Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2018-01-23 Thread Aaron Conole 
Hi Marcos,

Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes:

> Thanks for the suggestion Aaron.
>
> Follows below the revised patch for the current master using Aaron and 
> Timothy contributions. May I submit the patch as is or are there any further 
> suggestions?
> I've tested it in the following conditions:
> 1) Fedora 27, ovs_user root:root, vfio-uio driver: Fixed by this patch
> 2) Fedora 27, ovs_user root:root, uio-pci-generic driver: Fixed by this patch
> 3) Fedora 27, ovs_user openvswitch:hugetlbfs, vfio-uio driver: Continues 
> working
> 4) Fedora 27, ovs_user openvswitch:hugetlbfs, uio-pci-generic driver: 
> Continues broken, for kernel 4.0 and newer since the user is missing the 
> CAP_SYS_ADMIN capability. Ref: 
> https://www.kernel.org/doc/Documentation/vm/pagemap.txt

Thanks for following up with this!  Please submit it as a patch.  I will
set aside time to review it (if Timothy doesn't beat me to it).

> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
> index adb549c98..06528e9ab 100644
> --- a/lib/daemon-unix.c
> +++ b/lib/daemon-unix.c
> @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec)
>  }
>  }kernel
>  
> -switch_user = true;
> +if (!uid_verify(uid) || !gid_verify(gid))
> +switch_user = true;
>  }
> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in 
> b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> index c6d9aa1b8..9b01c9271 100644
> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
>  EnvironmentFile=/etc/openvswitch/default.conf
>  EnvironmentFile=-/etc/sysconfig/openvswitch
>  @begin_dpdk@
> -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages
> +ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages'
>  ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
>  @end_dpdk@
>  ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
>
> Regards,
>
> Marcos Schwarz
>
> - Original Message -
> From: "Aaron Conole" <acon...@redhat.com>
> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br>
> Cc: "Timothy Redaelli" <tredae...@redhat.com>, ovs-discuss@openvswitch.org
> Sent: Wednesday, January 10, 2018 6:54:24 PM
> Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since 
> OVS 2.8.0
>
> Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes:
>
>> Thanks for the suggestion Timothy, didn't knew that worked. Just
>> fixing some little things, it should be:
>> ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages
>>
>> Regarding the daemon-unix.c patch, any suggestions on how to improve
>> it? I tested it is working, but currently, I'm not aware if the new
>> capability should be set separeted as I did or using any of the
>> current blocks of code.
>
> One thing that might work is to not attempt switching users and
> capabilities if the current user is the target user.
>
> ex:
>
> @@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec)
>  }
>  }
>  
> -switch_user = true;
> +if (!uid_verify(uid) || !gid_verify(gid))
> +switch_user = true;
>  }
>
> NOTE: this isn't compile or runtime tested, just a thought.
>
>> Regards,
>>
>> Marcos Schwarz
>>
>> - Original Message -
>> From: "Timothy Redaelli" <tredae...@redhat.com>
>> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br>
>> Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org
>> Sent: Monday, January 8, 2018 9:20:17 AM
>> Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora
>> since OVS 2.8.0
>>
>> On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz
>> <marcos.schw...@rnp.br> wrote:
>>> Got it fixed.
>>>
>>> The problem was related to not setting the CAP_SYS_ADMIN capability at 
>>> daemon-unix.c. Follows the patch bellow to set the capability and 
>>> dynamically extract the group from OVS_USER_ID instead of forcing it to 
>>> :hugetlbfs.
>>>
>>> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
>>> index 839114f3e..3b94164ea 100644
>>> --- a/lib/daemon-unix.c
>>> +++ b/lib/daemon-unix.c
>>> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath 
>>> OVS_UNUSED)
>>>  ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
>>>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW);
>>>

Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2018-01-23 Thread Marcos Felipe Schwarz 
Thanks for the suggestion Aaron.

