From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 88FF8A00C3; Wed, 7 Dec 2022 12:44:05 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 30D3540F17; Wed, 7 Dec 2022 12:44:05 +0100 (CET) Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2070.outbound.protection.outlook.com [40.107.93.70]) by mails.dpdk.org (Postfix) with ESMTP id 975C240156 for ; Wed, 7 Dec 2022 12:44:04 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WnAdPCooyApfjSZdbAhML8WNmbhv4Lde5ZuETv4lFA5dyR7mZj5ruVE17NzlyMxNgT17Ulve+t9KakJQO4MrfvvRrj6pKmdssIATcEExEJplaGqtwd4Lo8soeYEwQaMlxZ/Q+ZwN93X3yROvzxaOvp8kPUQaGmhYjDeHIeoUcA3eGzGonR6jCJKCYRoE9HV6p7FNpZWhBeWAEawT3YSdcQrCgvincJdk6eHL5iZwfBPXPiFl+yNitElX6DHOXGPBuaKF4iaZqNY3qj8gZEKoogd/rmq63BRLTHB+hZoCSfRcpJ6OkB9loAubbA3VJabQsPVB0Ls9hO7xFgZ2Js0CAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4fv72VRx9mSea9+lfsgYuTeMK4jX148tCvMfyFCD0sw=; b=Jor0aNKoKRb/NNgABH8W09X2rkvuTWfh3AvNaVEWkWwiih9WACgpEkST/HbZ2GN3NpwkC4acyoB5+Q3svXlMMN+QKADVKJkdrGZRS8EP/vJMqm8YxNtfBQZ36I586/ujFkrnA6kkN0oLsz7FaHq5sjyOig0SheDCDGohDVHG75ttw1+spXO0ubyvU+9Y9ZAShRir59Ft+LFaqxSswyV0i6rubLPGSwxFPTg0TQtiUCTQM8MkyH7WRNHrdEVIY8QhOdwNeMD/CmX3y5oiS8HIYCdolz2XbSVOltBGeOOjhkDbmlKgtD33cE7aaIjUGPT3pdooATBBvvYieziq0HIMqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=amd.com; dmarc=pass action=none header.from=amd.com; dkim=pass header.d=amd.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4fv72VRx9mSea9+lfsgYuTeMK4jX148tCvMfyFCD0sw=; b=BrK4FWj5EpSLccI2YKdhX99xeh8g68PfbWYdRamCUCjGVAOs2LAP2AuPFBPEsGo0jqNcJMBTbDIUITS8OUy3uU/m7F6L9T3l1iTzAYm0NxBtxwCWvWlZEDw93QTa9aPECnJAWN2ZtHH9j5VWaSnpR/m7vG3zqEgb1MoRcRqcE04= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=amd.com; Received: from CH2PR12MB4294.namprd12.prod.outlook.com (2603:10b6:610:a9::11) by MW5PR12MB5598.namprd12.prod.outlook.com (2603:10b6:303:193::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.14; Wed, 7 Dec 2022 11:44:02 +0000 Received: from CH2PR12MB4294.namprd12.prod.outlook.com ([fe80::b482:d5bd:c7d0:3842]) by CH2PR12MB4294.namprd12.prod.outlook.com ([fe80::b482:d5bd:c7d0:3842%8]) with mapi id 15.20.5880.014; Wed, 7 Dec 2022 11:44:02 +0000 Message-ID: <4000a9ee-a48b-6c1c-5839-0fc135eb347a@amd.com> Date: Wed, 7 Dec 2022 11:43:57 +0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Content-Language: en-US To: Junxiao Shi References: Cc: dev@dpdk.org, Stephen Hemminger From: Ferruh Yigit Subject: Re: [RFC PATCH v3] net/memif: change socket listener owner uid/gid In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-ClientProxiedBy: LO2P123CA0088.