From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5A9EDA04BA; Fri, 2 Oct 2020 11:37:04 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C5EF71C10F; Fri, 2 Oct 2020 11:37:02 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by dpdk.org (Postfix) with ESMTP id C83311BFC9 for ; Fri, 2 Oct 2020 11:36:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1601631418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=tFWQGBoE2w94ZnokYZGBsIrlDWMTJhcW8bfJfWN0TNc=; b=BDIO73ddJdd3neEKP5gG2ta11wTpDzgvYxKigJc3ILurGn0sGazrRoNZbvsmwzGOqa9XJd lAMGpRV7DLdri4NmsYrkumHouStAAN89nAE3qE5L+lwvRgmGhBdXKMRNZuoUnzQ7CMqpF2 fnWFY3TFIn2pBlaJEB57yUszzzfrxEk= Received: from mail-ua1-f71.google.com (mail-ua1-f71.google.com [209.85.222.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-271-A_4l4MP3MT2j9HfxnZQPNg-1; Fri, 02 Oct 2020 05:36:55 -0400 X-MC-Unique: A_4l4MP3MT2j9HfxnZQPNg-1 Received: by mail-ua1-f71.google.com with SMTP id w17so354925uaj.0 for ; Fri, 02 Oct 2020 02:36:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tFWQGBoE2w94ZnokYZGBsIrlDWMTJhcW8bfJfWN0TNc=; b=K3Pl4OWSEJGfacK+h78NLRGeogMt4lVxxN5MApkXU5WntgipqyBk0p57FL0SS2xvGH tA74qiySEZgpFoiVpiZrvYs7vkqPgTy+xkcr6SmzCK36B4pM6kbdG7sH5VPV9ovXKwEf egF56eNcfFU5PVNGPEj3Snmgz8mRE5K4wew5jdy94EMLgv6ObWOreC6UbwFnvgZ72oaA h3IZW4tqszkYLxzgjUh3AHuaZYzZN9prWy88eLTxYJ1BIbSXFMgFTNqHBwht1T42Nii1 YFBcq9V/1bWilISXauRJ+u4imtGi+uGBUHRUOa34zSCP04691KwD7yXit5erCy1Y7aVZ I7WQ== X-Gm-Message-State: AOAM530YPYTHDHp5hT34xiM1ByjZBRFTwZ+/A0iXR/rEGkIFnR2uyaYS 9CV6PcY1GA4m/gJbq4vXvBAyLqGeQSdLLLYNnxRlsAvIWRlXWV3PQjadN60qo42g5BLSVXjCTlu KHlSPuYWpFJLGJcaa+wY= X-Received: by 2002:a67:fd44:: with SMTP id g4mr77338vsr.18.1601631414657; Fri, 02 Oct 2020 02:36:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPGLgpKGA8n85UhBDh1Tm9l5HX4MgxbZfH2wzS2I0AnMHOeTUIdnpM/4IhudFavfaOM167ZBqgzLAfuyye3L8= X-Received: by 2002:a67:fd44:: with SMTP id g4mr77325vsr.18.1601631414421; Fri, 02 Oct 2020 02:36:54 -0700 (PDT) MIME-Version: 1.0 References: <20200910162407.12669-1-david.marchand@redhat.com> <41283b3a-5591-da2b-dea3-f069248d3265@intel.com> In-Reply-To: From: David Marchand Date: Fri, 2 Oct 2020 11:36:43 +0200 Message-ID: To: "Burakov, Anatoly" Cc: dev , Maxime Coquelin , Sebastian Scheinkman , dpdk stable , Aaron Conole Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dmarchan@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Subject: Re: [dpdk-dev] [PATCH] eal/linux: fix memory allocations in containers+SELinux X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On Thu, Sep 17, 2020 at 4:47 PM David Marchand wrote: > > On Thu, Sep 17, 2020 at 4:17 PM Burakov, Anatoly > wrote: > > Anonymous hugepages shouldn't matter, yes, but single-file segments mode > > does fallocate() and remove - you have the remove part covered, but i'm > > just curious if fallocate() would also cause any issues with SELinux. > > I found no hook in the kernel for fallocate + selinux... > Looked into fallocate itself and it ends up validating lsm write > access on the file. > > I don't have the full setup atm but since I could truncate and write > to it, I'd say we are good. I could not gain access to the same setup again. FWIW, I tried with my reproducer: - no issue with --in-memory option (with or without patch) - error correctly detected (with this patch) in normal mode after restarting: # \rm /dev/hugepages/rtemap_* # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i [... working fine ...] # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i EAL: Detected 28 lcore(s) EAL: Detected 1 NUMA nodes ### called unlink for /var/run/dpdk/rte/mp_socket EAL: Multi-process socket /var/run/dpdk/rte/mp_socket EAL: Selected IOVA mode 'VA' ### refused unlinkat for rtemap_0 EAL: Probing VFIO support... EAL: VFIO support initialized ### refused unlink for /dev/hugepages/rtemap_0 EAL: Couldn't get fd on hugepage file EAL: error allocating rte services array EAL: FATAL: rte_service_init() failed EAL: rte_service_init() failed EAL: Error - exiting with code: 1 Cause: Cannot init EAL: Exec format error ### called unlink for /var/run/dpdk/rte/mp_socket - error detected with legacy mode from first try (with or without patch), since the memory allocator tries to remove unneeded hugepage files in this mode, and reports failures for this: # \rm /dev/hugepages/rtemap_* # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 --legacy-mem -m 2048 -- -i EAL: Detected 28 lcore(s) EAL: Detected 1 NUMA nodes ### called unlink for /var/run/dpdk/rte/mp_socket EAL: Multi-process socket /var/run/dpdk/rte/mp_socket EAL: Selected IOVA mode 'VA' EAL: Probing VFIO support... EAL: VFIO support initialized ### refused unlink for /dev/hugepages/rtemap_2 EAL: unmap_unneeded_hugepages(): Removing /dev/hugepages/rtemap_2 failed: Permission denied EAL: Unmapping and locking hugepages failed! EAL: FATAL: Cannot init memory EAL: Cannot init memory EAL: Error - exiting with code: 1 Cause: Cannot init EAL: Cannot allocate memory ### called unlink for /var/run/dpdk/rte/mp_socket -- David Marchand