[v4,1/1] usertools/devbind: allow changing UID/GID for VFIO
Checks
Commit Message
Currently, when binding a device to VFIO, the UID/GID for the device will
always stay as system default (`root`). Yet, when running DPDK as non-root
user, one has to change the UID/GID of the device to match the user's
UID/GID to use the device.
This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
the device when binding it to VFIO.
Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
---
Notes:
v3 -> v4:
- Added documentation
v2 -> v3:
- Replaced error printout back to hard exit
- Reworked UID/GID validation to be at command line parsing
- Simplified chown code
v1 -> v2:
- Replaced hard exit with an error printout
doc/guides/tools/devbind.rst | 6 ++++++
usertools/dpdk-devbind.py | 41 +++++++++++++++++++++++++++++++++---
2 files changed, 44 insertions(+), 3 deletions(-)
Comments
On 12/2/2024 10:31 AM, Anatoly Burakov wrote:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
>
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
Missed
Reviewed-by: Robin Jarry <rjarry@redhat.com>
On 12/2/2024 10:31 AM, Anatoly Burakov wrote:
> Currently, when binding a device to VFIO, the UID/GID for the device will
> always stay as system default (`root`). Yet, when running DPDK as non-root
> user, one has to change the UID/GID of the device to match the user's
> UID/GID to use the device.
>
> This patch adds an option to `dpdk-devbind.py` to change the UID/GID of
> the device when binding it to VFIO.
>
> Signed-off-by: Anatoly Burakov <anatoly.burakov@intel.com>
> ---
This functionality is also included in my devbind rewrite:
https://patches.dpdk.org/project/dpdk/list/?series=34098
@@ -56,6 +56,12 @@ OPTIONS
WARNING: This can lead to loss of network connection and should be used
with caution.
+* ``--uid uid, --gid gid``
+
+ By default, devices which are bound to VFIO will be owned by ``root``.
+ Use this flag to change ownership to the specified user and group, so that
+ devices bound to VFIO would be usable by unprivileged users.
+
.. warning::
@@ -3,11 +3,13 @@
# Copyright(c) 2010-2014 Intel Corporation
#
-import sys
-import os
-import subprocess
import argparse
+import grp
+import os
import platform
+import pwd
+import subprocess
+import sys
from glob import glob
from os.path import exists, basename
@@ -108,6 +110,8 @@
status_flag = False
force_flag = False
noiommu_flag = False
+vfio_uid = -1
+vfio_gid = -1
args = []
@@ -544,6 +548,19 @@ def bind_all(dev_list, driver, force=False):
for d in dev_list:
bind_one(d, driver, force)
+ # if we're binding to vfio-pci, set the IOMMU user/group ownership if one was specified
+ if driver == "vfio-pci" and (vfio_uid != -1 or vfio_gid != -1):
+ # find IOMMU group for a particular PCI device
+ iommu_grp_base_path = os.path.join("/sys/bus/pci/devices", d, "iommu_group")
+ # extract the IOMMU group number
+ iommu_grp = os.path.basename(os.readlink(iommu_grp_base_path))
+ # find VFIO device correspondiong to this IOMMU group
+ dev_path = os.path.join("/dev/vfio", iommu_grp)
+ # set ownership
+ try:
+ os.chown(dev_path, vfio_uid, vfio_gid)
+ except OSError as err:
+ sys.exit(f"Error: failed to set IOMMU group ownership for {d}: {err}")
# For kernels < 3.15 when binding devices to a generic driver
# (i.e. one that doesn't have a PCI ID table) using new_id, some devices
@@ -697,6 +714,8 @@ def parse_args():
global force_flag
global noiommu_flag
global args
+ global vfio_uid
+ global vfio_gid
parser = argparse.ArgumentParser(
description='Utility to bind and unbind devices from Linux kernel',
@@ -746,6 +765,20 @@ def parse_args():
'--noiommu-mode',
action='store_true',
help="If IOMMU is not available, enable no IOMMU mode for VFIO drivers")
+ parser.add_argument(
+ "-U",
+ "--uid",
+ help="For VFIO, specify the UID to set IOMMU group ownership",
+ type=lambda u: pwd.getpwnam(u).pw_uid,
+ default=-1,
+ )
+ parser.add_argument(
+ "-G",
+ "--gid",
+ help="For VFIO, specify the GID to set IOMMU group ownership",
+ type=lambda g: grp.getgrnam(g).gr_gid,
+ default=-1,
+ )
parser.add_argument(
'--force',
action='store_true',
@@ -778,6 +811,8 @@ def parse_args():
b_flag = opt.bind
elif opt.unbind:
b_flag = "none"
+ vfio_uid = opt.uid
+ vfio_gid = opt.gid
args = opt.devices
if not b_flag and not status_flag: