From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 0927FA0093 for ; Fri, 17 Jun 2022 13:25:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id B607F42B71; Fri, 17 Jun 2022 13:25:28 +0200 (CEST) Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2057.outbound.protection.outlook.com [40.107.100.57]) by mails.dpdk.org (Postfix) with ESMTP id 4042D42802; Fri, 17 Jun 2022 13:25:23 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DAiZKCLn82ilc+m3KXwVxEJEzwrUPSoYcy1rkGNo9ipPH4E+VVSCmxSp7ChMYAbXn9kkF4onDOI6R6F7gEZoHecRR9kfLlK8nFU01jpjDtut0r3H0KxpDVmCLvjx2F2QKRg7MzglYyA5KUhI9Z4bD34I26WkJhDe/ku6KnFO3YJzkDupgCnjhoNrzEhiyt7/GF2F+f4AWj3L/ECah4aGLdayy1V1uahI/CzPr62VFuoEJR/RobuRfLPZl1ne7t4133pdSIuSIWfIxpAhuHvAiKoNUzX5Wnu8zSkJR+8JHhv7EX7bZSDcTwIrFs2iq1Oo/5fULghx7nP3TwFwf0Mdcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3PZsvV8UxwsCCg8Cj9IG54/SfJSnJ2wFglvspkVHfQs=; b=Jsp3Do3sgB9PZWrZB/urzSu3BPfnvj5Gw2IUM8QATSqWIAH2RVO5YIbNu+d9Zy6hcNz2ljJMmjHhzm+5VvDT6wcfe1YHUlcjAv1SJ66yenJ1Zgb4nJGpiOIT/GcthOJ9Ry+iu7u8c6ptMbQku9EtRt/PtonW15Jys7LygDF6SnJfjGD/FPnoM7jBSh5cyMgifVG0FVPUTTczpAV4qMmmJN3mUF0Pb4hV1hNpLOvOe74f69URQFUQiVRNN6FMuLDWraQAewjYJQhCNYujt4klkRaIrbagm90Yrt+UWaPvWKy5VgA6aIRp0gMzqXQdCA++YHsw2EbVm5DZj0t+iAaQUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 12.22.5.235) smtp.rcpttodomain=dpdk.org smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3PZsvV8UxwsCCg8Cj9IG54/SfJSnJ2wFglvspkVHfQs=; b=JexhAxt2BlE1NwpDaCUC/PMWNZmdrI1l6xlI8O820ZObPFKjFWxnqaq2mUP3v13ypW4MxoGiO7ZLJ3GIkmmyPCvxQ/vgBwkp1d7Z5o3XFBiGFcErDiyynhIvt7/y0WKwKhL9w+RijEZ0xyrjKaDpKWcdDMJpkTk0kWXsnSBX1TC/NzOZ4kdJhqJmpG2qL4A+rwdvvqN80ImZ8/SmbZjtSeZzRUWzukB+zVriQbKAKyGsEzYNMCR4eXoawPb+0ifqp2ewfAsZiw3FoLaG/m59RoTvJzrMzFTjMLZE3RcXFqLMp3YKgIeN6kyvopcAta9A7XJe1rc6/FAcXYQgR7uc4Q== Received: from BN6PR16CA0021.namprd16.prod.outlook.com (2603:10b6:404:f5::31) by SN6PR12MB4751.namprd12.prod.outlook.com (2603:10b6:805:df::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.16; Fri, 17 Jun 2022 11:25:21 +0000 Received: from BN8NAM11FT030.eop-nam11.prod.protection.outlook.com (2603:10b6:404:f5:cafe::50) by BN6PR16CA0021.outlook.office365.com (2603:10b6:404:f5::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.14 via Frontend Transport; Fri, 17 Jun 2022 11:25:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 12.22.5.235) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 12.22.5.235 as permitted sender) receiver=protection.outlook.com; client-ip=12.22.5.235; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (12.22.5.235) by BN8NAM11FT030.mail.protection.outlook.com (10.13.177.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.5353.14 via Frontend Transport; Fri, 17 Jun 2022 11:25:21 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by DRHQMAIL107.nvidia.com (10.27.9.16) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Fri, 17 Jun 2022 11:25:20 +0000 Received: from rnnvmail205.nvidia.com (10.129.68.10) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.22; Fri, 17 Jun 2022 04:25:19 -0700 Received: from nvidia.com (10.127.8.11) by mail.nvidia.com (10.129.68.10) with Microsoft SMTP Server id 15.2.986.22 via Frontend Transport; Fri, 17 Jun 2022 04:25:18 -0700 From: Dmitry Kozlyuk To: CC: Subject: [PATCH v2 4/4] doc: update instructions for running as non-root for MLX5 Date: Fri, 17 Jun 2022 14:25:08 +0300 Message-ID: <20220617112508.3823291-5-dkozlyuk@nvidia.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220617112508.3823291-1-dkozlyuk@nvidia.com> References: <20220607234949.2311884-1-dkozlyuk@nvidia.com> <20220617112508.3823291-1-dkozlyuk@nvidia.