From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alejandro.lucero@netronome.com>
Received: from mail-wr0-f193.google.com (mail-wr0-f193.google.com
 [209.85.128.193]) by dpdk.org (Postfix) with ESMTP id 3D4CB1B021
 for <dev@dpdk.org>; Tue, 17 Apr 2018 17:44:40 +0200 (CEST)
Received: by mail-wr0-f193.google.com with SMTP id v24so19793724wra.8
 for <dev@dpdk.org>; Tue, 17 Apr 2018 08:44:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=netronome-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=aPZsVSex0EZeIGYXDljb7iRoSdT6kHBG+++bTyVQRpo=;
 b=waPqtTPvZiTXCTMtOxdFS45CvSAjbLWftlTtjhHqfyOHc+/tv6JvdumFqcbXZKAsUs
 OSh7agKASBiW7L3HNjKWCKXazqgMGIb++Vw2PzsYcpUqh7D/rVJwVhhQy5MrYeyiLTvR
 2jcTpxH2/4u64n47EbSXl3sSKwILZfH1XbhAM1Gjwj4gw72tDWXu9f5oOPmQ8V+o7hSV
 Bdm32h58E19Sf8U/inhSp0+25n2Yc7ybG2kVjd8545qhvmSjyJi61q4PlZEtBfhs4Yyp
 6mF6TCJOj7RHQd2nL1eFfUtTHuf37cRhwmvq/P7Ykft8FHlxcLGCtsPm/b3p7rutrVgW
 7AUA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=aPZsVSex0EZeIGYXDljb7iRoSdT6kHBG+++bTyVQRpo=;
 b=t/g0qHxQdfcO6HpRgy4kNzTz7gF4vlpjQ1k0Aj6rs6KO8BaK9e7LQTn++eCxVdvlC7
 /r8/KkSoj2IZZJ15HNw5ReZxScWfaUrUPFN7n4Z4CyaKcXxCD1GG9xAHTYy/VIkHe+RM
 HyF8iTGRUr0cUyhurSBwgQdNIbWjNMucwV0ac5LfufZqWt1abz+hx3wxXDTW06J33bpx
 5on2FC2Tqez9A8pJuWucZHjlpwTEvCPACi/zV+IMQ+zN7mVvDMr54f/Odgu5pfllDckb
 xLRpMLlyst77yXr7d/3UX0ncFwI4eaOP6uFtbMR+xihS5TIo+7TD3mpRBQPEXYMU1qsA
 TXiw==
X-Gm-Message-State: ALQs6tC1cRNqg7glR/M5CgFpnlkRxyRzYwLWH+Thr/IXwWtUiKQRTKev
 L3y2wwmqYEnkSvTGiempaXLkS/EW9UjAt3jFGosUaA==
X-Google-Smtp-Source: AIpwx4+ZVqNRJGR5FR7b5kcH5BJ8+SUP6BQ0n8XGCymuyTx+EuWEtz0bjJAQ7+5jmkvPY/S7meoJTyFTvcYCHMZn/Wc=
X-Received: by 10.80.139.1 with SMTP id l1mr3730369edl.299.1523979879895; Tue,
 17 Apr 2018 08:44:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.80.212.197 with HTTP; Tue, 17 Apr 2018 08:44:39 -0700 (PDT)
In-Reply-To: <CAD+H990SjAFWFjgF=xj7hTZuhnZ42bGkwuesaH6UaWM4UKb8Zg@mail.gmail.com>
References: <20180412222208.11770-1-aconole@redhat.com>
 <20180412222208.11770-3-aconole@redhat.com>
 <CAD+H991rVEhppb1ubjer9mjd0kg6aYBunuqd-mufKa=EPPJ3-w@mail.gmail.com>
 <f7ta7u7z10q.fsf@dhcp-25.97.bos.redhat.com>
 <CAD+H990SjAFWFjgF=xj7hTZuhnZ42bGkwuesaH6UaWM4UKb8Zg@mail.gmail.com>
From: Alejandro Lucero <alejandro.lucero@netronome.com>
Date: Tue, 17 Apr 2018 16:44:39 +0100
Message-ID: <CAD+H990-cE-UL73cQU7v9hd-RsB-6rNt7NRnpS+2JUEDzqmM4g@mail.gmail.com>
To: Aaron Conole <aconole@redhat.com>
Cc: dev <dev@dpdk.org>, Adrien Mazarguil <adrien.mazarguil@6wind.com>,
 stable@dpdk.org, Thomas Monjalon <thomas@monjalon.net>
Content-Type: text/plain; charset="UTF-8"
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [dpdk-dev] [RFC 2/2] nfp: allow for non-root user
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://dpdk.org/ml/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://dpdk.org/ml/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Apr 2018 15:44:40 -0000

I have seen that VFIO also requires explicitly to set the right permissions
for non-root users to VFIO groups under /dev/vfio.