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:138::21) To CH2PR12MB4294.namprd12.prod.outlook.com (2603:10b6:610:a9::11) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH2PR12MB4294:EE_|MW5PR12MB5598:EE_ X-MS-Office365-Filtering-Correlation-Id: bb6433cf-f695-4105-a9ae-08dad8485623 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: rzbRYUgmhwmgKKBb5hKZ0T4NUaOt+BhJ+Jj8PK/eT5m0nyezTgAwujMUhZNXcxIt52ILgo5EPKBU1Ql4CUlNHwzItCYRevc4FxTcjcPOQbjjGlI7LMqcDImM57E/l52e1dBAcBWK8ldgW4waNH1Bcww/sYPELjJo5lBUMJ0JgpsWGPq8TnTPXDloKlsMYIGmvAjR/1WNsbP4IyhuF8DUa5rRSsiyX3oUcOGuepx3fRGna6farkD/F4qTYq35o89+IMitpRNDjtgs4uU/btFNmhCkyNN+neKZDgKGKD7UGIIaA8M1IgQp+kOYpiVtZVunneEHSaVaKlg80A97yoVNiPzM+WPICuRvpk0IVgI7ZNFzu5B7uCj2v/n2R7Wo3zHmZooyN5bnYlQdsg9CpDQV4Wsi9tT/mKvy5J/zwugIKfUuKZkbbpzn7Qmez1R+G07DETCpkn4TAmFzA4ZqOXPDKo4kkpoy+5V3OGEyvvjwlxOtvtO+XOxHfsOrUOZm+ZqyG8UKTwqeule8bekLzRPxvHSHAiZ3zkmUhewJIaU1bPuqrrx5GPS5oX7yGuhWKIKn+a2S9rMo7hdmItGu3lvgyjRrOqvxjEHTiig7PczUSpaxdW4TkXstrdToSoOKbMV3+dylKA8f9WOVZL9CltbGPOHU1UVxp37T1rQ2N+rmDslatTsA8jFdPZqlw0yG4Fj0k1N1Sdb097Eo6bqL8DHRvkfsyvn0ND6jy91dhi1Z6FM= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH2PR12MB4294.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(136003)(346002)(39860400002)(396003)(366004)(451199015)(2906002)(8936002)(44832011)(38100700002)(31686004)(86362001)(66556008)(8676002)(83380400001)(36756003)(4326008)(66476007)(2616005)(186003)(5660300002)(41300700001)(316002)(53546011)(6512007)(6506007)(6666004)(66946007)(31696002)(478600001)(6916009)(6486002)(26005)(43740500002)(45980500001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?cDdoM2hFY2xxOEpvamZ0aWxUajFDTXQ3T2V6UjEyVVBoRWFvaEZQMys4VG5M?= =?utf-8?B?N1RHUFQwWG5OY2ZpZ2FkYnVjK3pCNG9FaWlwTkFEaVowTXdRVEJXS2xLYU0r?= =?utf-8?B?bG8rYUJvVFVQSG95bS9BTmtIYVRjRWc1TGZwTVYzV3RqQk1NUG92NXlPdTho?= =?utf-8?B?ckt4MUxhaDQ4Y05LOFdGM3N3bTV0RloyVzR6UDRyUW1KcXJpNXdyenQrTDZv?= =?utf-8?B?eUtzN252T0ZWUFVvZkU3VmlFSUNhdjJIOFBYK3creVlYRVR2SHE0T0s4ZG1a?= =?utf-8?B?L0g5M0t4QWRQQ1pxNzM5RDZZVmNnR1F0eVI4NkVaNndrTXIycmlsU0RJU2k4?= =?utf-8?B?eDBxV1BwWDI4RmxWRlcvNm9pWk9icmxaZW04Z3pPbWx4MFg5elRreXFLTlRl?= =?utf-8?B?eWN4OStlY2lJWU9VYmNpQ2pXNm81RkpOQTBISXlPVU1SSDFPbGpvSXVEVktV?= =?utf-8?B?TE9USlN3eHdlOXMzbFVSYXVkYWJOcnNDZXNpeFNXVWpNZUhyVWVHRlJPbjVB?= =?utf-8?B?d3VFNHY1WHgwT0I0VUNPRVE3RnRNanlsYmJDckZSNXhBUlpXY2VBNEhwR1h5?= =?utf-8?B?ZWkyam5xWlpGRnI1QmR4S3o1NmVtYUlBSG9qYVF4dEVvSXNOVnNaN29hVFcy?= =?utf-8?B?RFFPeXhsR1dNZml6YlgrRVNKYnRJMGVzNHZxWHM3N2ZRKzgyWW1MUnRmZUlt?= =?utf-8?B?a3hLY3FOZktTN2JpR3NIYnR4SS9mOVNPdUJCWjNSOGp0QXhzaVdJZWZIQWNN?= =?utf-8?B?ZW13UVN0K3VrOWcwcERHWlVjWUxrOGlicS92MHdCNnZKUkpDN0UzcHhuU1Z3?= =?utf-8?B?MWVNakRJdmhEZDBRajJxR1pMdVkyM2FSM3ROUFFlSjlvTHFPd2pieVhSemNo?= =?utf-8?B?NlIzbWJXZTdYSlA1dS8zNWQ1UGVXNWJwY1JNSUlOUVFPc3g2c3JUbmp2MWEr?= =?utf-8?B?bDFqcjJnOXpoT1hwd1VzK01iREp4MjhPYlg1Rno2RGl4RnVmSVZpUXJLQ3lC?= =?utf-8?B?V3RHUHlqVU5GbndzZzlYSE85RDJZU0UrZEhBSHczRDBYU0hPSHoxb1BYRndh?= =?utf-8?B?VzdZZDM2S0dBdGpDKzA0b0RUeEh1dy9QdlRnVlRMZE5mdGUxQktwRUdSL01R?