From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dts-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B6B51A052B;
	Thu, 30 Jul 2020 18:55:32 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 330AC2BBD;
	Thu, 30 Jul 2020 18:55:32 +0200 (CEST)
Received: from mail-ot1-f65.google.com (mail-ot1-f65.google.com
 [209.85.210.65]) by dpdk.org (Postfix) with ESMTP id 1683DE07
 for <dts@dpdk.org>; Thu, 30 Jul 2020 18:55:29 +0200 (CEST)
Received: by mail-ot1-f65.google.com with SMTP id q9so4930253oth.5
 for <dts@dpdk.org>; Thu, 30 Jul 2020 09:55:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=iol.unh.edu; s=unh-iol;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=sn1Xn9sBz4zw5VIXSkV38d4nWNcFQ7n3dFLovEP9thg=;
 b=dmCImG9oXJ5xlLj8LirJ9HUBLbbQMlyvQ7IH59Ni3FADS8i3JTjsdHsrDCJVHcYfmY
 elzdoycAzV79aTKr0YDUP8u6AfVzO9GPPlCarZeZ6kojbFYlZgGa5CjKUDOBc75W0qOy
 jcfiy1uNG0d7r5etjN68dFF0gAvwWkVS0I/Z8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=sn1Xn9sBz4zw5VIXSkV38d4nWNcFQ7n3dFLovEP9thg=;
 b=JzYqWu/Ex/olC6sza3gPLvgXVaDqg8wno5Ve60YVOYloDa8mBvhHFymMwQc/QnpNEJ
 2eSzGrLvQEaNcHD7OAvVd3jBO9vLIxSb1Fiup5v7w4O6M4a0eY9JWB2iBvnTUr4rWt8T
 h3gD68qv6qHgI/+ETDWT7Bh/6rAHfkfxjHGSBjxWOE6FKmnGgX2BGkidaJk/Ty52iQMF
 7TxmHwHitwP+F0Qwz7q65Y0ZD9oy6SHXhf/IqZ57DdD0WsRJo0xlIH8TFXqerya6v0Co
 8CylsW4zWl9uChBWtv7PgaxCT19bASOH03HoyZKWKKVOFkcM8dsBSRTLqQLm5RaVscIW
 +5zQ==
X-Gm-Message-State: AOAM530kWuQMWALZ+n4nXzi0XECpQB5WRuePrErlN/BlngE960rVry2z
 4Il+hB7P5/FKcpTKTYBcUBVGVmvWweseAPtq1eTTLw==
X-Google-Smtp-Source: ABdhPJx08hi75SSy9VmBRgm0zFytO8jWvPtpl5YciD9secBAeqmxR5x6qJKFGIbfKJx+nIc++nVrNI/N88slC2EI0sg=
X-Received: by 2002:a05:6830:1e67:: with SMTP id
 m7mr2798100otr.359.1596128128325; 
 Thu, 30 Jul 2020 09:55:28 -0700 (PDT)
MIME-Version: 1.0
References: <CAHx6DYBhdOzZRbvMUBLDCbfbsuffgqgWAHstvyD1HmP=sj4tGA@mail.gmail.com>
 <c70020a2-8948-dda4-bf1f-f5c29ec151b1@intel.com>
In-Reply-To: <c70020a2-8948-dda4-bf1f-f5c29ec151b1@intel.com>
From: Owen Hilyard <ohilyard@iol.unh.edu>
Date: Thu, 30 Jul 2020 12:54:52 -0400
Message-ID: <CAHx6DYDJGareBnmajrR6wZE=w0QhyQTn1XQ1boq=No0fnGdWUQ@mail.gmail.com>
To: "Burakov, Anatoly" <anatoly.burakov@intel.com>
Cc: dts@dpdk.org, dev@dpdk.org, Lincoln Lavoie <lylavoie@iol.unh.edu>
Content-Type: multipart/alternative; boundary="0000000000001afaea05abab8a2c"
Subject: Re: [dts] [dpdk-dev] Userspace testing
X-BeenThere: dts@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: test suite reviews and discussions <dts.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dts>,
 <mailto:dts-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dts/>
List-Post: <mailto:dts@dpdk.org>
List-Help: <mailto:dts-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dts>,
 <mailto:dts-request@dpdk.org?subject=subscribe>
Errors-To: dts-bounces@dpdk.org
Sender: "dts" <dts-bounces@dpdk.org>

--0000000000001afaea05abab8a2c
Content-Type: text/plain; charset="UTF-8"

Thanks for the advice.