Follows below the revised patch for the current master using Aaron and Timothy 
contributions. May I submit the patch as is or are there any further 
suggestions?
I've tested it in the following conditions:
1) Fedora 27, ovs_user root:root, vfio-uio driver: Fixed by this patch
2) Fedora 27, ovs_user root:root, uio-pci-generic driver: Fixed by this patch
3) Fedora 27, ovs_user openvswitch:hugetlbfs, vfio-uio driver: Continues working
4) Fedora 27, ovs_user openvswitch:hugetlbfs, uio-pci-generic driver: Continues 
broken, for kernel 4.0 and newer since the user is missing the CAP_SYS_ADMIN 
capability. Ref: https://www.kernel.org/doc/Documentation/vm/pagemap.txt

diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
index adb549c98..06528e9ab 100644
--- a/lib/daemon-unix.c
+++ b/lib/daemon-unix.c
@@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec)
 }
 }kernel
 
-switch_user = true;
+if (!uid_verify(uid) || !gid_verify(gid))
+switch_user = true;
 }
diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in 
b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
index c6d9aa1b8..9b01c9271 100644
--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
 EnvironmentFile=/etc/openvswitch/default.conf
 EnvironmentFile=-/etc/sysconfig/openvswitch
 @begin_dpdk@
-ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages
+ExecStartPre=-/bin/sh -c '/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages'
 ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
 @end_dpdk@
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \

Regards,

Marcos Schwarz

- Original Message -
From: "Aaron Conole" <acon...@redhat.com>
To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br>
Cc: "Timothy Redaelli" <tredae...@redhat.com>, ovs-discuss@openvswitch.org
Sent: Wednesday, January 10, 2018 6:54:24 PM
Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 
2.8.0

Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes:

> Thanks for the suggestion Timothy, didn't knew that worked. Just
> fixing some little things, it should be:
> ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages
>
> Regarding the daemon-unix.c patch, any suggestions on how to improve
> it? I tested it is working, but currently, I'm not aware if the new
> capability should be set separeted as I did or using any of the
> current blocks of code.

One thing that might work is to not attempt switching users and
capabilities if the current user is the target user.

ex:

@@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec)
 }
 }
 
-switch_user = true;
+if (!uid_verify(uid) || !gid_verify(gid))
+switch_user = true;
 }

NOTE: this isn't compile or runtime tested, just a thought.

> Regards,
>
> Marcos Schwarz
>
> - Original Message -
> From: "Timothy Redaelli" <tredae...@redhat.com>
> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br>
> Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org
> Sent: Monday, January 8, 2018 9:20:17 AM
> Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since 
> OVS 2.8.0
>
> On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz
> <marcos.schw...@rnp.br> wrote:
>> Got it fixed.
>>
>> The problem was related to not setting the CAP_SYS_ADMIN capability at 
>> daemon-unix.c. Follows the patch bellow to set the capability and 
>> dynamically extract the group from OVS_USER_ID instead of forcing it to 
>> :hugetlbfs.
>>
>> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
>> index 839114f3e..3b94164ea 100644
>> --- a/lib/daemon-unix.c
>> +++ b/lib/daemon-unix.c
>> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath 
>> OVS_UNUSED)
>>  ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
>>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW);
>>  }
>> +if (!ret) {
>> +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN);
>> +}
>>  } else {
>>  ret = -1;
>>  }
>> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in 
>> b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
>> index c6d9aa1b8..94290a847 100644
>> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
>> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
>> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
>>  EnvironmentFile=/etc/openvswitch/default.conf
>>  EnvironmentFile=-/etc/sysconfig/ope

Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2018-01-10 Thread Aaron Conole 
Marcos Felipe Schwarz <marcos.schw...@rnp.br> writes:

> Thanks for the suggestion Timothy, didn't knew that worked. Just
> fixing some little things, it should be:
> ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages
>
> Regarding the daemon-unix.c patch, any suggestions on how to improve
> it? I tested it is working, but currently, I'm not aware if the new
> capability should be set separeted as I did or using any of the
> current blocks of code.

