DPDK patches and discussions
 help / color / mirror / Atom feed
* [PATCH v1 1/1] usertools/devbind: allow changing UID/GID for VFIO
@ 2024-09-02 13:57 Anatoly Burakov
  2024-09-03  9:11 ` Burakov, Anatoly
                   ` (3 more replies)
  0 siblings, 4 replies; 12+ messages in thread
From: Anatoly Burakov @ 2024-09-02 13:57 UTC (permalink / raw)
  To: dev, Robin Jarry

Currently, when binding a device to VFIO, the UID/GID for the device will
always stay as system default (`root`). Yet, when running DPDK as non-root
user, one has to change the UID/GID of the device to match the user's
UID/GID to use the device.

This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
the device when binding it to VFIO.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
 usertools/dpdk-devbind.py | 41 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

diff --git a/usertools/dpdk-devbind.py b/usertools/dpdk-devbind.py
index 078e8c387b..37e2b9972d 100755
--- a/usertools/dpdk-devbind.py
+++ b/usertools/dpdk-devbind.py
@@ -8,6 +8,8 @@
 import subprocess
 import argparse
 import platform
+import grp
+import pwd
 
 from glob import glob
 from os.path import exists, basename
@@ -107,6 +109,8 @@
 b_flag = None
 status_flag = False
 force_flag = False
+vfio_uid = ""
+vfio_gid = ""
 args = []
 
 
@@ -462,6 +466,22 @@ def bind_one(dev_id, driver, force):
                      % (dev_id, filename, err))
 
 
+def own_one(dev_id, uid, gid):
+    """Set the IOMMU group ownership for a device"""
+    # find IOMMU group for a particular device
+    iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", dev_id, "iommu_group")
+    try:
+        iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
+        # we found IOMMU group, now find the device
+        dev_path = os.path.join("/dev/vfio", iommu_grp)
+        # set the ownership
+        _uid = pwd.getpwnam(uid).pw_uid if uid else -1
+        _gid = grp.getgrnam(gid).gr_gid if gid else -1
+        os.chown(dev_path, _uid, _gid)
+    except OSError as err:
+        sys.exit(f"Error: failed to read IOMMU group for {dev_id}: {err}")
+
+
 def unbind_all(dev_list, force=False):
     """Unbind method, takes a list of device locations"""
 
@@ -482,7 +502,7 @@ def unbind_all(dev_list, force=False):
         unbind_one(d, force)
 
 
-def bind_all(dev_list, driver, force=False):
+def bind_all(dev_list, driver, uid, gid, force=False):
     """Bind method, takes a list of device locations"""
     global devices
 
@@ -510,6 +530,9 @@ def bind_all(dev_list, driver, force=False):
 
     for d in dev_list:
         bind_one(d, driver, force)
+        # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified
+        if driver == "vfio-pci" and (uid or gid):
+            own_one(d, uid, gid)
 
     # For kernels < 3.15 when binding devices to a generic driver
     # (i.e. one that doesn't have a PCI ID table) using new_id, some devices
@@ -662,6 +685,8 @@ def parse_args():
     global status_dev
     global force_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     parser = argparse.ArgumentParser(
         description='Utility to bind and unbind devices from Linux kernel',
@@ -707,6 +732,12 @@ def parse_args():
         '--unbind',
         action='store_true',
         help="Unbind a device (equivalent to \"-b none\")")
+    parser.add_argument(
+        "-U", "--uid", help="For VFIO, specify the UID to set IOMMU group ownership"
+    )
+    parser.add_argument(
+        "-G", "--gid", help="For VFIO, specify the GID to set IOMMU group ownership"
+    )
     parser.add_argument(
         '--force',
         action='store_true',
@@ -737,6 +768,10 @@ def parse_args():
         b_flag = opt.bind
     elif opt.unbind:
         b_flag = "none"
+    if opt.uid:
+        vfio_uid = opt.uid
+    if opt.gid:
+        vfio_gid = opt.gid
     args = opt.devices
 
     if not b_flag and not status_flag:
@@ -764,11 +799,13 @@ def do_arg_actions():
     global status_flag
     global force_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     if b_flag in ["none", "None"]:
         unbind_all(args, force_flag)
     elif b_flag is not None:
-        bind_all(args, b_flag, force_flag)
+        bind_all(args, b_flag, vfio_uid, vfio_gid, force_flag)
     if status_flag:
         if b_flag is not None:
             clear_data()
-- 
2.43.5


