From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 59786A00C3; Wed, 7 Dec 2022 16:17:22 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BF38940F17; Wed, 7 Dec 2022 16:17:21 +0100 (CET) Received: from mail-io1-f97.google.com (mail-io1-f97.google.com [209.85.166.97]) by mails.dpdk.org (Postfix) with ESMTP id 9407B40156 for ; Wed, 7 Dec 2022 16:17:20 +0100 (CET) Received: by mail-io1-f97.google.com with SMTP id v1so7339078ioe.4 for ; Wed, 07 Dec 2022 07:17:20 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=message-id:to:subject:date:from:references:in-reply-to :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=h+F3Jnslv74/x09FsPCtGLKUhuV7eVqswrszWoVHXZ4=; b=TllWszx2ULcj+WIo5ALQapUpp3PUeVNrtVqaUvudPxiqBlaJXNIbE+Dc8KijTCkVU1 DsPpGbYZQHAdyM0kbwVafWLn0ukr4Km8nDOsicHoNGkFwr/dxxPL0j3DoIbiMxf5UINX SIajIkyqu4JmbJBmMjX6+sjrHtx5IG/mXotGmDyok90ONUUgarSq87mPEYEjOrk5ao40 JmR+z4vPT7p4Dr/grYZFcMmjYgcXG7IopBMkuo0ZGle+ED3aHekUN2/KjucdvwaQScli iaj27p4ZW0E/K3b992CV+K2KM+dOI4WjUzTs8kI/VyL6q7R9WDuasw40Tn40SAtedwkh 3KvA== X-Gm-Message-State: ANoB5pn7V8I1bzvvAN8hpwQMf0WpWGKFXKSi64CqrpGPA0nlu+DR8WHR wiypEblGUHjBuwYVnf6q/NTfex8U35aD1c6ITLBELrLvho5YIg== X-Google-Smtp-Source: AA0mqf7gSNNqGgbf/+Rd0nMlp1zpavj+VglGv7PpmU/u/t7qo5sZBsfLo8seSghf6Ar2MGv6B+1YFWQmw99W X-Received: by 2002:a05:6638:3e13:b0:374:32e6:4b3c with SMTP id co19-20020a0566383e1300b0037432e64b3cmr42595093jab.197.1670426239462; Wed, 07 Dec 2022 07:17:19 -0800 (PST) Received: from enviro1.cs.arizona.edu (enviro1.cs.arizona.edu. [192.12.69.240]) by smtp-relay.gmail.com with ESMTPS id k1-20020a02ccc1000000b0036374ba6fecsm1276290jaq.12.2022.12.07.07.17.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Dec 2022 07:17:19 -0800 (PST) X-Relaying-Domain: cs.arizona.edu Received: from cs.arizona.edu (lectura.cs.arizona.edu [192.12.69.186]) by enviro1.cs.arizona.edu (Postfix) with ESMTPS id C82AA801C5; Wed, 7 Dec 2022 08:17:18 -0700 (MST) Received: from localhost (cs.arizona.edu [local]) by cs.arizona.edu (OpenSMTPD) with ESMTPA id 0a4b099f; Wed, 7 Dec 2022 15:17:18 +0000 (UTC) In-Reply-To: References: From: Junxiao Shi Date: Wed, 7 Dec 2022 14:41:05 +0000 Subject: [PATCH v2] net/memif: change socket listener owner uid/gid To: dev@dpdk.org Message-ID: X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org This allows a DPDK application running with root privilege to create a memif socket listener with non-root owner uid and gid, which can be connected from client applications running without root privilege. Signed-off-by: Junxiao Shi --- doc/guides/nics/memif.rst | 2 + drivers/net/memif/memif_socket.c | 13 ++- drivers/net/memif/rte_eth_memif.c | 129 ++++++++++++++++++++---------- drivers/net/memif/rte_eth_memif.h | 2 + 4 files changed, 102 insertions(+), 44 deletions(-) diff --git a/doc/guides/nics/memif.rst b/doc/guides/nics/memif.rst index aca843640b..afc574fdaa 100644 --- a/doc/guides/nics/memif.rst +++ b/doc/guides/nics/memif.rst @@ -44,6 +44,8 @@ client. "rsize=11", "Log2 of ring size. If rsize is 10, actual ring size is 1024", "10", "1-14" "socket=/tmp/memif.sock", "Socket filename", "/tmp/memif.sock", "string len 108" "socket-abstract=no", "Set usage of abstract socket address", "yes", "yes|no" + "owner-uid=1000", "Set socket listener owner uid. Only relevant to server with socket-abstract=no", "unchanged", "uid_t" + "owner-gid=1000", "Set socket listener owner gid. Only relevant to server with socket-abstract=no", "unchanged", "gid_t" "mac=01:23:45:ab:cd:ef", "Mac address", "01:ab:23:cd:45:ef", "" "secret=abc123", "Secret is an optional security option, which if specified, must be matched by peer", "", "string len 24" "zero-copy=yes", "Enable/disable zero-copy client mode. Only relevant to client, requires '--single-file-segments' eal argument", "no", "yes|no" diff --git a/drivers/net/memif/memif_socket.c b/drivers/net/memif/memif_socket.c index 4700ce2e77..649f8d0e61 