DPDK patches and discussions
 help / color / mirror / Atom feed
From: Alejandro Lucero <alejandro.lucero@netronome.com>
To: Aaron Conole <aconole@redhat.com>
Cc: dev <dev@dpdk.org>, Adrien Mazarguil <adrien.mazarguil@6wind.com>,
	stable@dpdk.org, Thomas Monjalon <thomas@monjalon.net>
Subject: Re: [dpdk-dev] [RFC 2/2] nfp: allow for non-root user
Date: Thu, 19 Apr 2018 07:05:57 +0100	[thread overview]
Message-ID: <CAD+H993ZxZ=idsEM1P=on3r7DFPMz7gaea1QmBjO9Uw2o6Nu=A@mail.gmail.com> (raw)
In-Reply-To: <f7tpo2wn18p.fsf@dhcp-25.97.bos.redhat.com>

On Wed, Apr 18, 2018 at 1:32 PM, Aaron Conole <aconole@redhat.com> wrote:

> Alejandro Lucero <alejandro.lucero@netronome.com> writes:
>
> > On Tue, Apr 17, 2018 at 8:19 PM, Aaron Conole <aconole@redhat.com>
> wrote:
> >
> >  Alejandro Lucero <alejandro.lucero@netronome.com> writes:
> >
> >  > I was just wondering, if device device PCI sysfs resource files or
> VFIO group /dev files
> >  require to change
> >  > permissions for non-root users, does it not make sense to adjust also
> /var/lock in the
> >  system?
> >
> >  For the /dev, we use udev rules - so the correct individual vfio device
> >  files get assigned the correct permissions.  No such mechanism exists
> >  for /var/lock as far as I can tell.
> >
> >  Ex. see:
> >
> >  https://github.com/openvswitch/ovs/blob/master/
> rhel/usr_lib_udev_rules.d_91-vfio.rules
> >
> >
> >  Maybe something similar exists that we could use to generate the lock
> >  file automatically?
> >
> > What about /sysfs/bus/pci/device/$PCI_DEV/resource file?
> >
> > Is RH forcing OVS DPDK to only work if the host has IOMMU support?
>
> Yes.
>

Ok then. It makes sense now to apply this patch to stable versions.

Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>


>
> >  > On Tue, Apr 17, 2018 at 4:44 PM, Alejandro Lucero
> >  <alejandro.lucero@netronome.com> wrote:
> >  >
> >  >  I have seen that VFIO also requires explicitly to set the right
> permissions for non-root
> >  users to VFIO
> >  >  groups under /dev/vfio.
> >  >
> >  >  I assume then that running OVS or other DPDK apps as non-root is
> possible,
> >  although requiring
> >  >  those explicit permissions changes, and therefore this patch is
> necessary.
> >  >
> >  >  Adding stable@ and Thomas for discussing how can this be added to
> stable DPDK
> >  versions even if
> >  >  this is not going to be a patch for current DPDK version.
> >  >
> >  >  Acked-by: Alejandro Lucero <alejandro.lucero@netronome.com>
> >  >
> >  >  On Fri, Apr 13, 2018 at 4:31 PM, Alejandro Lucero
> >  <alejandro.lucero@netronome.com> wrote:
> >  >
> >  >  On Fri, Apr 13, 2018 at 2:31 PM, Aaron Conole <aconole@redhat.com>
> wrote:
> >  >
> >  >  Alejandro Lucero <alejandro.lucero@netronome.com> writes:
> >  >
> >  >  > Again, this patch is correct, but because NFP PMD needs to access
> >  >  > /sys/bus/pci/devices/$DEVICE_PCI_STRING/resource$RESOURCE_ID, and
> these files
> >  have
> >  >  just
> >  >  > read/write accesses for root, I do not know if this is really
> necessary.
> >  >  >
> >  >  > Being honest, I have not used a DPDK app with NFP PMD and not
> being root. Does
> >  it
> >  >  work
> >  >  > with non-root users and other PMDs with same requirements
> regarding sysfs
> >  resource
> >  >  files?
> >  >
> >  >  We do run as non-root user definitely with Intel PMDs.
> >  >
> >  >  I'm not very sure about other vendors, but I think mlx pmd runs as
> >  >  non-root user (and it was modified to move off of sysfs for that
> >  >  reason[1]).
> >  >
> >  >  It is possible to not rely on sysfs resource files if device is
> attached to VFIO, but I
> >  think that is a
> >  >  must with UIO.
> >  >
> >  >
> >  >  I'll continue to push for more information from the testing side to
> find
> >  >  out though.
> >  >
> >  >  [1]: http://dpdk.org/ml/archives/dev/2018-February/090586.html
> >  >
> >  >  > On Fri, Apr 13, 2018 at 12:22 AM, Aaron Conole <aconole@redhat.com>
> wrote:
> >  >  >
> >  >  >  Currently, the nfp lock files are taken from the global lock file
> >  >  >  location, which will work when the user is running as root.
> However,
> >  >  >  some distributions and applications (notably ovs 2.8+ on
> RHEL/Fedora)
> >  >  >  run as a non-root user.
> >  >  >
> >  >  >  Signed-off-by: Aaron Conole <aconole@redhat.com>
> >  >  >  ---
> >  >  >   drivers/net/nfp/nfp_nfpu.c | 23 ++++++++++++++++++-----
> >  >  >   1 file changed, 18 insertions(+), 5 deletions(-)
> >  >  >
> >  >  >  diff --git a/drivers/net/nfp/nfp_nfpu.c
> b/drivers/net/nfp/nfp_nfpu.c
> >  >  >  index 2ed985ff4..ae2e07220 100644
> >  >  >  --- a/drivers/net/nfp/nfp_nfpu.c
> >  >  >  +++ b/drivers/net/nfp/nfp_nfpu.c
> >  >  >  @@ -18,6 +18,22 @@
> >  >  >   #define NFP_CFG_EXP_BAR         7
> >  >  >
> >  >  >   #define NFP_CFG_EXP_BAR_CFG_BASE       0x30000
> >  >  >  +#define NFP_LOCKFILE_PATH_FMT "%s/nfp%d"
> >  >  >  +
> >  >  >  +/* get nfp lock file path (/var/lock if root, $HOME otherwise) */
> >  >  >  +static void
> >  >  >  +nspu_get_lockfile_path(char *buffer, int bufsz, nfpu_desc_t
> *desc)
> >  >  >  +{
> >  >  >  +       const char *dir = "/var/lock";
> >  >  >  +       const char *home_dir = getenv("HOME");
> >  >  >  +
> >  >  >  +       if (getuid() != 0 && home_dir != NULL)
> >  >  >  +               dir = home_dir;
> >  >  >  +
> >  >  >  +       /* use current prefix as file path */
> >  >  >  +       snprintf(buffer, bufsz, NFP_LOCKFILE_PATH_FMT, dir,
> >  >  >  +                       desc->nfp);
> >  >  >  +}
> >  >  >
> >  >  >   /* There could be other NFP userspace tools using the NSP
> interface.
> >  >  >    * Make sure there is no other process using it and locking the
> access for
> >  >  >  @@ -30,9 +46,7 @@ nspv_aquire_process_lock(nfpu_desc_t *desc)
> >  >  >          struct flock lock;
> >  >  >          char lockname[30];
> >  >  >
> >  >  >  -       memset(&lock, 0, sizeof(lock));
> >  >  >  -
> >  >  >  -       snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d",
> desc->nfp);
> >  >  >  +       nspu_get_lockfile_path(lockname, sizeof(lockname), desc);
> >  >  >
> >  >  >          /* Using S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
> | S_IWOTH */
> >  >  >          desc->lock = open(lockname, O_RDWR | O_CREAT, 0666);
> >  >  >  @@ -106,7 +120,6 @@ nfpu_close(nfpu_desc_t *desc)
> >  >  >          rte_free(desc->nspu);
> >  >  >          close(desc->lock);
> >  >  >
> >  >  >  -       snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d",
> desc->nfp);
> >  >  >  -       unlink(lockname);
> >  >  >  +       nspu_get_lockfile_path(lockname, sizeof(lockname), desc);
> >  >  >          return 0;
> >  >  >   }
> >  >  >  --
> >  >  >  2.14.3
>

  reply	other threads:[~2018-04-19  6:05 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-12 22:22 [dpdk-dev] [RFC 0/2] nfp driver fixes Aaron Conole
2018-04-12 22:22 ` [dpdk-dev] [RFC 1/2] nfp: unlink the appropriate lock file Aaron Conole
2018-04-13  7:31   ` Alejandro Lucero
2018-04-13 13:24     ` Aaron Conole
2018-04-12 22:22 ` [dpdk-dev] [RFC 2/2] nfp: allow for non-root user Aaron Conole
2018-04-13  7:37   ` Alejandro Lucero
2018-04-13 13:31     ` Aaron Conole
2018-04-13 15:31       ` Alejandro Lucero
2018-04-17 15:44         ` Alejandro Lucero
2018-04-17 15:54           ` Alejandro Lucero
2018-04-17 19:19             ` Aaron Conole
2018-04-18 10:53               ` Alejandro Lucero
2018-04-18 12:32                 ` Aaron Conole
2018-04-19  6:05                   ` Alejandro Lucero [this message]
2018-04-20 14:12                     ` [dpdk-dev] [dpdk-stable] " Ferruh Yigit
2018-04-20 14:56                       ` Aaron Conole
2018-04-17 15:54           ` [dpdk-dev] " Thomas Monjalon
2018-04-17 16:24             ` Alejandro Lucero
2018-04-17 19:06               ` Thomas Monjalon
2018-04-13  7:26 ` [dpdk-dev] [RFC 0/2] nfp driver fixes Alejandro Lucero
2018-04-13 13:23   ` Aaron Conole
2018-04-13 15:36     ` Alejandro Lucero

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAD+H993ZxZ=idsEM1P=on3r7DFPMz7gaea1QmBjO9Uw2o6Nu=A@mail.gmail.com' \
    --to=alejandro.lucero@netronome.com \
    --cc=aconole@redhat.com \
    --cc=adrien.mazarguil@6wind.com \
    --cc=dev@dpdk.org \
    --cc=stable@dpdk.org \
    --cc=thomas@monjalon.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).