Multiple Users Running DPDK Apps

Dmitry Kozlyuk dmitry.kozliuk at gmail.com
Thu Jan 2 21:48:13 CET 2025

Previous message (by thread): Multiple Users Running DPDK Apps
Next message (by thread): Multiple Users Running DPDK Apps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2025-01-02 19:44 (UTC+0000), Alex K:
> Should multiple users be able to take turns running DPDK apps on the same system without using sudo?
> 
> Hugepages setup is required for multi-process support. The usertools/dpdk-hugepages.py script accepts user id and group id arguments when mounting hugepages directory. And I was hoping that files created in this directory would be created such that they would be accessible by the users in this same group. However, I'm seeing that those created hugepages files get the 0600 permissions (read/write by the user only) and group ownership is not set to the group specified in the dpdk-hugepages.py script. So another user attempting to run DPDK apps gets a Permission denied error attempting to access hugepages files.
> Is this a bug or by design?
> Should each user have a separate hugepages directory setup somehow?
> 
> I'm using vfio-pci kernel module with IOMMU, DPDK 23.11.1 LTS on RHEL 9. Seeing same behavior with 24.11.1 LTS. Tried to follow the instructions at: https://doc.dpdk.org/guides-23.11/linux_gsg/enable_func.html#running-dpdk-applications-without-root-privileges
> 
> Would like to understand if what I'm attempting is supported and if there's anything I'm missing.
> Thank you.

Hi Alex,

If you want to run independent applications as different users,
you can use a common directory but specify different --file-prefix
for each application (group of processes sharing hugepages).

If you want to run different processes of one multi-process DPDK app as
different users, they must use the common directory,
so the current behavior with 0600 permissions is a blocker.
They are set intentionally:
http://git.dpdk.org/dpdk/commit/?id=da5d107207910fc318862579e7b588481c72c668
Ownership is not controlled, so default open(2) semantics apply,
but there's still no way past the disabled group-writable bit.
If this is the case, I wonder why this is needed?
There isn't real privilege separation if processes share hugepages,
which particularly means that both processes have access to HW and DMA.

Previous message (by thread): Multiple Users Running DPDK Apps
Next message (by thread): Multiple Users Running DPDK Apps
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the users mailing list