From: Anatoly Burakov <anatoly.burakov@intel.com> To: dev@dpdk.org Cc: John McNamara <john.mcnamara@intel.com>, Marko Kovacevic <marko.kovacevic@intel.com>, ferruh.yigit@intel.com, bruce.richardson@intel.com, padraig.j.connolly@intel.com, stable@dpdk.org Subject: [dpdk-stable] [PATCH v2 1/2] doc/linux_gsg: clarify instructions on running as non-root Date: Tue, 25 Aug 2020 13:17:48 +0100 Message-ID: <196e97d2802cf2250577aaa113b9093b0beadb3d.1598357863.git.anatoly.burakov@intel.com> (raw) In-Reply-To: <aca9a5986871ecb3aba7f476fa906a34dabc9e7e.1598283570.git.anatoly.burakov@intel.com> The current instructions are slightly out of date when it comes to providing information about setting up the system for using DPDK as non-root, so update them. Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com> Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com> --- Notes: v2: - Moved VFIO description to be first doc/guides/linux_gsg/enable_func.rst | 54 ++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst index b2bda80bb7..a000def6cc 100644 --- a/doc/guides/linux_gsg/enable_func.rst +++ b/doc/guides/linux_gsg/enable_func.rst @@ -58,22 +58,42 @@ The application can then determine what action to take, if any, if the HPET is n if any, and on what is available on the system at runtime. Running DPDK Applications Without Root Privileges --------------------------------------------------------- +------------------------------------------------- -.. note:: +In order to run DPDK as non-root, the following Linux filesystem objects' +permissions should be adjusted to ensure that the Linux account being used to +run the DPDK application has access to them: - The instructions below will allow running DPDK as non-root with older - Linux kernel versions. However, since version 4.0, the kernel does not allow - unprivileged processes to read the physical address information from - the pagemaps file, making it impossible for those processes to use HW - devices which require physical addresses +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages`` -Although applications using the DPDK use network ports and other hardware resources directly, -with a number of small permission adjustments it is possible to run these applications as a user other than "root". -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that -the Linux user account being used to run the DPDK application has access to them: +* If the HPET is to be used, ``/dev/hpet`` -* All directories which serve as hugepage mount points, for example, ``/mnt/huge`` +When running as non-root user, there may be some additional resource limits +that are imposed by the system. Specifically, the following resource limits may +need to be adjusted in order to ensure normal DPDK operation: + +* RLIMIT_LOCKS (number of file locks that can be held by a process) + +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process) + +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have) + +The above limits can usually be adjusted by editing +``/etc/security/limits.conf`` file, and rebooting. + +Additionally, depending on which kernel driver is in use, the relevant +resources also should be accessible by the user running the DPDK application. + +For ``vfio-pci`` kernel driver, the following Linux file system objects' +permissions should be adjusted: + +* The VFIO device file, ``/dev/vfio/vfio`` + +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of + devices intended to be used by DPDK, for example, ``/dev/vfio/50`` + +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file +system objects' permissions should be adjusted: * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on @@ -82,11 +102,15 @@ the Linux user account being used to run the DPDK application has access to them /sys/class/uio/uio0/device/config /sys/class/uio/uio0/device/resource* -* If the HPET is to be used, ``/dev/hpet`` - .. note:: - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default. + The instructions above will allow running DPDK with ``igb_uio`` driver as + non-root with older Linux kernel versions. However, since version 4.0, the + kernel does not allow unprivileged processes to read the physical address + information from the pagemaps file, making it impossible for those + processes to be used by non-privileged users. In such cases, using the VFIO + driver is recommended. + Power Management and Power Saving Functionality ----------------------------------------------- -- 2.17.1
next prev parent reply other threads:[~2020-08-25 12:17 UTC|newest] Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-08-24 15:45 [dpdk-stable] [PATCH " Anatoly Burakov 2020-08-24 15:45 ` [dpdk-stable] [PATCH 2/2] doc/linux_gsg: update information on using hugepages Anatoly Burakov 2020-08-24 17:13 ` Bruce Richardson 2020-08-25 9:28 ` Burakov, Anatoly 2020-08-24 17:08 ` [dpdk-stable] [PATCH 1/2] doc/linux_gsg: clarify instructions on running as non-root Bruce Richardson 2020-08-25 9:29 ` Burakov, Anatoly 2020-08-25 7:47 ` Ferruh Yigit 2020-08-25 12:17 ` Anatoly Burakov [this message] 2020-08-25 13:06 ` [dpdk-stable] [PATCH v2 " Bruce Richardson 2020-08-25 13:57 ` [dpdk-stable] [PATCH v3 " Anatoly Burakov 2020-11-19 10:52 ` [dpdk-stable] [PATCH v4 1/2] doc: " Anatoly Burakov 2020-11-19 10:52 ` [dpdk-stable] [PATCH v4 2/2] doc/linux_gsg: update information on using hugepages Anatoly Burakov 2020-11-19 21:03 ` [dpdk-stable] [dpdk-dev] " David Marchand 2020-11-20 10:50 ` Burakov, Anatoly 2020-11-27 15:23 ` [dpdk-stable] " Thomas Monjalon 2020-08-25 13:57 ` [dpdk-stable] [PATCH v3 " Anatoly Burakov 2020-08-25 12:17 ` [dpdk-stable] [PATCH v2 " Anatoly Burakov 2020-08-25 13:10 ` Bruce Richardson
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=196e97d2802cf2250577aaa113b9093b0beadb3d.1598357863.git.anatoly.burakov@intel.com \ --to=anatoly.burakov@intel.com \ --cc=bruce.richardson@intel.com \ --cc=dev@dpdk.org \ --cc=ferruh.yigit@intel.com \ --cc=john.mcnamara@intel.com \ --cc=marko.kovacevic@intel.com \ --cc=padraig.j.connolly@intel.com \ --cc=stable@dpdk.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
patches for DPDK stable branches This inbox may be cloned and mirrored by anyone: git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \ stable@dpdk.org public-inbox-index stable Example config snippet for mirrors. Newsgroup available over NNTP: nntp://inbox.dpdk.org/inbox.dpdk.stable AGPL code for this site: git clone https://public-inbox.org/public-inbox.git