DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ranjit Menon <ranjit.menon@intel.com>
To: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>,
	Tal Shnaiderman <talshn@mellanox.com>
Cc: Narcisa Ana Maria Vasile <navasile@linux.microsoft.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	Thomas Monjalon <thomas@monjalon.net>,
	"pallavi.kadam@intel.com" <pallavi.kadam@intel.com>,
	"david.marchand@redhat.com" <david.marchand@redhat.com>,
	"grive@u256.net" <grive@u256.net>,
	"ocardona@microsoft.com" <ocardona@microsoft.com>,
	"anatoly.burakov@intel.com" <anatoly.burakov@intel.com>
Subject: Re: [dpdk-dev] [PATCH 1/2] eal/windows: Add needed calls to detect vdev PMD
Date: Tue, 7 Jul 2020 11:04:34 -0700	[thread overview]
Message-ID: <dfa3719f-c98f-8f04-2ad5-a6aed7702cfc@intel.com> (raw)
In-Reply-To: <20200707113922.2e870d2d@sovereign>

On 7/7/2020 1:39 AM, Dmitry Kozlyuk wrote:
> On Tue, 7 Jul 2020 08:04:00 +0000, Tal Shnaiderman wrote:
>> Dmitry, It looks like we got to this stage since hugepage_claim_privilege() cannot actually detect that "Lock pages" isn't granted to the current user, as a result we fail on the first usage of a memory management call [in this case rte_calloc()] without indication to the reason.
>> Is it possible to add an actual check that the current user is in the list of grantees?
> Thanks, I'll look into it.
>> Alternatively, It would be great to have this privilege added programmatically, I tried the MSDN example in [2] but it didn't work for me while testing, maybe Microsoft team can check if there is a way to do it?
> I don't think it's a good idea from security perspective if an application
> grants its user new privileges implicitly. Process with SeLockMemory
> privilege can affect overall system performance and stability.

I agree. This is something we forbid, when we do security reviews for 
our other products here inside Intel.

Best to have the user explicitly acquire this privilege.

ranjit m.

  reply	other threads:[~2020-07-07 18:04 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-24 14:56 [dpdk-dev] [PATCH 0/2] Windows bus/vdev support talshn
2020-06-24 14:56 ` [dpdk-dev] [PATCH 1/2] eal/windows: Add needed calls to detect vdev PMD talshn
2020-07-06 23:38   ` Thomas Monjalon
2020-07-07  0:43   ` Narcisa Ana Maria Vasile
2020-07-07  8:04     ` Tal Shnaiderman
2020-07-07  8:39       ` Dmitry Kozlyuk
2020-07-07 18:04         ` Ranjit Menon [this message]
2020-07-07  8:48   ` [dpdk-dev] [PATCH v2 0/2] Windows bus/vdev support talshn
2020-07-07  8:48     ` [dpdk-dev] [PATCH v2 1/2] eal/windows: add needed calls to detect vdev PMD talshn
2020-07-16 20:54       ` Narcisa Ana Maria Vasile
2020-07-07  8:48     ` [dpdk-dev] [PATCH v2 2/2] bus/vdev: build on Windows talshn
2020-07-16 20:53       ` Narcisa Ana Maria Vasile
2020-07-20 19:18     ` [dpdk-dev] [PATCH v2 0/2] Windows bus/vdev support Kadam, Pallavi
2020-09-09 12:41       ` Thomas Monjalon
2020-06-24 14:56 ` [dpdk-dev] [PATCH 2/2] bus/vdev: Windows support talshn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dfa3719f-c98f-8f04-2ad5-a6aed7702cfc@intel.com \
    --to=ranjit.menon@intel.com \
    --cc=anatoly.burakov@intel.com \
    --cc=david.marchand@redhat.com \
    --cc=dev@dpdk.org \
    --cc=dmitry.kozliuk@gmail.com \
    --cc=grive@u256.net \
    --cc=harini.ramakrishnan@microsoft.com \
    --cc=navasile@linux.microsoft.com \
    --cc=ocardona@microsoft.com \
    --cc=pallavi.kadam@intel.com \
    --cc=talshn@mellanox.com \
    --cc=thomas@monjalon.net \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).