From: Junxiao Shi <git@mail1.yoursunny.com>
To: dev@dpdk.org
Subject: [RFC PATCH v3] net/memif: change socket listener owner uid/gid
Date: Wed, 16 Nov 2022 17:14:13 +0000 [thread overview]
Message-ID: <c079afbbff6669ab@cs.arizona.edu> (raw)
In-Reply-To: <c079a935de8f9101@cs.arizona.edu>
This allows a DPDK application running with root privilege to create a
memif socket listener with non-root owner uid and gid, which can be
connected from client applications running without root privilege.
Signed-off-by: Junxiao Shi <git@mail1.yoursunny.com>
---
doc/guides/nics/memif.rst | 2 ++
drivers/net/memif/memif_socket.c | 13 +++++++--
drivers/net/memif/rte_eth_memif.c | 48 +++++++++++++++++++++++++++++--
drivers/net/memif/rte_eth_memif.h | 2 ++
4 files changed, 60 insertions(+), 5 deletions(-)
diff --git a/doc/guides/nics/memif.rst b/doc/guides/nics/memif.rst
index aca843640b..8a8141aa72 100644
--- a/doc/guides/nics/memif.rst
+++ b/doc/guides/nics/memif.rst
@@ -44,6 +44,8 @@ client.
"rsize=11", "Log2 of ring size. If rsize is 10, actual ring size is 1024", "10", "1-14"
"socket=/tmp/memif.sock", "Socket filename", "/tmp/memif.sock", "string len 108"
"socket-abstract=no", "Set usage of abstract socket address", "yes", "yes|no"
+ "uid=1000", "Set socket listener owner uid. Only relevant to server with socket-abstract=no", "unchanged", "uid_t"
+ "gid=1000", "Set socket listener owner gid. Only relevant to server with socket-abstract=no", "unchanged", "gid_t"
"mac=01:23:45:ab:cd:ef", "Mac address", "01:ab:23:cd:45:ef", ""
"secret=abc123", "Secret is an optional security option, which if specified, must be matched by peer", "", "string len 24"
"zero-copy=yes", "Enable/disable zero-copy client mode. Only relevant to client, requires '--single-file-segments' eal argument", "no", "yes|no"
diff --git a/drivers/net/memif/memif_socket.c b/drivers/net/memif/memif_socket.c
index 7886644412..c2b038d01a 100644
--- a/drivers/net/memif/memif_socket.c
+++ b/drivers/net/memif/memif_socket.c
@@ -889,7 +889,7 @@ memif_listener_handler(void *arg)
}
static struct memif_socket *
-memif_socket_create(char *key, uint8_t listener, bool is_abstract)
+memif_socket_create(char *key, uint8_t listener, bool is_abstract, uid_t owner_uid, gid_t owner_gid)
{
struct memif_socket *sock;
struct sockaddr_un un = { 0 };
@@ -941,6 +941,14 @@ memif_socket_create(char *key, uint8_t listener, bool is_abstract)
MIF_LOG(DEBUG, "Memif listener socket %s created.", sock->filename);
+ if (!is_abstract && (owner_uid != (uid_t)-1 || owner_gid != (gid_t)-1)) {
+ ret = chown(sock->filename, owner_uid, owner_gid);
+ if (ret < 0) {
+ MIF_LOG(ERR, "Failed to change listener socket owner %d", errno);
+ goto error;
+ }
+ }
+
/* Allocate interrupt instance */
sock->intr_handle =
rte_intr_instance_alloc(RTE_INTR_INSTANCE_F_SHARED);
@@ -1017,7 +1025,8 @@ memif_socket_init(struct rte_eth_dev *dev, const char *socket_filename)
