From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-f179.google.com (mail-wr0-f179.google.com [209.85.128.179]) by dpdk.org (Postfix) with ESMTP id 1E03C7292 for ; Thu, 19 Apr 2018 08:05:58 +0200 (CEST) Received: by mail-wr0-f179.google.com with SMTP id w3-v6so10593965wrg.2 for ; Wed, 18 Apr 2018 23:05:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netronome-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=h2WkLD/Chlma1drux4CVPnkD3YidKHXkVaf91hzeu9g=; b=AdAKDCnod8+ye34Xn0QzCmaHqzhG5RVUzfBzmPUqIo3fhO6wt+LUfnMsMRJvrCyTaF aSfpAioP+03zAn1T5LL3UfejXSww/eA5gT8HLp0HVS6JiPLkRb24wBmh0XnIXfviADcA tpwFS4apFDLmQ/kXZa8IjL7bxNUrhkxZD/shEgPTu98JI+sg8Xp7UDM76w+gHZi/WYV3 Rt6DKZr7QacFfPqo14mR9/+2kcBVBPHeT+gMT/bEdEJ3fhkzrlqvdQbcuPyulUB/zjRa 2sPLReaPPGi7oAFpMiAuFOoE9xQIN/5uqVGKWttc59xNvkFBkFaRgTddKFk1OIA3/v1r h86Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=h2WkLD/Chlma1drux4CVPnkD3YidKHXkVaf91hzeu9g=; b=Eej94cgSiiq4iTBGxG3od+BqVkAHSyeVK9BTpe1WLONCX3LvmzYUNB5CcrmaV2/fn7 zN/cY//TnkTbjlle9DkzYjYPpOuJc39HC8hsb4lHFYfzClrHrN/VSBNroiCM+HuF/NeB oaKvxQLsOC4BuZKMg/SOJOvhQnCIBjZRFwJQc7aFibvEHmUthqQaZugx+jb11tSOWrfa a0VBJD006gJgeomCOSO0Z6mB2Rl+z/hsvsf8DZ2YGtGbtWaMjW/Bos94ypZ0XR98aVIx uZVUI3w3abu8QoH49Ud84DUPHCIbavRBV2tIWqsUxGZE7PUvovalASCyIO01xUYXsDqU a9xg== X-Gm-Message-State: ALQs6tBbUtZ6T6DmB8goThhYQoCe6nUUIMxpxNAgDX8zmjpfxrBEJLrC KJfcWv3kPsWtKlpagK94t6G2eOGC92xmMwzjku6viQ== X-Google-Smtp-Source: AIpwx48cx4cp3rjFQfW6MxE5Gw5HodcTtJG96Y3+8SaLFYyVODMFQcEn0Rfhe1g+JKcm1q5nK8+27cvtPRrnNnDoazc= X-Received: by 10.80.142.9 with SMTP id 9mr6788903edw.101.1524117957891; Wed, 18 Apr 2018 23:05:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.212.197 with HTTP; Wed, 18 Apr 2018 23:05:57 -0700 (PDT) In-Reply-To: References: <20180412222208.11770-1-aconole@redhat.com> <20180412222208.11770-3-aconole@redhat.com> From: Alejandro Lucero Date: Thu, 19 Apr 2018 07:05:57 +0100 Message-ID: To: Aaron Conole Cc: dev , Adrien Mazarguil , stable@dpdk.org, Thomas Monjalon Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.15 Subject: Re: [dpdk-dev] [RFC 2/2] nfp: allow for non-root user X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Apr 2018 06:05:58 -0000 On Wed, Apr 18, 2018 at 1:32 PM, Aaron Conole wrote: > Alejandro Lucero writes: > > > On Tue, Apr 17, 2018 at 8:19 PM, Aaron Conole > wrote: > > > > Alejandro Lucero writes: > > > > > I was just wondering, if device device PCI sysfs resource files or > VFIO group /dev files > > require to change > > > permissions for non-root users, does it not make sense to adjust also > /var/lock in the > > system? > > > > For the /dev, we use udev rules - so the correct individual vfio device > > files get assigned the correct permissions. No such mechanism exists > > for /var/lock as far as I can tell. > > > > Ex. see: > > > > https://github.com/openvswitch/ovs/blob/master/ > rhel/usr_lib_udev_rules.d_91-vfio.rules > > > > > > Maybe something similar exists that we could use to generate the lock > > file automatically? > > > > What about /sysfs/bus/pci/device/$PCI_DEV/resource file? > > > > Is RH forcing OVS DPDK to only work if the host has IOMMU support? > > Yes. > Ok then. It makes sense now to apply this patch to stable versions. Acked-by: Alejandro Lucero > > > > On Tue, Apr 17, 2018 at 4:44 PM, Alejandro Lucero > > wrote: > > > > > > I have seen that VFIO also requires explicitly to set the right > permissions for non-root > > users to VFIO > > > groups under /dev/vfio. > > > > > > I assume then that running OVS or other DPDK apps as non-root is > possible, > > although requiring > > > those explicit permissions changes, and therefore this patch is > necessary. > > > > > > Adding stable@ and Thomas for discussing how can this be added to > stable DPDK > > versions even if > > > this is not going to be a patch for current DPDK version. > > > > > > Acked-by: Alejandro Lucero > > > > > > On Fri, Apr 13, 2018 at 4:31 PM, Alejandro Lucero > > wrote: > > > > > > On Fri, Apr 13, 2018 at 2:31 PM, Aaron Conole > wrote: > > > > > > Alejandro Lucero writes: > > > > > > > Again, this patch is correct, but because NFP PMD needs to access > > > > /sys/bus/pci/devices/$DEVICE_PCI_STRING/resource$RESOURCE_ID, and > these files > > have > > > just > > > > read/write accesses for root, I do not know if this is really > necessary. > > > > > > > > Being honest, I have not used a DPDK app with NFP PMD and not > being root. Does > > it > > > work > > > > with non-root users and other PMDs with same requirements > regarding sysfs > > resource > > > files? > > > > > > We do run as non-root user definitely with Intel PMDs. > > > > > > I'm not very sure about other vendors, but I think mlx pmd runs as > > > non-root user (and it was modified to move off of sysfs for that > > > reason[1]). > > > > > > It is possible to not rely on sysfs resource files if device is > attached to VFIO, but I > > think that is a > > > must with UIO. > > > > > > > > > I'll continue to push for more information from the testing side to > find > > > out though. > > > > > > [1]: http://dpdk.org/ml/archives/dev/2018-February/090586.html > > > > > > > On Fri, Apr 13, 2018 at 12:22 AM, Aaron Conole > wrote: > > > > > > > > Currently, the nfp lock files are taken from the global lock file > > > > location, which will work when the user is running as root. > However, > > > > some distributions and applications (notably ovs 2.8+ on > RHEL/Fedora) > > > > run as a non-root user. > > > > > > > > Signed-off-by: Aaron Conole > > > > --- > > > > drivers/net/nfp/nfp_nfpu.c | 23 ++++++++++++++++++----- > > > > 1 file changed, 18 insertions(+), 5 deletions(-) > > > > > > > > diff --git a/drivers/net/nfp/nfp_nfpu.c > b/drivers/net/nfp/nfp_nfpu.c > > > > index 2ed985ff4..ae2e07220 100644 > > > > --- a/drivers/net/nfp/nfp_nfpu.c > > > > +++ b/drivers/net/nfp/nfp_nfpu.c > > > > @@ -18,6 +18,22 @@ > > > > #define NFP_CFG_EXP_BAR 7 > > > > > > > > #define NFP_CFG_EXP_BAR_CFG_BASE 0x30000 > > > > +#define NFP_LOCKFILE_PATH_FMT "%s/nfp%d" > > > > + > > > > +/* get nfp lock file path (/var/lock if root, $HOME otherwise) */ > > > > +static void > > > > +nspu_get_lockfile_path(char *buffer, int bufsz, nfpu_desc_t > *desc) > > > > +{ > > > > + const char *dir = "/var/lock"; > > > > + const char *home_dir = getenv("HOME"); > > > > + > > > > + if (getuid() != 0 && home_dir != NULL) > > > > + dir = home_dir; > > > > + > > > > + /* use current prefix as file path */ > > > > + snprintf(buffer, bufsz, NFP_LOCKFILE_PATH_FMT, dir, > > > > + desc->nfp); > > > > +} > > > > > > > > /* There could be other NFP userspace tools using the NSP > interface. > > > > * Make sure there is no other process using it and locking the > access for > > > > @@ -30,9 +46,7 @@ nspv_aquire_process_lock(nfpu_desc_t *desc) > > > > struct flock lock; > > > > char lockname[30]; > > > > > > > > - memset(&lock, 0, sizeof(lock)); > > > > - > > > > - snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d", > desc->nfp); > > > > + nspu_get_lockfile_path(lockname, sizeof(lockname), desc); > > > > > > > > /* Using S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH > | S_IWOTH */ > > > > desc->lock = open(lockname, O_RDWR | O_CREAT, 0666); > > > > @@ -106,7 +120,6 @@ nfpu_close(nfpu_desc_t *desc) > > > > rte_free(desc->nspu); > > > > close(desc->lock); > > > > > > > > - snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d", > desc->nfp); > > > > - unlink(lockname); > > > > + nspu_get_lockfile_path(lockname, sizeof(lockname), desc); > > > > return 0; > > > > } > > > > -- > > > > 2.14.3 >