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v1 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-09-02 13:57 [PATCH v1 1/1] usertools/devbind: allow changing UID/GID for VFIO Anatoly Burakov
@ 2024-09-03  9:11 ` Burakov, Anatoly
  2024-11-26 15:02 ` [PATCH v2 " Anatoly Burakov
                   ` (2 subsequent siblings)
  3 siblings, 0 replies; 12+ messages in thread
From: Burakov, Anatoly @ 2024-09-03  9:11 UTC (permalink / raw)
  To: dev, Robin Jarry

On 9/2/2024 3:57 PM, Anatoly Burakov wrote:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
> 
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---

<snip>

>   
> +def own_one(dev_id, uid, gid):
> +    """Set the IOMMU group ownership for a device"""
> +    # find IOMMU group for a particular device
> +    iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", dev_id, "iommu_group")
> +    try:
> +        iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
> +        # we found IOMMU group, now find the device
> +        dev_path = os.path.join("/dev/vfio", iommu_grp)
> +        # set the ownership
> +        _uid = pwd.getpwnam(uid).pw_uid if uid else -1
> +        _gid = grp.getgrnam(gid).gr_gid if gid else -1
> +        os.chown(dev_path, _uid, _gid)
> +    except OSError as err:
> +        sys.exit(f"Error: failed to read IOMMU group for {dev_id}: {err}")

On another thought, perhaps sys.exit() here is a bit too drastic... Will 
replace with error message in v2

-- 
Thanks,
Anatoly


^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v2 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-09-02 13:57 [PATCH v1 1/1] usertools/devbind: allow changing UID/GID for VFIO Anatoly Burakov
  2024-09-03  9:11 ` Burakov, Anatoly
@ 2024-11-26 15:02 ` Anatoly Burakov
  2024-11-26 15:24   ` Bruce Richardson
  2024-11-26 16:15   ` Robin Jarry
  2024-11-27  9:13 ` [PATCH v3 " Anatoly Burakov
  2024-12-02  9:31 ` [PATCH v4 " Anatoly Burakov
  3 siblings, 2 replies; 12+ messages in thread
From: Anatoly Burakov @ 2024-11-26 15:02 UTC (permalink / raw)
  To: dev, Robin Jarry

Currently, when binding a device to VFIO, the UID/GID for the device will
always stay as system default (`root`). Yet, when running DPDK as non-root
user, one has to change the UID/GID of the device to match the user's
UID/GID to use the device.

This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
the device when binding it to VFIO.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---

Notes:
    v1 -> v2:
    - Replaced hard exit with an error printout

 usertools/dpdk-devbind.py | 41 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)

diff --git a/usertools/dpdk-devbind.py b/usertools/dpdk-devbind.py
index f2a2a9a12f..496d0e90e8 100755
--- a/usertools/dpdk-devbind.py
+++ b/usertools/dpdk-devbind.py
@@ -8,6 +8,8 @@
 import subprocess
 import argparse
 import platform
+import grp
+import pwd
 
 from glob import glob
 from os.path import exists, basename
@@ -108,6 +110,8 @@
 status_flag = False
 force_flag = False
 noiommu_flag = False
+vfio_uid = ""
+vfio_gid = ""
 args = []
 
 
@@ -463,6 +467,22 @@ def bind_one(dev_id, driver, force):
                      % (dev_id, filename, err))
 
 
+def own_one(dev_id, uid, gid):
+    """Set the IOMMU group ownership for a device"""
+    # find IOMMU group for a particular device
+    iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", dev_id, "iommu_group")
+    try:
+        iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
+        # we found IOMMU group, now find the device
+        dev_path = os.path.join("/dev/vfio", iommu_grp)
+        # set the ownership
+        _uid = pwd.getpwnam(uid).pw_uid if uid else -1
+        _gid = grp.getgrnam(gid).gr_gid if gid else -1
+        os.chown(dev_path, _uid, _gid)
+    except OSError as err:
+        print(f"Error: failed to read IOMMU group for {dev_id}: {err}")
+
+
 def unbind_all(dev_list, force=False):
     """Unbind method, takes a list of device locations"""
 
@@ -512,7 +532,7 @@ def check_noiommu_mode():
     print("Warning: enabling unsafe no IOMMU mode for VFIO drivers")
 