if (ret < 0) {
socket = memif_socket_create(key,
(pmd->role == MEMIF_ROLE_CLIENT) ? 0 : 1,
- pmd->flags & ETH_MEMIF_FLAG_SOCKET_ABSTRACT);
+ pmd->flags & ETH_MEMIF_FLAG_SOCKET_ABSTRACT,
+ pmd->owner_uid, pmd->owner_gid);
if (socket == NULL)
return -1;
ret = rte_hash_add_key_data(hash, key, socket);
diff --git a/drivers/net/memif/rte_eth_memif.c b/drivers/net/memif/rte_eth_memif.c
index dd951b8296..092f1cbc92 100644
--- a/drivers/net/memif/rte_eth_memif.c
+++ b/drivers/net/memif/rte_eth_memif.c
@@ -37,6 +37,8 @@
#define ETH_MEMIF_RING_SIZE_ARG "rsize"
#define ETH_MEMIF_SOCKET_ARG "socket"
#define ETH_MEMIF_SOCKET_ABSTRACT_ARG "socket-abstract"
+#define ETH_MEMIF_OWNER_UID_ARG "owner-uid"
+#define ETH_MEMIF_OWNER_GID_ARG "owner-gid"
#define ETH_MEMIF_MAC_ARG "mac"
#define ETH_MEMIF_ZC_ARG "zero-copy"
#define ETH_MEMIF_SECRET_ARG "secret"
@@ -48,6 +50,8 @@ static const char * const valid_arguments[] = {
ETH_MEMIF_RING_SIZE_ARG,
ETH_MEMIF_SOCKET_ARG,
ETH_MEMIF_SOCKET_ABSTRACT_ARG,
+ ETH_MEMIF_OWNER_UID_ARG,
+ ETH_MEMIF_OWNER_GID_ARG,
ETH_MEMIF_MAC_ARG,
ETH_MEMIF_ZC_ARG,
ETH_MEMIF_SECRET_ARG,
@@ -1515,7 +1519,7 @@ static const struct eth_dev_ops ops = {
static int
memif_create(struct rte_vdev_device *vdev, enum memif_role_t role,
memif_interface_id_t id, uint32_t flags,
- const char *socket_filename,
+ const char *socket_filename, uid_t owner_uid, gid_t owner_gid,
memif_log2_ring_size_t log2_ring_size,
uint16_t pkt_buffer_size, const char *secret,
struct rte_ether_addr *ether_addr)
@@ -1554,6 +1558,8 @@ memif_create(struct rte_vdev_device *vdev, enum memif_role_t role,
/* Zero-copy flag irelevant to server. */
if (pmd->role == MEMIF_ROLE_SERVER)
pmd->flags &= ~ETH_MEMIF_FLAG_ZERO_COPY;
+ pmd->owner_uid = owner_uid;
+ pmd->owner_gid = owner_gid;
ret = memif_socket_init(eth_dev, socket_filename);
if (ret < 0)
@@ -1740,6 +1746,30 @@ memif_set_is_socket_abstract(const char *key __rte_unused, const char *value, vo
return 0;
}
+static int
+memif_set_owner(const char *key, const char *value, void *extra_args)
+{
+ RTE_ASSERT(sizeof(uid_t) == sizeof(uint32_t));
+ RTE_ASSERT(sizeof(gid_t) == sizeof(uint32_t));
+
+ unsigned long val;
+ char *end = NULL;
+ uint32_t *id = (uint32_t *)extra_args;
+
+ val = strtoul(value, &end, 10);
+ if (*value == '\0' || *end != '\0') {
+ MIF_LOG(ERR, "Failed to parse %s: %s.", key, value);
+ return -EINVAL;
+ }
+ if (val >= UINT32_MAX) {
+ MIF_LOG(ERR, "Invalid %s: %s.", key, value);
+ return -ERANGE;
+ }
+
+ *id = val;
+ return 0;
+}
+
static int
memif_set_mac(const char *key __rte_unused, const char *value, void *extra_args)
{
@@ -1772,6 +1802,8 @@ rte_pmd_memif_probe(struct rte_vdev_device *vdev)
uint16_t pkt_buffer_size = ETH_MEMIF_DEFAULT_PKT_BUFFER_SIZE;
memif_log2_ring_size_t log2_ring_size = ETH_MEMIF_DEFAULT_RING_SIZE;
const char *socket_filename = ETH_MEMIF_DEFAULT_SOCKET_FILENAME;
