From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 96E70A04B1; Mon, 24 Aug 2020 17:45:13 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0EAD9F72; Mon, 24 Aug 2020 17:45:13 +0200 (CEST) Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 4CBF9F04; Mon, 24 Aug 2020 17:45:10 +0200 (CEST) IronPort-SDR: eHXf9Hhmq5LcdaKmBpl6ffKQj18GGRqsOcpeSWnMk2J4b5DjnTwh9D6KvYwnRtSFq3vZsIRBAh sZXt9DR83kdw== X-IronPort-AV: E=McAfee;i="6000,8403,9722"; a="240746374" X-IronPort-AV: E=Sophos;i="5.76,349,1592895600"; d="scan'208";a="240746374" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga105.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Aug 2020 08:45:08 -0700 IronPort-SDR: LRpd+YQUu0lfnuU9Rx/5sCeyL1KO19pFn6jFi278YltLtKtTG6HfT5HsbeJL0KJ4qqdNvGQCrD P1z/vY3mhKnQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,349,1592895600"; d="scan'208";a="294646741" Received: from silpixa00399498.ir.intel.com (HELO silpixa00399498.ger.corp.intel.com) ([10.237.222.52]) by orsmga003.jf.intel.com with ESMTP; 24 Aug 2020 08:45:00 -0700 From: Anatoly Burakov To: dev@dpdk.org Cc: John McNamara , Marko Kovacevic , ferruh.yigit@intel.com, bruce.richardson@intel.com, padraig.j.connolly@intel.com, stable@dpdk.org Date: Mon, 24 Aug 2020 16:45:00 +0100 Message-Id: X-Mailer: git-send-email 2.17.1 Subject: [dpdk-dev] [PATCH 1/2] doc/linux_gsg: clarify instructions on running as non-root X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The current instructions are slightly out of date when it comes to providing information about setting up the system for using DPDK as non-root, so update them. Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov --- doc/guides/linux_gsg/enable_func.rst | 54 ++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst index b2bda80bb7..78b0f7c012 100644 --- a/doc/guides/linux_gsg/enable_func.rst +++ b/doc/guides/linux_gsg/enable_func.rst @@ -58,22 +58,34 @@ The application can then determine what action to take, if any, if the HPET is n if any, and on what is available on the system at runtime. Running DPDK Applications Without Root Privileges --------------------------------------------------------- +------------------------------------------------- -.. note:: +In order to run DPDK as non-root, the following Linux filesystem objects' +permissions should be adjusted to ensure that the Linux account being used to +run the DPDK application has access to them: - The instructions below will allow running DPDK as non-root with older - Linux kernel versions. However, since version 4.0, the kernel does not allow - unprivileged processes to read the physical address information from - the pagemaps file, making it impossible for those processes to use HW - devices which require physical addresses +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages`` -Although applications using the DPDK use network ports and other hardware resources directly, -with a number of small permission adjustments it is possible to run these applications as a user other than "root". -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that -the Linux user account being used to run the DPDK application has access to them: +* If the HPET is to be used, ``/dev/hpet`` -* All directories which serve as hugepage mount points, for example, ``/mnt/huge`` +When running as non-root user, there may be some additional resource limits +that are imposed by the system. Specifically, the following resource limits may +need to be adjusted in order to ensure normal DPDK operation: + +* RLIMIT_LOCKS (number of file locks that can be held by a process) + +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process) + +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have) + +The above limits can usually be adjusted by editing +``/etc/security/limits.conf`` file, and rebooting. + +Additionally, depending on which kernel driver is in use, the relevant +resources also should be accessible by the user running the DPDK application. + +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file +system objects' permissions should be adjusted: * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on @@ -82,11 +94,23 @@ the Linux user account being used to run the DPDK application has access to them /sys/class/uio/uio0/device/config /sys/class/uio/uio0/device/resource* -* If the HPET is to be used, ``/dev/hpet`` - .. note:: - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default. + The instructions above will allow running DPDK with ``igb_uio`` driver as + non-root with older Linux kernel versions. However, since version 4.0, the + kernel does not allow unprivileged processes to read the physical address + information from the pagemaps file, making it impossible for those + processes to be used by non-privileged users. In such cases, using the VFIO + driver is recommended. + +For ``vfio-pci`` kernel driver, the following Linux file system objects' +permissions should be adjusted: + +* The VFIO device file , ``/dev/vfio/vfio`` + +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of + devices intended to be used by DPDK, for example, ``/dev/vfio/50`` + Power Management and Power Saving Functionality ----------------------------------------------- -- 2.17.1