* [dpdk-dev] [PATCH 0/2] Using virtio ethdev ports as non-root @ 2019-10-17 11:56 David Marchand 2019-10-17 11:56 ` [dpdk-dev] [PATCH 1/2] bus/pci: check IO permissions for UIO only David Marchand ` (3 more replies) 0 siblings, 4 replies; 16+ messages in thread From: David Marchand @ 2019-10-17 11:56 UTC (permalink / raw) To: dev Here are two little changes to be able to run testpmd as non-root with virtio ports in a guest. This requires a functional vIOMMU (the main pain parts being writing a Q35 machine configuration in qemu for x86 guests). No change since the RFC, I just did not find the time to describe the full setup (Q35 x86 machine config + permissions on /dev/hugepages and /dev/vfio in the guest). Comments? -- David Marchand David Marchand (2): bus/pci: check IO permissions for UIO only net/virtio: do not require IO permissions drivers/bus/pci/bsd/pci.c | 5 +++++ drivers/bus/pci/linux/pci.c | 10 ++++++++++ drivers/net/virtio/virtio_ethdev.c | 8 ++------ 3 files changed, 17 insertions(+), 6 deletions(-) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH 1/2] bus/pci: check IO permissions for UIO only 2019-10-17 11:56 [dpdk-dev] [PATCH 0/2] Using virtio ethdev ports as non-root David Marchand @ 2019-10-17 11:56 ` David Marchand 2019-10-17 11:56 ` [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions David Marchand ` (2 subsequent siblings) 3 siblings, 0 replies; 16+ messages in thread From: David Marchand @ 2019-10-17 11:56 UTC (permalink / raw) To: dev On x86, calling inb/outb special instructions (used in uio ioport read/write parts) is only possible if the right IO permissions has been granted. The only user of this API (the net/virtio pmd) checks this unconditionnaly but this should be hidden by the rte_pci_ioport API itself and only checked when the device is bound to a UIO driver. Signed-off-by: David Marchand <david.marchand@redhat.com> --- drivers/bus/pci/bsd/pci.c | 5 +++++ drivers/bus/pci/linux/pci.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/drivers/bus/pci/bsd/pci.c b/drivers/bus/pci/bsd/pci.c index 7777179..0575adc 100644 --- a/drivers/bus/pci/bsd/pci.c +++ b/drivers/bus/pci/bsd/pci.c @@ -539,6 +539,11 @@ rte_pci_ioport_map(struct rte_pci_device *dev, int bar, switch (dev->kdrv) { #if defined(RTE_ARCH_X86) case RTE_KDRV_NIC_UIO: + if (rte_eal_iopl_init() != 0) { + RTE_LOG(DEBUG, EAL, "%s(): cannot gain io permissions\n", + __func__); + return -1; + } if ((uintptr_t) dev->mem_resource[bar].addr <= UINT16_MAX) { p->base = (uintptr_t)dev->mem_resource[bar].addr; ret = 0; diff --git a/drivers/bus/pci/linux/pci.c b/drivers/bus/pci/linux/pci.c index 318db19..cd4b996 100644 --- a/drivers/bus/pci/linux/pci.c +++ b/drivers/bus/pci/linux/pci.c @@ -661,6 +661,12 @@ pci_ioport_map(struct rte_pci_device *dev, int bar __rte_unused, dev->addr.domain, dev->addr.bus, dev->addr.devid, dev->addr.function); + if (rte_eal_iopl_init() != 0) { + RTE_LOG(DEBUG, EAL, "%s(): cannot gain io permissions\n", + __func__); + return -1; + } + fp = fopen("/proc/ioports", "r"); if (fp == NULL) { RTE_LOG(ERR, EAL, "%s(): can't open ioports\n", __func__); @@ -718,7 +724,11 @@ rte_pci_ioport_map(struct rte_pci_device *dev, int bar, break; #endif case RTE_KDRV_IGB_UIO: +#if defined(RTE_ARCH_X86) + ret = pci_ioport_map(dev, bar, p); +#else ret = pci_uio_ioport_map(dev, bar, p); +#endif break; case RTE_KDRV_UIO_GENERIC: #if defined(RTE_ARCH_X86) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions 2019-10-17 11:56 [dpdk-dev] [PATCH 0/2] Using virtio ethdev ports as non-root David Marchand 2019-10-17 11:56 ` [dpdk-dev] [PATCH 1/2] bus/pci: check IO permissions for UIO only David Marchand @ 2019-10-17 11:56 ` David Marchand 2019-10-18 8:16 ` Tiwei Bie 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root David Marchand 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 " David Marchand 3 siblings, 1 reply; 16+ messages in thread From: David Marchand @ 2019-10-17 11:56 UTC (permalink / raw) To: dev; +Cc: Maxime Coquelin, Tiwei Bie, Zhihong Wang On x86, iopl permissions are only needed when the virtio devices are bound to a uio kernel module. When running a dpdk application as non root, the virtio driver was refusing to register because of this check while it could work when binding the device to vfio (requires to have a vIOMMU configured). We still need to call rte_eal_iopl_init() in the constructor so that the interrupt thread would inherit this permission in the case it could be used with UIO later. Log a warning message for the user to understand what is wrong. Signed-off-by: David Marchand <david.marchand@redhat.com> --- drivers/net/virtio/virtio_ethdev.