From mboxrd@z Thu Jan  1 00:00:00 1970
From: Maxime Coquelin <maxime.coquelin@redhat.com>
Subject: Re: [PATCH] vhost: add note about sockets in server mode
Date: Tue, 6 Mar 2018 10:06:53 +0100
Message-ID: <c6c2ffe8-5cca-c7b6-0e29-f729c653b2d3@redhat.com>
References: <CGME20180226083909eucas1p1dbb604def497d348d0eaac45db09f11a@eucas1p1.samsung.com>
 <1519634341-12305-1-git-send-email-i.maximets@samsung.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: Heetae Ahn <heetae82.ahn@samsung.com>, Yuanhan Liu
 <yliu@fridaylinux.org>, Bruce Richardson <bruce.richardson@intel.com>
To: Ilya Maximets <i.maximets@samsung.com>, dev@dpdk.org
Return-path: <dev-bounces@dpdk.org>
Received: from mx1.redhat.com (mx3-rdu2.redhat.com [66.187.233.73])
 by dpdk.org (Postfix) with ESMTP id F0FD29E4
 for <dev@dpdk.org>; Tue,  6 Mar 2018 10:06:56 +0100 (CET)
In-Reply-To: <1519634341-12305-1-git-send-email-i.maximets@samsung.com>
Content-Language: en-US
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Ilya,

On 02/26/2018 09:39 AM, Ilya Maximets wrote:
>  From time to time, someone sends patches about unlinking existing
> sockets when registering a vhost user in server mode.
> 
> A recent example:
> 	http://dpdk.org/ml/archives/dev/2018-February/090025.html
> 
> This problem has been discussed many times, and it was made clear that
> the library should not unlink files given by the application in order
> to avoid possible security problems, such as removing random files
> used by other programs.
> 
> One of the first discussions:
> 	http://dpdk.org/ml/archives/dev/2015-December/030326.html
> 
> To avoid such patches in the future, it was decided to add a comment
> that explains what is happening and tries to describe the reasoning.
> 
> Signed-off-by: Ilya Maximets <i.maximets@samsung.com>
> ---
> 
> I'm open for suggestions. Wording/grammar fixes are also welcome.
> 
>   lib/librte_vhost/socket.c | 10 ++++++++++
>   1 file changed, 10 insertions(+)
> 
> diff --git a/lib/librte_vhost/socket.c b/lib/librte_vhost/socket.c
> index 83befdc..e8584f3 100644
> --- a/lib/librte_vhost/socket.c
> +++ b/lib/librte_vhost/socket.c
> @@ -318,6 +318,16 @@ vhost_user_start_server(struct vhost_user_socket *vsocket)
>   	int fd = vsocket->socket_fd;
>   	const char *path = vsocket->path;
>   
> +	/*
> +	 * bind () may fail if the socket file with the same name already
> +	 * exists. But the library obviously should not delete the file
> +	 * provided by the user, since we can not be sure that it is not
> +	 * being used by other applications. Moreover, many applications form
> +	 * socket names based on user input, which is prone to errors.
> +	 *
> +	 * The user must ensure that the socket does not exist before
> +	 * registering the vhost driver in server mode.
> +	 */
>   	ret = bind(fd, (struct sockaddr *)&vsocket->un, sizeof(vsocket->un));
>   	if (ret < 0) {
>   		RTE_LOG(ERR, VHOST_CONFIG,
> 

Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>

Thanks!
Maxime