= =?utf-8?B?SDBFY1RycGhjVjJZVjQrRDhzRjN4MzFJUm1OOFhkVDNFTTlRRjVqWFMwZ3hm?= =?utf-8?B?OHVsNzVFZkhXT3lFYkRXcENwU25yZDQ4ZjY0bFRhRFlEbzQ3dWFwR0pIQmVr?= =?utf-8?B?VGdJdG9iZ0RFRzhiQ1d3VGc5Q09iaU1iTG00RUdIL093MFgwRzR6cFdxeTNr?= =?utf-8?B?dUE5M1RCY2RlNkkwL1M4bWhPcXpkb2hGcjlLdHhPMitKQUNVbjZJTGpDM1ZL?= =?utf-8?B?aUdmNG1pbWUzYXVLVVNKY3pBdnVYS055TVIrbnhOdE9TekVONHEzTjAxeFdR?= =?utf-8?B?Q3dRMWNqVGJRdjNuSVVtWlFZMlFiN1NWanBjVEtBVDdvczQ1d0tJVC9RdFVK?= =?utf-8?B?a1hzSzhycnRhL2RBNkdRK1dMS0lHUkRiNVgzcjlBUWs3S000ODcyUDhqcTVo?= =?utf-8?B?elZLMUNSYXRRWmhBeGlqUU1JdHRDdGxDMTZQREF2OWxNc1ZnSlE0YjE5ZXlI?= =?utf-8?B?YnM3a2RTWnBZaGVPVG5tTTVYcmxyQm1SK01KQUNMOGljZmxHdDJoMEszcDVm?= =?utf-8?B?S0NRMWJvMEJ2cEU2MzR4NGhSYlN3SFZOMHVaSExwbW9MMDUwcXRHQjlVc1Zr?= =?utf-8?B?eGdGQWVmK2w1ZFUxREgvT2I0RjJDVHVBaVk2NXMwazMrZ0ZReklQYzJBdnNt?= =?utf-8?B?b1FWRTVWNm1lUXJyL1dvYzAzeHFwbHdNK3cvbXJ6WExkQXFnUjh2QzJKUWMy?= =?utf-8?B?TnYrME0vSS9ZSGh3bVZhK1JKZWlVeDhsUXVSd21vOGNJZ3BLSHFJanh3M1d4?= =?utf-8?B?SXpKUFMvZWo2WVhjTllpOGo1NndHYUpJTDJraWNMUWRaZFNZdDlOcE9KcmlE?= =?utf-8?B?UXllUWFYdUJPYnJ1SGVPUHZtU1F3a2hNWEJseXFDckNqK1N1Mzh0eHpnQ0VQ?= =?utf-8?B?cGNsL3JNVTRQeVRSblZFcGsvWk1KbFpyRlBHYXNtOVM4TVpYZEM2YmRJZk9k?= =?utf-8?Q?WisKzwfUozwn9gJsIyYvc4INK?= X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-Network-Message-Id: bb6433cf-f695-4105-a9ae-08dad8485623 X-MS-Exchange-CrossTenant-AuthSource: CH2PR12MB4294.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Dec 2022 11:44:02.2487 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: K3e5dBSTe5heu/RAuKxbkg0ucJwSgm/ad00HzQ93STdG6YOR4p9rzKD3q1knG1eB X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW5PR12MB5598 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On 11/16/2022 5:14 PM, Junxiao Shi wrote: > This allows a DPDK application running with root privilege to create a > memif socket listener with non-root owner uid and gid, which can be > connected from client applications running without root privilege. > +1 to idea As Stephen mentioned, how this is tested? Do you have simple memif client that we can use it to verify the work? > Signed-off-by: Junxiao Shi > --- > doc/guides/nics/memif.rst | 2 ++ > drivers/net/memif/memif_socket.c | 13 +++++++-- > drivers/net/memif/rte_eth_memif.c | 48 +++++++++++++++++++++++++++++-- > drivers/net/memif/rte_eth_memif.h | 2 ++ > 4 files changed, 60 insertions(+), 5 deletions(-) > > diff --git a/doc/guides/nics/memif.rst b/doc/guides/nics/memif.rst > index aca843640b..8a8141aa72 100644 > --- a/doc/guides/nics/memif.rst > +++ b/doc/guides/nics/memif.rst > @@ -44,6 +44,8 @@ client. > "rsize=11", "Log2 of ring size. If rsize is 10, actual ring size is 1024", "10", "1-14" > "socket=/tmp/memif.sock", "Socket filename", "/tmp/memif.sock", "string len 108" > "socket-abstract=no", "Set usage of abstract socket