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/net/virtio/virtio_ethdev.c b/drivers/net/virtio/virtio_ethdev.c index 7261109..3506ca0 100644 --- a/drivers/net/virtio/virtio_ethdev.c +++ b/drivers/net/virtio/virtio_ethdev.c @@ -1995,11 +1995,6 @@ exit: static int eth_virtio_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, struct rte_pci_device *pci_dev) { - if (rte_eal_iopl_init() != 0) { - PMD_INIT_LOG(ERR, "IOPL call failed - cannot use virtio PMD"); - return 1; - } - /* virtio pmd skips probe if device needs to work in vdpa mode */ if (vdpa_mode_selected(pci_dev->device.devargs)) return 1; @@ -2031,7 +2026,8 @@ static struct rte_pci_driver rte_virtio_pmd = { RTE_INIT(rte_virtio_pmd_init) { - rte_eal_iopl_init(); + if (rte_eal_iopl_init() != 0) + PMD_INIT_LOG(WARNING, "IOPL call failed - virtio devices won't be functional if bound to UIO drivers"); rte_pci_register(&rte_virtio_pmd); } -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions 2019-10-17 11:56 ` [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions David Marchand @ 2019-10-18 8:16 ` Tiwei Bie 2019-10-18 8:33 ` David Marchand 0 siblings, 1 reply; 16+ messages in thread From: Tiwei Bie @ 2019-10-18 8:16 UTC (permalink / raw) To: David Marchand; +Cc: dev, Maxime Coquelin, Zhihong Wang On Thu, Oct 17, 2019 at 01:56:28PM +0200, David Marchand wrote: > On x86, iopl permissions are only needed when the virtio devices are > bound to a uio kernel module. > > When running a dpdk application as non root, the virtio driver was > refusing to register because of this check while it could work when > binding the device to vfio (requires to have a vIOMMU configured). > > We still need to call rte_eal_iopl_init() in the constructor so that > the interrupt thread would inherit this permission in the case it could > be used with UIO later. > Log a warning message for the user to understand what is wrong. > > Signed-off-by: David Marchand <david.marchand@redhat.com> > --- > drivers/net/virtio/virtio_ethdev.c | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) > > diff --git a/drivers/net/virtio/virtio_ethdev.c b/drivers/net/virtio/virtio_ethdev.c > index 7261109..3506ca0 100644 > --- a/drivers/net/virtio/virtio_ethdev.c > +++ b/drivers/net/virtio/virtio_ethdev.c > @@ -1995,11 +1995,6 @@ exit: > static int eth_virtio_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, > struct rte_pci_device *pci_dev) > { > - if (rte_eal_iopl_init() != 0) { > - PMD_INIT_LOG(ERR, "IOPL call failed - cannot use virtio PMD"); > - return 1; > - } > - > /* virtio pmd skips probe if device needs to work in vdpa mode */ > if (vdpa_mode_selected(pci_dev->device.devargs)) > return 1; > @@ -2031,7 +2026,8 @@ static struct rte_pci_driver rte_virtio_pmd = { > > RTE_INIT(rte_virtio_pmd_init) > { > - rte_eal_iopl_init(); > + if (rte_eal_iopl_init() != 0) > + PMD_INIT_LOG(WARNING, "IOPL call failed - virtio devices won't be functional if bound to UIO drivers"); Basically this will undo what below commit did, i.e. annoying log will show again. https://github.com/DPDK/dpdk/commit/705dced4a72a1053368c84c4b68f04f028a78b30 Maybe it's better to print this error when we really need the port IO (legacy device): https://github.com/DPDK/dpdk/blob/31b798a6f08e9b333b94b8bb26910209aa810b73/drivers/net/virtio/virtio_pci.c#L679-L680 https://github.com/DPDK/dpdk/blob/31b798a6f08e9b333b94b8bb26910209aa810b73/drivers/net/virtio/virtio_ethdev.c#L1834-L1835 Thanks, Tiwei > rte_pci_register(&rte_virtio_pmd); > } > > -- > 1.8.3.1 > ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions 2019-10-18 8:16 ` Tiwei Bie @ 2019-10-18 8:33 ` David Marchand 2019-10-18 10:05 ` Tiwei Bie 0 siblings, 1 reply; 16+ messages in thread From: David Marchand @ 2019-10-18 8:33 UTC (permalink / raw) To: Tiwei Bie; +Cc: dev, Maxime Coquelin, Zhihong Wang On Fri, Oct 18, 2019 at 10:19 AM Tiwei Bie <tiwei.bie@intel.com> wrote: > > On Thu, Oct 17, 2019 at 01:56:28PM +0200, David Marchand wrote: > > On x86, iopl permissions are only needed when the virtio devices are > > bound to a uio kernel module. > > > > When running a dpdk application as non root, the virtio driver was > > refusing to register because of this check while it could work when > > binding the device to vfio (requires to have a vIOMMU configured). > > > > We still need to call rte_eal_iopl_init() in the constructor so that > > the interrupt thread would inherit this permission in the case it could > > be used with UIO later. > > Log a warning message for the user to understand what is wrong. > > > > Signed-off-by: David Marchand <david.marchand@redhat.com> > > --- > > drivers/net/virtio/virtio_ethdev.c | 8 ++------ > > 1 file changed, 2 insertions(+), 6 deletions(-) > > > > diff --git a/drivers/net/virtio/virtio_ethdev.c b/drivers/net/virtio/virtio_ethdev.c > > index 7261109..3506ca0 100644 > > --- a/drivers/net/virtio/virtio_ethdev.c > > +++ b/drivers/net/virtio/virtio_ethdev.c > > @@ -1995,11 +1995,6 @@ exit: > > static int eth_virtio_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, > > struct rte_pci_device *pci_dev) > > { > > - if (rte_eal_iopl_init() != 0) { > > - PMD_INIT_LOG(ERR, "IOPL call failed - cannot use virtio PMD"); > > - return 1; > > - } > > - > > /* virtio pmd skips probe if device needs to work in vdpa mode */ > > if (vdpa_mode_selected(pci_dev->device.devargs)) > > return 1; > > @@ -2031,7 +2026,8 @@ static struct rte_pci_driver rte_virtio_pmd = { > > > > RTE_INIT(rte_virtio_pmd_init) > > { > > - rte_eal_iopl_init(); > > + if (rte_eal_iopl_init() != 0) > > + PMD_INIT_LOG(WARNING, "IOPL call failed - virtio devices won't be functional if bound to UIO drivers"); > > Basically this will undo what below commit did, i.e. > annoying log will show again. > > https://github.com/DPDK/dpdk/commit/705dced4a72a1053368c84c4b68f04f028a78b30 Yes.. true. I wanted to keep a trace for debug, so maybe lower this to debug level, or just drop this message. > > Maybe it's better to print this error when we really > need the port IO (legacy device): virtio calls rte_pci_ioport_map, so I suppose we can change the log level to ERR in the first patch of this series: http://patchwork.dpdk.org/patch/61370/ And I suppose I could add some context in this log, like the device name. > > https://github.com/DPDK/dpdk/blob/31b798a6f08e9b333b94b8bb26910209aa810b73/drivers/net/virtio/virtio_pci.c#L679-L680 > https://github.com/DPDK/dpdk/blob/31b798a6f08e9b333b94b8bb26910209aa810b73/drivers/net/virtio/virtio_ethdev.c#L1834-L1835 -- David Marchand ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions 2019-10-18 8:33 ` David Marchand @ 2019-10-18 10:05 ` Tiwei Bie 0 siblings, 0 replies; 16+ messages in thread From: Tiwei Bie @ 2019-10-18 10:05 UTC (permalink / raw) To: David Marchand; +Cc: dev, Maxime Coquelin, Zhihong Wang On Fri, Oct 18, 2019 at 10:33:47AM +0200, David Marchand wrote: > On Fri, Oct 18, 2019 at 10:19 AM Tiwei Bie <tiwei.bie@intel.com> wrote: > > On Thu, Oct 17, 2019 at 01:56:28PM +0200, David Marchand wrote: > > > On x86, iopl permissions are only needed when the virtio devices are > > > bound to a uio kernel module. > > > > > > When running a dpdk application as non root, the virtio driver was > > > refusing to register because of this check while it could work when > > > binding the device to vfio (requires to have a vIOMMU configured). > > > > > > We still need to call rte_eal_iopl_init() in the constructor so that > > > the interrupt thread would inherit this permission in the case it could > > > be used with UIO later. > > > Log a warning message for the user to understand what is wrong. > > > > > > Signed-off-by: David Marchand <david.marchand@redhat.com> > > > --- > > > drivers/net/virtio/virtio_ethdev.c | 8 ++------ > > > 1 file changed, 2 insertions(+), 6 deletions(-) > > > > > > diff --git a/drivers/net/virtio/virtio_ethdev.c b/drivers/net/virtio/virtio_ethdev.c > > > index 7261109..3506ca0 100644 > > > --- a/drivers/net/virtio/virtio_ethdev.c > > > +++ b/drivers/net/virtio/virtio_ethdev.c > > > @@ -1995,11 +1995,6 @@ exit: > > > static int eth_virtio_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, > > > struct rte_pci_device *pci_dev) > > > { > > > - if (rte_eal_iopl_init() != 0) { > > > - PMD_INIT_LOG(ERR, "IOPL call failed - cannot use virtio PMD"); > > > - return 1; > > > - } > > > - > > > /* virtio pmd skips probe if device needs to work in vdpa mode */ > > > if (vdpa_mode_selected(pci_dev->device.devargs)) > > > return 1; > > > @@ -2031,7 +2026,8 @@ static struct rte_pci_driver rte_virtio_pmd = { > > > > > > RTE_INIT(rte_virtio_pmd_init) > > > { > > > - rte_eal_iopl_init(); > > > + if (rte_eal_iopl_init() != 0) > > > + PMD_INIT_LOG(WARNING, "IOPL call failed - virtio devices won't be functional if bound to UIO drivers"); > > > > Basically this will undo what below commit did, i.e. > > annoying log will show again. > > > > https://github.com/DPDK/dpdk/commit/705dced4a72a1053368c84c4b68f04f028a78b30 > > Yes.. true. > I wanted to keep a trace for debug, so maybe lower this to debug > level, or just drop this message. > > > > > > Maybe it's better to print this error when we really > > need the port IO (legacy device): > > virtio calls rte_pci_ioport_map, so I suppose we can change the log > level to ERR in the first patch of this series: > http://patchwork.dpdk.org/patch/61370/ > > And I suppose I could add some context in this log, like the device name. Sounds like a good idea to me. Thanks, Tiwei > > > > > https://github.com/DPDK/dpdk/blob/31b798a6f08e9b333b94b8bb26910209aa810b73/drivers/net/virtio/virtio_pci.c#L679-L680 > > https://github.com/DPDK/dpdk/blob/31b798a6f08e9b333b94b8bb26910209aa810b73/drivers/net/virtio/virtio_ethdev.c#L1834-L1835 > > > -- > David Marchand ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root 2019-10-17 11:56 [dpdk-dev] [PATCH 0/2] Using virtio ethdev ports as non-root David Marchand 2019-10-17 11:56 ` [dpdk-dev] [PATCH 1/2] bus/pci: check IO permissions for UIO only David Marchand 2019-10-17 11:56 ` [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions David Marchand @ 2019-10-20 12:29 ` David Marchand 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 1/2] bus/pci: check IO permissions for UIO only David Marchand ` (2 more replies) 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 " David Marchand 3 siblings, 3 replies; 16+ messages in thread From: David Marchand @ 2019-10-20 12:29 UTC (permalink / raw) To: dev Here are two little changes to be able to run testpmd as non-root with virtio ports in a guest. This requires a functional vIOMMU (the main pain parts being writing a Q35 machine configuration in qemu for x86 guests). No major change since the RFC, I just did not find the time to describe the full setup (Q35 x86 machine config + permissions on /dev/hugepages and /dev/vfio in the guest + ulimit -l unlimited). -- David Marchand David Marchand (2): bus/pci: check IO permissions for UIO only net/virtio: do not require IO permissions drivers/bus/pci/bsd/pci.c | 5 +++++ drivers/bus/pci/linux/pci.c | 10 ++++++++++ drivers/net/virtio/virtio_ethdev.c | 5 ----- 3 files changed, 15 insertions(+), 5 deletions(-) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v2 1/2] bus/pci: check IO permissions for UIO only 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root David Marchand @ 2019-10-20 12:29 ` David Marchand 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 2/2] net/virtio: do not require IO permissions David Marchand 2019-10-21 13:10 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root Maxime Coquelin 2 siblings, 0 replies; 16+ messages in thread From: David Marchand @ 2019-10-20 12:29 UTC (permalink / raw) To: dev On x86, calling inb/outb special instructions (used in UIO ioport read/write parts) is only possible if the right IO permissions has been granted. The only user of this API (the net/virtio pmd) checks this unconditionnaly but this should be hidden by the rte_pci_ioport API itself and only checked when the device is bound to a UIO driver. Signed-off-by: David Marchand <david.marchand@redhat.com> --- Changelog since v1: - change log message level from DEBUG to ERR, - add device name in log message, --- drivers/bus/pci/bsd/pci.c | 5 +++++ drivers/bus/pci/linux/pci.