One thing that might work is to not attempt switching users and
capabilities if the current user is the target user.

ex:

@@ -1047,5 +1047,6 @@ daemon_set_new_user(const char *user_spec)
 }
 }
 
-switch_user = true;
+if (!uid_verify(uid) || !gid_verify(gid))
+switch_user = true;
 }

NOTE: this isn't compile or runtime tested, just a thought.

> Regards,
>
> Marcos Schwarz
>
> - Original Message -
> From: "Timothy Redaelli" <tredae...@redhat.com>
> To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br>
> Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org
> Sent: Monday, January 8, 2018 9:20:17 AM
> Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since 
> OVS 2.8.0
>
> On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz
> <marcos.schw...@rnp.br> wrote:
>> Got it fixed.
>>
>> The problem was related to not setting the CAP_SYS_ADMIN capability at 
>> daemon-unix.c. Follows the patch bellow to set the capability and 
>> dynamically extract the group from OVS_USER_ID instead of forcing it to 
>> :hugetlbfs.
>>
>> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
>> index 839114f3e..3b94164ea 100644
>> --- a/lib/daemon-unix.c
>> +++ b/lib/daemon-unix.c
>> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath 
>> OVS_UNUSED)
>>  ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
>>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW);
>>  }
>> +if (!ret) {
>> +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN);
>> +}
>>  } else {
>>  ret = -1;
>>  }
>> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in 
>> b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
>> index c6d9aa1b8..94290a847 100644
>> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
>> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
>> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
>>  EnvironmentFile=/etc/openvswitch/default.conf
>>  EnvironmentFile=-/etc/sysconfig/openvswitch
>>  @begin_dpdk@
>> -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages
>> +ExecStartPre=-/bin/sh -c 'chown :$(echo $OVS_USER_ID | tr ":" "\n" | tail 
>> -1) /dev/hugepages'
>
> I think it's better to avoid using multiple useless forks, shell
> script parameter expansion are better in this case:
>
> ExecStartPre=-/bin/sh -c '/usr/bin/chown $${OVS_USER_ID##*:} /dev/hugepages'
>
>>  ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
>>  @end_dpdk@
>>  ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
>>
>> Regards,
>>
>> Marcos Schwarz
> ___
> discuss mailing list
> disc...@openvswitch.org
> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2018-01-08 Thread Marcos Felipe Schwarz 
Thanks for the suggestion Timothy, didn't knew that worked. Just fixing some 
little things, it should be:
ExecStartPre=-/usr/bin/chown :${OVS_USER_ID##*:} /dev/hugepages

Regarding the daemon-unix.c patch, any suggestions on how to improve it? I 
tested it is working, but currently, I'm not aware if the new capability should 
be set separeted as I did or using any of the current blocks of code.

Regards,

Marcos Schwarz

- Original Message -
From: "Timothy Redaelli" <tredae...@redhat.com>
To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br>
Cc: "Ben Pfaff" <b...@ovn.org>, ovs-discuss@openvswitch.org
Sent: Monday, January 8, 2018 9:20:17 AM
Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 
2.8.0

On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz
<marcos.schw...@rnp.br> wrote:
> Got it fixed.
>
> The problem was related to not setting the CAP_SYS_ADMIN capability at 
> daemon-unix.c. Follows the patch bellow to set the capability and dynamically 
> extract the group from OVS_USER_ID instead of forcing it to :hugetlbfs.
>
> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
> index 839114f3e..3b94164ea 100644
> --- a/lib/daemon-unix.c
> +++ b/lib/daemon-unix.c
> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath 
> OVS_UNUSED)
>  ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW);
>  }
> +if (!ret) {
> +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN);
> +}
>  } else {
>  ret = -1;
>  }
> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in 
> b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> index c6d9aa1b8..94290a847 100644
> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
>  EnvironmentFile=/etc/openvswitch/default.conf
>  EnvironmentFile=-/etc/sysconfig/openvswitch
>  @begin_dpdk@
> -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages
> +ExecStartPre=-/bin/sh -c 'chown :$(echo $OVS_USER_ID | tr ":" "\n" | tail 
> -1) /dev/hugepages'

