmd: remove restriction on Tx segments set' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app/testpmd: fix descriptor id check' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app/testpmd: fix displaying Rx/Tx queues information' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/qede: fix dereference before null check' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app: fix ethdev port id size' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'doc: " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'vdpa/ifc: fix build with recent kernels' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'vfio: fix group descriptor check' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'bus/pci: fix memory leak when unmapping VFIO resource' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'bus/pci: fix leak on VFIO mapping error' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'doc: fix formatting of notes in meson guide' " Kevin Traynor
2020-11-05 12:39 ` Kevin Traynor [this message]
2020-11-05 12:39 ` [dpdk-stable] patch 'bus/fslmc: fix dpio close' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'raw/skeleton: reset test statistics' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'raw/skeleton: allow closing already closed device' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'port: remove useless assignment' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'timer: add limitation note for sync stop and reset' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'app/testpmd: fix build with gcc 11' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'pmdinfogen: " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/mlx5: fix Rx queue count calculation' " Kevin Traynor
2020-11-05 12:39 ` [dpdk-stable] patch 'net/qede: fix getting link details' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'net/fm10k: fix memory leak when Tx thresh check fails' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'raw/dpaa2_qdma: fix reset' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'eal: fix doxygen for EAL cleanup' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'build: skip detecting libpcap via pcap-config' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'doc: fix diagram in dpaa2 guide' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'net: check segment pointer in raw checksum processing' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'net/virtio: check raw checksum failure' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'mem: fix allocation failure on non-NUMA kernel' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'doc: fix missing classify methods in ACL guide' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'table: fix hash for 32-bit' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'test/crypto: fix device number' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'test/crypto: fix stats test' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'cryptodev: fix parameter parsing' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'crypto/dpaa2_sec: fix stats query without queue pair' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'net/avf: fix scattered Rx enabling' " Kevin Traynor
2020-11-05 12:40 ` [dpdk-stable] patch 'net/avf: fix iterator for RSS LUT' " Kevin Traynor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201105124015.306404-43-ktraynor@redhat.com \
    --to=ktraynor@redhat.com \
    --cc=anatoly.burakov@intel.com \
    --cc=david.marchand@redhat.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).