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/drivers/bus/pci/bsd/pci.c b/drivers/bus/pci/bsd/pci.c index 7777179..ebbfeb1 100644 --- a/drivers/bus/pci/bsd/pci.c +++ b/drivers/bus/pci/bsd/pci.c @@ -539,6 +539,11 @@ rte_pci_ioport_map(struct rte_pci_device *dev, int bar, switch (dev->kdrv) { #if defined(RTE_ARCH_X86) case RTE_KDRV_NIC_UIO: + if (rte_eal_iopl_init() != 0) { + RTE_LOG(ERR, EAL, "%s(): insufficient ioport permissions for PCI device %s\n", + __func__, dev->name); + return -1; + } if ((uintptr_t) dev->mem_resource[bar].addr <= UINT16_MAX) { p->base = (uintptr_t)dev->mem_resource[bar].addr; ret = 0; diff --git a/drivers/bus/pci/linux/pci.c b/drivers/bus/pci/linux/pci.c index 318db19..7b46fe1 100644 --- a/drivers/bus/pci/linux/pci.c +++ b/drivers/bus/pci/linux/pci.c @@ -661,6 +661,12 @@ pci_ioport_map(struct rte_pci_device *dev, int bar __rte_unused, dev->addr.domain, dev->addr.bus, dev->addr.devid, dev->addr.function); + if (rte_eal_iopl_init() != 0) { + RTE_LOG(ERR, EAL, "%s(): insufficient ioport permissions for PCI device %s\n", + __func__, dev->name); + return -1; + } + fp = fopen("/proc/ioports", "r"); if (fp == NULL) { RTE_LOG(ERR, EAL, "%s(): can't open ioports\n", __func__); @@ -718,7 +724,11 @@ rte_pci_ioport_map(struct rte_pci_device *dev, int bar, break; #endif case RTE_KDRV_IGB_UIO: +#if defined(RTE_ARCH_X86) + ret = pci_ioport_map(dev, bar, p); +#else ret = pci_uio_ioport_map(dev, bar, p); +#endif break; case RTE_KDRV_UIO_GENERIC: #if defined(RTE_ARCH_X86) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v2 2/2] net/virtio: do not require IO permissions 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root David Marchand 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 1/2] bus/pci: check IO permissions for UIO only David Marchand @ 2019-10-20 12:29 ` David Marchand 2019-10-21 13:10 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root Maxime Coquelin 2 siblings, 0 replies; 16+ messages in thread From: David Marchand @ 2019-10-20 12:29 UTC (permalink / raw) To: dev; +Cc: Maxime Coquelin, Tiwei Bie, Zhihong Wang On x86, iopl permissions are only available to root user (or users that have the CAP_SYS_RAWIO capability). But those permissions are only needed when the virtio devices accesses are done with inb/outb instructions, which is when the device is bound to a UIO kernel module. So far, the virtio driver was refusing to register based on the check on IO permissions. This check does not make sense when binding the device to vfio. Now that the check on IO permissions has been abstracted in the ioport API, we can remove it on virtio side. We still need to call rte_eal_iopl_init() in the virtio constructor so that the interrupt thread inherits this permission in the case it could be used with UIO later. Signed-off-by: David Marchand <david.marchand@redhat.com> --- Changelog since v1: - remove log message in constructor (thanks Tiwei), - reword commit log, --- drivers/net/virtio/virtio_ethdev.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/net/virtio/virtio_ethdev.c b/drivers/net/virtio/virtio_ethdev.c index 7261109..0a2ed2e 100644 --- a/drivers/net/virtio/virtio_ethdev.c +++ b/drivers/net/virtio/virtio_ethdev.c @@ -1995,11 +1995,6 @@ exit: static int eth_virtio_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, struct rte_pci_device *pci_dev) { - if (rte_eal_iopl_init() != 0) { - PMD_INIT_LOG(ERR, "IOPL call failed - cannot use virtio PMD"); - return 1; - } - /* virtio pmd skips probe if device needs to work in vdpa mode */ if (vdpa_mode_selected(pci_dev->device.devargs)) return 1; -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root David Marchand 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 1/2] bus/pci: check IO permissions for UIO only David Marchand 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 2/2] net/virtio: do not require IO permissions David Marchand @ 2019-10-21 13:10 ` Maxime Coquelin 2 siblings, 0 replies; 16+ messages in thread From: Maxime Coquelin @ 2019-10-21 13:10 UTC (permalink / raw) To: David Marchand, dev On 10/20/19 2:29 PM, David