 
-def bind_all(dev_list, driver, force=False):
+def bind_all(dev_list, driver, uid, gid, force=False):
     """Bind method, takes a list of device locations"""
     global devices
 
@@ -544,6 +564,9 @@ def bind_all(dev_list, driver, force=False):
 
     for d in dev_list:
         bind_one(d, driver, force)
+        # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified
+        if driver == "vfio-pci" and (uid or gid):
+            own_one(d, uid, gid)
 
     # For kernels < 3.15 when binding devices to a generic driver
     # (i.e. one that doesn't have a PCI ID table) using new_id, some devices
@@ -697,6 +720,8 @@ def parse_args():
     global force_flag
     global noiommu_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     parser = argparse.ArgumentParser(
         description='Utility to bind and unbind devices from Linux kernel',
@@ -746,6 +771,12 @@ def parse_args():
         '--noiommu-mode',
         action='store_true',
         help="If IOMMU is not available, enable no IOMMU mode for VFIO drivers")
+    parser.add_argument(
+        "-U", "--uid", help="For VFIO, specify the UID to set IOMMU group ownership"
+    )
+    parser.add_argument(
+        "-G", "--gid", help="For VFIO, specify the GID to set IOMMU group ownership"
+    )
     parser.add_argument(
         '--force',
         action='store_true',
@@ -778,6 +809,10 @@ def parse_args():
         b_flag = opt.bind
     elif opt.unbind:
         b_flag = "none"
+    if opt.uid:
+        vfio_uid = opt.uid
+    if opt.gid:
+        vfio_gid = opt.gid
     args = opt.devices
 
     if not b_flag and not status_flag:
@@ -805,11 +840,13 @@ def do_arg_actions():
     global status_flag
     global force_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     if b_flag in ["none", "None"]:
         unbind_all(args, force_flag)
     elif b_flag is not None:
-        bind_all(args, b_flag, force_flag)
+        bind_all(args, b_flag, vfio_uid, vfio_gid, force_flag)
     if status_flag:
         if b_flag is not None:
             clear_data()
-- 
2.43.5


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v2 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-11-26 15:02 ` [PATCH v2 " Anatoly Burakov
@ 2024-11-26 15:24   ` Bruce Richardson
  2024-11-26 16:15   ` Robin Jarry
  1 sibling, 0 replies; 12+ messages in thread
From: Bruce Richardson @ 2024-11-26 15:24 UTC (permalink / raw)
  To: Anatoly Burakov; +Cc: dev, Robin Jarry

On Tue, Nov 26, 2024 at 03:02:38PM +0000, Anatoly Burakov wrote:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
> 
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Acked-by: Bruce Richardson <bruce.richardson@intel.com>

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v2 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-11-26 15:02 ` [PATCH v2 " Anatoly Burakov
  2024-11-26 15:24   ` Bruce Richardson
@ 2024-11-26 16:15   ` Robin Jarry
  2024-11-27  8:59     ` Burakov, Anatoly
  1 sibling, 1 reply; 12+ messages in thread
From: Robin Jarry @ 2024-11-26 16:15 UTC (permalink / raw)
  To: Anatoly Burakov, dev

Hi Anatoly,

Anatoly Burakov, Nov 26, 2024 at 16:02:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
>
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
>
> Notes:
>     v1 -> v2:
>     - Replaced hard exit with an error printout

Sorry I had missed that particular detail.

I don't think this should only print a warning. Otherwise, the user has 
no way to detect if the operation failed.

>  usertools/dpdk-devbind.py | 41 +++++++++++++++++++++++++++++++++++++--
>  1 file changed, 39 insertions(+), 2 deletions(-)
>
> diff --git a/usertools/dpdk-devbind.py b/usertools/dpdk-devbind.py
> index f2a2a9a12f..496d0e90e8 100755
> --- a/usertools/dpdk-devbind.py
> +++ b/usertools/dpdk-devbind.py
> @@ -8,6 +8,8 @@
>  import subprocess
>  import argparse
>  import platform
> +import grp
> +import pwd

We may already be past this but could you try to sort these imports 
alphabetically?

>  
>  from glob import glob
>  from os.path import exists, basename
> @@ -108,6 +110,8 @@
>  status_flag = False
>  force_flag = False
>  noiommu_flag = False
> +vfio_uid = ""
> +vfio_gid = ""

These are supposed to be integers. Initialize them to -1.