I think it's better to avoid using multiple useless forks, shell
script parameter expansion are better in this case:

ExecStartPre=-/bin/sh -c '/usr/bin/chown $${OVS_USER_ID##*:} /dev/hugepages'

>  ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
>  @end_dpdk@
>  ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
>
> Regards,
>
> Marcos Schwarz
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2018-01-08 Thread Timothy Redaelli 
On Sat, Jan 6, 2018 at 2:41 AM, Marcos Felipe Schwarz
 wrote:
> Got it fixed.
>
> The problem was related to not setting the CAP_SYS_ADMIN capability at 
> daemon-unix.c. Follows the patch bellow to set the capability and dynamically 
> extract the group from OVS_USER_ID instead of forcing it to :hugetlbfs.
>
> diff --git a/lib/daemon-unix.c b/lib/daemon-unix.c
> index 839114f3e..3b94164ea 100644
> --- a/lib/daemon-unix.c
> +++ b/lib/daemon-unix.c
> @@ -818,6 +818,9 @@ daemon_become_new_user_linux(bool access_datapath 
> OVS_UNUSED)
>  ret = capng_update(CAPNG_ADD, cap_sets, CAP_NET_ADMIN)
>|| capng_update(CAPNG_ADD, cap_sets, CAP_NET_RAW);
>  }
> +if (!ret) {
> +ret = capng_update(CAPNG_ADD, cap_sets, CAP_SYS_ADMIN);
> +}
>  } else {
>  ret = -1;
>  }
> diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in 
> b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> index c6d9aa1b8..94290a847 100644
> --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
> @@ -14,7 +14,7 @@ Environment=HOME=/var/run/openvswitch
>  EnvironmentFile=/etc/openvswitch/default.conf
>  EnvironmentFile=-/etc/sysconfig/openvswitch
>  @begin_dpdk@
> -ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages
> +ExecStartPre=-/bin/sh -c 'chown :$(echo $OVS_USER_ID | tr ":" "\n" | tail 
> -1) /dev/hugepages'

I think it's better to avoid using multiple useless forks, shell
script parameter expansion are better in this case:

ExecStartPre=-/bin/sh -c '/usr/bin/chown $${OVS_USER_ID##*:} /dev/hugepages'

>  ExecStartPre=-/usr/bin/chmod 0775 /dev/hugepages
>  @end_dpdk@
>  ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
>
> Regards,
>
> Marcos Schwarz
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2018-01-05 Thread Marcos Felipe Schwarz 
Hi Ben,

I couldn't find a working solution for supporting running ovs as root and as 
another user.
There seems to be some difference when running ovs-vswithd without the --user 
parameter and with --user=root:root which affects the permission to use UIO. 
Only without --user I'm able to use UIO.
So my current fix includes to remove "--ovs-user=${OVS_USER_ID} \" from 
ovs-vswitchd.service. 

Comparing the logs from each execution the difference is that when using --user 
the following error appears:
2018-01-05T19:33:08.285Z|00012|dpdk|ERR|EAL: Cannot obtain physical addresses: 
No such file or directory. Only vfio will function.

My guess is that when the daemon is switch from native root:root to the --user 
root:root it looses some permission related to /proc/self/pagemap. Do you have 
any suggestion on how to move forward? One way around would be to define an 
exception to not try to switch the user when the value is root:root.

