[dpdk-dev] [PATCH 1/2] eal/windows: Add needed calls to detect vdev PMD

Ranjit Menon ranjit.menon at intel.com
Tue Jul 7 20:04:34 CEST 2020

Previous message: [dpdk-dev] [PATCH 1/2] eal/windows: Add needed calls to detect vdev PMD
Next message: [dpdk-dev] [PATCH v4 1/3] eal: adjust barriers for IO on Armv8-a
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 7/7/2020 1:39 AM, Dmitry Kozlyuk wrote:
> On Tue, 7 Jul 2020 08:04:00 +0000, Tal Shnaiderman wrote:
>> Dmitry, It looks like we got to this stage since hugepage_claim_privilege() cannot actually detect that "Lock pages" isn't granted to the current user, as a result we fail on the first usage of a memory management call [in this case rte_calloc()] without indication to the reason.
>>
>> Is it possible to add an actual check that the current user is in the list of grantees?
> Thanks, I'll look into it.
>   
>> Alternatively, It would be great to have this privilege added programmatically, I tried the MSDN example in [2] but it didn't work for me while testing, maybe Microsoft team can check if there is a way to do it?
> I don't think it's a good idea from security perspective if an application
> grants its user new privileges implicitly. Process with SeLockMemory
> privilege can affect overall system performance and stability.

I agree. This is something we forbid, when we do security reviews for 
our other products here inside Intel.

Best to have the user explicitly acquire this privilege.


ranjit m.

Previous message: [dpdk-dev] [PATCH 1/2] eal/windows: Add needed calls to detect vdev PMD
Next message: [dpdk-dev] [PATCH v4 1/3] eal: adjust barriers for IO on Armv8-a
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list