From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 27AF4A04DB for ; Mon, 30 Nov 2020 12:50:53 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1C8265928; Mon, 30 Nov 2020 12:50:52 +0100 (CET) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by dpdk.org (Postfix) with ESMTP id 3F4BA4C93 for ; Mon, 30 Nov 2020 12:50:51 +0100 (CET) Received: by mail-wr1-f46.google.com with SMTP id o1so1839915wrx.7 for ; Mon, 30 Nov 2020 03:50:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=vtl2zphBrbMUIGBrnCJWfi6Anml9CZnFXrpPa7RBqLs=; b=ereBUazJgug6eqA/5tOvteIS1KYHwR3vBj524GqUTa2ACVbK9wxoeXrEjQBhlIzGc0 stCoBo97Axo6JJ89uiqsf6vrfZVLIU61kRxcvfCjTDlevg9EwJeBWq3kNPTGLW0ic4H5 HaDicwNYwyE5PXPEWPivDcp6uLboMKntwsr3h9u/wWxBer0IYSEttpYiGsBgK7RXMy6q NaHzv+6h9NjYahAd03MLF25o9IxkfWcpz7McULON6sH6S9q3u5EEZtLLvIxH4WWYssEi /lPSa/PI4iU6xymYlJSRKLt7nyiqzIjx/whgXcup3ci4w3/VG9XUOAi8leda97sMsh2j C72g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=vtl2zphBrbMUIGBrnCJWfi6Anml9CZnFXrpPa7RBqLs=; b=NY6lDYXoALDmeZrdZq2ldPrLQYd/UEG0w9591VGFF3/kviYDq8yMn8qF/L9WC53Nvy RSHLvNAYpjdEF+6ie/HFo3zb1LOTBQBa36YlyLQaprSd2BXpTyFGUOc4QTHCWEcBiAPA rvj9Q9Al/24zXqpVfeWsF89BKz1xnodXSutCNbeSR5FntBTH7mArS9JoL+Cu/G9yV4uy dR/dqpdWRRfEqhEv/tf42u3yuHxjseR+1/BnsMyEeyJO/6/prsZQO4u40hp+E4UteFoZ YJBFl8jI4VnyFbOOSJiAXpAE0bwuJGj6GMJRm/FfMRXw0bpxBJc+qnW/yzvQS5ziUdxw 2FZg== X-Gm-Message-State: AOAM533i+2zCndizhjvHW/XvbsvhYq0kycHv/CNmaT+8TVuCMoroe8Af IKNlAOjCs4yE+pVtGPAd/eU= X-Google-Smtp-Source: ABdhPJy2TFNECodf+Ef3arQIAsL91kzepfd3/DfCGSfRLOAGB65cnKCAJ7kH0kRn4SAgvLmZUkJ7ng== X-Received: by 2002:a5d:4a45:: with SMTP id v5mr20935755wrs.226.1606737050021; Mon, 30 Nov 2020 03:50:50 -0800 (PST) Received: from localhost ([88.98.246.218]) by smtp.gmail.com with ESMTPSA id w3sm24629307wma.3.2020.11.30.03.50.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 30 Nov 2020 03:50:49 -0800 (PST) From: luca.boccassi@gmail.com To: Anatoly Burakov Cc: Ferruh Yigit , Bruce Richardson , dpdk stable Date: Mon, 30 Nov 2020 11:50:25 +0000 Message-Id: <20201130115027.64046-7-luca.boccassi@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201130115027.64046-1-luca.boccassi@gmail.com> References: <20201028104606.3504127-1-luca.boccassi@gmail.com> <20201130115027.64046-1-luca.boccassi@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: [dpdk-stable] patch 'doc: clarify instructions on running as non-root' has been queued to stable release 19.11.6 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to stable release 19.11.6 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/02/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/bluca/dpdk-stable This queued commit can be viewed at: https://github.com/bluca/dpdk-stable/commit/9e8ce064b77555f61c8684820f82d325f05f4311 Thanks. Luca Boccassi --- >From 9e8ce064b77555f61c8684820f82d325f05f4311 Mon Sep 17 00:00:00 2001 From: Anatoly Burakov Date: Thu, 19 Nov 2020 10:52:44 +0000 Subject: [PATCH] doc: clarify instructions on running as non-root [ upstream commit 3c3a861ce07e507dadda56091bc39cb92c3ae928 ] The current instructions are slightly out of date when it comes to providing information about setting up the system for using DPDK as non-root, so update them. Signed-off-by: Anatoly Burakov Reviewed-by: Ferruh Yigit Acked-by: Bruce Richardson --- doc/guides/linux_gsg/enable_func.rst | 58 ++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst index ad11bc9e4e..459a952ce3 100644 --- a/doc/guides/linux_gsg/enable_func.rst +++ b/doc/guides/linux_gsg/enable_func.rst @@ -58,22 +58,51 @@ The application can then determine what action to take, if any, if the HPET is n if any, and on what is available on the system at runtime. Running DPDK Applications Without Root Privileges --------------------------------------------------------- +------------------------------------------------- + +In order to run DPDK as non-root, the following Linux filesystem objects' +permissions should be