debian/patches/fix-vhost-user-socket-permission.patch

   1 Description: eal: provide option to set vhost_user socket owner/permissions
   2
   3 The API doesn't hold a way to specify a owner/permission set for vhost_user
   4 created sockets.
   5
   6 Projects consuming DPDK started to do 'their own workarounds' like openvswitch
   7 https://patchwork.ozlabs.org/patch/559043/
   8 https://patchwork.ozlabs.org/patch/559045/
   9 But for this specific example they are blocked/stalled behind a bigger
  10 rework (https://patchwork.ozlabs.org/patch/604898/).
  11
  12 We need something now for existing code linking against DPDK. That implies to
  13 avoid changing API/ABI. So I created a DPDK EAL commandline option based ideas
  14 in the former patches.
  15
  16 Fixes LP: #1546565
  17
  18 *Update*
  19  - with the split libs it now nees to be listed in
  20    lib/librte_eal/linuxapp/eal/rte_eal_version.map to work on link steps
  21  - please note that upstream gravitates towards not extending but creating a
  22    new the API in DPDK as long term solution (will take a while)
  23  - also as listed before most affected projects seem to create their own
  24    workaround.
  25  So over time we have to check when we can drop it at the price of a config
  26  transition - likely OVS 2.6 won't need it anymore.
  27
  28 Forwarded: yes
  29 Author: Christian Ehrhardt <christian.ehrhardt@canonical.com>
  30 Last-Update: 2016-09-28
  31
  32 --- a/doc/guides/testpmd_app_ug/run_app.rst
  33 +++ b/doc/guides/testpmd_app_ug/run_app.rst
  34 @@ -156,6 +156,25 @@
  35
  36      Use malloc instead of hugetlbfs.
  37
  38 +*   ``--vhost-owner``
  39 +
  40 +     When creating vhost_user sockets change owner and group to the specified value.
  41 +     This can be given as ``user:group``, but also only ``user`` or ``:group`` are supported.
  42 +
  43 +    Examples::
  44 +
  45 +       --vhost-owner 'libvirt-qemu:kvm'
  46 +       --vhost-owner 'libvirt-qemu'
  47 +       --vhost-owner ':kvm'
  48 +
  49 +*   ``--vhost-perm``
  50 +
  51 +    When creating vhost_user sockets set them up with these permissions.
  52 +
  53 +    For example::
  54 +
  55 +       --vhost-perm '0664'
  56 +
  57
  58  Testpmd Command-line Options
  59  ----------------------------
  60 --- a/lib/librte_eal/common/eal_common_options.c
  61 +++ b/lib/librte_eal/common/eal_common_options.c
  62 @@ -95,6 +95,8 @@
  63         {OPT_VFIO_INTR,         1, NULL, OPT_VFIO_INTR_NUM        },
  64         {OPT_VMWARE_TSC_MAP,    0, NULL, OPT_VMWARE_TSC_MAP_NUM   },
  65         {OPT_XEN_DOM0,          0, NULL, OPT_XEN_DOM0_NUM         },
  66 +       {OPT_VHOST_OWNER,       1, NULL, OPT_VHOST_OWNER_NUM      },
  67 +       {OPT_VHOST_PERM,        1, NULL, OPT_VHOST_PERM_NUM       },
  68         {0,                     0, NULL, 0                        }
  69  };
  70
  71 @@ -166,6 +168,8 @@
  72  #endif
  73         internal_cfg->vmware_tsc_map = 0;
  74         internal_cfg->create_uio_dev = 0;
  75 +       internal_cfg->vhost_sock_owner = NULL;
  76 +       internal_cfg->vhost_sock_perm = NULL;
  77  }
  78
  79  static int
  80 --- a/lib/librte_eal/common/eal_internal_cfg.h
  81 +++ b/lib/librte_eal/common/eal_internal_cfg.h
  82 @@ -83,6 +83,8 @@
  83         volatile enum rte_intr_mode vfio_intr_mode;
  84         const char *hugefile_prefix;      /**< the base filename of hugetlbfs files */