Marchand wrote: > Here are two little changes to be able to run testpmd as non-root with > virtio ports in a guest. > This requires a functional vIOMMU (the main pain parts being writing a > Q35 machine configuration in qemu for x86 guests). > > No major change since the RFC, I just did not find the time to describe > the full setup (Q35 x86 machine config + permissions on /dev/hugepages > and /dev/vfio in the guest + ulimit -l unlimited). > For the series: Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Thanks, Maxime ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v3 0/2] Using virtio ethdev ports as non-root 2019-10-17 11:56 [dpdk-dev] [PATCH 0/2] Using virtio ethdev ports as non-root David Marchand ` (2 preceding siblings ...) 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root David Marchand @ 2019-10-22 8:21 ` David Marchand 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 1/2] bus/pci: check IO permissions for UIO only David Marchand ` (2 more replies) 3 siblings, 3 replies; 16+ messages in thread From: David Marchand @ 2019-10-22 8:21 UTC (permalink / raw) To: dev; +Cc: maxime.coquelin Here are two little changes to be able to run testpmd as non-root with virtio ports in a guest. This requires a functional vIOMMU (the main pain parts being writing a Q35 machine configuration in qemu for x86 guests). No major change since the RFC, I just did not find the time to describe the full setup (Q35 x86 machine config + permissions on /dev/hugepages and /dev/vfio in the guest + ulimit -l unlimited). -- David Marchand David Marchand (2): bus/pci: check IO permissions for UIO only net/virtio: do not require IO permissions drivers/bus/pci/bsd/pci.c | 5 +++++ drivers/bus/pci/linux/pci.c | 6 ++++++ drivers/bus/pci/linux/pci_uio.c | 6 ++++++ drivers/net/virtio/virtio_ethdev.c | 5 ----- 4 files changed, 17 insertions(+), 5 deletions(-) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v3 1/2] bus/pci: check IO permissions for UIO only 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 " David Marchand @ 2019-10-22 8:21 ` David Marchand 2019-10-24 9:55 ` Maxime Coquelin 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 2/2] net/virtio: do not require IO permissions David Marchand 2019-10-25 10:11 ` [dpdk-dev] [PATCH v3 0/2] Using virtio ethdev ports as non-root David Marchand 2 siblings, 1 reply; 16+ messages in thread From: David Marchand @ 2019-10-22 8:21 UTC (permalink / raw) To: dev; +Cc: maxime.coquelin, Ferruh Yigit On x86, calling inb/outb special instructions (used in UIO ioport read/write parts) is only possible if the right IO permissions has been granted. The only user of this API (the net/virtio pmd) checks this unconditionnaly but this should be hidden by the rte_pci_ioport API itself and only checked when the device is bound to a UIO driver. Signed-off-by: David Marchand <david.marchand@redhat.com> --- Changelog since v2: - do not switch to pci_ioport_map in igb_uio case, add a check on iopl there too, Changelog since v1: - change log message level from DEBUG to ERR, - add device name in log message, --- drivers/bus/pci/bsd/pci.c | 5 +++++ drivers/bus/pci/linux/pci.c | 6 ++++++ drivers/bus/pci/linux/pci_uio.c | 6 ++++++ 3 files changed, 17 insertions(+) diff --git a/drivers/bus/pci/bsd/pci.c b/drivers/bus/pci/bsd/pci.c index 7777179..ebbfeb1 100644 --- a/drivers/bus/pci/bsd/pci.c +++ b/drivers/bus/pci/bsd/pci.c @@ -539,6 +539,11 @@ rte_pci_ioport_map(struct rte_pci_device *dev, int bar, switch (dev->kdrv) { #if defined(RTE_ARCH_X86) case RTE_KDRV_NIC_UIO: + if (rte_eal_iopl_init() != 0) { + RTE_LOG(ERR, EAL, "%s(): insufficient ioport permissions for PCI device %s\n", + __func__, dev->name); + return -1; + } if ((uintptr_t) dev->mem_resource[bar].addr <= UINT16_MAX) { p->base = (uintptr_t)dev->mem_resource[bar].addr; ret = 0; diff --git a/drivers/bus/pci/linux/pci.c b/drivers/bus/pci/linux/pci.c index 318db19..740a2cd 100644 --- a/drivers/bus/pci/linux/pci.c +++ b/drivers/bus/pci/linux/pci.c @@ -657,6 +657,12 @@ pci_ioport_map(struct rte_pci_device *dev, int bar __rte_unused, int found = 0; size_t linesz; + if (rte_eal_iopl_init() != 0) { + RTE_LOG(ERR, EAL, "%s(): insufficient ioport permissions