* Multiple Users Running DPDK Apps
@ 2024-12-20 15:25 Alex K
0 siblings, 0 replies; 5+ messages in thread
From: Alex K @ 2024-12-20 15:25 UTC (permalink / raw)
To: users
[-- Attachment #1: Type: text/plain, Size: 1202 bytes --]
Should multiple users be able to take turns running DPDK apps on the same system without using sudo?
Hugepages setup is required for multi-process support. The usertools/dpdk-hugepages.py script accepts user id and group id arguments when mounting hugepages directory. And I was hoping that files created in this directory would be created such that they would be accessible by the users in this same group. However, I'm seeing that those created hugepages files get the 0600 permissions (read/write by the user only) and group ownership is not set to the group specified in the dpdk-hugepages.py script. So another user attempting to run DPDK apps gets a Permission denied error attempting to access hugepages files.
Is this a bug or by design? Should each user have a separate hugepages directory setup somehow?
I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges
Would like to understand if what I'm attempting is supported and if there's anything I'm missing.
Thank you,
-Alex
[-- Attachment #2: Type: text/html, Size: 2864 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Multiple Users Running DPDK Apps
2025-01-02 21:26 ` Stephen Hemminger
@ 2025-01-03 19:03 ` Alex K
0 siblings, 0 replies; 5+ messages in thread
From: Alex K @ 2025-01-03 19:03 UTC (permalink / raw)
To: Stephen Hemminger, Dmitry Kozlyuk; +Cc: users, Burakov, Anatoly
[-- Attachment #1: Type: text/plain, Size: 2797 bytes --]
Setting the --file-prefix argument to be unique to each user seems to be working well for my use-case.
Thanks for the suggestion!
________________________________
From: Stephen Hemminger <stephen@networkplumber.org>
Sent: Thursday, January 2, 2025 4:26 PM
To: Dmitry Kozlyuk <dmitry.kozliuk@gmail.com>
Cc: Alex K <aiklimov@hotmail.com>; users@dpdk.org <users@dpdk.org>; Burakov, Anatoly <anatoly.burakov@intel.com>
Subject: Re: Multiple Users Running DPDK Apps
On Thu, 2 Jan 2025 23:48:13 +0300
Dmitry Kozlyuk <dmitry.kozliuk@gmail.com> wrote:
> 2025-01-02 19:44 (UTC+0000), Alex K:
> > Should multiple users be able to take turns running DPDK apps on the same system without using sudo?
> >
> > Hugepages setup is required for multi-process support. The usertools/dpdk-hugepages.py script accepts user id and group id arguments when mounting hugepages directory. And I was hoping that files created in this directory would be created such that they would be accessible by the users in this same group. However, I'm seeing that those created hugepages files get the 0600 permissions (read/write by the user only) and group ownership is not set to the group specified in the dpdk-hugepages.py script. So another user attempting to run DPDK apps gets a Permission denied error attempting to access hugepages files.
> > Is this a bug or by design?
> > Should each user have a separate hugepages directory setup somehow?
> >
> > I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges
> >
> > Would like to understand if what I'm attempting is supported and if there's anything I'm missing.
> > Thank you.
>
> Hi Alex,
>
> If you want to run independent applications as different users,
> you can use a common directory but specify different --file-prefix
> for each application (group of processes sharing hugepages).
>
> If you want to run different processes of one multi-process DPDK app as
> different users, they must use the common directory,
> so the current behavior with 0600 permissions is a blocker.
> They are set intentionally:
> http://git.dpdk.org/dpdk/commit/?id=da5d107207910fc318862579e7b588481c72c668
> Ownership is not controlled, so default open(2) semantics apply,
> but there's still no way past the disabled group-writable bit.
> If this is the case, I wonder why this is needed?
> There isn't real privilege separation if processes share hugepages,
> which particularly means that both processes have access to HW and DMA.
DPDK really wants to run on isolated CPU's with multiple users, you may also
run out available CPU's.
[-- Attachment #2: Type: text/html, Size: 4212 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Multiple Users Running DPDK Apps
2025-01-02 20:48 ` Dmitry Kozlyuk
@ 2025-01-02 21:26 ` Stephen Hemminger
2025-01-03 19:03 ` Alex K
0 siblings, 1 reply; 5+ messages in thread
From: Stephen Hemminger @ 2025-01-02 21:26 UTC (permalink / raw)
To: Dmitry Kozlyuk; +Cc: Alex K, users, Burakov, Anatoly
On Thu, 2 Jan 2025 23:48:13 +0300
Dmitry Kozlyuk <dmitry.kozliuk@gmail.com> wrote:
> 2025-01-02 19:44 (UTC+0000), Alex K:
> > Should multiple users be able to take turns running DPDK apps on the same system without using sudo?
