On Tue, Feb 02, 2016 at 07:58:32AM +0300, Ilya Maximets wrote:
> On 01.02.2016 21:31, Ben Pfaff wrote:
> > On Mon, Feb 01, 2016 at 10:24:29AM +0300, Ilya Maximets wrote:
> >> On 29.01.2016 22:02, Guru Shetty wrote:
> >>> This reverts commit 9b5422a98f817b9f2a1f8224cab7e1a8d0bbba1f.
> >>>
> >>> Reason:
> >>> Calling 'ovs-appctl exit' on ovs-vswitchd will cause ovs-vswitchd
> >>> to destroy all the ports from the datapath. This is an unacceptable
> >>> behavior while restarting the daemons.
> >>
> >> Killing is more unacceptable here, because ovs with vhost-user port will
> >> not be able to open this port anymore.
> >
> > I think that this patch fixes that problem:
> >
> > diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
> > index 09ccc2c..e7e46eb 100644
> > --- a/lib/netdev-dpdk.c
> > +++ b/lib/netdev-dpdk.c
> > @@ -683,6 +683,10 @@ netdev_dpdk_vhost_user_construct(struct netdev
> > *netdev_)
> > */
> > snprintf(netdev->vhost_id, sizeof(netdev->vhost_id), "%s/%s",
> > vhost_sock_dir, netdev_->name);
> > + if (unlink(netdev->vhost_id) && errno != ENOENT) {
> > + VLOG_WARN("unlinking \"%s\": %s",
> > + netdev->vhost_id, ovs_strerror(errno));
> > + }
> > err = rte_vhost_driver_register(netdev->vhost_id);
> > if (err) {
> > VLOG_ERR("vhost-user socket device setup failure for socket %s\n",
>
> This introduces a huge security hole which provides escalation of privileges
> from 'user who can only write to ovsdb' to 'user who can unlink any file
> in a system'.
Then you need to validate that the socket is in a directory reserved for
sockets, like other parts of OVS do.
Seriously it's not acceptable to have OVS break if you kill it and
restart it. That's just crappy, lazy programming. Figure out a way to
fix it.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
