[1/2] doc/linux_gsg: clarify instructions on running as non-root
Checks
Commit Message
The current instructions are slightly out of date when it comes to
providing information about setting up the system for using DPDK as
non-root, so update them.
Cc: stable@dpdk.org
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
doc/guides/linux_gsg/enable_func.rst | 54 ++++++++++++++++++++--------
1 file changed, 39 insertions(+), 15 deletions(-)
Comments
On Mon, Aug 24, 2020 at 04:45:00PM +0100, Anatoly Burakov wrote:
> The current instructions are slightly out of date when it comes to
> providing information about setting up the system for using DPDK as
> non-root, so update them.
>
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
> doc/guides/linux_gsg/enable_func.rst | 54 ++++++++++++++++++++--------
> 1 file changed, 39 insertions(+), 15 deletions(-)
>
> diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst
> index b2bda80bb7..78b0f7c012 100644
> --- a/doc/guides/linux_gsg/enable_func.rst
> +++ b/doc/guides/linux_gsg/enable_func.rst
> @@ -58,22 +58,34 @@ The application can then determine what action to take, if any, if the HPET is n
> if any, and on what is available on the system at runtime.
>
> Running DPDK Applications Without Root Privileges
> ---------------------------------------------------------
> +-------------------------------------------------
>
> -.. note::
> +In order to run DPDK as non-root, the following Linux filesystem objects'
> +permissions should be adjusted to ensure that the Linux account being used to
> +run the DPDK application has access to them:
>
> - The instructions below will allow running DPDK as non-root with older
> - Linux kernel versions. However, since version 4.0, the kernel does not allow
> - unprivileged processes to read the physical address information from
> - the pagemaps file, making it impossible for those processes to use HW
> - devices which require physical addresses
> +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages``
>
> -Although applications using the DPDK use network ports and other hardware resources directly,
> -with a number of small permission adjustments it is possible to run these applications as a user other than "root".
> -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that
> -the Linux user account being used to run the DPDK application has access to them:
> +* If the HPET is to be used, ``/dev/hpet``
>
> -* All directories which serve as hugepage mount points, for example, ``/mnt/huge``
> +When running as non-root user, there may be some additional resource limits
> +that are imposed by the system. Specifically, the following resource limits may
> +need to be adjusted in order to ensure normal DPDK operation:
> +
> +* RLIMIT_LOCKS (number of file locks that can be held by a process)
> +
> +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process)
> +
> +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have)
> +
> +The above limits can usually be adjusted by editing
> +``/etc/security/limits.conf`` file, and rebooting.
> +
> +Additionally, depending on which kernel driver is in use, the relevant
> +resources also should be accessible by the user running the DPDK application.
> +
> +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file
> +system objects' permissions should be adjusted:
>
> * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on
>
> @@ -82,11 +94,23 @@ the Linux user account being used to run the DPDK application has access to them
> /sys/class/uio/uio0/device/config
> /sys/class/uio/uio0/device/resource*
>
> -* If the HPET is to be used, ``/dev/hpet``
> -
> .. note::
>
> - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default.
> + The instructions above will allow running DPDK with ``igb_uio`` driver as
> + non-root with older Linux kernel versions. However, since version 4.0, the
> + kernel does not allow unprivileged processes to read the physical address
> + information from the pagemaps file, making it impossible for those
> + processes to be used by non-privileged users. In such cases, using the VFIO
> + driver is recommended.
> +
> +For ``vfio-pci`` kernel driver, the following Linux file system objects'
> +permissions should be adjusted:
> +
> +* The VFIO device file , ``/dev/vfio/vfio``
> +
> +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of
> + devices intended to be used by DPDK, for example, ``/dev/vfio/50``
> +
>
Since we'd very much prefer in all cases people to use VFIO, I think the
VFIO instructions should come first.
Otherwise the text itself reads fine to me.
/Bruce
On 8/24/2020 4:45 PM, Anatoly Burakov wrote:
> The current instructions are slightly out of date when it comes to
> providing information about setting up the system for using DPDK as
> non-root, so update them.
>
> Cc: stable@dpdk.org
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
Thanks for the doc update, it is useful. I did able to run testpmd as non-root
using vfio-pci module.
For series,
Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>
On 24-Aug-20 6:08 PM, Bruce Richardson wrote:
> On Mon, Aug 24, 2020 at 04:45:00PM +0100, Anatoly Burakov wrote:
>> The current instructions are slightly out of date when it comes to
>> providing information about setting up the system for using DPDK as
>> non-root, so update them.
>>
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
>> ---
>> doc/guides/linux_gsg/enable_func.rst | 54 ++++++++++++++++++++--------
>> 1 file changed, 39 insertions(+), 15 deletions(-)
>>
>> diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst
>> index b2bda80bb7..78b0f7c012 100644
>> --- a/doc/guides/linux_gsg/enable_func.rst
>> +++ b/doc/guides/linux_gsg/enable_func.rst
>> @@ -58,22 +58,34 @@ The application can then determine what action to take, if any, if the HPET is n
>> if any, and on what is available on the system at runtime.
