I have seen that VFIO also requires explicitly to set the right permissions for non-root users to VFIO groups under /dev/vfio.
I assume then that running OVS or other DPDK apps as non-root is possible, although requiring those explicit permissions changes, and therefore this patch is necessary. Adding stable@ and Thomas for discussing how can this be added to stable DPDK versions even if this is not going to be a patch for current DPDK version. Acked-by: Alejandro Lucero <alejandro.luc...@netronome.com> On Fri, Apr 13, 2018 at 4:31 PM, Alejandro Lucero < alejandro.luc...@netronome.com> wrote: > > > On Fri, Apr 13, 2018 at 2:31 PM, Aaron Conole <acon...@redhat.com> wrote: > >> Alejandro Lucero <alejandro.luc...@netronome.com> writes: >> >> > Again, this patch is correct, but because NFP PMD needs to access >> > /sys/bus/pci/devices/$DEVICE_PCI_STRING/resource$RESOURCE_ID, and >> these files have just >> > read/write accesses for root, I do not know if this is really necessary. >> > >> > Being honest, I have not used a DPDK app with NFP PMD and not being >> root. Does it work >> > with non-root users and other PMDs with same requirements regarding >> sysfs resource files? >> >> We do run as non-root user definitely with Intel PMDs. >> >> I'm not very sure about other vendors, but I think mlx pmd runs as >> non-root user (and it was modified to move off of sysfs for that >> reason[1]). >> >> > It is possible to not rely on sysfs resource files if device is attached > to VFIO, but I think that is a must with UIO. > > > >> I'll continue to push for more information from the testing side to find >> out though. >> >> [1]: http://dpdk.org/ml/archives/dev/2018-February/090586.html >> >> > On Fri, Apr 13, 2018 at 12:22 AM, Aaron Conole <acon...@redhat.com> >> wrote: >> > >> > Currently, the nfp lock files are taken from the global lock file >> > location, which will work when the user is running as root. However, >> > some distributions and applications (notably ovs 2.8+ on RHEL/Fedora) >> > run as a non-root user. >> > >> > Signed-off-by: Aaron Conole <acon...@redhat.com> >> > --- >> > drivers/net/nfp/nfp_nfpu.c | 23 ++++++++++++++++++----- >> > 1 file changed, 18 insertions(+), 5 deletions(-) >> > >> > diff --git a/drivers/net/nfp/nfp_nfpu.c b/drivers/net/nfp/nfp_nfpu.c >> > index 2ed985ff4..ae2e07220 100644 >> > --- a/drivers/net/nfp/nfp_nfpu.c >> > +++ b/drivers/net/nfp/nfp_nfpu.c >> > @@ -18,6 +18,22 @@ >> > #define NFP_CFG_EXP_BAR 7 >> > >> > #define NFP_CFG_EXP_BAR_CFG_BASE 0x30000 >> > +#define NFP_LOCKFILE_PATH_FMT "%s/nfp%d" >> > + >> > +/* get nfp lock file path (/var/lock if root, $HOME otherwise) */ >> > +static void >> > +nspu_get_lockfile_path(char *buffer, int bufsz, nfpu_desc_t *desc) >> > +{ >> > + const char *dir = "/var/lock"; >> > + const char *home_dir = getenv("HOME"); >> > + >> > + if (getuid() != 0 && home_dir != NULL) >> > + dir = home_dir; >> > + >> > + /* use current prefix as file path */ >> > + snprintf(buffer, bufsz, NFP_LOCKFILE_PATH_FMT, dir, >> > + desc->nfp); >> > +} >> > >> > /* There could be other NFP userspace tools using the NSP interface. >> > * Make sure there is no other process using it and locking the >> access for >> > @@ -30,9 +46,7 @@ nspv_aquire_process_lock(nfpu_desc_t *desc) >> > struct flock lock; >> > char lockname[30]; >> > >> > - memset(&lock, 0, sizeof(lock)); >> > - >> > - snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d", >> desc->nfp); >> > + nspu_get_lockfile_path(lockname, sizeof(lockname), desc); >> > >> > /* Using S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | >> S_IWOTH */ >> > desc->lock = open(lockname, O_RDWR | O_CREAT, 0666); >> > @@ -106,7 +120,6 @@ nfpu_close(nfpu_desc_t *desc) >> > rte_free(desc->nspu); >> > close(desc->lock); >> > >> > - snprintf(lockname, sizeof(lockname), "/var/lock/nfp%d", >> desc->nfp); >> > - unlink(lockname); >> > + nspu_get_lockfile_path(lockname, sizeof(lockname), desc); >> > return 0; >> > } >> > -- >> > 2.14.3 >> > >