100644 --- a/drivers/net/memif/memif_socket.c +++ b/drivers/net/memif/memif_socket.c @@ -889,7 +889,7 @@ memif_listener_handler(void *arg) } static struct memif_socket * -memif_socket_create(char *key, uint8_t listener, bool is_abstract) +memif_socket_create(char *key, uint8_t listener, bool is_abstract, uid_t owner_uid, gid_t owner_gid) { struct memif_socket *sock; struct sockaddr_un un = { 0 }; @@ -941,6 +941,14 @@ memif_socket_create(char *key, uint8_t listener, bool is_abstract) MIF_LOG(DEBUG, "Memif listener socket %s created.", sock->filename); + if (!is_abstract && (owner_uid != (uid_t)-1 || owner_gid != (gid_t)-1)) { + ret = chown(sock->filename, owner_uid, owner_gid); + if (ret < 0) { + MIF_LOG(ERR, "Failed to change listener socket owner"); + goto error; + } + } + /* Allocate interrupt instance */ sock->intr_handle = rte_intr_instance_alloc(RTE_INTR_INSTANCE_F_SHARED); @@ -1017,7 +1025,8 @@ memif_socket_init(struct rte_eth_dev *dev, const char *socket_filename) if (ret < 0) { socket = memif_socket_create(key, (pmd->role == MEMIF_ROLE_CLIENT) ? 0 : 1, - pmd->flags & ETH_MEMIF_FLAG_SOCKET_ABSTRACT); + pmd->flags & ETH_MEMIF_FLAG_SOCKET_ABSTRACT, + pmd->owner_uid, pmd->owner_gid); if (socket == NULL) return -1; ret = rte_hash_add_key_data(hash, key, socket); diff --git a/drivers/net/memif/rte_eth_memif.c b/drivers/net/memif/rte_eth_memif.c index 1b1c1a652b..871a2bd7d3 100644 --- a/drivers/net/memif/rte_eth_memif.c +++ b/drivers/net/memif/rte_eth_memif.c @@ -37,6 +37,8 @@ #define ETH_MEMIF_RING_SIZE_ARG "rsize" #define ETH_MEMIF_SOCKET_ARG "socket" #define ETH_MEMIF_SOCKET_ABSTRACT_ARG "socket-abstract" +#define ETH_MEMIF_OWNER_UID_ARG "owner-uid" +#define ETH_MEMIF_OWNER_GID_ARG "owner-gid" #define ETH_MEMIF_MAC_ARG "mac" #define ETH_MEMIF_ZC_ARG "zero-copy" #define ETH_MEMIF_SECRET_ARG "secret" @@ -48,6 +50,8 @@ static const char * const valid_arguments[] = { ETH_MEMIF_RING_SIZE_ARG, ETH_MEMIF_SOCKET_ARG, ETH_MEMIF_SOCKET_ABSTRACT_ARG, + ETH_MEMIF_OWNER_UID_ARG, + ETH_MEMIF_OWNER_GID_ARG, ETH_MEMIF_MAC_ARG, ETH_MEMIF_ZC_ARG, ETH_MEMIF_SECRET_ARG, @@ -1515,7 +1519,7 @@ static const struct eth_dev_ops ops = { static int memif_create(struct rte_vdev_device *vdev, enum memif_role_t role, memif_interface_id_t id, uint32_t flags, - const char *socket_filename, + const char *socket_filename, uid_t owner_uid, gid_t owner_gid, memif_log2_ring_size_t log2_ring_size, uint16_t pkt_buffer_size, const char *secret, struct rte_ether_addr *ether_addr) @@ -1554,6 +1558,8 @@ memif_create(struct rte_vdev_device *vdev, enum memif_role_t role, /* Zero-copy flag irelevant to server. */ if (pmd->role == MEMIF_ROLE_SERVER) pmd->flags &= ~ETH_MEMIF_FLAG_ZERO_COPY; + pmd->owner_uid = owner_uid; + pmd->owner_gid = owner_gid; ret = memif_socket_init(eth_dev, socket_filename); if (ret < 0) @@ -1740,6 +1746,30 @@ memif_set_is_socket_abstract(const char *key __rte_unused, const char *value, vo return 0; } +static int +memif_set_owner(const char *key, const char *value, void *extra_args) +{ + RTE_ASSERT(sizeof(uid_t) == sizeof(uint32_t)); + RTE_ASSERT(sizeof(gid_t) == sizeof(uint32_t)); + + unsigned long val; + char *end = NULL; + uint32_t *id = (uint32_t *)extra_args; + + val = strtoul(value, &end, 10); + if (*value == '\0' || *end != '\0') { + MIF_LOG(ERR, "Failed to parse %s: %s.", key, value); + return -EINVAL; + } + if (val >= UINT32_MAX) { + MIF_LOG(ERR, "Invalid %s: %s.", key, value); + return -ERANGE; + } + + *id = val; + return 0; +} + static int memif_set_mac(const char *key __rte_unused, const char *value, void *extra_args) { @@ -1772,6 +1802,8 @@ rte_pmd_memif_probe(struct rte_vdev_device *vdev) uint16_t pkt_buffer_size = ETH_MEMIF_DEFAULT_PKT_BUFFER_SIZE; memif_log2_ring_size_t log2_ring_size = ETH_MEMIF_DEFAULT_RING_SIZE; const char *socket_filename = ETH_MEMIF_DEFAULT_SOCKET_FILENAME; + uid_t owner_uid = -1; + gid_t owner_gid = -1; uint32_t