+ uid_t owner_uid = -1;
+ gid_t owner_gid = -1;
uint32_t flags = 0;
const char *secret = NULL;
struct rte_ether_addr *ether_addr = rte_zmalloc("",
@@ -1855,6 +1887,14 @@ rte_pmd_memif_probe(struct rte_vdev_device *vdev)
&memif_set_is_socket_abstract, &flags);
if (ret < 0)
goto exit;
+ ret = rte_kvargs_process(kvlist, ETH_MEMIF_OWNER_UID_ARG,
+ &memif_set_owner, &owner_uid);
+ if (ret < 0)
+ goto exit;
+ ret = rte_kvargs_process(kvlist, ETH_MEMIF_OWNER_GID_ARG,
+ &memif_set_owner, &owner_gid);
+ if (ret < 0)
+ goto exit;
ret = rte_kvargs_process(kvlist, ETH_MEMIF_MAC_ARG,
&memif_set_mac, ether_addr);
if (ret < 0)
@@ -1876,7 +1916,7 @@ rte_pmd_memif_probe(struct rte_vdev_device *vdev)
}
/* create interface */
- ret = memif_create(vdev, role, id, flags, socket_filename,
+ ret = memif_create(vdev, role, id, flags, socket_filename, owner_uid, owner_gid,
log2_ring_size, pkt_buffer_size, secret, ether_addr);
exit:
@@ -1909,7 +1949,9 @@ RTE_PMD_REGISTER_PARAM_STRING(net_memif,
ETH_MEMIF_PKT_BUFFER_SIZE_ARG "=<int>"
ETH_MEMIF_RING_SIZE_ARG "=<int>"
ETH_MEMIF_SOCKET_ARG "=<string>"
- ETH_MEMIF_SOCKET_ABSTRACT_ARG "=yes|no"
+ ETH_MEMIF_SOCKET_ABSTRACT_ARG "=yes|no"
+ ETH_MEMIF_OWNER_UID_ARG "=<int>"
+ ETH_MEMIF_OWNER_GID_ARG "=<int>"
ETH_MEMIF_MAC_ARG "=xx:xx:xx:xx:xx:xx"
ETH_MEMIF_ZC_ARG "=yes|no"
ETH_MEMIF_SECRET_ARG "=<string>");
diff --git a/drivers/net/memif/rte_eth_memif.h b/drivers/net/memif/rte_eth_memif.h
index 81e7dceae0..b43895a55f 100644
--- a/drivers/net/memif/rte_eth_memif.h
+++ b/drivers/net/memif/rte_eth_memif.h
@@ -89,6 +89,8 @@ struct pmd_internals {
/**< use abstract socket address */
char *socket_filename; /**< pointer to socket filename */
+ uid_t owner_uid; /**< socket owner uid */
+ gid_t owner_gid; /**< socket owner gid */
char secret[ETH_MEMIF_SECRET_SIZE]; /**< secret (optional security parameter) */
struct memif_control_channel *cc; /**< control channel */
--
2.17.1
next prev parent reply other threads:[~2022-11-16 17:18 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-15 20:44 [RFC PATCH] net/memif: change socket listener owner uid/gid Junxiao Shi
2022-11-15 23:53 ` Stephen Hemminger
2022-11-16 13:09 ` [RFC PATCH v2] " Junxiao Shi
2022-11-16 17:04 ` Stephen Hemminger
2022-11-16 17:14 ` Junxiao Shi [this message]
2022-11-16 17:14 ` [PATCH] " Junxiao Shi
2022-12-07 14:28 ` Ferruh Yigit
2022-12-07 14:41 ` [PATCH v2] " Junxiao Shi
2022-12-07 15:43 ` Ferruh Yigit
2022-12-07 16:56 ` Ferruh Yigit
2022-12-07 17:48 ` Junxiao Shi
2022-12-08 14:29 ` Ferruh Yigit
2022-12-07 15:53 ` [PATCH v3] " Junxiao Shi
2022-12-08 16:25 ` Ferruh Yigit
2022-12-08 16:25 ` Ferruh Yigit
2022-11-16 17:52 ` [RFC PATCH " Stephen Hemminger
2022-12-07 11:43 ` Ferruh Yigit
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c079afbbff6669ab@cs.arizona.edu \
--to=git@mail1.yoursunny.com \
--cc=dev@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.