[ovs-dev] Revert "ovs-lib: Try to call exit before killing."
Ilya Maximets
i.maximets at samsung.com
Tue Feb 2 04:58:32 UTC 2016
On 01.02.2016 21:31, Ben Pfaff wrote:
> On Mon, Feb 01, 2016 at 10:24:29AM +0300, Ilya Maximets wrote:
>> On 29.01.2016 22:02, Guru Shetty wrote:
>>> This reverts commit 9b5422a98f817b9f2a1f8224cab7e1a8d0bbba1f.
>>>
>>> Reason:
>>> Calling 'ovs-appctl exit' on ovs-vswitchd will cause ovs-vswitchd
>>> to destroy all the ports from the datapath. This is an unacceptable
>>> behavior while restarting the daemons.
>>
>> Killing is more unacceptable here, because ovs with vhost-user port will
>> not be able to open this port anymore.
>
> I think that this patch fixes that problem:
>
> diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c
> index 09ccc2c..e7e46eb 100644
> --- a/lib/netdev-dpdk.c
> +++ b/lib/netdev-dpdk.c
> @@ -683,6 +683,10 @@ netdev_dpdk_vhost_user_construct(struct netdev *netdev_)
> */
> snprintf(netdev->vhost_id, sizeof(netdev->vhost_id), "%s/%s",
> vhost_sock_dir, netdev_->name);
> + if (unlink(netdev->vhost_id) && errno != ENOENT) {
> + VLOG_WARN("unlinking \"%s\": %s",
> + netdev->vhost_id, ovs_strerror(errno));
> + }
> err = rte_vhost_driver_register(netdev->vhost_id);
> if (err) {
> VLOG_ERR("vhost-user socket device setup failure for socket %s\n",
This introduces a huge security hole which provides escalation of privileges
from 'user who can only write to ovsdb' to 'user who can unlink any file
in a system'.
>
> It's pretty much necessary anyway. If you build your software so that
> killing it with a signal breaks it until manual intervention or reboot,
> then the software is too brittle to use in real production environments.
>
More information about the dev
mailing list