DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] Userspace testing
@ 2020-07-29 14:34 Owen Hilyard
  2020-07-29 15:35 ` Burakov, Anatoly
  2020-07-31  7:43 ` David Marchand
  0 siblings, 2 replies; 7+ messages in thread
From: Owen Hilyard @ 2020-07-29 14:34 UTC (permalink / raw)
  To: dts, dev; +Cc: Lincoln Lavoie

Hello all,

I was wondering what everyone's thoughts on doing both userspace testing
and unprivileged testing of dpdk applications is. DTS currently runs all
commands on the tester and the dut as the root user. Please correct me if
I'm wrong, but I was under the assumption that most applications written
with dpdk would not run as root. This could present a problem since it is
possible that permissions errors could arise and we wouldn't notice it due
to the way we currently test. Given that, I was wondering what should and
should not be possible as a normal (non-root) user, and what would be the
best way to go about verifying this.

Thanks

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] Userspace testing
  2020-07-29 14:34 [dpdk-dev] Userspace testing Owen Hilyard
@ 2020-07-29 15:35 ` Burakov, Anatoly
  2020-07-30 16:54   ` Owen Hilyard
  2020-07-31  7:43 ` David Marchand
  1 sibling, 1 reply; 7+ messages in thread
From: Burakov, Anatoly @ 2020-07-29 15:35 UTC (permalink / raw)
  To: Owen Hilyard, dts, dev; +Cc: Lincoln Lavoie

On 29-Jul-20 3:34 PM, Owen Hilyard wrote:
> Hello all,
> 
> I was wondering what everyone's thoughts on doing both userspace testing
> and unprivileged testing of dpdk applications is. DTS currently runs all
> commands on the tester and the dut as the root user. Please correct me if
> I'm wrong, but I was under the assumption that most applications written
> with dpdk would not run as root. This could present a problem since it is
> possible that permissions errors could arise and we wouldn't notice it due
> to the way we currently test. Given that, I was wondering what should and
> should not be possible as a normal (non-root) user, and what would be the
> best way to go about verifying this.
> 
> Thanks
> 

This is useful, but not everything is supposed to work with limited 
privileges. Things that definitely *won't* work are KNI and anything 
igb_uio-related. Everything VFIO should work fine, and setting up 
correct permissions for hugepages and VFIO is one of the trickier things 
that even I don't know how to do correctly off the top of my head :D

An easy stopgap way of running almost everything as an unprivileged user 
is to use in-memory mode (--in-memory EAL switch); this will cause EAL 
to reserve hugepages etc. without touching the filesystem, sacrificing 
secondary process support in the process (so e.g. EAL autotest won't 
work in --in-memory mode as it relies on secondary process support).

So, i would say that it would be a valuable thing to test for, but be 
aware that not everything is expected to work.

-- 
Thanks,
Anatoly

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] Userspace testing
  2020-07-29 15:35 ` Burakov, Anatoly
@ 2020-07-30 16:54   ` Owen Hilyard
  2020-07-31  9:12     ` Burakov, Anatoly
  0 siblings, 1 reply; 7+ messages in thread
From: Owen Hilyard @ 2020-07-30 16:54 UTC (permalink / raw)
  To: Burakov, Anatoly; +Cc: dts, dev, Lincoln Lavoie

Thanks for the advice.

I was wondering about the state of the "Setup VFIO permissions" option in
the setup script. It seems to just modify the character device's
permissions and then check their memory limit. Should this option also
handle the hugepages setup?

Thanks

On Wed, Jul 29, 2020 at 11:35 AM Burakov, Anatoly <anatoly.burakov@intel.com>
wrote:

> On 29-Jul-20 3:34 PM, Owen Hilyard wrote:
> > Hello all,
> >
> > I was wondering what everyone's thoughts on doing both userspace testing
> > and unprivileged testing of dpdk applications is. DTS currently runs all
> > commands on the tester and the dut as the root user. Please correct me if
> > I'm wrong, but I was under the assumption that most applications written
> > with dpdk would not run as root. This could present a problem since it is
> > possible that permissions errors could arise and we wouldn't notice it
> due
> > to the way we currently test. Given that, I was wondering what should and
> > should not be possible as a normal (non-root) user, and what would be the
> > best way to go about verifying this.
> >
> > Thanks
> >
>
> This is useful, but not everything is supposed to work with limited
> privileges. Things that definitely *won't* work are KNI and anything
> igb_uio-related. Everything VFIO should work fine, and setting up
> correct permissions for hugepages and VFIO is one of the trickier things
> that even I don't know how to do correctly off the top of my head :D
>
> An easy stopgap way of running almost everything as an unprivileged user
> is to use in-memory mode (--in-memory EAL switch); this will cause EAL
> to reserve hugepages etc. without touching the filesystem, sacrificing
> secondary process support in the process (so e.g. EAL autotest won't
> work in --in-memory mode as it relies on secondary process support).
>
> So, i would say that it would be a valuable thing to test for, but be
> aware that not everything is expected to work.
>
> --
> Thanks,
> Anatoly
>

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] Userspace testing
  2020-07-29 14:34 [dpdk-dev] Userspace testing Owen Hilyard
  2020-07-29 15:35 ` Burakov, Anatoly
@ 2020-07-31  7:43 ` David Marchand
  1 sibling, 0 replies; 7+ messages in thread
From: David Marchand @ 2020-07-31  7:43 UTC (permalink / raw)
  To: Owen Hilyard; +Cc: dts, dev, Lincoln Lavoie, Aaron Conole

On Wed, Jul 29, 2020 at 4:35 PM Owen Hilyard <ohilyard@iol.unh.edu> wrote:
> I was wondering what everyone's thoughts on doing both userspace testing
> and unprivileged testing of dpdk applications is. DTS currently runs all
> commands on the tester and the dut as the root user. Please correct me if
> I'm wrong, but I was under the assumption that most applications written
> with dpdk would not run as root. This could present a problem since it is
> possible that permissions errors could arise and we wouldn't notice it due
> to the way we currently test. Given that, I was wondering what should and
> should not be possible as a normal (non-root) user, and what would be the
> best way to go about verifying this.

That is an interesting idea.

There are things that won't work unless you give proper permissions
(vfio, hugepages) or capabilities (like for bifurcated solutions: mlx
being the first example that comes to mind).
Additionally, some distributions apply further restrictions, like
SElinux in RHEL. But on this side, I don't think it makes sense, as
selinux rules are distrib specific.

-- 
David Marchand


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] Userspace testing
  2020-07-30 16:54   ` Owen Hilyard
@ 2020-07-31  9:12     ` Burakov, Anatoly
  2020-08-03 14:31       ` Owen Hilyard
  0 siblings, 1 reply; 7+ messages in thread
From: Burakov, Anatoly @ 2020-07-31  9:12 UTC (permalink / raw)
  To: Owen Hilyard; +Cc: dts, dev, Lincoln Lavoie

On 30-Jul-20 5:54 PM, Owen Hilyard wrote:
> Thanks for the advice.
> 
> I was wondering about the state of the "Setup VFIO permissions" option 
> in the setup script. It seems to just modify the character device's 
> permissions and then check their memory limit. Should this option also 
> handle the hugepages setup?

I was under the (mis?)impression that the hugepage setup part of the 
script did that?

