From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id E174FA04B1 for ; Tue, 25 Aug 2020 14:17:52 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id BEBC01BE88; Tue, 25 Aug 2020 14:17:52 +0200 (CEST) Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by dpdk.org (Postfix) with ESMTP id DF9A05B30; Tue, 25 Aug 2020 14:17:50 +0200 (CEST) IronPort-SDR: 7sdZJGbadlKGBX+mgFVOqkDjFf99oO8YHmcSFzzly/kpxKd8eeKeb3ntVU9CCbVysQ8ZFlT+dE T7xDu5X2IaJw== X-IronPort-AV: E=McAfee;i="6000,8403,9723"; a="135641739" X-IronPort-AV: E=Sophos;i="5.76,352,1592895600"; d="scan'208";a="135641739" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 25 Aug 2020 05:17:50 -0700 IronPort-SDR: 27b8Gk7LXzL95v0FzobBjVrf1/X9RN+oo4E7JDlgsgQR5ebcAp0i+oof3jP8G+y4RbompNQ7qP UxlH4g5cDScw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.76,352,1592895600"; d="scan'208";a="331386782" Received: from silpixa00399498.ir.intel.com (HELO silpixa00399498.ger.corp.intel.com) ([10.237.222.52]) by fmsmga002.fm.intel.com with ESMTP; 25 Aug 2020 05:17:48 -0700 From: Anatoly Burakov To: dev@dpdk.org Cc: John McNamara , Marko Kovacevic , ferruh.yigit@intel.com, bruce.richardson@intel.com, padraig.j.connolly@intel.com, stable@dpdk.org Date: Tue, 25 Aug 2020 13:17:48 +0100 Message-Id: <196e97d2802cf2250577aaa113b9093b0beadb3d.1598357863.git.anatoly.burakov@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: Subject: [dpdk-stable] [PATCH v2 1/2] doc/linux_gsg: clarify instructions on running as non-root X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" The current instructions are slightly out of date when it comes to providing information about setting up the system for using DPDK as non-root, so update them. Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov Reviewed-by: Ferruh Yigit --- Notes: v2: - Moved VFIO description to be first doc/guides/linux_gsg/enable_func.rst | 54 ++++++++++++++++++++-------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst index b2bda80bb7..a000def6cc 100644 --- a/doc/guides/linux_gsg/enable_func.rst +++ b/doc/guides/linux_gsg/enable_func.rst @@ -58,22 +58,42 @@ The application can then determine what action to take, if any, if the HPET is n if any, and on what is available on the system at runtime. Running DPDK Applications Without Root Privileges --------------------------------------------------------- +------------------------------------------------- -.. note:: +In order to run DPDK as non-root, the following Linux filesystem objects' +permissions should be adjusted to ensure that the Linux account being used to +run the DPDK application has access to them: - The instructions below will allow running DPDK as non-root with older - Linux kernel versions. However, since version 4.0, the kernel does not allow - unprivileged processes to read the physical address information from - the pagemaps file, making it impossible for those processes to use HW - devices which require physical addresses +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages`` -Although applications using the DPDK use network ports and other hardware resources directly, -with a number of small permission adjustments it is possible to run these applications as a user other than "root". -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that -the Linux user account being used to run the DPDK application has access to them: +* If the HPET is to be used, ``/dev/hpet`` -* All directories which serve as hugepage mount points, for example, ``/mnt/huge`` +When running as non-root user, there may be some additional resource limits +that are imposed by the system. Specifically, the following resource limits may +need to be adjusted in order to ensure normal DPDK operation: + +* RLIMIT_LOCKS (number of file locks that can be held by a process) + +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process) + +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have) + +The above limits can usually be adjusted by editing +``/etc/security/limits.conf`` file, and rebooting. + +Additionally, depending on which kernel driver is in use, the relevant +resources also should be accessible by the user running the DPDK application. + +For ``vfio-pci`` kernel driver, the following Linux file system objects' +permissions should be adjusted: + +* The VFIO device file, ``/dev/vfio/vfio`` + +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of + devices intended to be used by DPDK, for example, ``/dev/vfio/50`` + +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file +system objects' permissions should be adjusted: * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on @@ -82,11 +102,15 @@ the Linux user account being used to run the DPDK application has access to them /sys/class/uio/uio0/device/config /sys/class/uio/uio0/device/resource* -* If the HPET is to be used, ``/dev/hpet`` - .. note:: - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default. + The instructions above will allow running DPDK with ``igb_uio`` driver as + non-root with older Linux kernel versions. However, since version 4.0, the + kernel does not allow unprivileged processes to read the physical address + information from the pagemaps file, making it impossible for those + processes to be used by non-privileged users. In such cases, using the VFIO + driver is recommended. + Power Management and Power Saving Functionality ----------------------------------------------- -- 2.17.1