From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 269CDA09EE for ; Tue, 15 Dec 2020 13:56:20 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 1DD15CA28; Tue, 15 Dec 2020 13:56:19 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by dpdk.org (Postfix) with ESMTP id EFEAACA36 for ; Tue, 15 Dec 2020 13:56:16 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1608036975; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Umz4b52I43kM8mBZunbyf+xNGW/HxJzXIvFLaDGeaLk=; b=BWTe4aNiIZ5sQeIROA9DXWd6XaW9RKVeD8ec1GBeN+EvLL7L8wsPOsc5CkWbpHSpzi8g+a HxdEVrzaZBimH5vYBBufSv5AdQPv6Z/+dKnTrc/7ZBkkvUVj/8YCnHp61Nm/H3BxSULZ8D 0JYcCxrHRW5+03TsxG1VqOLcXYzZ/hU= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-409-7PeChaBzND-7w4pf4h2gJA-1; Tue, 15 Dec 2020 07:56:12 -0500 X-MC-Unique: 7PeChaBzND-7w4pf4h2gJA-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 79FF91005504; Tue, 15 Dec 2020 12:56:11 +0000 (UTC) Received: from rh.redhat.com (ovpn-114-24.ams2.redhat.com [10.36.114.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3600B5D6A1; Tue, 15 Dec 2020 12:56:10 +0000 (UTC) From: Kevin Traynor To: Anatoly Burakov Cc: Ferruh Yigit , Bruce Richardson , dpdk stable Date: Tue, 15 Dec 2020 12:55:52 +0000 Message-Id: <20201215125553.59404-4-ktraynor@redhat.com> In-Reply-To: <20201215125553.59404-1-ktraynor@redhat.com> References: <20201215125553.59404-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Subject: [dpdk-stable] patch 'doc: clarify instructions on running as non-root' has been queued to LTS release 18.11.11 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" Hi, FYI, your patch has been queued to LTS release 18.11.11 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 12/16/20. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable-queue This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable-queue/commit/05a0668483cbdf5ef15ee65078cc8fb9c83eabff Thanks. Kevin. --- >From 05a0668483cbdf5ef15ee65078cc8fb9c83eabff Mon Sep 17 00:00:00 2001 From: Anatoly Burakov Date: Thu, 19 Nov 2020 10:52:44 +0000 Subject: [PATCH] doc: clarify instructions on running as non-root [ upstream commit 3c3a861ce07e507dadda56091bc39cb92c3ae928 ] The current instructions are slightly out of date when it comes to providing information about setting up the system for using DPDK as non-root, so update them. Signed-off-by: Anatoly Burakov Reviewed-by: Ferruh Yigit Acked-by: Bruce Richardson --- doc/guides/linux_gsg/enable_func.rst | 58 ++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst index ad11bc9e4e..459a952ce3 100644 --- a/doc/guides/linux_gsg/enable_func.rst +++ b/doc/guides/linux_gsg/enable_func.rst @@ -59,20 +59,49 @@ The application can then determine what action to take, if any, if the HPET is n Running DPDK Applications Without Root Privileges --------------------------------------------------------- +------------------------------------------------- + +In order to run DPDK as non-root, the following Linux filesystem objects' +permissions should be adjusted to ensure that the Linux account being used to +run the DPDK application has access to them: + +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages`` + +* If the HPET is to be used, ``/dev/hpet`` + +When running as non-root user, there may be some additional resource limits +that are imposed by the system. Specifically, the following resource limits may +need to be adjusted in order to ensure normal DPDK operation: + +* RLIMIT_LOCKS (number of file locks that can be held by a process) + +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process) + +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have) + +The above limits can usually be adjusted by editing +``/etc/security/limits.conf`` file, and rebooting. + +Additionally, depending on which kernel driver is in use, the relevant +resources also should be accessible by the user running the DPDK application. + +For ``vfio-pci`` kernel driver, the following Linux file system objects' +permissions should be adjusted: + +* The VFIO device file, ``/dev/vfio/vfio`` + +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of + devices intended to be used by DPDK, for example, ``/dev/vfio/50`` .. note:: - The instructions below will allow running DPDK as non-root with older - Linux kernel versions. However, since version 4.0, the kernel does not allow - unprivileged processes to read the physical address information from - the pagemaps file, making it impossible for those processes to use HW - devices which require physical addresses + The instructions below will allow running DPDK with ``igb_uio`` or + ``uio_pci_generic`` drivers as non-root with older Linux kernel versions. + However, since version 4.0, the kernel does not allow unprivileged processes + to read the physical address information from the pagemaps file, making it + impossible for those processes to be used by non-privileged users. In such + cases, using the VFIO driver is recommended. -Although applications using the DPDK use network ports and other hardware resources directly, -with a number of small permission adjustments it is possible to run these applications as a user other than "root". -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that -the Linux user account being used to run the DPDK application has access to them: - -* All directories which serve as hugepage mount points, for example, ``/mnt/huge`` +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file +system objects' permissions should be adjusted: * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on @@ -83,9 +112,4 @@ the Linux user account being used to run the DPDK application has access to them /sys/class/uio/uio0/device/resource* -* If the HPET is to be used, ``/dev/hpet`` - -.. note:: - - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default. Power Management and Power Saving Functionality -- 2.26.2 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2020-12-15 12:52:22.066581852 +0000 +++ 0004-doc-clarify-instructions-on-running-as-non-root.patch 2020-12-15 12:52:21.952978730 +0000 @@ -1 +1 @@ -From 3c3a861ce07e507dadda56091bc39cb92c3ae928 Mon Sep 17 00:00:00 2001 +From 05a0668483cbdf5ef15ee65078cc8fb9c83eabff Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit 3c3a861ce07e507dadda56091bc39cb92c3ae928 ] + @@ -10,2 +11,0 @@ -Cc: stable@dpdk.org - @@ -20 +20 @@ -index a2339a877b..45fd53ba36 100644 +index ad11bc9e4e..459a952ce3 100644 @@ -23 +23 @@ -@@ -61,20 +61,49 @@ The application can then determine what action to take, if any, if the HPET is n +@@ -59,20 +59,49 @@ The application can then determine what action to take, if any, if the HPET is n @@ -85 +85 @@ -@@ -85,9 +114,4 @@ the Linux user account being used to run the DPDK application has access to them +@@ -83,9 +112,4 @@ the Linux user account being used to run the DPDK application has access to them