Regards,

Marcos Schwarz

- Original Message -
From: "Ben Pfaff" <b...@ovn.org>
To: "Marcos Felipe Schwarz" <marcos.schw...@rnp.br>
Cc: ovs-discuss@openvswitch.org
Sent: Monday, November 27, 2017 6:31:39 PM
Subject: Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 
2.8.0

On Tue, Nov 21, 2017 at 12:08:51PM -0200, Marcos Felipe Schwarz wrote:
> Hi,
> 
> The current solution for running OVS with non-root user in Fedora makes it 
> not possible to support UIO drivers [1].
> Setting the user to root:root via /etc/sysconfig/openvswitch should be a 
> solution, but it is also currently broken, since the systemd 
> ovs-vswitchd.service is forcing the group :hugetlbfs to /dev/hugepages [2], 
> which breaks root access to it.
> Would it be possible to change the permissions only if the user in not root? 
> Currently I can only make UIO work on fedora removing this hardcoded 
> permissions on the systemd files. I believe that either root:root should not 
> conflict with the systemd script or be explicitly unsupported.
> 
> [1] For Linux kernel 4.0 and newer, the ability to obtain physical page frame 
> numbers for unprivileged users from /proc/self/pagemap was removed.
> Source. 
> http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0
> [2] ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages. 
> https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in

Are you able to submit a patch to solve the problem?  It sounds like you
have a specific idea about what should be done.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2017-11-27 Thread Ben Pfaff 
On Tue, Nov 21, 2017 at 12:08:51PM -0200, Marcos Felipe Schwarz wrote:
> Hi,
> 
> The current solution for running OVS with non-root user in Fedora makes it 
> not possible to support UIO drivers [1].
> Setting the user to root:root via /etc/sysconfig/openvswitch should be a 
> solution, but it is also currently broken, since the systemd 
> ovs-vswitchd.service is forcing the group :hugetlbfs to /dev/hugepages [2], 
> which breaks root access to it.
> Would it be possible to change the permissions only if the user in not root? 
> Currently I can only make UIO work on fedora removing this hardcoded 
> permissions on the systemd files. I believe that either root:root should not 
> conflict with the systemd script or be explicitly unsupported.
> 
> [1] For Linux kernel 4.0 and newer, the ability to obtain physical page frame 
> numbers for unprivileged users from /proc/self/pagemap was removed.
> Source. 
> http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0
> [2] ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages. 
> https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in

Are you able to submit a patch to solve the problem?  It sounds like you
have a specific idea about what should be done.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] DPDK with UIO drivers is broken on Fedora since OVS 2.8.0

2017-11-21 Thread Marcos Felipe Schwarz 
Hi,

The current solution for running OVS with non-root user in Fedora makes it not 
possible to support UIO drivers [1].
Setting the user to root:root via /etc/sysconfig/openvswitch should be a 
solution, but it is also currently broken, since the systemd 
ovs-vswitchd.service is forcing the group :hugetlbfs to /dev/hugepages [2], 
which breaks root access to it.
Would it be possible to change the permissions only if the user in not root? 
Currently I can only make UIO work on fedora removing this hardcoded 
permissions on the systemd files. I believe that either root:root should not 
conflict with the systemd script or be explicitly unsupported.

[1] For Linux kernel 4.0 and newer, the ability to obtain physical page frame 
numbers for unprivileged users from /proc/self/pagemap was removed.
Source. 
http://dpdk.org/browse/dpdk/commit/?id=cdc242f260e766bd95a658b5e0686a62ec04f5b0
[2] ExecStartPre=-/usr/bin/chown :hugetlbfs /dev/hugepages. 
https://github.com/openvswitch/ovs/blob/master/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in

Regards,

Marcos Schwarz

Coordenador de P | R Coordinator
Gerência de Redes para Experimentos (GRE) / Management of Network for 
Experiments
Diretoria de Pesquisa & Desenvolvimento (DPD) / Research & Development 
Department
RNP – Rede Nacional de Ensino e Pesquisa
http://www.rnp.br | Telefone: +55 (19) 3787 3386 | Skype: marcos.f.sch
Campinas - SP - Brasil | E-mail: marcos.schw...@rnp.br
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss