DPDK patches and discussions
 help / color / mirror / Atom feed
From: Ranjit Menon <ranjit.menon@intel.com>
To: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>,
	Tal Shnaiderman <talshn@mellanox.com>
Cc: Narcisa Ana Maria Vasile <navasile@linux.microsoft.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	Thomas Monjalon <thomas@monjalon.net>,
	"pallavi.kadam@intel.com" <pallavi.kadam@intel.com>,
	"david.marchand@redhat.com" <david.marchand@redhat.com>,
	"grive@u256.net" <grive@u256.net>,
	"harini.ramakrishnan@microsoft.com"
	<harini.ramakrishnan@microsoft.com>,
	"ocardona@microsoft.com" <ocardona@microsoft.com>,
	"anatoly.burakov@intel.com" <anatoly.burakov@intel.com>
Subject: Re: [dpdk-dev] [PATCH 1/2] eal/windows: Add needed calls to detect vdev PMD
Date: Tue, 7 Jul 2020 11:04:34 -0700
Message-ID: <dfa3719f-c98f-8f04-2ad5-a6aed7702cfc@intel.com> (raw)
In-Reply-To: <20200707113922.2e870d2d@sovereign>


On 7/7/2020 1:39 AM, Dmitry Kozlyuk wrote:
> On Tue, 7 Jul 2020 08:04:00 +0000, Tal Shnaiderman wrote:
>> Dmitry, It looks like we got to this stage since hugepage_claim_privilege() cannot actually detect that "Lock pages" isn't granted to the current user, as a result we fail on the first usage of a memory management call [in this case rte_calloc()] without indication to the reason.
>>
>> Is it possible to add an actual check that the current user is in the list of grantees?
> Thanks, I'll look into it.
>   
>> Alternatively, It would be great to have this privilege added programmatically, I tried the MSDN example in [2] but it didn't work for me while testing, maybe Microsoft team can check if there is a way to do it?
> I don't think it's a good idea from security perspective if an application
> grants its user new privileges implicitly. Process with SeLockMemory
> privilege can affect overall system performance and stability.

I agree. This is something we forbid, when we do security reviews for 
our other products here inside Intel.

Best to have the user explicitly acquire this privilege.


ranjit m.


  reply	other threads:[~2020-07-07 18:04 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-24 14:56 [dpdk-dev] [PATCH 0/2] Windows bus/vdev support talshn
2020-06-24 14:56 ` [dpdk-dev] [PATCH 1/2] eal/windows: Add needed calls to detect vdev PMD talshn
2020-07-06 23:38   ` Thomas Monjalon
2020-07-07  0:43   ` Narcisa Ana Maria Vasile
2020-07-07  8:04     ` Tal Shnaiderman
2020-07-07  8:39       ` Dmitry Kozlyuk
2020-07-07 18:04         ` Ranjit Menon [this message]
2020-07-07  8:48   ` [dpdk-dev] [PATCH v2 0/2] Windows bus/vdev support talshn
2020-07-07  8:48     ` [dpdk-dev] [PATCH v2 1/2] eal/windows: add needed calls to detect vdev PMD talshn
2020-07-16 20:54       ` Narcisa Ana Maria Vasile
2020-07-07  8:48     ` [dpdk-dev] [PATCH v2 2/2] bus/vdev: build on Windows talshn
2020-07-16 20:53       ` Narcisa Ana Maria Vasile
2020-07-20 19:18     ` [dpdk-dev] [PATCH v2 0/2] Windows bus/vdev support Kadam, Pallavi
2020-09-09 12:41       ` Thomas Monjalon
2020-06-24 14:56 ` [dpdk-dev] [PATCH 2/2] bus/vdev: Windows support talshn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=dfa3719f-c98f-8f04-2ad5-a6aed7702cfc@intel.com \
    --to=ranjit.menon@intel.com \
    --cc=anatoly.burakov@intel.com \
    --cc=david.marchand@redhat.com \
    --cc=dev@dpdk.org \
    --cc=dmitry.kozliuk@gmail.com \
    --cc=grive@u256.net \
    --cc=harini.ramakrishnan@microsoft.com \
    --cc=navasile@linux.microsoft.com \
    --cc=ocardona@microsoft.com \
    --cc=pallavi.kadam@intel.com \
    --cc=talshn@mellanox.com \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git