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 72421ff8-599b-4957-f6a3-08da50541091 X-MS-TrafficTypeDiagnostic: SN6PR12MB4751:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: y/PyTlDJb10/iEc93ntiZnNttyYKZJOBBwN9S10JuchPBXXVFxtpsaBgH/eNItA83LWAjj78l8TFmDWNzRGoVlFrU6z84LMXFAn2jZP4Tfp9mzwmrfKgNhAfFlLHniaTOnvkGcgLJfBCR+6doPKTWFG/RWpCaDo0FoQXkKHrZ4qL7wudKrC4yB+I655D/WyvfPQend8DHEXtEn8bDhL78jftgxALkZRLHEiZA5urpgrX2MFIjMuC/VEEIrarkUEt/HC9lIw/x4kPh98kO/SwKh9bzf0yL9mmchCnZxpgcbHfL2MFzqa3GLtxUJUHTnwGCXeJfKdQeV6PUAvmRONiu7YyestMGcGqRkXWxRfSKkAJucwBUt8jbmk4KhUvCaW3/Df5qjUFlVVfGmtgauTNt370HzyL9VB6Lz1jM/4SG5oxhMg8U5DQIBb/ZJt8BqOUkxIffuS6gSDav4W7RYCW7fvrZhOmw4izRbgkGEM8I96Fw4GiZUBi9vCaCLrP9cmv85N6c1rK9uCyMhMTOD96xbPyVDS2hNKI4hJQM9qMim3w9n/TYWrIvJO74enV00pYp+M7uVPfQn+LdKuvSfmc4ubnJXVrGvL26m35Ab119hnIbvBXernPZ5YJvHyW2PUXQANN7h6hexSjWVPpdokchZurb+Cx/nMz83l4KoxIhrs+Bfmzpms3dLOy97myBGEZTEJmSXD0XmVyaD1YqwdABQ== X-Forefront-Antispam-Report: CIP:12.22.5.235; CTRY:US; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:InfoNoRecords; CAT:NONE; SFS:(13230016)(4636009)(40470700004)(46966006)(36840700001)(2616005)(82310400005)(1076003)(186003)(83380400001)(47076005)(336012)(426003)(86362001)(7696005)(26005)(6666004)(55016003)(6286002)(36860700001)(2906002)(8936002)(6916009)(5660300002)(36756003)(81166007)(498600001)(356005)(70586007)(4326008)(8676002)(450100002)(70206006)(316002)(40460700003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2022 11:25:21.0260 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 72421ff8-599b-4957-f6a3-08da50541091 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[12.22.5.235]; Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: BN8NAM11FT030.eop-nam11.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR12MB4751 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Reference the common guide for generic setup. Remove excessive capabilities from the recommended list. Cc: stable@dpdk.org Signed-off-by: Dmitry Kozlyuk --- doc/guides/platform/mlx5.rst | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/doc/guides/platform/mlx5.rst b/doc/guides/platform/mlx5.rst index 64a4c5e76e..18d38f3488 100644 --- a/doc/guides/platform/mlx5.rst +++ b/doc/guides/platform/mlx5.rst @@ -404,25 +404,30 @@ The device can be bound again at this point. Run as Non-Root ^^^^^^^^^^^^^^^ -In order to run as a non-root user, -some capabilities must be granted to the application:: +Hugepage and resource limit setup are documented +in the :ref:`common Linux guide `. +This PMD can operate without access to physical addresses, +therefore it does not require ``SYS_ADMIN`` to access ``/proc/self/pagemaps``. +Note that this requirement may still come from other drivers. - setcap cap_sys_admin,cap_net_admin,cap_net_raw,cap_ipc_lock+ep +Below are additional capabilities that must be granted to the application +with the reasons for the need of each capability: -Below are the reasons for the need of each capability: +``NET_RAW`` + For raw Ethernet queue allocation through the kernel driver. -``cap_sys_admin`` - When using physical addresses (PA mode), with Linux >= 4.0, - for access to ``/proc/self/pagemap``. +``NET_ADMIN`` + For device configuration, like setting link status or MTU. -``cap_net_admin`` - For device configuration. +``SYS_RAWIO`` + For using group 1 and above (software steering) in Flow API. -``cap_net_raw`` - For raw ethernet queue allocation through kernel driver. +They can be manually granted for a specific executable file:: -``cap_ipc_lock`` - For DMA memory pinning. + setcap cap_net_raw,cap_net_admin,cap_sys_rawio+ep + +Alternatively, a service manager or a container runtime +may configure the capabilities for a process. Windows Environment -- 2.25.1