> 
> Thanks
> 
> On Wed, Jul 29, 2020 at 11:35 AM Burakov, Anatoly 
> <anatoly.burakov@intel.com <mailto:anatoly.burakov@intel.com>> wrote:
> 
>     On 29-Jul-20 3:34 PM, Owen Hilyard wrote:
>      > Hello all,
>      >
>      > I was wondering what everyone's thoughts on doing both userspace
>     testing
>      > and unprivileged testing of dpdk applications is. DTS currently
>     runs all
>      > commands on the tester and the dut as the root user. Please
>     correct me if
>      > I'm wrong, but I was under the assumption that most applications
>     written
>      > with dpdk would not run as root. This could present a problem
>     since it is
>      > possible that permissions errors could arise and we wouldn't
>     notice it due
>      > to the way we currently test. Given that, I was wondering what
>     should and
>      > should not be possible as a normal (non-root) user, and what
>     would be the
>      > best way to go about verifying this.
>      >
>      > Thanks
>      >
> 
>     This is useful, but not everything is supposed to work with limited
>     privileges. Things that definitely *won't* work are KNI and anything
>     igb_uio-related. Everything VFIO should work fine, and setting up
>     correct permissions for hugepages and VFIO is one of the trickier
>     things
>     that even I don't know how to do correctly off the top of my head :D
> 
>     An easy stopgap way of running almost everything as an unprivileged
>     user
>     is to use in-memory mode (--in-memory EAL switch); this will cause EAL
>     to reserve hugepages etc. without touching the filesystem, sacrificing
>     secondary process support in the process (so e.g. EAL autotest won't
>     work in --in-memory mode as it relies on secondary process support).
> 
>     So, i would say that it would be a valuable thing to test for, but be
>     aware that not everything is expected to work.
> 
>     -- 
>     Thanks,
>     Anatoly
> 


-- 
Thanks,
Anatoly

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] Userspace testing
  2020-07-31  9:12     ` Burakov, Anatoly
@ 2020-08-03 14:31       ` Owen Hilyard
  2020-08-10  8:53         ` Burakov, Anatoly
  0 siblings, 1 reply; 7+ messages in thread
From: Owen Hilyard @ 2020-08-03 14:31 UTC (permalink / raw)
  To: Burakov, Anatoly; +Cc: dts, dev, Lincoln Lavoie

On Fri, Jul 31, 2020 at 5:12 AM Burakov, Anatoly <anatoly.burakov@intel.com>
wrote:

> On 30-Jul-20 5:54 PM, Owen Hilyard wrote:
> > Thanks for the advice.
> >
> > I was wondering about the state of the "Setup VFIO permissions" option
> > in the setup script. It seems to just modify the character device's
> > permissions and then check their memory limit. Should this option also
> > handle the hugepages setup?
>
> I was under the (mis?)impression that the hugepage setup part of the
> script did that?
>
>
It doesn't appear to set them up so that non-root users can use them. From
what I can tell it only creates the pages, but doesn't change permissions
on them in any way.

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [dpdk-dev] Userspace testing
  2020-08-03 14:31       ` Owen Hilyard
@ 2020-08-10  8:53         ` Burakov, Anatoly
  0 siblings, 0 replies; 7+ messages in thread
From: Burakov, Anatoly @ 2020-08-10  8:53 UTC (permalink / raw)
  To: Owen Hilyard; +Cc: dts, dev, Lincoln Lavoie

On 03-Aug-20 3:31 PM, Owen Hilyard wrote:
> 
> 
> On Fri, Jul 31, 2020 at 5:12 AM Burakov, Anatoly 
> <anatoly.burakov@intel.com <mailto:anatoly.burakov@intel.com>> wrote:
> 
>     On 30-Jul-20 5:54 PM, Owen Hilyard wrote:
>      > Thanks for the advice.
>      >
>      > I was wondering about the state of the "Setup VFIO permissions"
>     option
>      > in the setup script. It seems to just modify the character device's
>      > permissions and then check their memory limit. Should this option
>     also
>      > handle the hugepages setup?
> 
>     I was under the (mis?)impression that the hugepage setup part of the
>     script did that?
> 
> It doesn't appear to set them up so that non-root users can use them. 
>  From what I can tell it only creates the pages, but doesn't change 
> permissions on them in any way.

Right. Then, it probably should (or perhaps it should be added as 
another menu option, as probably not everyone would want to do a 
chmod/chown on hugepage mounts).

-- 
Thanks,
Anatoly

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2020-08-10  8:53 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-29 14:34 [dpdk-dev] Userspace testing Owen Hilyard
2020-07-29 15:35 ` Burakov, Anatoly
2020-07-30 16:54   ` Owen Hilyard
2020-07-31  9:12     ` Burakov, Anatoly
2020-08-03 14:31       ` Owen Hilyard
2020-08-10  8:53         ` Burakov, Anatoly
2020-07-31  7:43 ` David Marchand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).