From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) by dpdk.org (Postfix) with ESMTP id 95E091B735 for ; Wed, 9 May 2018 21:44:07 +0200 (CEST) Received: by mail-wm0-f48.google.com with SMTP id j4-v6so408499wme.1 for ; Wed, 09 May 2018 12:44:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JwMEWbOUYkv5HnwOmP1yg9QOATyk/aPhGG2NUHD7L2Y=; b=1g229GRPI1xWay2Po4Yg9ARnjTQzPEGz3NSe+7iG6c27lZ7y/KuxPUMd7rNs4yePeT TjBHUETnMx9lSfq+u7uK68Xcv+cNudpZXMWELD0B8muuY4+usxYGBWr6s/zNIo58CS0v X+aA67ok8QpOGI4e2ICFh3Vy8e40JVwmlfcpwReMI8FjKFIY3vA5hUestUt7m3PBjV3O /PBP+jZbj5xL14sEsK3NQmOl+VAagF5+KNpcSFGA/htnn2r3zdEeLZJjS/r+xqdDSuu3 hqn4hPuLyKXODR9F4N2w3Oj0nNQL6MmHpY5hLUYOdsm2EroMVktaDRSnOI0vYj7QS+1L ccpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JwMEWbOUYkv5HnwOmP1yg9QOATyk/aPhGG2NUHD7L2Y=; b=VvrKnPg8KRP97fIB6NY6ttrZcbAzFmhBvtfJ1Sg/0YGbZSr7d7D0UZKylYFk+0HExI kBxlo33OKr83wazl8CubVzUV0sKd60ENP0/AJ8/veoAlr6ZL4JXqQvtezagVHa2cfU5i 41QYwd7f8UF4p8TqR0Hxxuubk/kHWvZj1PoeuyoKQy6wjsSaOKbRn4uRrlB5C86DtrnZ Em/N0ZALjgcbkN6nBybgE1zKNdK3ZRs8FHS960j691NtJg9qFiD5ULGpplavHACsHgCm iDyzFcaezuVR0w2SlJaH2QGtH6y2GMka7LLA5cu12HSlmYPyW+Ba1rpsTrjGPtPT8M8C 0vsA== X-Gm-Message-State: ALQs6tAeJ2MuOGO8vNvei4bFv4VUzgyGWPcoq4t897MKU/jfThnYf6Qz y0INdmrHIsM3zNI95eVkzQV9MnomAz4HLfiqd9yZeA== X-Google-Smtp-Source: AB8JxZp9pzmVdDH2H9LpeLfLpDXOZsg4u1WPbGuJl7nLhZhMXDVC2ILF+YA63g3jpqyLd+9THwTN8s0a9XUv1uyMBmk= X-Received: by 2002:aa7:d512:: with SMTP id y18-v6mr61619892edq.299.1525895047049; Wed, 09 May 2018 12:44:07 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.212.155 with HTTP; Wed, 9 May 2018 12:44:06 -0700 (PDT) In-Reply-To: References: <20180430172040.13506-1-aconole@redhat.com> <20180430172040.13506-3-aconole@redhat.com> From: Alejandro Lucero Date: Wed, 9 May 2018 20:44:06 +0100 Message-ID: To: Aaron Conole Cc: stable@dpdk.org, Ferruh Yigit , Yuanhan Liu , Eelco Chaudron , Pablo Cascon , Kevin Traynor , Adrien Mazarguil Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-stable] [PATCH 2/2] nfp: allow for non-root user X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2018 19:44:07 -0000 On Wed, May 9, 2018 at 6:53 PM, Aaron Conole wrote: > Alejandro Lucero writes: > > > I have been thinking about this, and there was something that did not > seem right to me, although I > > could not explain what exactly. But this was because we have been > thinking about VFIO and we have > > forgotten UIO. The point is, the lock is not required with VFIO but it > is with UIO, and I'm afraid the > > way we are trying to solve the non-root user problem is not the right > one. > > Okay, makes sense. > > > With VFIO the BARs mapping is done through the kernel VFIO driver, so > once the device is bound to > > the driver, and someone tries to use that device, the VFIO driver > ensures there will not be another > > user trying to access the device. However, with UIO the driver is not > doing the BAR mapping but it is > > the app using the sysfs resource files for that device. It could be, and > in fact it is easy to happen, two > > DPDK apps using the same device, because with DPDK apps there is no > awareness of what other > > DPDK apps are doing. It is in this case where the lock is required, and > creating the lock file in the > > user's home directory is not going to help. > > Also makes sense. > > > I know RH is just interested in using VFIO, but there are other > potential NFP PMD users who may > > want to