From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 17939A04DD for ; Wed, 28 Oct 2020 11:51:53 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 111D62C2A; Wed, 28 Oct 2020 11:51:52 +0100 (CET) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by dpdk.org (Postfix) with ESMTP id 7BEAD2C2A for ; Wed, 28 Oct 2020 11:51:51 +0100 (CET) Received: by mail-wm1-f42.google.com with SMTP id e2so4304519wme.1 for ; Wed, 28 Oct 2020 03:51:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3NFLK4+V4szFHWx2SPeSWDcMC8j7AR5R3VjbLTS8Ne4=; b=W4x6v/G5ZXg6pkD+i/IDmpCMYfLYfkqPqdP0voZbIhFm3hWzTmCbcZb809xEuyaj/Q U+tJXA525m7FqR3h8/uVdaFbRpcSXp3eZW4oXJQpNX7/2xbA6NTXHioH3WT8NT+L/cwu 3rwmJ7SRg1orJm+ocQzUr2L8z42r6cYdFzp+KXrAkUDytzsEe1pY8d1oHiE5P5+BB4tu So0X/8PAa8TQj9J4hD6hJoZnDIxh+iLWbgGEFPA3wAfvWe/PghAoIkKoBehkP1thHpRl 3h2BpO/kQdtd5tpUxrl6/TXNKOTraGh0IFc0fbvELOi5a0Dcfi8LEdlzCN7HXSrpAM4t NWVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3NFLK4+V4szFHWx2SPeSWDcMC8j7AR5R3VjbLTS8Ne4=; b=BYIoGG+/35XGSyU0QDO+xacbknSGuXHuwrx3eq5+kX6jHPab3b+1816/3qmgdcd8D9 O8Eg0FqBk9l5nRgaEXzLQ4kDH0w/Suy4usLs5+nO2tVz8CUUdlB6M/h4KHf6dj9sx42B dqWoZFW20UTnRdNtJtQrUV0AO8m3JFK24lA192hVOcXer6s7QGNFZvpdsp1fHQ2H+hRI bpAvQYN2r9i5w1Ic76MZYKq02X0lEKBZtFMRr92zWnvHpm6guTY5mWMNO+DYPAj749D/ MpJpdls3YKpiA8iWyiSQqSxwtkt6IjbFycDDGrATj02938SqqRriRQzwC+7SmY7RD7GD HC+g== X-Gm-Message-State: AOAM533byZcUr4OtadnENWGBe+Q488qCEaFw9RPBwFo03xUoRlpQvLzb dFFwZWm1LhaVGmTUGLBiH42wCZ+gVDH1t192 X-Google-Smtp-Source: ABdhPJy2qNYOoCYup5PsDkB81CmWf6euGJlzUqg5LheBKNISegSP1HYBvFmvJgKNnVuiKmej5jdFng== X-Received: by 2002:a1c:5f44:: with SMTP id t65mr481276wmb.47.1603882310241; Wed, 28 Oct 2020 03:51:50 -0700 (PDT) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id y201sm5782972wmd.27.2020.10.28.03.51.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 28 Oct 2020 03:51:49 -0700 (PDT) From: luca.boccassi@gmail.com To: David Marchand Cc: Anatoly Burakov , dpdk stable Date: Wed, 28 Oct 2020 10:44:25 +0000 Message-Id: <20201028104606.3504127-106-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20201028104606.3504127-1-luca.boccassi@gmail.com> References: <20201028104606.3504127-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'mem: fix allocation in container with SELinux' has been queued to stable release 19.11.6 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 10/30/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Thanks. Luca Boccassi --- >From 62aa29ccae8cc8f0b83cf454136997a4b70466c6 Mon Sep 17 00:00:00 2001 From: David Marchand Date: Thu, 10 Sep 2020 18:24:07 +0200 Subject: [PATCH] mem: fix allocation in container with SELinux [ upstream commit aa48ddf4f0d2a9f90cd9247ac779ced55588c27a ] This is something we encountered while working in an OpenShift environment with SELinux enabled. In this environment, a DPDK application could create/write to hugepage files but removing them was refused. This resulted in dirty files being reused when starting a new DPDK application and triggered random crashes / erratic behavior. Getting a SELinux setup can be a challenge, and even more if you add containers to the picture :-). So here is a reproducer for the interested testers: # cat >wrap.c < #include #include #include #include #include #include int unlink(const char *pathname) { static int (*orig)(const char *pathname) = NULL; struct stat st; if (orig == NULL) orig = dlsym(RTLD_NEXT, "unlink"); if (strstr(pathname, "rtemap_") != NULL && stat(pathname, &st) == 0) { fprintf(stderr, "### refused unlink for %s\n", pathname); errno = EACCES; return -1; } fprintf(stderr, "### called unlink for %s\n", pathname); return orig(pathname); } int unlinkat(int dirfd, const char *pathname, int flags) { static int (*orig)(int dirfd, const char *pathname, int flags) = NULL; struct stat st; if (orig == NULL) orig = dlsym(RTLD_NEXT, "unlinkat"); if (strstr(pathname, "rtemap_") != NULL && fstatat(dirfd, pathname, &st, flags) == 0) { fprintf(stderr, "### refused unlinkat for %s\n", pathname); errno = EACCES; return -1; } fprintf(stderr, "### called unlinkat for %s\n", pathname); return orig(dirfd, pathname, flags); } EOF # gcc -fPIC -shared -o libwrap.so wrap.c -ldl # \rm /dev/hugepages/rtemap* # # First run is fine # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i [...] Configuring Port 0 (socket 0) Port 0: 24:6E:96:3C:52:D8 Checking link statuses... Done testpmd> # # Second run we have dirty memory # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i [...] ### refused unlinkat for rtemap_0 [...] Port 0 is now not stopped Please stop the ports first Done testpmd> Removing hugepage files is done in multiple places and the memory allocation code is complex. This fix tries to do the minimum and avoids touching other paths. If trying to remove the hugepage file before allocating a page fails, the error is reported to the caller and the user will see a memory allocation error log. Fixes: 582bed1e1d1d ("mem: support mapping hugepages at runtime") Signed-off-by: David Marchand Acked-by: Anatoly Burakov --- lib/librte_eal/linux/eal/eal_memalloc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lib/librte_eal/linux/eal/eal_memalloc.c b/lib/librte_eal/linux/eal/eal_memalloc.c index 678094acf9..08b9888b07 100644 --- a/lib/librte_eal/linux/eal/eal_memalloc.c +++ b/lib/librte_eal/linux/eal/eal_memalloc.c @@ -325,6 +325,21 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi, fd = fd_list[list_idx].fds[seg_idx]; if (fd < 0) { + /* A primary process is the only one creating these + * files. If there is a leftover that was not cleaned + * by clear_hugedir(), we must *now* make sure to drop + * the file or we will remap old stuff while the rest + * of the code is built on the assumption that a new + * page is clean. + */ + if (rte_eal_process_type() == RTE_PROC_PRIMARY && + unlink(path) == -1 && + errno != ENOENT) { + RTE_LOG(DEBUG, EAL, "%s(): could not remove '%s': %s\n", + __func__, path, strerror(errno)); + return -1; + } + fd = open(path, O_CREAT | O_RDWR, 0600); if (fd < 0) { RTE_LOG(DEBUG, EAL, "%s(): open failed: %s\n", -- 2.20.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-10-28 10:35:15.063984209 +0000 +++ 0106-mem-fix-allocation-in-container-with-SELinux.patch 2020-10-28 10:35:11.660832320 +0000 @@ -1,8 +1,10 @@ -From aa48ddf4f0d2a9f90cd9247ac779ced55588c27a Mon Sep 17 00:00:00 2001 +From 62aa29ccae8cc8f0b83cf454136997a4b70466c6 Mon Sep 17 00:00:00 2001 From: David Marchand Date: Thu, 10 Sep 2020 18:24:07 +0200 Subject: [PATCH] mem: fix allocation in container with SELinux +[ upstream commit aa48ddf4f0d2a9f90cd9247ac779ced55588c27a ] + This is something we encountered while working in an OpenShift environment with SELinux enabled. In this environment, a DPDK application could create/write to hugepage @@ -93,19 +95,18 @@ allocation error log. Fixes: 582bed1e1d1d ("mem: support mapping hugepages at runtime") -Cc: stable@dpdk.org Signed-off-by: David Marchand Acked-by: Anatoly Burakov --- - lib/librte_eal/linux/eal_memalloc.c | 15 +++++++++++++++ + lib/librte_eal/linux/eal/eal_memalloc.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) -diff --git a/lib/librte_eal/linux/eal_memalloc.c b/lib/librte_eal/linux/eal_memalloc.c -index db60e79975..40a5c4aa1d 100644 ---- a/lib/librte_eal/linux/eal_memalloc.c -+++ b/lib/librte_eal/linux/eal_memalloc.c -@@ -329,6 +329,21 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi, +diff --git a/lib/librte_eal/linux/eal/eal_memalloc.c b/lib/librte_eal/linux/eal/eal_memalloc.c +index 678094acf9..08b9888b07 100644 +--- a/lib/librte_eal/linux/eal/eal_memalloc.c ++++ b/lib/librte_eal/linux/eal/eal_memalloc.c +@@ -325,6 +325,21 @@ get_seg_fd(char *path, int buflen, struct hugepage_info *hi, fd = fd_list[list_idx].fds[seg_idx]; if (fd < 0) {