  85         const char *hugepage_dir;         /**< specific hugetlbfs directory to use */
  86 +       const char *vhost_sock_owner;     /**< owner:group of vhost_user sockets */
  87 +       const char *vhost_sock_perm;      /**< permissions of vhost_user sockets */
  88
  89         unsigned num_hugepage_sizes;      /**< how many sizes on this system */
  90         struct hugepage_info hugepage_info[MAX_HUGEPAGE_SIZES];
  91 --- a/lib/librte_eal/common/eal_options.h
  92 +++ b/lib/librte_eal/common/eal_options.h
  93 @@ -83,6 +83,10 @@
  94         OPT_VMWARE_TSC_MAP_NUM,
  95  #define OPT_XEN_DOM0          "xen-dom0"
  96         OPT_XEN_DOM0_NUM,
  97 +#define OPT_VHOST_OWNER       "vhost-owner"
  98 +       OPT_VHOST_OWNER_NUM,
  99 +#define OPT_VHOST_PERM        "vhost-perm"
 100 +       OPT_VHOST_PERM_NUM,
 101         OPT_LONG_MAX_NUM
 102  };
 103
 104 --- a/lib/librte_eal/common/include/rte_eal.h
 105 +++ b/lib/librte_eal/common/include/rte_eal.h
 106 @@ -256,6 +256,11 @@
 107  #define RTE_INIT(func) \
 108  static void __attribute__((constructor, used)) func(void)
 109
 110 +/**
 111 + * Set owner/permissions on sockets if requested on EAL commandline
 112 + */
 113 +void rte_eal_set_socket_permissions(const char *);
 114 +
 115  #ifdef __cplusplus
 116  }
 117  #endif
 118 --- a/lib/librte_eal/linuxapp/eal/eal.c
 119 +++ b/lib/librte_eal/linuxapp/eal/eal.c
 120 @@ -53,6 +53,9 @@
 121  #if defined(RTE_ARCH_X86)
 122  #include <sys/io.h>
 123  #endif
 124 +#include <sys/types.h>
 125 +#include <pwd.h>
 126 +#include <grp.h>
 127
 128  #include <rte_common.h>
 129  #include <rte_debug.h>
 130 @@ -354,6 +357,8 @@
 131                "  --"OPT_CREATE_UIO_DEV"    Create /dev/uioX (usually done by hotplug)\n"
 132                "  --"OPT_VFIO_INTR"         Interrupt mode for VFIO (legacy|msi|msix)\n"
 133                "  --"OPT_XEN_DOM0"          Support running on Xen dom0 without hugetlbfs\n"
 134 +              "  --"OPT_VHOST_OWNER"       Create vhost-user sockets with this owner:group\n"
 135 +              "  --"OPT_VHOST_PERM"        Create vhost-user sockets with these permissions\n"
 136                "\n");
 137         /* Allow the application to print its usage message too if hook is set */
 138         if ( rte_application_usage_hook ) {
 139 @@ -611,6 +616,14 @@
 140                         internal_config.create_uio_dev = 1;
 141                         break;
 142
 143 +               case OPT_VHOST_OWNER_NUM:
 144 +                       internal_config.vhost_sock_owner = optarg;
 145 +                       break;
 146 +
 147 +               case OPT_VHOST_PERM_NUM:
 148 +                       internal_config.vhost_sock_perm = optarg;
 149 +                       break;
 150 +
 151                 default:
 152                         if (opt < OPT_LONG_MIN_NUM && isprint(opt)) {
 153                                 RTE_LOG(ERR, EAL, "Option %c is not supported "
 154 @@ -943,3 +956,172 @@
 155         /* Module has been found */
 156         return 1;
 157  }
 158 +
 159 +/* Try to double the size of '*buf', return true
 160 + * if successful, and '*sizep' will be updated with
 161 + * the new size. Otherwise, return false.  */
 162 +static int
 163 +enlarge_buffer(char **buf, size_t *sizep)
 164 +{
 165 +    size_t newsize = *sizep * 2;
 166 +
 167 +    if (newsize > *sizep) {
 168 +        *buf = realloc(*buf, newsize);
 169 +        *sizep = newsize;
 170 +        return 1;
 171 +    }
 172 +
 173 +    return 0;
