From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id BA5D4A04BA for ; Fri, 2 Oct 2020 11:37:02 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 991D11BFC7; Fri, 2 Oct 2020 11:37:01 +0200 (CEST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by dpdk.org (Postfix) with ESMTP id A31281BFC7 for ; Fri, 2 Oct 2020 11:36:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1601631418; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=tFWQGBoE2w94ZnokYZGBsIrlDWMTJhcW8bfJfWN0TNc=; b=BDIO73ddJdd3neEKP5gG2ta11wTpDzgvYxKigJc3ILurGn0sGazrRoNZbvsmwzGOqa9XJd lAMGpRV7DLdri4NmsYrkumHouStAAN89nAE3qE5L+lwvRgmGhBdXKMRNZuoUnzQ7CMqpF2 fnWFY3TFIn2pBlaJEB57yUszzzfrxEk= Received: from mail-ua1-f69.google.com (mail-ua1-f69.google.com [209.85.222.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-438-c1Gu8vP_PWuAjGoQ6Rwxrw-1; Fri, 02 Oct 2020 05:36:55 -0400 X-MC-Unique: c1Gu8vP_PWuAjGoQ6Rwxrw-1 Received: by mail-ua1-f69.google.com with SMTP id b1so344861uad.11 for ; Fri, 02 Oct 2020 02:36:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tFWQGBoE2w94ZnokYZGBsIrlDWMTJhcW8bfJfWN0TNc=; b=SvmiYXs4wbd1FtTHr79GamH2CqDsgruBzVpNtRpFIxgXoV9DxA1pnWSvplAsYyf4MK eJcAbjddCM/UZMMwG5pbBa+oF6tMwssafzJRXkKxXqx+fS2sIqpOvhetVwC0A9grnqal oe6Qb1V/eDN3us4nYAHv+NjwxoYs72wCGDRle/TTh5M4Wvk1nj2dNJkymK6BhyLci946 WBdiq5u7ByPIZ87vHIonM6EvpbMgrDnV+gzSv3WzH5IMihqlcP1apRBafVEIkCla91vc Ehh9N7d5flcpvjvlyqfX7E5D4QAu0srV2YoWn4pCCKm89dqKtUHMBJ3aQwgZ/lwIzfFV D83w== X-Gm-Message-State: AOAM531+vI+/DVRrQYSZjfEtpS0fLVPAHbWq1Mjn7AFikdZdTCU3y/qI cLlDLxJvg7yN+JE4qxuaRhvhROFFfMITqBRZRKkQL+mZp53gDTXCIRHv8HsbCpyUUIb5dVNVRRo 2hJG2emiMV9buylO17qENd7o= X-Received: by 2002:a67:fd44:: with SMTP id g4mr77333vsr.18.1601631414656; Fri, 02 Oct 2020 02:36:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPGLgpKGA8n85UhBDh1Tm9l5HX4MgxbZfH2wzS2I0AnMHOeTUIdnpM/4IhudFavfaOM167ZBqgzLAfuyye3L8= X-Received: by 2002:a67:fd44:: with SMTP id g4mr77325vsr.18.1601631414421; Fri, 02 Oct 2020 02:36:54 -0700 (PDT) MIME-Version: 1.0 References: <20200910162407.12669-1-david.marchand@redhat.com> <41283b3a-5591-da2b-dea3-f069248d3265@intel.com> In-Reply-To: From: David Marchand Date: Fri, 2 Oct 2020 11:36:43 +0200 Message-ID: To: "Burakov, Anatoly" Cc: dev , Maxime Coquelin , Sebastian Scheinkman , dpdk stable , Aaron Conole Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dmarchan@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Subject: Re: [dpdk-stable] [PATCH] eal/linux: fix memory allocations in containers+SELinux X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" On Thu, Sep 17, 2020 at 4:47 PM David Marchand wrote: > > On Thu, Sep 17, 2020 at 4:17 PM Burakov, Anatoly > wrote: > > Anonymous hugepages shouldn't matter, yes, but single-file segments mode > > does fallocate() and remove - you have the remove part covered, but i'm > > just curious if fallocate() would also cause any issues with SELinux. > > I found no hook in the kernel for fallocate + selinux... > Looked into fallocate itself and it ends up validating lsm write > access on the file. > > I don't have the full setup atm but since I could truncate and write > to it, I'd say we are good. I could not gain access to the same setup again. FWIW, I tried with my reproducer: - no issue with --in-memory option (with or without patch) - error correctly detected (with this patch) in normal mode after restarting: # \rm /dev/hugepages/rtemap_* # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i [... working fine ...] # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 -- -i EAL: Detected 28 lcore(s) EAL: Detected 1 NUMA nodes ### called unlink for /var/run/dpdk/rte/mp_socket EAL: Multi-process socket /var/run/dpdk/rte/mp_socket EAL: Selected IOVA mode 'VA' ### refused unlinkat for rtemap_0 EAL: Probing VFIO support... EAL: VFIO support initialized ### refused unlink for /dev/hugepages/rtemap_0 EAL: Couldn't get fd on hugepage file EAL: error allocating rte services array EAL: FATAL: rte_service_init() failed EAL: rte_service_init() failed EAL: Error - exiting with code: 1 Cause: Cannot init EAL: Exec format error ### called unlink for /var/run/dpdk/rte/mp_socket - error detected with legacy mode from first try (with or without patch), since the memory allocator tries to remove unneeded hugepage files in this mode, and reports failures for this: # \rm /dev/hugepages/rtemap_* # LD_PRELOAD=libwrap.so dpdk-testpmd -w 0000:01:00.0 --legacy-mem -m 2048 -- -i EAL: Detected 28 lcore(s) EAL: Detected 1 NUMA nodes ### called unlink for /var/run/dpdk/rte/mp_socket EAL: Multi-process socket /var/run/dpdk/rte/mp_socket EAL: Selected IOVA mode 'VA' EAL: Probing VFIO support... EAL: VFIO support initialized ### refused unlink for /dev/hugepages/rtemap_2 EAL: unmap_unneeded_hugepages(): Removing /dev/hugepages/rtemap_2 failed: Permission denied EAL: Unmapping and locking hugepages failed! EAL: FATAL: Cannot init memory EAL: Cannot init memory EAL: Error - exiting with code: 1 Cause: Cannot init EAL: Cannot allocate memory ### called unlink for /var/run/dpdk/rte/mp_socket -- David Marchand