use UIO instead, and the current solution does not offer the > right protection in that case. > > Maybe the lock patch could be created based on the driver the device is > bound to, leaving /var/lock > > for UIO and the suggested path for the VFIO case. Or even no lock at all > for the VFIO case. > > Well, yes and no. For instance, in the uio case, they will be running > most likely as the root user (because to run as non-root in the uio case > would cause other problems). And in that case, $HOME for all > applications will be root, yes? I think then, it won't matter. > > I think "most likely" is not enough. If RH wants to run OVS as non-root, don't you think there could be other people with same necessities? and using UIO because IOMMU is not available? > I do agree with no lock for the vfio case would be best. Is it relevant > for the newer NFP driver? I haven't had a look yet. If so, then I > think your proposals are fine there. > > For the older one, I only know of one patch that needs to go in (which > fixes the accidentally lost unlink() call). After that, I wouldn't > expect more changes in this area (since each one risks stability of the > code base for a driver that has been replaced). > > > On Mon, Apr 30, 2018 at 6:20 PM, Aaron Conole > wrote: > > > > Currently, the nfp lock files are taken from the global lock file > > location, which will work when the user is running as root. However, > > some distributions and applications (notably ovs 2.8+ on RHEL/Fedora) > > run as a non-root user. > > > > Acked-by: Alejandro Lucero > > Signed-off-by: Aaron Conole > > --- > > drivers/net/nfp/nfp_nfpu.c | 23 ++++++++++++++++++----- > > 1 file changed, 18 insertions(+), 5 deletions(-) > > > > diff --git a/drivers/net/nfp/nfp_nfpu.c b/drivers/net/nfp/nfp_nfpu.c > > index 2ed985ff4..ae2e07220 100644 > > --- a/drivers/net/nfp/nfp_nfpu.c > > +++ b/drivers/net/nfp/nfp_nfpu.c > > @@ -18,6 +18,22 @@ > > #define NFP_CFG_EXP_BAR 7 > > > > #define NFP_CFG_EXP_BAR_CFG_BASE 0x30000 > > +#define NFP_LOCKFILE_PATH_FMT "%s/nfp%d" > > + > > +/* get nfp lock file path (/var/lock if root, $HOME otherwise) */ > > +static void > > +nspu_get_lockfile_path(char *buffer, int bufsz, nfpu_desc_t *desc) > > +{ > > + const char *dir = "/var/lock"; > > + const char *home_dir = getenv("HOME"); > > + > > + if (getuid() != 0 && home_dir != NULL) > > + dir = home_dir; > > + > > + /* use current prefix as file path */ > > + snprintf(buffer, bufsz, NFP_LOCKFILE_PATH_FMT, dir, > > + desc->nfp); > > +} > > > > /* There could be other NFP userspace tools using the NSP interface. > > * Make sure there is no other process using it and locking the access > for > > @@ -30,9 +46,7 @@ nspv_aquire_process_lock(nfpu_desc_t *desc) > > struct flock lock; > > char lockname[30]; > > > > - memset(&lock, 0, sizeof(lock)); > > - > > - snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d", > desc->nfp); > > + nspu_get_lockfile_path(lockname, sizeof(lockname), desc); > > > > /* Using S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | > S_IWOTH */ > > desc->lock = open(lockname, O_RDWR | O_CREAT, 0666); > > @@ -106,7 +120,6 @@ nfpu_close(nfpu_desc_t *desc) > > rte_free(desc->nspu); > > close(desc->lock); > > > > - snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d", > desc->nfp); > > - unlink(lockname); > > + nspu_get_lockfile_path(lockname, sizeof(lockname), desc); > > return 0; > > } > > -- > > 2.14.3 >