for PCI device %s\n", + __func__, dev->name); + return -1; + } + snprintf(pci_id, sizeof(pci_id), PCI_PRI_FMT, dev->addr.domain, dev->addr.bus, dev->addr.devid, dev->addr.function); diff --git a/drivers/bus/pci/linux/pci_uio.c b/drivers/bus/pci/linux/pci_uio.c index e031361..6dca05a 100644 --- a/drivers/bus/pci/linux/pci_uio.c +++ b/drivers/bus/pci/linux/pci_uio.c @@ -375,6 +375,12 @@ pci_uio_ioport_map(struct rte_pci_device *dev, int bar, int uio_num; unsigned long start; + if (rte_eal_iopl_init() != 0) { + RTE_LOG(ERR, EAL, "%s(): insufficient ioport permissions for PCI device %s\n", + __func__, dev->name); + return -1; + } + uio_num = pci_get_uio_dev(dev, dirname, sizeof(dirname), 0); if (uio_num < 0) return -1; -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH v3 1/2] bus/pci: check IO permissions for UIO only 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 1/2] bus/pci: check IO permissions for UIO only David Marchand @ 2019-10-24 9:55 ` Maxime Coquelin 0 siblings, 0 replies; 16+ messages in thread From: Maxime Coquelin @ 2019-10-24 9:55 UTC (permalink / raw) To: David Marchand, dev; +Cc: Ferruh Yigit On 10/22/19 10:21 AM, David Marchand wrote: > On x86, calling inb/outb special instructions (used in UIO ioport > read/write parts) is only possible if the right IO permissions has been > granted. > > The only user of this API (the net/virtio pmd) checks this > unconditionnaly but this should be hidden by the rte_pci_ioport API > itself and only checked when the device is bound to a UIO driver. > > Signed-off-by: David Marchand <david.marchand@redhat.com> > --- > Changelog since v2: > - do not switch to pci_ioport_map in igb_uio case, add a check on iopl > there too, > > Changelog since v1: > - change log message level from DEBUG to ERR, > - add device name in log message, > > --- > drivers/bus/pci/bsd/pci.c | 5 +++++ > drivers/bus/pci/linux/pci.c | 6 ++++++ > drivers/bus/pci/linux/pci_uio.c | 6 ++++++ > 3 files changed, 17 insertions(+) > Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> Thanks, Maxime ^ permalink raw reply [flat|nested] 16+ messages in thread
* [dpdk-dev] [PATCH v3 2/2] net/virtio: do not require IO permissions 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 " David Marchand 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 1/2] bus/pci: check IO permissions for UIO only David Marchand @ 2019-10-22 8:21 ` David Marchand 2019-10-23 4:56 ` Tiwei Bie 2019-10-25 10:11 ` [dpdk-dev] [PATCH v3 0/2] Using virtio ethdev ports as non-root David Marchand 2 siblings, 1 reply; 16+ messages in thread From: David Marchand @ 2019-10-22 8:21 UTC (permalink / raw) To: dev; +Cc: maxime.coquelin, Tiwei Bie, Zhihong Wang On x86, iopl permissions are only available to root user (or users that have the CAP_SYS_RAWIO capability). But those permissions are only needed when the virtio devices accesses are done with inb/outb instructions, which is when the device is bound to a UIO kernel module. So far, the virtio driver was refusing to register based on the check on IO permissions. This check does not make sense when binding the device to vfio. Now that the check on IO permissions has been abstracted in the ioport API, we can remove it on virtio side. We still need to call rte_eal_iopl_init() in the virtio constructor so that the interrupt thread inherits this permission in the case it could be used with UIO later. Signed-off-by: David Marchand <david.marchand@redhat.com> Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> --- Changelog since v1: - remove log message in constructor (thanks Tiwei), - reword commit log, --- drivers/net/virtio/virtio_ethdev.