From: Anatoly Burakov Date: Thu, 19 Nov 2020 10:52:44 +0000 (+0000) Subject: doc: clarify instructions on running as non-root X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=3c3a861ce07e507dadda56091bc39cb92c3ae928;p=dpdk.git doc: clarify instructions on running as non-root The current instructions are slightly out of date when it comes to providing information about setting up the system for using DPDK as non-root, so update them. Cc: stable@dpdk.org Signed-off-by: Anatoly Burakov Reviewed-by: Ferruh Yigit Acked-by: Bruce Richardson --- diff --git a/doc/guides/linux_gsg/enable_func.rst b/doc/guides/linux_gsg/enable_func.rst index a2339a877b..45fd53ba36 100644 --- a/doc/guides/linux_gsg/enable_func.rst +++ b/doc/guides/linux_gsg/enable_func.rst @@ -60,22 +60,51 @@ The application can then determine what action to take, if any, if the HPET is n if any, and on what is available on the system at runtime. Running DPDK Applications Without Root Privileges --------------------------------------------------------- +------------------------------------------------- -.. note:: +In order to run DPDK as non-root, the following Linux filesystem objects' +permissions should be adjusted to ensure that the Linux account being used to +run the DPDK application has access to them: + +* All directories which serve as hugepage mount points, for example, ``/dev/hugepages`` + +* If the HPET is to be used, ``/dev/hpet`` + +When running as non-root user, there may be some additional resource limits +that are imposed by the system. Specifically, the following resource limits may +need to be adjusted in order to ensure normal DPDK operation: + +* RLIMIT_LOCKS (number of file locks that can be held by a process) + +* RLIMIT_NOFILE (number of open file descriptors that can be held open by a process) + +* RLIMIT_MEMLOCK (amount of pinned pages the process is allowed to have) + +The above limits can usually be adjusted by editing +``/etc/security/limits.conf`` file, and rebooting. - The instructions below will allow running DPDK as non-root with older - Linux kernel versions. However, since version 4.0, the kernel does not allow - unprivileged processes to read the physical address information from - the pagemaps file, making it impossible for those processes to use HW - devices which require physical addresses +Additionally, depending on which kernel driver is in use, the relevant +resources also should be accessible by the user running the DPDK application. -Although applications using the DPDK use network ports and other hardware resources directly, -with a number of small permission adjustments it is possible to run these applications as a user other than "root". -To do so, the ownership, or permissions, on the following Linux file system objects should be adjusted to ensure that -the Linux user account being used to run the DPDK application has access to them: +For ``vfio-pci`` kernel driver, the following Linux file system objects' +permissions should be adjusted: -* All directories which serve as hugepage mount points, for example, ``/mnt/huge`` +* The VFIO device file, ``/dev/vfio/vfio`` + +* The directories under ``/dev/vfio`` that correspond to IOMMU group numbers of + devices intended to be used by DPDK, for example, ``/dev/vfio/50`` + +.. note:: + + The instructions below will allow running DPDK with ``igb_uio`` or + ``uio_pci_generic`` drivers as non-root with older Linux kernel versions. + However, since version 4.0, the kernel does not allow unprivileged processes + to read the physical address information from the pagemaps file, making it + impossible for those processes to be used by non-privileged users. In such + cases, using the VFIO driver is recommended. + +For ``igb_uio`` or ``uio_pci_generic`` kernel drivers, the following Linux file +system objects' permissions should be adjusted: * The userspace-io device files in ``/dev``, for example, ``/dev/uio0``, ``/dev/uio1``, and so on @@ -84,11 +113,6 @@ the Linux user account being used to run the DPDK application has access to them /sys/class/uio/uio0/device/config /sys/class/uio/uio0/device/resource* -* If the HPET is to be used, ``/dev/hpet`` - -.. note:: - - On some Linux installations, ``/dev/hugepages`` is also a hugepage mount point created by default. Power Management and Power Saving Functionality -----------------------------------------------