I was wondering about the state of the "Setup VFIO permissions" option in
the setup script. It seems to just modify the character device's
permissions and then check their memory limit. Should this option also
handle the hugepages setup?

Thanks

On Wed, Jul 29, 2020 at 11:35 AM Burakov, Anatoly <anatoly.burakov@intel.com>
wrote:

> On 29-Jul-20 3:34 PM, Owen Hilyard wrote:
> > Hello all,
> >
> > I was wondering what everyone's thoughts on doing both userspace testing
> > and unprivileged testing of dpdk applications is. DTS currently runs all
> > commands on the tester and the dut as the root user. Please correct me if
> > I'm wrong, but I was under the assumption that most applications written
> > with dpdk would not run as root. This could present a problem since it is
> > possible that permissions errors could arise and we wouldn't notice it
> due
> > to the way we currently test. Given that, I was wondering what should and
> > should not be possible as a normal (non-root) user, and what would be the
> > best way to go about verifying this.
> >
> > Thanks
> >
>
> This is useful, but not everything is supposed to work with limited
> privileges. Things that definitely *won't* work are KNI and anything
> igb_uio-related. Everything VFIO should work fine, and setting up
> correct permissions for hugepages and VFIO is one of the trickier things
> that even I don't know how to do correctly off the top of my head :D
>
> An easy stopgap way of running almost everything as an unprivileged user
> is to use in-memory mode (--in-memory EAL switch); this will cause EAL
> to reserve hugepages etc. without touching the filesystem, sacrificing
> secondary process support in the process (so e.g. EAL autotest won't
> work in --in-memory mode as it relies on secondary process support).
>
> So, i would say that it would be a valuable thing to test for, but be
> aware that not everything is expected to work.
>
> --
> Thanks,
> Anatoly
>

--0000000000001afaea05abab8a2c
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr">Thanks for the advice.<br><br>I was wonde=
ring about the state of the &quot;Setup VFIO permissions&quot; option in th=
e setup script. It seems to just modify the character device&#39;s permissi=
ons and then check their memory limit. Should this option also handle the h=
ugepages setup?<div><br></div><div>Thanks</div></div><br><div class=3D"gmai=
l_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Jul 29, 2020 at 11:3=
5 AM Burakov, Anatoly &lt;<a href=3D"mailto:anatoly.burakov@intel.com">anat=
oly.burakov@intel.com</a>&gt; wrote:<br></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,20=
4);padding-left:1ex">On 29-Jul-20 3:34 PM, Owen Hilyard wrote:<br>
&gt; Hello all,<br>
&gt; <br>
&gt; I was wondering what everyone&#39;s thoughts on doing both userspace t=
esting<br>
&gt; and unprivileged testing of dpdk applications is. DTS currently runs a=
ll<br>
&gt; commands on the tester and the dut as the root user. Please correct me=
 if<br>
&gt; I&#39;m wrong, but I was under the assumption that most applications w=
ritten<br>
&gt; with dpdk would not run as root. This could present a problem since it=
 is<br>
&gt; possible that permissions errors could arise and we wouldn&#39;t notic=
e it due<br>
&gt; to the way we currently test. Given that, I was wondering what should =
and<br>
&gt; should not be possible as a normal (non-root) user, and what would be =
the<br>
&gt; best way to go about verifying this.<br>
&gt; <br>
&gt; Thanks<br>
&gt; <br>
<br>
This is useful, but not everything is supposed to work with limited <br>
privileges. Things that definitely *won&#39;t* work are KNI and anything <b=
r>
igb_uio-related. Everything VFIO should work fine, and setting up <br>
correct permissions for hugepages and VFIO is one of the trickier things <b=
r>
that even I don&#39;t know how to do correctly off the top of my head :D<br=
>
<br>
An easy stopgap way of running almost everything as an unprivileged user <b=
r>
is to use in-memory mode (--in-memory EAL switch); this will cause EAL <br>
to reserve hugepages etc. without touching the filesystem, sacrificing <br>
secondary process support in the process (so e.g. EAL autotest won&#39;t <b=
r>
work in --in-memory mode as it relies on secondary process support).<br>
<br>
So, i would say that it would be a valuable thing to test for, but be <br>
aware that not everything is expected to work.<br>
<br>
-- <br>
Thanks,<br>
Anatoly<br>
</blockquote></div></div>

--0000000000001afaea05abab8a2c--