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/drivers/net/virtio/virtio_ethdev.c b/drivers/net/virtio/virtio_ethdev.c index 7261109..0a2ed2e 100644 --- a/drivers/net/virtio/virtio_ethdev.c +++ b/drivers/net/virtio/virtio_ethdev.c @@ -1995,11 +1995,6 @@ exit: static int eth_virtio_pci_probe(struct rte_pci_driver *pci_drv __rte_unused, struct rte_pci_device *pci_dev) { - if (rte_eal_iopl_init() != 0) { - PMD_INIT_LOG(ERR, "IOPL call failed - cannot use virtio PMD"); - return 1; - } - /* virtio pmd skips probe if device needs to work in vdpa mode */ if (vdpa_mode_selected(pci_dev->device.devargs)) return 1; -- 1.8.3.1 ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH v3 2/2] net/virtio: do not require IO permissions 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 2/2] net/virtio: do not require IO permissions David Marchand @ 2019-10-23 4:56 ` Tiwei Bie 0 siblings, 0 replies; 16+ messages in thread From: Tiwei Bie @ 2019-10-23 4:56 UTC (permalink / raw) To: David Marchand; +Cc: dev, maxime.coquelin, Zhihong Wang On Tue, Oct 22, 2019 at 10:21:43AM +0200, David Marchand wrote: > On x86, iopl permissions are only available to root user (or users that > have the CAP_SYS_RAWIO capability). > But those permissions are only needed when the virtio devices accesses > are done with inb/outb instructions, which is when the device is bound > to a UIO kernel module. > > So far, the virtio driver was refusing to register based on the check > on IO permissions. > This check does not make sense when binding the device to vfio. > > Now that the check on IO permissions has been abstracted in the ioport > API, we can remove it on virtio side. > > We still need to call rte_eal_iopl_init() in the virtio constructor so > that the interrupt thread inherits this permission in the case it could > be used with UIO later. > > Signed-off-by: David Marchand <david.marchand@redhat.com> > Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com> > --- Acked-by: Tiwei Bie <tiwei.bie@intel.com> Thanks, Tiwei ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: [dpdk-dev] [PATCH v3 0/2] Using virtio ethdev ports as non-root 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 " David Marchand 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 1/2] bus/pci: check IO permissions for UIO only David Marchand 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 2/2] net/virtio: do not require IO permissions David Marchand @ 2019-10-25 10:11 ` David Marchand 2 siblings, 0 replies; 16+ messages in thread From: David Marchand @ 2019-10-25 10:11 UTC (permalink / raw) To: dev; +Cc: Maxime Coquelin, Tiwei Bie On Tue, Oct 22, 2019 at 10:22 AM David Marchand <david.marchand@redhat.com> wrote: > > Here are two little changes to be able to run testpmd as non-root with > virtio ports in a guest. > This requires a functional vIOMMU (the main pain parts being writing a > Q35 machine configuration in qemu for x86 guests). > > No major change since the RFC, I just did not find the time to describe > the full setup (Q35 x86 machine config + permissions on /dev/hugepages > and /dev/vfio in the guest + ulimit -l unlimited). > > -- > David Marchand > > David Marchand (2): > bus/pci: check IO permissions for UIO only > net/virtio: do not require IO permissions Applied, thanks for the reviews Maxime, Tiwei. -- David Marchand ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2019-10-25 10:11 UTC | newest] Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-10-17 11:56 [dpdk-dev] [PATCH 0/2] Using virtio ethdev ports as non-root David Marchand 2019-10-17 11:56 ` [dpdk-dev] [PATCH 1/2] bus/pci: check IO permissions for UIO only David Marchand 2019-10-17 11:56 ` [dpdk-dev] [PATCH 2/2] net/virtio: do not require IO permissions David Marchand 2019-10-18 8:16 ` Tiwei Bie 2019-10-18 8:33 ` David Marchand 2019-10-18 10:05 ` Tiwei Bie 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root David Marchand 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 1/2] bus/pci: check IO permissions for UIO only David Marchand 2019-10-20 12:29 ` [dpdk-dev] [PATCH v2 2/2] net/virtio: do not require IO permissions David Marchand 2019-10-21 13:10 ` [dpdk-dev] [PATCH v2 0/2] Using virtio ethdev ports as non-root Maxime Coquelin 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 " David Marchand 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 1/2] bus/pci: check IO permissions for UIO only David Marchand 2019-10-24 9:55 ` Maxime Coquelin 2019-10-22 8:21 ` [dpdk-dev] [PATCH v3 2/2] net/virtio: do not require IO permissions David Marchand 2019-10-23 4:56 ` Tiwei Bie 2019-10-25 10:11 ` [dpdk-dev] [PATCH v3 0/2] Using virtio ethdev ports as non-root David Marchand
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).