adjusted to ensure that the Linux account being used to +run the DPDK application has access to them: + +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages`` + +* If the HPET is to be used, ``/dev/hpet`` + +When running as non-root user, there may be some additional resource limits +that are imposed by the system. Specifically, the following resource limits may +need to be adjusted in order to ensure normal DPDK operation: + +* RLIMIT_LOCKS (number of file locks that can be held by a process) + +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process) + +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have) + +The above limits can usually be adjusted by editing +``/etc/security/limits.conf`` file, and rebooting. + +Additionally, depending on which kernel driver is in use, the relevant +resources also should be accessible by the user running the DPDK application. + +For ``vfio-pci`` kernel driver, the following Linux file system objects' +permissions should be adjusted: + +* The VFIO device file, ``/dev/vfio/vfio`` + +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of + devices intended to be used by DPDK, for example, ``/dev/vfio/50`` .. note:: - The instructions below will allow running DPDK as non-root with older - Linux kernel versions. However, since version 4.0, the kernel does not allow - unprivileged processes to read the physical address information from - the pagemaps file, making it impossible for those processes to use HW - devices which require physical addresses + The instructions below will allow running DPDK with ``igb_uio`` or + ``uio_pci_generic`` drivers as non-root with older Linux kernel versions. + However, since version 4.0, the kernel does not allow unprivileged processes + to read the physical address information from the pagemaps file, making it + impossible for those processes to be used by non-privileged users. In such + cases, using the VFIO driver is recommended. -Although applications using the DPDK use network ports and other hardware resources directly, -with a number of small permission adjustments it is possible to run these applications as a user other than "root". -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that -the Linux user account being used to run the DPDK application has access to them: - -* All directories which serve as hugepage mount points, for example, ``/mnt/huge`` +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file +system objects' permissions should be adjusted: * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on @@ -82,11 +111,6 @@ the Linux user account being used to run the DPDK application has access to them /sys/class/uio/uio0/device/config /sys/class/uio/uio0/device/resource* -* If the HPET is to be used, ``/dev/hpet`` - -.. note:: - - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default. Power Management and Power Saving Functionality ----------------------------------------------- -- 2.27.0 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-11-30 11:49:30.611719769 +0000 +++ 0007-doc-clarify-instructions-on-running-as-non-root.patch 2020-11-30 11:49:30.402271747 +0000 @@ -1 +1 @@ -From 3c3a861ce07e507dadda56091bc39cb92c3ae928 Mon Sep 17 00:00:00 2001 +From 9e8ce064b77555f61c8684820f82d325f05f4311 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 3c3a861ce07e507dadda56091bc39cb92c3ae928 ] + @@ -10,2 +11,0 @@ -Cc: stable@dpdk.org - @@ -20 +20 @@ -index a2339a877b..45fd53ba36 100644 +index ad11bc9e4e..459a952ce3 100644 @@ -23 +23 @@ -@@ -60,22 +60,51 @@ The application can then determine what action to take, if any, if the HPET is n +@@ -58,22 +58,51 @@ The application can then determine what action to take, if any, if the HPET is n @@ -87 +87 @@ -@@ -84,11 +113,6 @@ the Linux user account being used to run the DPDK application has access to them +@@ -82,11 +111,6 @@ the Linux user account being used to run the DPDK application has access to them