Re: [SPDK] re-init spdk process

Re: [SPDK] re-init spdk process

[Nabarro, Tom]

[-- Attachment #1: Type: text/plain, Size: 3608 bytes --]

Thanks for the reply

Apologies but we spawn rather than fork the process (golang os.StartProcess https://golang.org/pkg/os/#StartProcess . Spawned processes start as spdk secondary processes as behave as expected.

After setu/gid, we lose the ability to access devices or init secondary spawned processes presumably because the scripts/setup.sh was run for the original u/gid? I had thought we would need a way to d/re-init spdk in the process but maybe we can just rerun the script with the new user? This didn't work after a quick attempt but I can look into it further.

Regards,
Tom Nabarro - DCG/ESAD
M: +44 (0)7786 260986
Skype: tom.nabarro

-----Original Message-----
From: SPDK [mailto:spdk-bounces(a)lists.01.org] On Behalf Of Walker, Benjamin
Sent: Wednesday, June 5, 2019 5:49 PM
To: spdk(a)lists.01.org
Subject: Re: [SPDK] re-init spdk process

On Wed, 2019-06-05 at 12:24 +0000, Nabarro, Tom wrote:
> Apologies sent prematurely, this is the full e-mail
> 
> I am working on an application that has the following behaviour
> - starts running as a highly privileged user and inits/uses spdk
> - drops privileges by calling setuid/setgid to a less privileged 
> predefined user/group after user action
> - then needs to run spdk in primary mode and fork processes running 
> spdk in secondary mode

The real challenge here isn't the different privilege levels, but rather the
fork() operation. I'm not at all confident that DPDK's memory allocator and other internal data structures can be forked safely. It seems like you may be simply re-initializing all of SPDK/DPDK inside the fork and ignoring any previous initialization from the parent (which is smart), but I'm still concerned about lingering globals and such, as well as resource leaks.

Is the fork() operation critical to the functionality in your application? Could you spawn a new top-level process instead? That would be a lot easier to reason about.

Thanks,
Ben


> It seems that I need to re-init spdk after setuid and so my question 
> is, how do I deregister spdk (opposite of spdk_env_init?) within the 
> process before changing ownership so that I can call spdk_env_init 
> after (and probably also need to run spdk/scripts/setup.sh with new user).
> 
> Any advice including alternative approaches welcome. Thanks in advance.
> Tom
> 
> ---------------------------------------------------------------------
> Intel Corporation (UK) Limited
> Registered No. 1134945 (England)
> Registered Office: Pipers Way, Swindon SN3 1RJ VAT No: 860 2173 47
> 
> This e-mail and any attachments may contain confidential material for 
> the sole use of the intended recipient(s). Any review or distribution 
> by others is strictly prohibited. If you are not the intended 
> recipient, please contact the sender and delete all copies.
> _______________________________________________
> SPDK mailing list
> SPDK(a)lists.01.org
> https://lists.01.org/mailman/listinfo/spdk

_______________________________________________
SPDK mailing list
SPDK(a)lists.01.org
https://lists.01.org/mailman/listinfo/spdk
---------------------------------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

Re: [SPDK] re-init spdk process

[Walker, Benjamin]

[-- Attachment #1: Type: text/plain, Size: 2125 bytes --]

On Wed, 2019-06-05 at 12:24 +0000, Nabarro, Tom wrote:
> Apologies sent prematurely, this is the full e-mail
> 
> I am working on an application that has the following behaviour
> - starts running as a highly privileged user and inits/uses spdk
> - drops privileges by calling setuid/setgid to a less privileged predefined
> user/group after user action
> - then needs to run spdk in primary mode and fork processes running spdk in
> secondary mode

The real challenge here isn't the different privilege levels, but rather the
fork() operation. I'm not at all confident that DPDK's memory allocator and
other internal data structures can be forked safely. It seems like you may be
simply re-initializing all of SPDK/DPDK inside the fork and ignoring any
previous initialization from the parent (which is smart), but I'm still
concerned about lingering globals and such, as well as resource leaks.

Is the fork() operation critical to the functionality in your application? Could
you spawn a new top-level process instead? That would be a lot easier to reason
about.

Thanks,
Ben


> It seems that I need to re-init spdk after setuid and so my question is, how
> do I deregister spdk (opposite of spdk_env_init?) within the process before
> changing ownership so that I can call spdk_env_init after (and probably also
> need to run spdk/scripts/setup.sh with new user).
> 
> Any advice including alternative approaches welcome. Thanks in advance.
> Tom
> 
> ---------------------------------------------------------------------
> Intel Corporation (UK) Limited
> Registered No. 1134945 (England)
> Registered Office: Pipers Way, Swindon SN3 1RJ
> VAT No: 860 2173 47
> 
> This e-mail and any attachments may contain confidential material for
> the sole use of the intended recipient(s). Any review or distribution
> by others is strictly prohibited. If you are not the intended
> recipient, please contact the sender and delete all copies.
> _______________________________________________
> SPDK mailing list
> SPDK(a)lists.01.org
> https://lists.01.org/mailman/listinfo/spdk

Re: [SPDK] re-init spdk process

[Nabarro, Tom]

[-- Attachment #1: Type: text/plain, Size: 1223 bytes --]

Apologies sent prematurely, this is the full e-mail

I am working on an application that has the following behaviour
- starts running as a highly privileged user and inits/uses spdk
- drops privileges by calling setuid/setgid to a less privileged predefined user/group after user action
- then needs to run spdk in primary mode and fork processes running spdk in secondary mode

It seems that I need to re-init spdk after setuid and so my question is, how do I deregister spdk (opposite of spdk_env_init?) within the process before changing ownership so that I can call spdk_env_init after (and probably also need to run spdk/scripts/setup.sh with new user).

Any advice including alternative approaches welcome. Thanks in advance.
Tom

---------------------------------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.

[SPDK] re-init spdk process

[Nabarro, Tom]

[-- Attachment #1: Type: text/plain, Size: 923 bytes --]

I am working on an application that has the following behaviour
- starts running as a highly privileged user and inits/uses spdk
- drops privileges by calling setuid/setgid to a less privileged predefined user/group after user action
1,
Best regards,
Tom Nabarro BEng (hons)
Extreme Storage Architecture & Development
Intel Corporation
E: tom.nabarro(a)intel.com<mailto:tom.nabarro(a)intel.com>
M: +44 (0)7786 260986
Skype: tom.nabarro

---------------------------------------------------------------------
Intel Corporation (UK) Limited
Registered No. 1134945 (England)
Registered Office: Pipers Way, Swindon SN3 1RJ
VAT No: 860 2173 47

This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.