[dpdk-dev] problem vhost-user sockets

[dpdk-dev] problem vhost-user sockets

[Pavel Fedin]

 Hello!

 I have a question regarding vhostuser. If we cannot bind to a socket, why do we simply fail with error instead of just unlink()ing
the path before binding?

 This causes a very annoying problem with ovs. After ovs is stopped (i use supplied system integration), these sockets are not
removed. Looks like ovs just exits without correct cleanup. This effectively causes my vhostuser interfaces to go down until i clean
them up manually. And i have to do it after every ovs restart, every system reboot, etc. It is very annoying.
 I understand that the app should really do correct cleanup upon exit. But what if it abnormally crashes because of some reason
(bug, attack, etc)? Shouldn't it be able to automatically recover?

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

Re: [dpdk-dev] problem vhost-user sockets

[Yuanhan Liu]

On Tue, Dec 15, 2015 at 03:41:23PM +0300, Pavel Fedin wrote:
>  Hello!
> 
>  I have a question regarding vhostuser. If we cannot bind to a socket, why do we simply fail with error instead of just unlink()ing
> the path before binding?

I'm thinking you can't simply unlink a file given by a user inside
a libraray unconditionaly. Say, what if a user gives a wrong socket
path?

> 
>  This causes a very annoying problem with ovs. After ovs is stopped (i use supplied system integration), these sockets are not
> removed. Looks like ovs just exits without correct cleanup. This effectively causes my vhostuser interfaces to go down until i clean
> them up manually. And i have to do it after every ovs restart, every system reboot, etc. It is very annoying.
>  I understand that the app should really do correct cleanup upon exit. But what if it abnormally crashes because of some reason
> (bug, attack, etc)? Shouldn't it be able to automatically recover?

I normally write a short script to handle it automatically.

	--yliu

Re: [dpdk-dev] problem vhost-user sockets

[Pavel Fedin]

 Hello!

> I'm thinking you can't simply unlink a file given by a user inside
> a libraray unconditionaly. Say, what if a user gives a wrong socket
> path?

 Well... We can improve the security by checking that:

a) The file exists and it's a socket.
b) Nobody is listening on it.

> I normally write a short script to handle it automatically.

 I know, you can always hack up some kludges, just IMHO it's not production-grade solution. What if you are cloud administrator, and
you have 1000 users, each of them using 100 vhost-user interfaces? List all of them in some script? Too huge job, i would say.
 And without it the thing just appears to be too fragile, requiring manual maintenance after a single stupid failure.

Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia

Re: [dpdk-dev] problem vhost-user sockets

[Xie, Huawei]

> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Pavel Fedin
> Sent: Tuesday, December 15, 2015 10:21 PM
> To: 'Yuanhan Liu'
> Cc: dev@dpdk.org; 'Ilya Maximets'; 'Dyasly Sergey'
> Subject: Re: [dpdk-dev] problem vhost-user sockets
> 
>  Hello!
> 
> > I'm thinking you can't simply unlink a file given by a user inside
> > a libraray unconditionaly. Say, what if a user gives a wrong socket
> > path?
Exactly, Yuanhan. The initial thinking is it is the user's responsibility to provide a clean running environment and I try to avoid the dpdk app touch something that others might be using.
> 
>  Well... We can improve the security by checking that:
> 
> a) The file exists and it's a socket.
> b) Nobody is listening on it.
> 
> > I normally write a short script to handle it automatically.
Yes, the same to me.
> 
>  I know, you can always hack up some kludges, just IMHO it's not
> production-grade solution. What if you are cloud administrator, and
> you have 1000 users, each of them using 100 vhost-user interfaces?
> List all of them in some script? Too huge job, i would say.
>  And without it the thing just appears to be too fragile, requiring
> manual maintenance after a single stupid failure.
Pavel:
I totally understand your pain, it also brings trouble to ourselves when debugging, but I want to follow the best practice. Btw I don't see the trouble with the script here. The users should know clearly where and how to do the cleanup. Normally the socket files should all reside in one single directory.
For the checking you mentioned above, even the existing file has nobody listening on it, in theory there is no guarantee others might not use it. Of course, for this specific case, the chance is rare.
>From another point of view, DPDK huge re-creates rte_map files even if it exists. :). 
We are open to this. Let us consider more and gather more comments. 
> 
> Kind regards,
> Pavel Fedin
> Expert Engineer
> Samsung Electronics Research center Russia
> 

Re: [dpdk-dev] problem vhost-user sockets

[Yuanhan Liu]

On Tue, Dec 15, 2015 at 05:21:25PM +0300, Pavel Fedin wrote:
>  Hello!
> 
> > I'm thinking you can't simply unlink a file given by a user inside
> > a libraray unconditionaly. Say, what if a user gives a wrong socket
> > path?
> 
>  Well... We can improve the security by checking that:
> 
> a) The file exists and it's a socket.
> b) Nobody is listening on it.

I don't think that's enough. And the fact of the matter is you should
not remove a file inside a libraray that is not created by itself.

> > I normally write a short script to handle it automatically.
> 
>  I know, you can always hack up some kludges, just IMHO it's not production-grade solution. What if you are cloud administrator, and
> you have 1000 users, each of them using 100 vhost-user interfaces? List all of them in some script? Too huge job, i would say.
>  And without it the thing just appears to be too fragile, requiring manual maintenance after a single stupid failure.

You need fix the application then. The file path is constructed there
after all. And if it's an open source project (say ovs), you are free
to fix it then, isn't it? ;)

	--yliu