[dpdk-dev] [PATCH 1/2] doc/linux_gsg: clarify instructions on running as non-root

Bruce Richardson bruce.richardson at intel.com
Mon Aug 24 19:08:03 CEST 2020

Previous message: [dpdk-dev] [PATCH 2/2] doc/linux_gsg: update information on using hugepages
Next message: [dpdk-dev] [PATCH 1/2] doc/linux_gsg: clarify instructions on running as non-root
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 24, 2020 at 04:45:00PM +0100, Anatoly Burakov wrote:
> The current instructions are slightly out of date when it comes to
> providing information about setting up the system for using DPDK as
> non-root, so update them.
> 
> Cc: stable at dpdk.org
> 
> Signed-off-by: Anatoly Burakov <anatoly.burakov at intel.com>
> ---
>  doc/guides/linux_gsg/enable_func.rst | 54 ++++++++++++++++++++--------
>  1 file changed, 39 insertions(+), 15 deletions(-)
> 
> diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst
> index b2bda80bb7..78b0f7c012 100644
> --- a/doc/guides/linux_gsg/enable_func.rst
> +++ b/doc/guides/linux_gsg/enable_func.rst
> @@ -58,22 +58,34 @@ The application can then determine what action to take, if any, if the HPET is n
>      if any, and on what is available on the system at runtime.
>  
>  Running DPDK Applications Without Root Privileges
> ---------------------------------------------------------
> +-------------------------------------------------
>  
> -.. note::
> +In order to run DPDK as non-root, the following Linux filesystem objects'
> +permissions should be adjusted to ensure that the Linux account being used to
> +run the DPDK application has access to them:
>  
> -    The instructions below will allow running DPDK as non-root with older
> -    Linux kernel versions. However, since version 4.0, the kernel does not allow
> -    unprivileged processes to read the physical address information from
> -    the pagemaps file, making it impossible for those processes to use HW
> -    devices which require physical addresses
> +*   All directories which serve as hugepage mount points, for example, ``/dev/hugepages``
>  
> -Although applications using the DPDK use network ports and other hardware resources directly,
> -with a number of small permission adjustments it is possible to run these applications as a user other than "root".
> -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that
> -the Linux user account being used to run the DPDK application has access to them:
> +*   If the HPET is to be used,  ``/dev/hpet``
>  
> -*   All directories which serve as hugepage mount points, for example,   ``/mnt/huge``
> +When running as non-root user, there may be some additional resource limits
> +that are imposed by the system. Specifically, the following resource limits may
> +need to be adjusted in order to ensure normal DPDK operation:
> +
> +* RLIMIT_LOCKS (number of file locks that can be held by a process)
> +
> +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process)
> +
> +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have)
> +
> +The above limits can usually be adjusted by editing
> +``/etc/security/limits.conf`` file, and rebooting.
> +
> +Additionally, depending on which kernel driver is in use, the relevant
> +resources also should be accessible by the user running the DPDK application.
> +
> +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file
> +system objects' permissions should be adjusted:
>  
>  *   The userspace-io device files in  ``/dev``, for example,  ``/dev/uio0``, ``/dev/uio1``, and so on
>  
> @@ -82,11 +94,23 @@ the Linux user account being used to run the DPDK application has access to them
>         /sys/class/uio/uio0/device/config
>         /sys/class/uio/uio0/device/resource*
>  
> -*   If the HPET is to be used,  ``/dev/hpet``
> -
>  .. note::
>  
> -    On some Linux installations, ``/dev/hugepages``  is also a hugepage mount point created by default.
> +    The instructions above will allow running DPDK with ``igb_uio`` driver as
> +    non-root with older Linux kernel versions. However, since version 4.0, the
> +    kernel does not allow unprivileged processes to read the physical address
> +    information from the pagemaps file, making it impossible for those
> +    processes to be used by non-privileged users. In such cases, using the VFIO
> +    driver is recommended.
> +
> +For ``vfio-pci`` kernel driver, the following Linux file system objects'
> +permissions should be adjusted:
> +
> +* The VFIO device file , ``/dev/vfio/vfio``
> +
> +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of
> +  devices intended to be used by DPDK, for example, ``/dev/vfio/50``
> +
>  
Since we'd very much prefer in all cases people to use VFIO, I think the
VFIO instructions should come first.
Otherwise the text itself reads fine to me.

/Bruce

Previous message: [dpdk-dev] [PATCH 2/2] doc/linux_gsg: update information on using hugepages
Next message: [dpdk-dev] [PATCH 1/2] doc/linux_gsg: clarify instructions on running as non-root
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list