address", "yes", "yes|no" > + "uid=1000", "Set socket listener owner uid. Only relevant to server with socket-abstract=no", "unchanged", "uid_t" > + "gid=1000", "Set socket listener owner gid. Only relevant to server with socket-abstract=no", "unchanged", "gid_t" The options are "owner-uid" & "owner-gid" > "mac=01:23:45:ab:cd:ef", "Mac address", "01:ab:23:cd:45:ef", "" > "secret=abc123", "Secret is an optional security option, which if specified, must be matched by peer", "", "string len 24" > "zero-copy=yes", "Enable/disable zero-copy client mode. Only relevant to client, requires '--single-file-segments' eal argument", "no", "yes|no" > diff --git a/drivers/net/memif/memif_socket.c b/drivers/net/memif/memif_socket.c > index 7886644412..c2b038d01a 100644 > --- a/drivers/net/memif/memif_socket.c > +++ b/drivers/net/memif/memif_socket.c > @@ -889,7 +889,7 @@ memif_listener_handler(void *arg) > } > > static struct memif_socket * > -memif_socket_create(char *key, uint8_t listener, bool is_abstract) > +memif_socket_create(char *key, uint8_t listener, bool is_abstract, uid_t owner_uid, gid_t owner_gid) > { > struct memif_socket *sock; > struct sockaddr_un un = { 0 }; > @@ -941,6 +941,14 @@ memif_socket_create(char *key, uint8_t listener, bool is_abstract) > > MIF_LOG(DEBUG, "Memif listener socket %s created.", sock->filename); > > + if (!is_abstract && (owner_uid != (uid_t)-1 || owner_gid != (gid_t)-1)) { > + ret = chown(sock->filename, owner_uid, owner_gid); > + if (ret < 0) { > + MIF_LOG(ERR, "Failed to change listener socket owner %d", errno); When you see the error message it is not clear what is printed '%d' part is. I can see rest of the driver structured this as: " : %s, strerror(errno)" perhaps same can be used here. > + goto error; This path also prints a error log and it also prints 'strerror(errno)', perhaps 'strerror(errno)' part can be droppped from above log. <...> > @@ -1855,6 +1887,14 @@ rte_pmd_memif_probe(struct rte_vdev_device *vdev) > &memif_set_is_socket_abstract, &flags); > if (ret < 0) > goto exit; > + ret = rte_kvargs_process(kvlist, ETH_MEMIF_OWNER_UID_ARG, > + &memif_set_owner, &owner_uid); > + if (ret < 0) > + goto exit; > + ret = rte_kvargs_process(kvlist, ETH_MEMIF_OWNER_GID_ARG, > + &memif_set_owner, &owner_gid); > + if (ret < 0) > + goto exit; > ret = rte_kvargs_process(kvlist, ETH_MEMIF_MAC_ARG, > &memif_set_mac, ether_addr); Unrelated with this patch, but memif checks for valid args and ignores all silently when at least of them is invalid [1]. Since you are already there, if you have time, can you add a log for the case when there is invalid argument provided and arguments are ignored? Thanks, ferruh [1] kvlist = rte_kvargs_parse(rte_vdev_device_args(vdev), valid_arguments); if (kvlist != NULL) { < parse args> }