>  args = []
>  
>  
> @@ -463,6 +467,22 @@ def bind_one(dev_id, driver, force):
>                       % (dev_id, filename, err))
>  
>  
> +def own_one(dev_id, uid, gid):
> +    """Set the IOMMU group ownership for a device"""
> +    # find IOMMU group for a particular device
> +    iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", dev_id, "iommu_group")
> +    try:
> +        iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
> +        # we found IOMMU group, now find the device
> +        dev_path = os.path.join("/dev/vfio", iommu_grp)
> +        # set the ownership
> +        _uid = pwd.getpwnam(uid).pw_uid if uid else -1
> +        _gid = grp.getgrnam(gid).gr_gid if gid else -1

The validity of these values should be checked when parsing command line 
arguments.

> +        os.chown(dev_path, _uid, _gid)
> +    except OSError as err:
> +        print(f"Error: failed to read IOMMU group for {dev_id}: {err}")

Remove the try/except block and let the error bubble up the stack. This 
probably does not require a dedicated function. Moreover, the name 
own_one() is ambiguous.

> +
> +
>  def unbind_all(dev_list, force=False):
>      """Unbind method, takes a list of device locations"""
>  
> @@ -512,7 +532,7 @@ def check_noiommu_mode():
>      print("Warning: enabling unsafe no IOMMU mode for VFIO drivers")
>  
>  
> -def bind_all(dev_list, driver, force=False):
> +def bind_all(dev_list, driver, uid, gid, force=False):

Not required. These are global variables.

>      """Bind method, takes a list of device locations"""
>      global devices
>  
> @@ -544,6 +564,9 @@ def bind_all(dev_list, driver, force=False):
>  
>      for d in dev_list:
>          bind_one(d, driver, force)
> +        # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified
> +        if driver == "vfio-pci" and (uid or gid):

           if driver == "vfio-pci" and (vfio_uid != -1 or vfio_gid != -1):

> +            own_one(d, uid, gid)

It will be better to store the chmod code path here:

               iommu_grp = os.path.join("/sys/bus/pci/devices", d, "iommu_group")
               iommu_grp = os.path.basename(os.readlink(iommu_grp))
               os.chown(os.path.join("/dev/vfio", iommu_grp), vfio_uid, vfio_gid)

>  
>      # For kernels < 3.15 when binding devices to a generic driver
>      # (i.e. one that doesn't have a PCI ID table) using new_id, some devices
> @@ -697,6 +720,8 @@ def parse_args():
>      global force_flag
>      global noiommu_flag
>      global args
> +    global vfio_uid
> +    global vfio_gid
>  
>      parser = argparse.ArgumentParser(
>          description='Utility to bind and unbind devices from Linux kernel',
> @@ -746,6 +771,12 @@ def parse_args():
>          '--noiommu-mode',
>          action='store_true',
>          help="If IOMMU is not available, enable no IOMMU mode for VFIO drivers")
> +    parser.add_argument(
> +        "-U", "--uid", help="For VFIO, specify the UID to set IOMMU group ownership"

In order to fail early if an invalid user name is passed, add these two 
lines:

           type=lambda u: pwd.getpwnam(u).pw_uid,
           default=-1,

> +    )
> +    parser.add_argument(
> +        "-G", "--gid", help="For VFIO, specify the GID to set IOMMU group ownership"

In order to fail early if an invalid group name is passed, add these two 
lines:

           type=lambda g: grp.getgrnam(g).gr_gid,
           default=-1,

> +    )
>      parser.add_argument(
>          '--force',
>          action='store_true',
> @@ -778,6 +809,10 @@ def parse_args():
>          b_flag = opt.bind
>      elif opt.unbind:
>          b_flag = "none"
> +    if opt.uid:
> +        vfio_uid = opt.uid
> +    if opt.gid:
> +        vfio_gid = opt.gid

No need for ifs here, the default values are set to -1 which means: "use 
default" for os.chmod().

       vfio_uid = opt.uid
       vfio_gid = opt.gid

>      args = opt.devices
>  
>      if not b_flag and not status_flag:
> @@ -805,11 +840,13 @@ def do_arg_actions():
>      global status_flag
>      global force_flag
>      global args
> +    global vfio_uid
> +    global vfio_gid

The global keyword is not required here.

>  
>      if b_flag in ["none", "None"]:
>          unbind_all(args, force_flag)
>      elif b_flag is not None:
> -        bind_all(args, b_flag, force_flag)
> +        bind_all(args, b_flag, vfio_uid, vfio_gid, force_flag)

Not required. These are global variables.

>      if status_flag:
>          if b_flag is not None:
>              clear_data()
> -- 
> 2.43.5

Thanks.


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v2 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-11-26 16:15   ` Robin Jarry
@ 2024-11-27  8:59     ` Burakov, Anatoly
  0 siblings, 0 replies; 12+ messages in thread
From: Burakov, Anatoly @ 2024-11-27  8:59 UTC (permalink / raw)
  To: Robin Jarry, dev

On 11/26/2024 5:15 PM, Robin Jarry wrote:
> Hi Anatoly,
> 
> Anatoly Burakov, Nov 26, 2024 at 16:02:
>> Currently, when binding a device to VFIO, the UID/GID for the device will
>> always stay as system default (`root`). Yet, when running DPDK as non- 
>> root
>> user, one has to change the UID/GID of the device to match the user's
>> UID/GID to use the device.
>>
>> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
>> the device when binding it to VFIO.
>>
>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>> ---
>>
>> Notes:
>>     v1 -> v2:
>>     - Replaced hard exit with an error printout
> 
> Sorry I had missed that particular detail.
> 
> I don't think this should only print a warning. Otherwise, the user has 
> no way to detect if the operation failed.

Sure, I'll change it back.

>>  from glob import glob
>>  from os.path import exists, basename
>> @@ -108,6 +110,8 @@
>>  status_flag = False
>>  force_flag = False
>>  noiommu_flag = False
>> +vfio_uid = ""
>> +vfio_gid = ""
> 
> These are supposed to be integers. Initialize them to -1.

Actually, the pwd.getpwnam() accepts strings not integers, but yeah, 
technically these are supposed to be integers. I'll change that.

> 
>>  args = []
>>
>>
>> @@ -463,6 +467,22 @@ def bind_one(dev_id, driver, force):
>>                       % (dev_id, filename, err))
>>
>>
>> +def own_one(dev_id, uid, gid):
>> +    """Set the IOMMU group ownership for a device"""
>> +    # find IOMMU group for a particular device
>> +    iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", 
>> dev_id, "iommu_group")
>> +    try:
>> +        iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
>> +        # we found IOMMU group, now find the device
>> +        dev_path = os.path.join("/dev/vfio", iommu_grp)
>> +        # set the ownership
>> +        _uid = pwd.getpwnam(uid).pw_uid if uid else -1
>> +        _gid = grp.getgrnam(gid).gr_gid if gid else -1
> 
> The validity of these values should be checked when parsing command line 
> arguments.

Sure, I'll move this check somewhere close to init.

> 
>> +        os.chown(dev_path, _uid, _gid)
>> +    except OSError as err:
>> +        print(f"Error: failed to read IOMMU group for {dev_id}: {err}")
> 
> Remove the try/except block and let the error bubble up the stack. This 
> probably does not require a dedicated function. Moreover, the name 
> own_one() is ambiguous.

We do the same thing for other errors (e.g. in bind_one) so I'm not sure 
if we want to let it bubble up the stack - we don't catch any exceptions 
anywhere up the stack. Current implementation, however deficient from 
error handling point of view, is consistent with the rest of the script.

>>      # For kernels < 3.15 when binding devices to a generic driver
>>      # (i.e. one that doesn't have a PCI ID table) using new_id, some 
>> devices
>> @@ -697,6 +720,8 @@ def parse_args():
>>      global force_flag
>>      global noiommu_flag
>>      global args
>> +    global vfio_uid
>> +    global vfio_gid
>>
>>      parser = argparse.ArgumentParser(
>>          description='Utility to bind and unbind devices from Linux 
>> kernel',
>> @@ -746,6 +771,12 @@ def parse_args():
>>          '--noiommu-mode',
>>          action='store_true',
>>          help="If IOMMU is not available, enable no IOMMU mode for 
>> VFIO drivers")
>> +    parser.add_argument(
>> +        "-U", "--uid", help="For VFIO, specify the UID to set IOMMU 
>> group ownership"
> 
> In order to fail early if an invalid user name is passed, add these two 
> lines:
> 
>            type=lambda u: pwd.getpwnam(u).pw_uid,
>            default=-1,
> 

