From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 508D345DB5; Wed, 27 Nov 2024 10:14:04 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 13E274021E; Wed, 27 Nov 2024 10:14:04 +0100 (CET) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.15]) by mails.dpdk.org (Postfix) with ESMTP id C3C6D400D6 for ; Wed, 27 Nov 2024 10:14:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1732698843; x=1764234843; h=from:to:subject:date:message-id:in-reply-to:references: mime-version:content-transfer-encoding; bh=sk3VaF8OgQq3XouE67gB9fD3BkPoBAZEVS4jcnKhmMM=; b=bmlG82jTgWiX0PWPJGI5jCIUezr+nw+cfRfyYLeAv1WVxEdGL9pEYNJl R1JeQP4c9FNwOTI1fNx1/j+v0mSfN0OLNEvEJ9wJeFGn5QXzNpFthHB9u BiSZLlYGvwW/JoiYKrr+dzTlSuXmGRZeg4S8wI+LRN8MSULbG7unomE/7 uyCIAVYv1fGWI+WOP1bvhuI5/7BE1IGZyeCMgS0lvvtpDa+UmodlbUr9+ M+ZwH1AK5AwCIJDmzOKxqwdxcVttRKMJT2cNjp7Xo6dXBAnjk5myDt93v bTXM/63HU523/uIN9AAo0pVAqBfeaGNnB4Qmo+XFhu9fqz0+l7MxDtzUe w==; X-CSE-ConnectionGUID: V5u92qbfRbm9VCIHBQ88PQ== X-CSE-MsgGUID: /n8hwKcbTyS33gklMq6i1A== X-IronPort-AV: E=McAfee;i="6700,10204,11268"; a="36557233" X-IronPort-AV: E=Sophos;i="6.12,189,1728975600"; d="scan'208";a="36557233" Received: from fmviesa005.fm.intel.com ([10.60.135.145]) by orvoesa107.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Nov 2024 01:14:02 -0800 X-CSE-ConnectionGUID: G0An4WwXQ3+Y1O0eayxH4A== X-CSE-MsgGUID: 8iXTA/uFSh6HXWF3I9TWpg== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.12,189,1728975600"; d="scan'208";a="96307597" Received: from silpixa00401119.ir.intel.com ([10.55.129.167]) by fmviesa005.fm.intel.com with ESMTP; 27 Nov 2024 01:14:01 -0800 From: Anatoly Burakov To: dev@dpdk.org, Robin Jarry Subject: [PATCH v3 1/1] usertools/devbind: allow changing UID/GID for VFIO Date: Wed, 27 Nov 2024 09:13:59 +0000 Message-ID: <251f3e1bf71c3e873427708d566f677ecd50615c.1732698829.git.anatoly.burakov@intel.com> X-Mailer: git-send-email 2.43.5 In-Reply-To: <4cd0282dabfa59e715028ecf255468529655b487.1725285449.git.anatoly.burakov@intel.com> References: <4cd0282dabfa59e715028ecf255468529655b487.1725285449.git.anatoly.burakov@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Currently, when binding a device to VFIO, the UID/GID for the device will always stay as system default (`root`). Yet, when running DPDK as non-root user, one has to change the UID/GID of the device to match the user's UID/GID to use the device. This patch adds an option to `dpdk-devbind.py` to change the UID/GID of the device when binding it to VFIO. Signed-off-by: Anatoly Burakov --- Notes: v2 -> v3: - Replaced error printout back to hard exit - Reworked UID/GID validation to be at command line parsing - Simplified chown code v1 -> v2: - Replaced hard exit with an error printout usertools/dpdk-devbind.py | 41 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 3 deletions(-) diff --git a/usertools/dpdk-devbind.py b/usertools/dpdk-devbind.py index f2a2a9a12f..ed1ef0cabc 100755 --- a/usertools/dpdk-devbind.py +++ b/usertools/dpdk-devbind.py @@ -3,11 +3,13 @@ # Copyright(c) 2010-2014 Intel Corporation # -import sys -import os -import subprocess import argparse +import grp +import os import platform +import pwd +import subprocess +import sys from glob import glob from os.path import exists, basename @@ -108,6 +110,8 @@ status_flag = False force_flag = False noiommu_flag = False +vfio_uid = -1 +vfio_gid = -1 args = [] @@ -544,6 +548,19 @@ def bind_all(dev_list, driver, force=False): for d in dev_list: bind_one(d, driver, force) + # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified + if driver == "vfio-pci" and (vfio_uid != -1 or vfio_gid != -1): + # find IOMMU group for a particular PCI device + iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", d, "iommu_group") + # extract the IOMMU group number + iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path)) + # find VFIO device correspondiong to this IOMMU group + dev_path = os.path.join("/dev/vfio", iommu_grp) + # set ownership + try: + os.chown(dev_path, vfio_uid, vfio_gid) + except OSError as err: + sys.exit(f"Error: failed to set IOMMU group ownership for {d}: {err}") # For kernels < 3.15 when binding devices to a generic driver # (i.e. one that doesn't have a PCI ID table) using new_id, some devices @@ -697,6 +714,8 @@ def parse_args(): global force_flag global noiommu_flag global args + global vfio_uid + global vfio_gid parser = argparse.ArgumentParser( description='Utility to bind and unbind devices from Linux kernel', @@ -746,6 +765,20 @@ def parse_args(): '--noiommu-mode', action='store_true', help="If IOMMU is not available, enable no IOMMU mode for VFIO drivers") + parser.add_argument( + "-U", + "--uid", + help="For VFIO, specify the UID to set IOMMU group ownership", + type=lambda u: pwd.getpwnam(u).pw_uid, + default=-1, + ) + parser.add_argument( + "-G", + "--gid", + help="For VFIO, specify the GID to set IOMMU group ownership", + type=lambda g: grp.getgrnam(g).gr_gid, + default=-1, + ) parser.add_argument( '--force', action='store_true', @@ -778,6 +811,8 @@ def parse_args(): b_flag = opt.bind elif opt.unbind: b_flag = "none" + vfio_uid = opt.uid + vfio_gid = opt.gid args = opt.devices if not b_flag and not status_flag: -- 2.43.5