[v1,1/1] usertools/devbind: allow changing UID/GID for VFIO

Message ID 4cd0282dabfa59e715028ecf255468529655b487.1725285449.git.anatoly.burakov@intel.com (mailing list archive)
State New
Delegated to: Thomas Monjalon
Headers
Series [v1,1/1] usertools/devbind: allow changing UID/GID for VFIO |

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/loongarch-compilation success Compilation OK
ci/loongarch-unit-testing success Unit Testing PASS
ci/Intel-compilation success Compilation OK
ci/intel-Testing success Testing PASS
ci/github-robot: build success github build: passed
ci/intel-Functional success Functional PASS
ci/iol-marvell-Functional success Functional Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-sample-apps-testing success Testing PASS
ci/iol-unit-amd64-testing success Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-compile-amd64-testing success Testing PASS
ci/iol-unit-arm64-testing success Testing PASS
ci/iol-compile-arm64-testing success Testing PASS

Commit Message

Burakov, Anatoly Sept. 2, 2024, 1:57 p.m. UTC
Currently, when binding a device to VFIO, the UID/GID for the device will
always stay as system default (`root`). Yet, when running DPDK as non-root
user, one has to change the UID/GID of the device to match the user's
UID/GID to use the device.

This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
the device when binding it to VFIO.

Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
 usertools/dpdk-devbind.py | 41 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 39 insertions(+), 2 deletions(-)
  

Comments

Burakov, Anatoly Sept. 3, 2024, 9:11 a.m. UTC | #1
On 9/2/2024 3:57 PM, Anatoly Burakov wrote:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
> 
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---

<snip>

>   
> +def own_one(dev_id, uid, gid):
> +    """Set the IOMMU group ownership for a device"""
> +    # find IOMMU group for a particular device
> +    iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", dev_id, "iommu_group")
> +    try:
> +        iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
> +        # we found IOMMU group, now find the device
> +        dev_path = os.path.join("/dev/vfio", iommu_grp)
> +        # set the ownership
> +        _uid = pwd.getpwnam(uid).pw_uid if uid else -1
> +        _gid = grp.getgrnam(gid).gr_gid if gid else -1
> +        os.chown(dev_path, _uid, _gid)
> +    except OSError as err:
> +        sys.exit(f"Error: failed to read IOMMU group for {dev_id}: {err}")

On another thought, perhaps sys.exit() here is a bit too drastic... Will 
replace with error message in v2
  

Patch

diff --git a/usertools/dpdk-devbind.py b/usertools/dpdk-devbind.py
index 078e8c387b..37e2b9972d 100755
--- a/usertools/dpdk-devbind.py
+++ b/usertools/dpdk-devbind.py
@@ -8,6 +8,8 @@ 
 import subprocess
 import argparse
 import platform
+import grp
+import pwd
 
 from glob import glob
 from os.path import exists, basename
@@ -107,6 +109,8 @@ 
 b_flag = None
 status_flag = False
 force_flag = False
+vfio_uid = ""
+vfio_gid = ""
 args = []
 
 
@@ -462,6 +466,22 @@  def bind_one(dev_id, driver, force):
                      % (dev_id, filename, err))
 
 
+def own_one(dev_id, uid, gid):
+    """Set the IOMMU group ownership for a device"""
+    # find IOMMU group for a particular device
+    iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", dev_id, "iommu_group")
+    try:
+        iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
+        # we found IOMMU group, now find the device
+        dev_path = os.path.join("/dev/vfio", iommu_grp)
+        # set the ownership
+        _uid = pwd.getpwnam(uid).pw_uid if uid else -1
+        _gid = grp.getgrnam(gid).gr_gid if gid else -1
+        os.chown(dev_path, _uid, _gid)
+    except OSError as err:
+        sys.exit(f"Error: failed to read IOMMU group for {dev_id}: {err}")
+
+
 def unbind_all(dev_list, force=False):
     """Unbind method, takes a list of device locations"""
 
@@ -482,7 +502,7 @@  def unbind_all(dev_list, force=False):
         unbind_one(d, force)
 
 
-def bind_all(dev_list, driver, force=False):
+def bind_all(dev_list, driver, uid, gid, force=False):
     """Bind method, takes a list of device locations"""
     global devices
 
@@ -510,6 +530,9 @@  def bind_all(dev_list, driver, force=False):
 
     for d in dev_list:
         bind_one(d, driver, force)
+        # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified
+        if driver == "vfio-pci" and (uid or gid):
+            own_one(d, uid, gid)
 
     # For kernels < 3.15 when binding devices to a generic driver
     # (i.e. one that doesn't have a PCI ID table) using new_id, some devices
@@ -662,6 +685,8 @@  def parse_args():
     global status_dev
     global force_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     parser = argparse.ArgumentParser(
         description='Utility to bind and unbind devices from Linux kernel',
@@ -707,6 +732,12 @@  def parse_args():
         '--unbind',
         action='store_true',
         help="Unbind a device (equivalent to \"-b none\")")
+    parser.add_argument(
+        "-U", "--uid", help="For VFIO, specify the UID to set IOMMU group ownership"
+    )
+    parser.add_argument(
+        "-G", "--gid", help="For VFIO, specify the GID to set IOMMU group ownership"
+    )
     parser.add_argument(
         '--force',
         action='store_true',
@@ -737,6 +768,10 @@  def parse_args():
         b_flag = opt.bind
     elif opt.unbind:
         b_flag = "none"
+    if opt.uid:
+        vfio_uid = opt.uid
+    if opt.gid:
+        vfio_gid = opt.gid
     args = opt.devices
 
     if not b_flag and not status_flag:
@@ -764,11 +799,13 @@  def do_arg_actions():
     global status_flag
     global force_flag
     global args
+    global vfio_uid
+    global vfio_gid
 
     if b_flag in ["none", "None"]:
         unbind_all(args, force_flag)
     elif b_flag is not None:
-        bind_all(args, b_flag, force_flag)
+        bind_all(args, b_flag, vfio_uid, vfio_gid, force_flag)
     if status_flag:
         if b_flag is not None:
             clear_data()