 174 +}
 175 +
 176 +static int
 177 +get_owners_from_str(const char *user_spec, uid_t *uid, gid_t *gid)
 178 +{
 179 +       size_t bufsize = 4096;
 180 +
 181 +       char *pos = strchr(user_spec, ':');
 182 +       user_spec += strspn(user_spec, " \t\r\n");
 183 +       size_t len = pos ? (size_t)(pos - user_spec) : strlen(user_spec);
 184 +
 185 +       char *buf = NULL;
 186 +       struct passwd pwd, *res;
 187 +       int e;
 188 +
 189 +       buf = malloc(bufsize);
 190 +       char *user_search = NULL;
 191 +       if (len) {
 192 +               user_search = malloc(len + 1);
 193 +               memcpy(user_search, user_spec, len);
 194 +               user_search[len] = '\0';
 195 +               while ((e = getpwnam_r(user_search, &pwd, buf, bufsize, &res)) == ERANGE) {
 196 +                       if (!enlarge_buffer(&buf, &bufsize)) {
 197 +                               break;
 198 +                       }
 199 +               }
 200 +
 201 +               if (e != 0) {
 202 +                       RTE_LOG(ERR, EAL,"Failed to retrive user %s's uid (%s), aborting.",
 203 +                               user_search, strerror(e));
 204 +                       goto release;
 205 +               }
 206 +               if (res == NULL) {
 207 +                       RTE_LOG(ERR, EAL,"user %s not found,  aborting.",
 208 +                               user_search);
 209 +                       e = -1;
 210 +                       goto release;
 211 +               }
 212 +       } else {
 213 +               /* User name is not specified, use current user.  */
 214 +               while ((e = getpwuid_r(getuid(), &pwd, buf, bufsize, &res)) == ERANGE) {
 215 +                       if (!enlarge_buffer(&buf, &bufsize)) {
 216 +                               break;
 217 +                       }
 218 +               }
 219 +
 220 +               if (e != 0) {
 221 +                       RTE_LOG(ERR, EAL,"Failed to retrive current user's uid "
 222 +                               "(%s), aborting.", strerror(e));
 223 +                       goto release;
 224 +               }
 225 +               user_search = strdup(pwd.pw_name);
 226 +       }
 227 +
 228 +       if (uid)
 229 +               *uid = pwd.pw_uid;
 230 +
 231 +       free(buf);
 232 +       buf = NULL;
 233 +
 234 +       if (pos) {
 235 +               char *grpstr = pos + 1;
 236 +               grpstr += strspn(grpstr, " \t\r\n");
 237 +
 238 +               if (*grpstr) {
 239 +                       struct group grp, *res;
 240 +
 241 +                       bufsize = 4096;
 242 +                       buf = malloc(bufsize);
 243 +                       while ((e = getgrnam_r(grpstr, &grp, buf, bufsize, &res))
 244 +                                        == ERANGE) {
 245 +                               if (!enlarge_buffer(&buf, &bufsize)) {
 246 +                                       break;
 247 +                               }
 248 +                       }
 249 +
 250 +                       if (e) {
 251 +                               RTE_LOG(ERR, EAL,"Failed to get group entry for %s, "
 252 +                                       "(%s), aborting.", grpstr,
 253 +                                       strerror(e));
 254 +                               goto release;
 255 +                       }
 256 +                       if (res == NULL) {
 257 +                               RTE_LOG(ERR, EAL,"Group %s not found, aborting.",