flags = 0; const char *secret = NULL; struct rte_ether_addr *ether_addr = rte_zmalloc("", @@ -1827,47 +1859,58 @@ rte_pmd_memif_probe(struct rte_vdev_device *vdev) flags |= ETH_MEMIF_FLAG_SOCKET_ABSTRACT; kvlist = rte_kvargs_parse(rte_vdev_device_args(vdev), valid_arguments); + if (kvlist == NULL) { + MIF_LOG(ERR, "Invalid kvargs key"); + ret = -EINVAL; + goto exit; + } /* parse parameters */ - if (kvlist != NULL) { - ret = rte_kvargs_process(kvlist, ETH_MEMIF_ROLE_ARG, - &memif_set_role, &role); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_ID_ARG, - &memif_set_id, &id); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_PKT_BUFFER_SIZE_ARG, - &memif_set_bs, &pkt_buffer_size); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_RING_SIZE_ARG, - &memif_set_rs, &log2_ring_size); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_SOCKET_ARG, - &memif_set_socket_filename, - (void *)(&socket_filename)); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_SOCKET_ABSTRACT_ARG, - &memif_set_is_socket_abstract, &flags); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_MAC_ARG, - &memif_set_mac, ether_addr); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_ZC_ARG, - &memif_set_zc, &flags); - if (ret < 0) - goto exit; - ret = rte_kvargs_process(kvlist, ETH_MEMIF_SECRET_ARG, - &memif_set_secret, (void *)(&secret)); - if (ret < 0) - goto exit; - } + ret = rte_kvargs_process(kvlist, ETH_MEMIF_ROLE_ARG, + &memif_set_role, &role); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_ID_ARG, + &memif_set_id, &id); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_PKT_BUFFER_SIZE_ARG, + &memif_set_bs, &pkt_buffer_size); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_RING_SIZE_ARG, + &memif_set_rs, &log2_ring_size); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_SOCKET_ARG, + &memif_set_socket_filename, + (void *)(&socket_filename)); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_SOCKET_ABSTRACT_ARG, + &memif_set_is_socket_abstract, &flags); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_OWNER_UID_ARG, + &memif_set_owner, &owner_uid); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_OWNER_GID_ARG, + &memif_set_owner, &owner_gid); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_MAC_ARG, + &memif_set_mac, ether_addr); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_ZC_ARG, + &memif_set_zc, &flags); + if (ret < 0) + goto exit; + ret = rte_kvargs_process(kvlist, ETH_MEMIF_SECRET_ARG, + &memif_set_secret, (void *)(&secret)); + if (ret < 0) + goto exit; if (!(flags & ETH_MEMIF_FLAG_SOCKET_ABSTRACT)) { ret = memif_check_socket_filename(socket_filename); @@ -1876,7 +1919,7 @@ rte_pmd_memif_probe(struct rte_vdev_device *vdev) } /* create interface */ - ret = memif_create(vdev, role, id, flags, socket_filename, + ret = memif_create(vdev, role, id, flags, socket_filename, owner_uid, owner_gid, log2_ring_size, pkt_buffer_size, secret, ether_addr); exit: @@ -1909,7 +1952,9 @@ RTE_PMD_REGISTER_PARAM_STRING(net_memif, ETH_MEMIF_PKT_BUFFER_SIZE_ARG "=" ETH_MEMIF_RING_SIZE_ARG "=" ETH_MEMIF_SOCKET_ARG "=" - ETH_MEMIF_SOCKET_ABSTRACT_ARG "=yes|no" + ETH_MEMIF_SOCKET_ABSTRACT_ARG "=yes|no" + ETH_MEMIF_OWNER_UID_ARG "=" + ETH_MEMIF_OWNER_GID_ARG "=" ETH_MEMIF_MAC_ARG "=xx:xx:xx:xx:xx:xx" ETH_MEMIF_ZC_ARG "=yes|no" ETH_MEMIF_SECRET_ARG "="); diff --git a/drivers/net/memif/rte_eth_memif.h b/drivers/net/memif/rte_eth_memif.h index eb692aee68..6ab7b967a5 100644 --- a/drivers/net/memif/rte_eth_memif.h +++ b/drivers/net/memif/rte_eth_memif.h @@ -89,6 +89,8 @@ struct pmd_internals { /**< use abstract socket address */ char *socket_filename; /**< pointer to socket filename */ + uid_t owner_uid; /**< socket owner uid */ + gid_t owner_gid; /**< socket owner gid */ char secret[ETH_MEMIF_SECRET_SIZE]; /**< secret (optional security parameter) */ struct memif_control_channel *cc; /**< control channel */ -- 2.17.1