From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2940B45FCC for ; Thu, 2 Jan 2025 22:26:40 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A5C74402D6; Thu, 2 Jan 2025 22:26:39 +0100 (CET) Received: from mail-pj1-f42.google.com (mail-pj1-f42.google.com [209.85.216.42]) by mails.dpdk.org (Postfix) with ESMTP id A741C402B4 for ; Thu, 2 Jan 2025 22:26:38 +0100 (CET) Received: by mail-pj1-f42.google.com with SMTP id 98e67ed59e1d1-2ee86a1a92dso13006773a91.1 for ; Thu, 02 Jan 2025 13:26:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1735853197; x=1736457997; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=Ejwt95gECTq8m02Wz1foGK2MsBMWskOaI09VWRGKJEQ=; b=C2IHIspT6f20gnHWkjZFAL1ZApNaj7nxcLoot1f3puPkkV58JrQdecAWi+JyMZ4c94 IbywNK+/BjtLV5LulrdS5znYdNnqYzjBkyqemDmWhL7L9DbPnP3+TSImMewgCIDg5uqn nvKixXS5BOCKt5CjxR5VHUvXSDMFhejrK1zgC3VdnN8/+f3cPr3M87teEm5vxeciell7 MU/eo1uFtXwQ1Gzs/2nObSWh7enF+Mxhynh0dKQXBBBzimbaJSyna7363gQbeRz577aM 5bVdPBngxUQInZaD3BZW9/OP9hUtPvZihnsC6J8cKTa0w9n/2ODWCnfK7E8YxHKHliJF t9Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1735853197; x=1736457997; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ejwt95gECTq8m02Wz1foGK2MsBMWskOaI09VWRGKJEQ=; b=AzSZXJYFxN5ltN2cMWKCnUKebl171atV0P6Gx7HD8wB33ojzenOcOdUUy8p2/iCOab gDy0EbR0pDtyeLgpQU4xLDyNqRQnlF8wH41uSrq662FyGevxiskQfJhduuIz4qWJAlJ9 yEZOxmJ3LzlMzPT2u2+PdteDYeEhR1INWdfNEEMbNbOER/HApU5lTyG33yLo96pqUlYH c6+Vdy7onlsHMwvdKW17qbc9zMPMowXQg1c8hcjes3devSSNpo2NssTGvi74b0UdP4Rv sUS7Iuux5Ipze0Lm5UN0P7w93xvvhs40ybraIsLjsjqx343roA3GKkOOTrL/7SLckAy+ cRlQ== X-Forwarded-Encrypted: i=1; AJvYcCViZ/xMKYvZZbFzb3E3t6igeS7vYHxWwM2B1aUcZoG5YcwMYJoZfvy+dmiQXHR8lf5v29mtFg==@dpdk.org X-Gm-Message-State: AOJu0YxpF7oZW4No+UXhcC8F/bxOqWf45pGSzo2+E8liYJ05Ur+5No5c 2tb5+huGt71ApmiW5x83v9dB981GuPKm2eRDf28qj0MY276XIZjsGlBTGySXa3zeK8OTdOUHiJw lt5M= X-Gm-Gg: ASbGncuFwSiPjwE+L7So7jx3OfPrkgy63p1ptpd4vytZVedsA0oBxb3TQumcCmqHVq6 TuYZvXV2fH7BP7bXMYWRFJOFXbqxOoSJMl+ZA7l4RSwpeOpvHl6G9d7oaoFKi9BJaqg+IGSuzAQ ofwNyuq72afwI/FwQXY5Gi0kDJdmvoL2pNU8B7o91P7PychXeR4nCTSndaB/Ndh9z2Xkm4uea8Q S72j7f471r3qdNXYhp5Y/bjdyZhFyE/OdEhj+h58H6LSPEXKYw3YLb9TVt9lZAvGnvF4aNiCqtp XFMo/bSW X-Google-Smtp-Source: AGHT+IFPHjVq/qP+vfxJEPZ866pwOgCNuc7wubBiixlvIe4ay7IxgOjZL0msUxYGQYCYSLIIvuObDQ== X-Received: by 2002:a17:90a:e18f:b0:2ee:aa28:79aa with SMTP id 98e67ed59e1d1-2f452dfcd7fmr65265766a91.6.1735853197491; Thu, 02 Jan 2025 13:26:37 -0800 (PST) Received: from pi5 (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2f2ee26b131sm31753144a91.44.2025.01.02.13.26.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Jan 2025 13:26:37 -0800 (PST) Date: Thu, 2 Jan 2025 13:26:34 -0800 From: Stephen Hemminger To: Dmitry Kozlyuk Cc: Alex K , "users@dpdk.org" , "Burakov, Anatoly" Subject: Re: Multiple Users Running DPDK Apps Message-ID: <20250102132634.346f8a59@pi5> In-Reply-To: <20250102234813.32d75421@sovereign> References: <20250102234813.32d75421@sovereign> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; aarch64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org On Thu, 2 Jan 2025 23:48:13 +0300 Dmitry Kozlyuk wrote: > 2025-01-02 19:44 (UTC+0000), Alex K: > > Should multiple users be able to take turns running DPDK apps on the same system without using sudo? > > > > Hugepages setup is required for multi-process support. The usertools/dpdk-hugepages.py script accepts user id and group id arguments when mounting hugepages directory. And I was hoping that files created in this directory would be created such that they would be accessible by the users in this same group. However, I'm seeing that those created hugepages files get the 0600 permissions (read/write by the user only) and group ownership is not set to the group specified in the dpdk-hugepages.py script. So another user attempting to run DPDK apps gets a Permission denied error attempting to access hugepages files. > > Is this a bug or by design? > > Should each user have a separate hugepages directory setup somehow? > > > > I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges > > > > Would like to understand if what I'm attempting is supported and if there's anything I'm missing. > > Thank you. > > Hi Alex, > > If you want to run independent applications as different users, > you can use a common directory but specify different --file-prefix > for each application (group of processes sharing hugepages). > > If you want to run different processes of one multi-process DPDK app as > different users, they must use the common directory, > so the current behavior with 0600 permissions is a blocker. > They are set intentionally: > http://git.dpdk.org/dpdk/commit/?id=da5d107207910fc318862579e7b588481c72c668 > Ownership is not controlled, so default open(2) semantics apply, > but there's still no way past the disabled group-writable bit. > If this is the case, I wonder why this is needed? > There isn't real privilege separation if processes share hugepages, > which particularly means that both processes have access to HW and DMA. DPDK really wants to run on isolated CPU's with multiple users, you may also run out available CPU's.