 258 +                                       grpstr);
 259 +                               e = -1;
 260 +                               goto release;
 261 +                       }
 262 +
 263 +                       if (gid)
 264 +                               *gid = grp.gr_gid;
 265 +               }
 266 +       }
 267 +
 268 + release:
 269 +       free(buf);
 270 +       free(user_search);
 271 +       return e;
 272 +}
 273 +
 274 +static void
 275 +vhost_set_permissions(const char *vhost_sock_location)
 276 +{
 277 +       unsigned long int mode = strtoul(internal_config.vhost_sock_perm, NULL, 0);
 278 +       int err = chmod(vhost_sock_location, (mode_t)mode);
 279 +       if (err) {
 280 +               RTE_LOG(ERR, EAL,"vhost-user socket cannot set"
 281 +                       " permissions to %s (%s).\n",
 282 +                       internal_config.vhost_sock_perm, strerror(err));
 283 +               return;
 284 +       }
 285 +       RTE_LOG(INFO, EAL,"Socket %s changed permissions"
 286 +                       " to %s\n", vhost_sock_location,
 287 +                       internal_config.vhost_sock_perm);
 288 +}
 289 +
 290 +static void
 291 +vhost_set_ownership(const char *vhost_sock_location)
 292 +{
 293 +       uid_t vhuid=0;
 294 +       gid_t vhgid=0;
 295 +
 296 +       if (get_owners_from_str(internal_config.vhost_sock_owner, &vhuid, &vhgid)) {
 297 +               RTE_LOG(ERR, EAL,"vhost-user socket unable to get"
 298 +                       " specified user/group: %s\n",
 299 +                       internal_config.vhost_sock_owner);
 300 +               return;
 301 +       }
 302 +
 303 +       int err = chown(vhost_sock_location, vhuid, vhgid);
 304 +       if (err) {
 305 +               RTE_LOG(ERR, EAL,"vhost-user socket unable to set"
 306 +                       " ownership to %s (%s).\n",
 307 +                       internal_config.vhost_sock_owner, strerror(err));
 308 +               return;
 309 +       }
 310 +
 311 +       RTE_LOG(INFO, EAL,"Socket %s changed ownership"
 312 +                       " to %s.\n", vhost_sock_location,
 313 +                       internal_config.vhost_sock_owner);
 314 +}
 315 +
 316 +void
 317 +rte_eal_set_socket_permissions(const char *path)
 318 +{
 319 +       if (internal_config.vhost_sock_perm) {
 320 +               vhost_set_permissions(path);
 321 +       }
 322 +
 323 +       if (internal_config.vhost_sock_owner) {
 324 +               vhost_set_ownership(path);
 325 +       }
 326 +}
 327 --- a/lib/librte_eal/linuxapp/eal/rte_eal_version.map
 328 +++ b/lib/librte_eal/linuxapp/eal/rte_eal_version.map
 329 @@ -139,6 +139,7 @@
 330         rte_keepalive_register_core;
 331         rte_xen_dom0_supported;
 332         rte_xen_mem_phy2mch;
 333 +       rte_eal_set_socket_permissions;
 334
 335  } DPDK_2.1;
 336
 337 --- a/lib/librte_vhost/socket.c
 338 +++ b/lib/librte_vhost/socket.c
 339 @@ -78,6 +78,8 @@
 340         pthread_mutex_t mutex;
 341  };
 342
 343 +#include <rte_eal.h>
 344 +
 345  #define MAX_VIRTIO_BACKLOG 128
 346
 347  static void vhost_user_server_new_connection(int fd, void *data, int *remove);
 348 @@ -519,6 +521,7 @@
 349                 vsocket->is_server = true;
 350                 ret = vhost_user_create_server(vsocket);
 351         }
 352 +    rte_eal_set_socket_permissions(path);
 353         if (ret < 0) {
 354                 free(vsocket->path);
 355                 free(vsocket);