From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <dev-bounces@dpdk.org> Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id B15C0A0519; Fri, 3 Jul 2020 12:25:35 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 93B601DB10; Fri, 3 Jul 2020 12:25:35 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 7B0B41DB0F for <dev@dpdk.org>; Fri, 3 Jul 2020 12:25:33 +0200 (CEST) IronPort-SDR: UMmPvd3Cbyi2VA9S64N1HK5VuR/xvNwAY1TTjUfI4t0e6SsjSwBobdvWy5L0iQfr43+kd5rGFQ rrE+BsjOfiow== X-IronPort-AV: E=McAfee;i="6000,8403,9670"; a="231992862" X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="231992862" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 03 Jul 2020 03:25:32 -0700 IronPort-SDR: Rzig0gE/Yia1LCLOTX/prxwiuP/08LgaI2b6AYhwEoBUORWsIe6nelzCsbyWWYQ1hy0w73P1ji OQWL+cKyzmDQ== X-IronPort-AV: E=Sophos;i="5.75,307,1589266800"; d="scan'208";a="455856930" Received: from dhowell-mobl2.ger.corp.intel.com (HELO bricha3-MOBL.ger.corp.intel.com) ([10.252.2.251]) by orsmga005-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA; 03 Jul 2020 03:25:31 -0700 Date: Fri, 3 Jul 2020 11:25:27 +0100 From: Bruce Richardson <bruce.richardson@intel.com> To: Thomas Monjalon <thomas@monjalon.net> Cc: dev@dpdk.org, david.marchand@redhat.com Message-ID: <20200703102527.GB620@bricha3-MOBL.ger.corp.intel.com> References: <20200618135049.489773-1-bruce.richardson@intel.com> <20200622143337.562637-1-bruce.richardson@intel.com> <3999296.XklStIvXRF@thomas> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3999296.XklStIvXRF@thomas> Subject: Re: [dpdk-dev] [PATCH v2 0/4] improve runtime loading of shared drivers X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions <dev.dpdk.org> List-Unsubscribe: <https://mails.dpdk.org/options/dev>, <mailto:dev-request@dpdk.org?subject=unsubscribe> List-Archive: <http://mails.dpdk.org/archives/dev/> List-Post: <mailto:dev@dpdk.org> List-Help: <mailto:dev-request@dpdk.org?subject=help> List-Subscribe: <https://mails.dpdk.org/listinfo/dev>, <mailto:dev-request@dpdk.org?subject=subscribe> Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org> On Thu, Jul 02, 2020 at 11:13:02PM +0200, Thomas Monjalon wrote: > 22/06/2020 16:33, Bruce Richardson: > > This set includes a number of small improvements for handling the loading > > of drivers at runtime using the EAL -d flag. > > > > It limits the loading of files to only those files which end in .so, which > > means that one can pass in the whole "drivers/" subfolder from a meson > > build and not get an error when DPDK trys to load a .a file. > > > > It also puts in some basic permission checking to ensure that no drivers > > are loaded from a world-writable location on the filesystem, which would be > > a potential security hole on a mis-configured system. > > > > v2: rebased to fix errors on apply > > fixed one checkpatch issue. > > > > Bruce Richardson (4): > > eal: remove unnecessary null-termination > > eal: only load shared libs from driver plugin directory > > eal: don't load drivers from insecure paths > > eal: cache last directory permissions checked > > There is an error when running devtools/test-null.sh: > > EAL: Error with realpath, No such file or directory > EAL: FATAL: Cannot init plugins > Yes, I missed the fact that we can load drivers without paths letting dlopen search system directories. I think we can assume system dirs are secure, and so can just skip any permission checks in case where we can't get the realpath of the filename passed in. Fixed in v3.