Guido doesn't like lambdas :D


-- 
Thanks,
Anatoly

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v3 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-09-02 13:57 [PATCH v1 1/1] usertools/devbind: allow changing UID/GID for VFIO Anatoly Burakov
  2024-09-03  9:11 ` Burakov, Anatoly
  2024-11-26 15:02 ` [PATCH v2 " Anatoly Burakov
@ 2024-11-27  9:13 ` Anatoly Burakov
  2024-11-29  8:08   ` Robin Jarry
  2024-11-29 13:42   ` Thomas Monjalon
  2024-12-02  9:31 ` [PATCH v4 " Anatoly Burakov
  3 siblings, 2 replies; 12+ messages in thread
From: Anatoly Burakov @ 2024-11-27  9:13 UTC (permalink / raw)
  To: dev, Robin Jarry

Currently, when binding a device to VFIO, the UID/GID for the device will
always stay as system default (`root`). Yet, when running DPDK as non-root
user, one has to change the UID/GID of the device to match the user's
UID/GID to use the device.

This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
the device when binding it to VFIO.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---

Notes:
    v2 -> v3:
    - Replaced error printout back to hard exit
    - Reworked UID/GID validation to be at command line parsing
    - Simplified chown code
    
    v1 -> v2:
    - Replaced hard exit with an error printout

 usertools/dpdk-devbind.py | 41 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

diff --git a/usertools/dpdk-devbind.py b/usertools/dpdk-devbind.py
index f2a2a9a12f..ed1ef0cabc 100755
--- a/usertools/dpdk-devbind.py
+++ b/usertools/dpdk-devbind.py
@@ -3,11 +3,13 @@
 # Copyright(c) 2010-2014 Intel Corporation
 #
 
-import sys
-import os
-import subprocess
 import argparse
+import grp
+import os
 import platform
+import pwd
+import subprocess
+import sys
 
 from glob import glob
 from os.path import exists, basename
@@ -108,6 +110,8 @@
 status_flag = False
 force_flag = False
 noiommu_flag = False
+vfio_uid = -1
+vfio_gid = -1
 args = []
 
 
@@ -544,6 +548,19 @@ def bind_all(dev_list, driver, force=False):
 
     for d in dev_list:
         bind_one(d, driver, force)
+        # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified
+        if driver == "vfio-pci" and (vfio_uid != -1 or vfio_gid != -1):
+            # find IOMMU group for a particular PCI device
+            iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", d, "iommu_group")
+            # extract the IOMMU group number
+            iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
+            # find VFIO device correspondiong to this IOMMU group
+            dev_path = os.path.join("/dev/vfio", iommu_grp)
+            # set ownership
+            try:
+                os.chown(dev_path, vfio_uid, vfio_gid)
+            except OSError as err:
+                sys.exit(f"Error: failed to set IOMMU group ownership for {d}: {err}")
 
     # For kernels < 3.15 when binding devices to a generic driver
     # (i.e. one that doesn't have a PCI ID table) using new_id, some devices
@@ -697,6 +714,8 @@ def parse_args():
     global force_flag
     global noiommu_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     parser = argparse.ArgumentParser(
         description='Utility to bind and unbind devices from Linux kernel',
@@ -746,6 +765,20 @@ def parse_args():
         '--noiommu-mode',
         action='store_true',
         help="If IOMMU is not available, enable no IOMMU mode for VFIO drivers")
+    parser.add_argument(
+        "-U",
+        "--uid",
+        help="For VFIO, specify the UID to set IOMMU group ownership",
+        type=lambda u: pwd.getpwnam(u).pw_uid,
+        default=-1,
+    )
+    parser.add_argument(
+        "-G",
+        "--gid",
+        help="For VFIO, specify the GID to set IOMMU group ownership",
+        type=lambda g: grp.getgrnam(g).gr_gid,
+        default=-1,
+    )
     parser.add_argument(
         '--force',
         action='store_true',
@@ -778,6 +811,8 @@ def parse_args():
         b_flag = opt.bind
     elif opt.unbind:
         b_flag = "none"
+    vfio_uid = opt.uid
+    vfio_gid = opt.gid
     args = opt.devices
 
     if not b_flag and not status_flag:
-- 
2.43.5


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v3 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-11-27  9:13 ` [PATCH v3 " Anatoly Burakov
@ 2024-11-29  8:08   ` Robin Jarry
  2024-11-29 13:42   ` Thomas Monjalon
  1 sibling, 0 replies; 12+ messages in thread
From: Robin Jarry @ 2024-11-29  8:08 UTC (permalink / raw)
  To: Anatoly Burakov, dev

