From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephen Hemminger <stephen@networkplumber.org>
Subject: Re: [PATCH v4 0/2] Add support for driver directories
Date: Wed, 2 Dec 2015 18:07:02 -0800
Message-ID: <20151202180702.784048ca@xeon-e3>
References: <cover.1444996152.git.pmatilai@redhat.com>
 <cover.1447165351.git.pmatilai@redhat.com>
 <CALwxeUuMwyE+xsLxkc07f=Dw_ind5jxTuYhxRSOUWNWj7hLPCQ@mail.gmail.com>
 <5394034.PY3UYPlQag@xps13>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: dev@dpdk.org
To: Thomas Monjalon <thomas.monjalon@6wind.com>
Return-path: <dev-bounces@dpdk.org>
Received: from mail-pa0-f52.google.com (mail-pa0-f52.google.com
 [209.85.220.52]) by dpdk.org (Postfix) with ESMTP id 8FC9158DB
 for <dev@dpdk.org>; Thu,  3 Dec 2015 03:06:53 +0100 (CET)
Received: by pacdm15 with SMTP id dm15so56891540pac.3
 for <dev@dpdk.org>; Wed, 02 Dec 2015 18:06:53 -0800 (PST)
In-Reply-To: <5394034.PY3UYPlQag@xps13>
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

On Thu, 12 Nov 2015 16:52:32 +0100
Thomas Monjalon <thomas.monjalon@6wind.com> wrote:

> > > This mini-series adds support for driver directory concept
> > > based on idea by Thomas Monjalon back in February:
> > > http://dpdk.org/ml/archives/dev/2015-February/013285.html
> > >
> > > In the process FreeBSD also gains plugin support (but untested).
> > >
> > > v4: - introduce error-early behavior for invalid plugin paths
> > >     - support directories via the existing -d option instead of adding new
> > >
> > > v3: - merge the first commits
> > >
> > > v2: - move code to eal/common
> > >     - add bsd support
> > >
> > > Panu Matilainen (2):
> > >   eal: move plugin loading to eal/common
> > >   eal: add support for driver directory concept
> > 
> > 
> > checkpatch complains for some indent problem (Thomas, can you fix this ?),
> > but the rest looks good to me.
> > 
> > Acked-by: David Marchand <david.marchand@6wind.com>
> > 
> > Thanks Panu.
> 
> Applied, thanks

This patch introduces a new issue reported by Coverity.

The root cause of the problem is that you are checking that it s a directory first with stat
then calling dlopen(). I malicious entity could get between the stat and the dlopen.

In this case the desire to handle both file name and directory is getting in the way.
It really should just only take a directory now, or have two different config options
in a method similar to other subsystems (look at /etc/xxx vs /etc/xxx.d as standard practice).

________________________________________________________________________________________________________
*** CID 120151:  Security best practices violations  (TOCTOU)
/lib/librte_eal/common/eal_common_options.c: 232 in eal_plugins_init()
226     					solib->name);
227     				return -1;
228     			}
229     		} else {
230     			RTE_LOG(DEBUG, EAL, "open shared lib %s\n",
231     				solib->name);
>>>     CID 120151:  Security best practices violations  (TOCTOU)
>>>     Calling function "dlopen" that uses "solib->name" after a check function. This can cause a time-of-check, time-of-use race condition.  
232     			solib->lib_handle = dlopen(solib->name, RTLD_NOW);
233     			if (solib->lib_handle == NULL) {
234     				RTE_LOG(ERR, EAL, "%s\n", dlerror());
235     				return -1;
236     			}
237     		}