I assume then that running OVS or other DPDK apps as non-root is possible,
although requiring those explicit permissions changes, and therefore this
patch is necessary.

Adding stable@ and Thomas for discussing how can this be added to stable
DPDK versions even if this is not going to be a patch for current DPDK
version.

Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>


On Fri, Apr 13, 2018 at 4:31 PM, Alejandro Lucero <
alejandro.lucero@netronome.com> wrote:

>
>
> On Fri, Apr 13, 2018 at 2:31 PM, Aaron Conole <aconole@redhat.com> wrote:
>
>> Alejandro Lucero <alejandro.lucero@netronome.com> writes:
>>
>> > Again, this patch is correct, but because NFP PMD needs to access
>> > /sys/bus/pci/devices/$DEVICE_PCI_STRING/resource$RESOURCE_ID, and
>> these files have just
>> > read/write accesses for root, I do not know if this is really necessary.
>> >
>> > Being honest, I have not used a DPDK app with NFP PMD and not being
>> root. Does it work
>> > with non-root users and other PMDs with same requirements regarding
>> sysfs resource files?
>>
>> We do run as non-root user definitely with Intel PMDs.
>>
>> I'm not very sure about other vendors, but I think mlx pmd runs as
>> non-root user (and it was modified to move off of sysfs for that
>> reason[1]).
>>
>>
> It is possible to not rely on sysfs resource files if device is attached
> to VFIO, but I think that is a must with UIO.
>
>
>
>> I'll continue to push for more information from the testing side to find
>> out though.
>>
>> [1]: http://dpdk.org/ml/archives/dev/2018-February/090586.html
>>
>> > On Fri, Apr 13, 2018 at 12:22 AM, Aaron Conole <aconole@redhat.com>
>> wrote:
>> >
>> >  Currently, the nfp lock files are taken from the global lock file
>> >  location, which will work when the user is running as root.  However,
>> >  some distributions and applications (notably ovs 2.8+ on RHEL/Fedora)
>> >  run as a non-root user.
>> >
>> >  Signed-off-by: Aaron Conole <aconole@redhat.com>
>> >  ---
>> >   drivers/net/nfp/nfp_nfpu.c | 23 ++++++++++++++++++-----
>> >   1 file changed, 18 insertions(+), 5 deletions(-)
>> >
>> >  diff --git a/drivers/net/nfp/nfp_nfpu.c b/drivers/net/nfp/nfp_nfpu.c
>> >  index 2ed985ff4..ae2e07220 100644
>> >  --- a/drivers/net/nfp/nfp_nfpu.c
>> >  +++ b/drivers/net/nfp/nfp_nfpu.c
>> >  @@ -18,6 +18,22 @@
>> >   #define NFP_CFG_EXP_BAR         7
>> >
>> >   #define NFP_CFG_EXP_BAR_CFG_BASE       0x30000
>> >  +#define NFP_LOCKFILE_PATH_FMT "%s/nfp%d"
>> >  +
>> >  +/* get nfp lock file path (/var/lock if root, $HOME otherwise) */
>> >  +static void
>> >  +nspu_get_lockfile_path(char *buffer, int bufsz, nfpu_desc_t *desc)
>> >  +{
>> >  +       const char *dir = "/var/lock";
>> >  +       const char *home_dir = getenv("HOME");
>> >  +
>> >  +       if (getuid() != 0 && home_dir != NULL)
>> >  +               dir = home_dir;
>> >  +
>> >  +       /* use current prefix as file path */
>> >  +       snprintf(buffer, bufsz, NFP_LOCKFILE_PATH_FMT, dir,
>> >  +                       desc->nfp);
>> >  +}
>> >
>> >   /* There could be other NFP userspace tools using the NSP interface.
>> >    * Make sure there is no other process using it and locking the
>> access for
>> >  @@ -30,9 +46,7 @@ nspv_aquire_process_lock(nfpu_desc_t *desc)
>> >          struct flock lock;
>> >          char lockname[30];
>> >
>> >  -       memset(&lock, 0, sizeof(lock));
>> >  -
>> >  -       snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d",
>> desc->nfp);
>> >  +       nspu_get_lockfile_path(lockname, sizeof(lockname), desc);
>> >
>> >          /* Using S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH |
>> S_IWOTH */
>> >          desc->lock = open(lockname, O_RDWR | O_CREAT, 0666);
>> >  @@ -106,7 +120,6 @@ nfpu_close(nfpu_desc_t *desc)
>> >          rte_free(desc->nspu);
>> >          close(desc->lock);
>> >
>> >  -       snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d",
>> desc->nfp);
>> >  -       unlink(lockname);
>> >  +       nspu_get_lockfile_path(lockname, sizeof(lockname), desc);
>> >          return 0;
>> >   }
>> >  --
>> >  2.14.3
>>
>
>