From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id ACD5CC576 for ; Fri, 24 Jun 2016 14:23:55 +0200 (CEST) Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 049C512FC7; Fri, 24 Jun 2016 12:23:55 +0000 (UTC) Received: from trashheap.bytheb.org (unused [10.10.51.27] (may be forged)) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u5OCNq4S008312 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA256 bits=256 verify=NO); Fri, 24 Jun 2016 08:23:54 -0400 From: Aaron Conole To: Yuanhan Liu Cc: "Loftus\, Ciara" , "dev\@dpdk.org" , "Xie\, Huawei" , Christian Ehrhardt References: <1466177556-14891-1-git-send-email-aconole@redhat.com> <20160621072128.GK23111@yliu-dev.sh.intel.com> <87r3bqn0o8.fsf@trashheap.bytheb.org> <20160624023105.GS23111@yliu-dev.sh.intel.com> <74F120C019F4A64C9B78E802F6AD4CC24F8E0AA7@IRSMSX106.ger.corp.intel.com> <20160624075103.GT23111@yliu-dev.sh.intel.com> Date: Fri, 24 Jun 2016 08:23:52 -0400 In-Reply-To: <20160624075103.GT23111@yliu-dev.sh.intel.com> (Yuanhan Liu's message of "Fri, 24 Jun 2016 15:51:03 +0800") Message-ID: <87lh1uai7b.fsf@trashheap.bytheb.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Fri, 24 Jun 2016 12:23:55 +0000 (UTC) Subject: Re: [dpdk-dev] [RFC] librte_vhost: Add unix domain socket fd registration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jun 2016 12:23:56 -0000 Yuanhan Liu writes: > On Fri, Jun 24, 2016 at 07:43:29AM +0000, Loftus, Ciara wrote: >> > >> > On Tue, Jun 21, 2016 at 09:15:03AM -0400, Aaron Conole wrote: >> > > Yuanhan Liu writes: >> > > >> > > > On Fri, Jun 17, 2016 at 11:32:36AM -0400, Aaron Conole wrote: >> > > >> Prior to this commit, the only way to add a vhost-user socket to the >> > > >> system is by relying on librte_vhost to open the unix domain socket and >> > > >> add it to the unix socket list. This is problematic for applications >> > > >> which would like to set the permissions, >> > > > >> > > > So, you want to address the issue raised by following patch? >> > > > >> > > > http://dpdk.org/dev/patchwork/patch/12222/ >> > > >> > > That patch does try to address the issue, however - it has some >> > > problems. The biggest is a TOCTTOU issue when using chown. The way to >> > > solve that issue properly is different depending on which operating >> > > system is being used (for instance, FreeBSD doesn't honor >> > > fchown(),fchmod() on file descriptors). My solution is basically to >> > > punt that responsibility to the controlling application. >> > > >> > > > I would still like to stick to my proposal, that is to introduce a >> > > > new API to do the permission change at anytime, if we end up with >> > > > wanting to introduce a new API. >> > > >> > > I've spent a lot of time looking at the TOCTTOU problem, and I think >> > > that is a really hard problem to solve portably. Might be good to just >> > > start with the flexible mechanism here that lets the application >> > > developer satisfy their own needs. >> > > >> > > >> or applications which are not >> > > >> directly allowed to open sockets due to policy restrictions. >> > > > >> > > > Could you name a specific example? >> > > >> > > SELinux policy might require one application to open the socket, and >> > > pass it back via a dbus mechanism. I can't actually think of a concrete >> > > implemented case, so it may not be valid. >> > > >> > > > BTW, JFYI, since 16.07, DPDK supports client mode. It's QEMU (acting >> > > > as the server) will create the socket file. I guess that would diminish >> > > > (or even avoid?) the permission pain that DPDK acting as server brings. >> > > > I doubt the API to do the permission change is really needed then. >> > > >> > > I wouldn't say it 'solves' the issue so much as hopes no one uses server >> > > mode in DPDK. I agree, for OvS, it could. >> > >> > Actually, I think I would (personally) suggest people to switch to DPDK >> > vhost-user client mode, for two good reasons: >> > >> > - it should solve the socket permission issue raised by you and Christian. >> > >> > - it has the "reconnect" feature since 16.07. Which means guest network >> > will still work from a DPDK vhost-user restart/crash. DPDK vhost-user >> > as server simply doesn't support that. >> > >> > And FYI, Loftus is doing the DPDK for OVS intergration. Not quite sure >> > whether she put the client mode as the default mode though. >> >> Hi Yuanhan, > > Hi Ciara, > > Thanks for the note. > >> I intend to keep the DPDK server-mode as the default. My reasoning is that not >> all users will have access to QEMU v2.7.0 initially. We will keep >> operating as before >> but have an option to switch to DPDK client mode, > > And yes, good point. > >> and then perhaps look at >> switching the default in a later release. > > Also okay to me. Is there still merit to this patch, given above? If so, I'd finish my integration and testing work and submit it formally.