From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 69BF8A04DD for ; Thu, 19 Nov 2020 11:52:53 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 331B62AB; Thu, 19 Nov 2020 11:52:52 +0100 (CET) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 59EE72AB; Thu, 19 Nov 2020 11:52:49 +0100 (CET) IronPort-SDR: O+Evsi2Od8Es0x4NUvpC2rcQH0RW6l73MgB0NqCdN3XUFR6cPT6cF/pDuZshUO240QdFKlYdO/ ZPpYLwsm52EA== X-IronPort-AV: E=McAfee;i="6000,8403,9809"; a="168697371" X-IronPort-AV: E=Sophos;i="5.77,490,1596524400"; d="scan'208";a="168697371" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 19 Nov 2020 02:52:47 -0800 IronPort-SDR: VSPyDn4zTSV6WIg56TtheuZkYMJx+/x7gHhy1Ja62ZxES0GnZ49QePiOOgibJjNxAh/i740Xtj cNd10zY+Gz4A== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,490,1596524400"; d="scan'208";a="330894664" Received: from silpixa00399498.ir.intel.com (HELO silpixa00399498.ger.corp.intel.com) ([10.237.222.52]) by orsmga006.jf.intel.com with ESMTP; 19 Nov 2020 02:52:45 -0800 From: Anatoly Burakov To: dev@dpdk.org Cc: ferruh.yigit@intel.com, bruce.richardson@intel.com, padraig.j.connolly@intel.com, stable@dpdk.org Date: Thu, 19 Nov 2020 10:52:44 +0000 Message-Id: <863ac4ae1f8a1002b06e092cafba0ddaf6c7b1bd.1605783141.git.anatoly.burakov@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <242515b3b0d4ac57ee86cada96af90fb78e14997.1598363848.git.anatoly.burakov@intel.com> References: <242515b3b0d4ac57ee86cada96af90fb78e14997.1598363848.git.anatoly.burakov@intel.com> Subject: [dpdk-stable] [PATCH v4 1/2] doc: clarify instructions on running as non-root X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Sender: "stable" The current instructions are slightly out of date when it comes to providing information about setting up the system for using DPDK as non-root, so update them. Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov Reviewed-by: Ferruh Yigit Acked-by: Bruce Richardson --- Notes: v2: - Moved VFIO description to be first doc/guides/linux_gsg/enable_func.rst | 58 ++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 17 deletions(-) diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst index aab32252ea..29e1b90217 100644 --- a/doc/guides/linux_gsg/enable_func.rst +++ b/doc/guides/linux_gsg/enable_func.rst @@ -60,22 +60,51 @@ The application can then determine what action to take, if any, if the HPET is n if any, and on what is available on the system at runtime. Running DPDK Applications Without Root Privileges --------------------------------------------------------- +------------------------------------------------- + +In order to run DPDK as non-root, the following Linux filesystem objects' +permissions should be adjusted to ensure that the Linux account being used to +run the DPDK application has access to them: + +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages`` + +* If the HPET is to be used, ``/dev/hpet`` + +When running as non-root user, there may be some additional resource limits +that are imposed by the system. Specifically, the following resource limits may +need to be adjusted in order to ensure normal DPDK operation: + +* RLIMIT_LOCKS (number of file locks that can be held by a process) + +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process) + +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have) + +The above limits can usually be adjusted by editing +``/etc/security/limits.conf`` file, and rebooting. + +Additionally, depending on which kernel driver is in use, the relevant +resources also should be accessible by the user running the DPDK application. + +For ``vfio-pci`` kernel driver, the following Linux file system objects' +permissions should be adjusted: + +* The VFIO device file, ``/dev/vfio/vfio`` + +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of + devices intended to be used by DPDK, for example, ``/dev/vfio/50`` .. note:: - The instructions below will allow running DPDK as non-root with older - Linux kernel versions. However, since version 4.0, the kernel does not allow - unprivileged processes to read the physical address information from - the pagemaps file, making it impossible for those processes to use HW - devices which require physical addresses + The instructions below will allow running DPDK with ``igb_uio`` or + ``uio_pci_generic`` drivers as non-root with older Linux kernel versions. + However, since version 4.0, the kernel does not allow unprivileged processes + to read the physical address information from the pagemaps file, making it + impossible for those processes to be used by non-privileged users. In such + cases, using the VFIO driver is recommended. -Although applications using the DPDK use network ports and other hardware resources directly, -with a number of small permission adjustments it is possible to run these applications as a user other than "root". -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that -the Linux user account being used to run the DPDK application has access to them: - -* All directories which serve as hugepage mount points, for example, ``/mnt/huge`` +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file +system objects' permissions should be adjusted: * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on @@ -84,11 +113,6 @@ the Linux user account being used to run the DPDK application has access to them /sys/class/uio/uio0/device/config /sys/class/uio/uio0/device/resource* -* If the HPET is to be used, ``/dev/hpet`` - -.. note:: - - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default. Power Management and Power Saving Functionality ----------------------------------------------- -- 2.17.1