Anatoly Burakov, Nov 27, 2024 at 10:13:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
>
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---

Reviewed-by: Robin Jarry <rjarry@redhat.com>


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v3 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-11-27  9:13 ` [PATCH v3 " Anatoly Burakov
  2024-11-29  8:08   ` Robin Jarry
@ 2024-11-29 13:42   ` Thomas Monjalon
  1 sibling, 0 replies; 12+ messages in thread
From: Thomas Monjalon @ 2024-11-29 13:42 UTC (permalink / raw)
  To: Anatoly Burakov; +Cc: dev, Robin Jarry

27/11/2024 10:13, Anatoly Burakov:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
> 
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> 
> Notes:
>     v2 -> v3:
>     - Replaced error printout back to hard exit
>     - Reworked UID/GID validation to be at command line parsing
>     - Simplified chown code
>     
>     v1 -> v2:
>     - Replaced hard exit with an error printout
> 
>  usertools/dpdk-devbind.py | 41 ++++++++++++++++++++++++++++++++++++---

Please could you update the documentation?
	doc/guides/tools/devbind.rst




^ permalink raw reply	[flat|nested] 12+ messages in thread

* [PATCH v4 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-09-02 13:57 [PATCH v1 1/1] usertools/devbind: allow changing UID/GID for VFIO Anatoly Burakov
                   ` (2 preceding siblings ...)
  2024-11-27  9:13 ` [PATCH v3 " Anatoly Burakov
@ 2024-12-02  9:31 ` Anatoly Burakov
  2024-12-02  9:35   ` Burakov, Anatoly
  2024-12-04 12:33   ` Burakov, Anatoly
  3 siblings, 2 replies; 12+ messages in thread
From: Anatoly Burakov @ 2024-12-02  9:31 UTC (permalink / raw)
  To: dev, Robin Jarry

Currently, when binding a device to VFIO, the UID/GID for the device will
always stay as system default (`root`). Yet, when running DPDK as non-root
user, one has to change the UID/GID of the device to match the user's
UID/GID to use the device.

This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
the device when binding it to VFIO.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---

Notes:
    v3 -> v4:
    - Added documentation
    
    v2 -> v3:
    - Replaced error printout back to hard exit
    - Reworked UID/GID validation to be at command line parsing
    - Simplified chown code
    
    v1 -> v2:
    - Replaced hard exit with an error printout

 doc/guides/tools/devbind.rst |  6 ++++++
 usertools/dpdk-devbind.py    | 41 +++++++++++++++++++++++++++++++++---
 2 files changed, 44 insertions(+), 3 deletions(-)

diff --git a/doc/guides/tools/devbind.rst b/doc/guides/tools/devbind.rst
index df4f3505ac..841615570f 100644
--- a/doc/guides/tools/devbind.rst
+++ b/doc/guides/tools/devbind.rst
@@ -56,6 +56,12 @@ OPTIONS
         WARNING: This can lead to loss of network connection and should be used
         with caution.
 
+* ``--uid uid, --gid gid``
+
+      By default, devices which are bound to VFIO will be owned by ``root``.
+      Use this flag to change ownership to the specified user and group, so that
+      devices bound to VFIO would be usable by unprivileged users.
+
 
 .. warning::
 
diff --git a/usertools/dpdk-devbind.py b/usertools/dpdk-devbind.py
index f2a2a9a12f..ed1ef0cabc 100755
--- a/usertools/dpdk-devbind.py
+++ b/usertools/dpdk-devbind.py
@@ -3,11 +3,13 @@
 # Copyright(c) 2010-2014 Intel Corporation
 #
 
-import sys
-import os
-import subprocess
 import argparse
+import grp
+import os
 import platform
+import pwd
+import subprocess
+import sys
 
 from glob import glob
 from os.path import exists, basename
@@ -108,6 +110,8 @@
 status_flag = False
 force_flag = False
 noiommu_flag = False
+vfio_uid = -1
+vfio_gid = -1
 args = []
 