>>
>> Running DPDK Applications Without Root Privileges
>> ---------------------------------------------------------
>> +-------------------------------------------------
>>
>> -.. note::
>> +In order to run DPDK as non-root, the following Linux filesystem objects'
>> +permissions should be adjusted to ensure that the Linux account being used to
>> +run the DPDK application has access to them:
>>
>> - The instructions below will allow running DPDK as non-root with older
>> - Linux kernel versions. However, since version 4.0, the kernel does not allow
>> - unprivileged processes to read the physical address information from
>> - the pagemaps file, making it impossible for those processes to use HW
>> - devices which require physical addresses
>> +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages``
>>
>> -Although applications using the DPDK use network ports and other hardware resources directly,
>> -with a number of small permission adjustments it is possible to run these applications as a user other than "root".
>> -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that
>> -the Linux user account being used to run the DPDK application has access to them:
>> +* If the HPET is to be used, ``/dev/hpet``
>>
>> -* All directories which serve as hugepage mount points, for example, ``/mnt/huge``
>> +When running as non-root user, there may be some additional resource limits
>> +that are imposed by the system. Specifically, the following resource limits may
>> +need to be adjusted in order to ensure normal DPDK operation:
>> +
>> +* RLIMIT_LOCKS (number of file locks that can be held by a process)
>> +
>> +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process)
>> +
>> +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have)
>> +
>> +The above limits can usually be adjusted by editing
>> +``/etc/security/limits.conf`` file, and rebooting.
>> +
>> +Additionally, depending on which kernel driver is in use, the relevant
>> +resources also should be accessible by the user running the DPDK application.
>> +
>> +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file
>> +system objects' permissions should be adjusted:
>>
>> * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on
>>
>> @@ -82,11 +94,23 @@ the Linux user account being used to run the DPDK application has access to them
>> /sys/class/uio/uio0/device/config
>> /sys/class/uio/uio0/device/resource*
>>
>> -* If the HPET is to be used, ``/dev/hpet``
>> -
>> .. note::
>>
>> - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default.
>> + The instructions above will allow running DPDK with ``igb_uio`` driver as
>> + non-root with older Linux kernel versions. However, since version 4.0, the
>> + kernel does not allow unprivileged processes to read the physical address
>> + information from the pagemaps file, making it impossible for those
>> + processes to be used by non-privileged users. In such cases, using the VFIO
>> + driver is recommended.
>> +
>> +For ``vfio-pci`` kernel driver, the following Linux file system objects'
>> +permissions should be adjusted:
>> +
>> +* The VFIO device file , ``/dev/vfio/vfio``
>> +
>> +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of
>> + devices intended to be used by DPDK, for example, ``/dev/vfio/50``
>> +
>>
> Since we'd very much prefer in all cases people to use VFIO, I think the
> VFIO instructions should come first.
> Otherwise the text itself reads fine to me.
OK, will fix in v2.
>
> /Bruce
>
@@ -58,22 +58,34 @@ The application can then determine what action to take, if any, if the HPET is n
if any, and on what is available on the system at runtime.
Running DPDK Applications Without Root Privileges
---------------------------------------------------------
+-------------------------------------------------
-.. note::
+In order to run DPDK as non-root, the following Linux filesystem objects'
+permissions should be adjusted to ensure that the Linux account being used to
+run the DPDK application has access to them:
- The instructions below will allow running DPDK as non-root with older
- Linux kernel versions. However, since version 4.0, the kernel does not allow
- unprivileged processes to read the physical address information from
- the pagemaps file, making it impossible for those processes to use HW
- devices which require physical addresses
+* All directories which serve as hugepage mount points, for example, ``/dev/hugepages``
-Although applications using the DPDK use network ports and other hardware resources directly,
-with a number of small permission adjustments it is possible to run these applications as a user other than "root".
-To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that
-the Linux user account being used to run the DPDK application has access to them:
+* If the HPET is to be used, ``/dev/hpet``
-* All directories which serve as hugepage mount points, for example, ``/mnt/huge``
+When running as non-root user, there may be some additional resource limits
+that are imposed by the system. Specifically, the following resource limits may
+need to be adjusted in order to ensure normal DPDK operation:
+
+* RLIMIT_LOCKS (number of file locks that can be held by a process)
+
+* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process)
+
+* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have)
+
+The above limits can usually be adjusted by editing
+``/etc/security/limits.conf`` file, and rebooting.
+
+Additionally, depending on which kernel driver is in use, the relevant
+resources also should be accessible by the user running the DPDK application.
+
+For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file
+system objects' permissions should be adjusted:
* The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on
@@ -82,11 +94,23 @@ the Linux user account being used to run the DPDK application has access to them
/sys/class/uio/uio0/device/config
/sys/class/uio/uio0/device/resource*
-* If the HPET is to be used, ``/dev/hpet``
-
.. note::
- On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default.
+ The instructions above will allow running DPDK with ``igb_uio`` driver as
+ non-root with older Linux kernel versions. However, since version 4.0, the
+ kernel does not allow unprivileged processes to read the physical address
+ information from the pagemaps file, making it impossible for those
+ processes to be used by non-privileged users. In such cases, using the VFIO
+ driver is recommended.
+
+For ``vfio-pci`` kernel driver, the following Linux file system objects'
+permissions should be adjusted:
+
+* The VFIO device file , ``/dev/vfio/vfio``
+
+* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of
+ devices intended to be used by DPDK, for example, ``/dev/vfio/50``
+
Power Management and Power Saving Functionality
-----------------------------------------------