Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax requirement to run as root and mlock() less memory #417

Merged
merged 4 commits into from Mar 25, 2015
Merged

Relax requirement to run as root and mlock() less memory #417

merged 4 commits into from Mar 25, 2015

Conversation

lukego
Copy link
Member

@lukego lukego commented Mar 23, 2015

Allow Snabb Switch to run as a non-root user unless/until privileged operations are required e.g. access to hardware and DMA.

These privileged operations are deferred from startup:

  • Locking memory. Previously we called mlockall() while loading the memory module, but now we call mlock() individually on the HugeTLBs we allocate for DMA.
  • Allocating packets. Previously we populated the packet freelist with DMA memory while loading the packet module, but now we wait until the first packet is allocated.

@lukego
core.memory: Replace mlockall() with on-demand mlock()
e942aa0 
Snabb Switch previously called mlockall() to force all memory in the
process address space to be locked to its physical location. This made
it possible to use all memory for DMA, including memory mapped from
virtual machines.

This had several side-effects:

* Prevent Snabb Switch from being swapped out. (Nice?)
* Prevent VMs that we serve from being swapped out. (Overkill?)
* Requires root permissions at startup. (Overkill?)

The new behavior is to individually mlock() the HugeTLB pages that we
allocate for DMA. The rest of the memory - Snabb Switch and VMs - is
left unlocked. This is feasible now that we only do DMA within this
memory. This also allows us to defer the root-privileged system call
until we need DMA memory, which may not happen for ceratin
applications.
@lukego
core.packet: Don't allocate packets at module-load time
487873c 
Wait until the first packet is needed to allocate the memory.
@lukego
core.main: Don't insist on starting as root
25f97c6 
Certain Snabb programs don't require root permissions. The ones that
do will need to check for them when system calls fail unexpectedly.
@lukego
memory/pci: Explicitly check for root access when needed
51519c5 
Use ljsyscall's geteuid() via a new library function:

    lib.root_check()
lukego added a commit to lukego/snabb that referenced this pull request Mar 24, 2015
@lukego
Merge PR snabbco#417 to integration branch
629e905
@lukego lukego self-assigned this Mar 24, 2015
@lukego lukego mentioned this pull request Mar 25, 2015
Merged
@lukego lukego merged commit 51519c5 into snabbco:master Mar 25, 2015
@lukego lukego deleted the no-root branch February 24, 2016 12:44
dpino added a commit to dpino/snabb that referenced this pull request Aug 31, 2016
@dpino
Merge pull request snabbco#417 from dpino/change-counters-location
e75c49d 
Change lwAFTR counters location
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@lukego lukego

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@lukego