 
@@ -544,6 +548,19 @@ def bind_all(dev_list, driver, force=False):
 
     for d in dev_list:
         bind_one(d, driver, force)
+        # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified
+        if driver == "vfio-pci" and (vfio_uid != -1 or vfio_gid != -1):
+            # find IOMMU group for a particular PCI device
+            iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", d, "iommu_group")
+            # extract the IOMMU group number
+            iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
+            # find VFIO device correspondiong to this IOMMU group
+            dev_path = os.path.join("/dev/vfio", iommu_grp)
+            # set ownership
+            try:
+                os.chown(dev_path, vfio_uid, vfio_gid)
+            except OSError as err:
+                sys.exit(f"Error: failed to set IOMMU group ownership for {d}: {err}")
 
     # For kernels < 3.15 when binding devices to a generic driver
     # (i.e. one that doesn't have a PCI ID table) using new_id, some devices
@@ -697,6 +714,8 @@ def parse_args():
     global force_flag
     global noiommu_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     parser = argparse.ArgumentParser(
         description='Utility to bind and unbind devices from Linux kernel',
@@ -746,6 +765,20 @@ def parse_args():
         '--noiommu-mode',
         action='store_true',
         help="If IOMMU is not available, enable no IOMMU mode for VFIO drivers")
+    parser.add_argument(
+        "-U",
+        "--uid",
+        help="For VFIO, specify the UID to set IOMMU group ownership",
+        type=lambda u: pwd.getpwnam(u).pw_uid,
+        default=-1,
+    )
+    parser.add_argument(
+        "-G",
+        "--gid",
+        help="For VFIO, specify the GID to set IOMMU group ownership",
+        type=lambda g: grp.getgrnam(g).gr_gid,
+        default=-1,
+    )
     parser.add_argument(
         '--force',
         action='store_true',
@@ -778,6 +811,8 @@ def parse_args():
         b_flag = opt.bind
     elif opt.unbind:
         b_flag = "none"
+    vfio_uid = opt.uid
+    vfio_gid = opt.gid
     args = opt.devices
 
     if not b_flag and not status_flag:
-- 
2.43.5


^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v4 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-12-02  9:31 ` [PATCH v4 " Anatoly Burakov
@ 2024-12-02  9:35   ` Burakov, Anatoly
  2024-12-04 12:33   ` Burakov, Anatoly
  1 sibling, 0 replies; 12+ messages in thread
From: Burakov, Anatoly @ 2024-12-02  9:35 UTC (permalink / raw)
  To: dev, Robin Jarry

On 12/2/2024 10:31 AM, Anatoly Burakov wrote:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
> 
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---

Missed

Reviewed-by: Robin Jarry <rjarry@redhat.com>

-- 
Thanks,
Anatoly

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [PATCH v4 1/1] usertools/devbind: allow changing UID/GID for VFIO
  2024-12-02  9:31 ` [PATCH v4 " Anatoly Burakov
  2024-12-02  9:35   ` Burakov, Anatoly
@ 2024-12-04 12:33   ` Burakov, Anatoly
  1 sibling, 0 replies; 12+ messages in thread
From: Burakov, Anatoly @ 2024-12-04 12:33 UTC (permalink / raw)
  To: dev, Robin Jarry

On 12/2/2024 10:31 AM, Anatoly Burakov wrote:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
> 
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---

This functionality is also included in my devbind rewrite:

https://patches.dpdk.org/project/dpdk/list/?series=34098

-- 
Thanks,
Anatoly

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2024-12-04 12:33 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-02 13:57 [PATCH v1 1/1] usertools/devbind: allow changing UID/GID for VFIO Anatoly Burakov
2024-09-03  9:11 ` Burakov, Anatoly
2024-11-26 15:02 ` [PATCH v2 " Anatoly Burakov
2024-11-26 15:24   ` Bruce Richardson
2024-11-26 16:15   ` Robin Jarry
2024-11-27  8:59     ` Burakov, Anatoly
2024-11-27  9:13 ` [PATCH v3 " Anatoly Burakov
2024-11-29  8:08   ` Robin Jarry
2024-11-29 13:42   ` Thomas Monjalon
2024-12-02  9:31 ` [PATCH v4 " Anatoly Burakov
2024-12-02  9:35   ` Burakov, Anatoly
2024-12-04 12:33   ` Burakov, Anatoly

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).