> >
> > Hugepages setup is required for multi-process support. The usertools/dpdk-hugepages.py script accepts user id and group id arguments when mounting hugepages directory. And I was hoping that files created in this directory would be created such that they would be accessible by the users in this same group. However, I'm seeing that those created hugepages files get the 0600 permissions (read/write by the user only) and group ownership is not set to the group specified in the dpdk-hugepages.py script. So another user attempting to run DPDK apps gets a Permission denied error attempting to access hugepages files.
> > Is this a bug or by design?
> > Should each user have a separate hugepages directory setup somehow?
> >
> > I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges
> >
> > Would like to understand if what I'm attempting is supported and if there's anything I'm missing.
> > Thank you.
>
> Hi Alex,
>
> If you want to run independent applications as different users,
> you can use a common directory but specify different --file-prefix
> for each application (group of processes sharing hugepages).
>
> If you want to run different processes of one multi-process DPDK app as
> different users, they must use the common directory,
> so the current behavior with 0600 permissions is a blocker.
> They are set intentionally:
> http://git.dpdk.org/dpdk/commit/?id=da5d107207910fc318862579e7b588481c72c668
> Ownership is not controlled, so default open(2) semantics apply,
> but there's still no way past the disabled group-writable bit.
> If this is the case, I wonder why this is needed?
> There isn't real privilege separation if processes share hugepages,
> which particularly means that both processes have access to HW and DMA.
DPDK really wants to run on isolated CPU's with multiple users, you may also
run out available CPU's.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Multiple Users Running DPDK Apps
2025-01-02 19:44 Alex K
@ 2025-01-02 20:48 ` Dmitry Kozlyuk
2025-01-02 21:26 ` Stephen Hemminger
0 siblings, 1 reply; 5+ messages in thread
From: Dmitry Kozlyuk @ 2025-01-02 20:48 UTC (permalink / raw)
To: Alex K; +Cc: users, Burakov, Anatoly
2025-01-02 19:44 (UTC+0000), Alex K:
> Should multiple users be able to take turns running DPDK apps on the same system without using sudo?
>
> Hugepages setup is required for multi-process support. The usertools/dpdk-hugepages.py script accepts user id and group id arguments when mounting hugepages directory. And I was hoping that files created in this directory would be created such that they would be accessible by the users in this same group. However, I'm seeing that those created hugepages files get the 0600 permissions (read/write by the user only) and group ownership is not set to the group specified in the dpdk-hugepages.py script. So another user attempting to run DPDK apps gets a Permission denied error attempting to access hugepages files.
> Is this a bug or by design?
> Should each user have a separate hugepages directory setup somehow?
>
> I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges
>
> Would like to understand if what I'm attempting is supported and if there's anything I'm missing.
> Thank you.
Hi Alex,
If you want to run independent applications as different users,
you can use a common directory but specify different --file-prefix
for each application (group of processes sharing hugepages).
If you want to run different processes of one multi-process DPDK app as
different users, they must use the common directory,
so the current behavior with 0600 permissions is a blocker.
They are set intentionally:
http://git.dpdk.org/dpdk/commit/?id=da5d107207910fc318862579e7b588481c72c668
Ownership is not controlled, so default open(2) semantics apply,
but there's still no way past the disabled group-writable bit.
If this is the case, I wonder why this is needed?
There isn't real privilege separation if processes share hugepages,
which particularly means that both processes have access to HW and DMA.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Multiple Users Running DPDK Apps
@ 2025-01-02 19:44 Alex K
2025-01-02 20:48 ` Dmitry Kozlyuk
0 siblings, 1 reply; 5+ messages in thread
From: Alex K @ 2025-01-02 19:44 UTC (permalink / raw)
To: users
[-- Attachment #1: Type: text/plain, Size: 1195 bytes --]
Should multiple users be able to take turns running DPDK apps on the same system without using sudo?
Hugepages setup is required for multi-process support. The usertools/dpdk-hugepages.py script accepts user id and group id arguments when mounting hugepages directory. And I was hoping that files created in this directory would be created such that they would be accessible by the users in this same group. However, I'm seeing that those created hugepages files get the 0600 permissions (read/write by the user only) and group ownership is not set to the group specified in the dpdk-hugepages.py script. So another user attempting to run DPDK apps gets a Permission denied error attempting to access hugepages files.
Is this a bug or by design? Should each user have a separate hugepages directory setup somehow?
I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges
Would like to understand if what I'm attempting is supported and if there's anything I'm missing.
Thank you.
[-- Attachment #2: Type: text/html, Size: 2493 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-01-05 22:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-12-20 15:25 Multiple Users Running DPDK Apps Alex K
2025-01-02 19:44 Alex K
2025-01-02 20:48 ` Dmitry Kozlyuk
2025-01-02 21:26 ` Stephen Hemminger
2025-01-03 19:03 ` Alex K
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).