xref: /spdk/doc/system_configuration.md (revision b30d57cdad6d2bc75cc1e4e2ebbcebcb0d98dcfa) 
1# System Configuration User Guide {#system_configuration}
2
3This system configuration guide describes how to configure a system for use with SPDK.
4
5# IOMMU configuration {#iommu_config}
6
7An IOMMU may be present and enabled on many platforms. When an IOMMU is present and enabled, it is
8recommended that SPDK applications are deployed with the `vfio-pci` kernel driver. SPDK's
9`scripts/setup.sh` script will automatically select `vfio-pci` in this case.
10
11However, some devices do not function correctly when bound to `vfio-pci` and instead must be
12attached to the `uio_pci_generic` kernel driver. In that case, users should take care to disable
13the IOMMU or to set it into passthrough mode prior to running `scripts/setup.sh`.
14
15To disable the IOMMU or place it into passthrough mode, add `intel_iommu=off`
16or `amd_iommu=off` or `intel_iommu=on iommu=pt` to the GRUB command line on
17x86_64 system, or add `iommu.passthrough=1` on arm64 systems.
18
19There are also some instances where a user may not want to use `uio_pci_generic` or the kernel
20version they are using has a bug where `uio_pci_generic` [fails to bind to NVMe drives](https://github.com/spdk/spdk/issues/399).
21In these cases, users building with the DPDK submodule can build the `igb_uio` kernel module by
22supplying `--with-igb-uio-driver` to `./configure`. Upon a successful make, the file will be
23located at `dpdk/build/build/kmod/igb_uio.ko`. To ensure that the driver is properly bound, users
24should specify `DRIVER_OVERRIDE=/path/to/igb_uio.ko`.
25
26# Running SPDK as non-priviledged user {#system_configuration_nonroot}
27
28One of the benefits of using the `VFIO` Linux kernel driver is the ability to
29perform DMA operations with peripheral devices as unprivileged user. The
30permissions to access particular devices still need to be granted by the system
31administrator, but only on a one-time basis. Note that this functionality
32is supported with DPDK starting from version 18.11.
33
34## Hugetlbfs access
35
36Make sure the target user has RW access to at least one hugepage mount.
37A good idea is to create a new mount specifically for SPDK:
38
39~~~{.sh}
40# mkdir /mnt/spdk_hugetlbfs
41# mount -t hugetlbfs -o uid=spdk,size=<value> none /mnt/spdk_hugetlbfs
42~~~
43
44Then start SPDK applications with an additional parameter `--huge-dir /mnt/spdk_hugetlbfs`
45
46Full guide on configuring hugepage mounts is available in the
47[Linux Hugetlbpage Documentation](https://www.kernel.org/doc/Documentation/vm/hugetlbpage.txt)
48
49## Device access {#system_configuration_nonroot_device_access}
50
51`VFIO` device access is protected with sysfs file permissions and can be
52configured with chown/chmod.
53
54Please note that the VFIO device isolation is based around IOMMU groups and it's
55only possible to change permissions of the entire group, which might possibly
56consist of more than one device. (You could also apply a custom kernel patch to
57further isolate those devices in the kernel, but it comes with potential risks
58as described on
59[Alex Williamson's VFIO blog](https://vfio.blogspot.com/2014/08/iommu-groups-inside-and-out.html),
60with the patch in question available here:
61[[PATCH] pci: Enable overrides for missing ACS capabilities](https://lkml.org/lkml/2013/5/30/513))
62
63Let's assume we want to use PCI device `0000:04:00.0`. First of all, verify
64that it has an IOMMU group assigned:
65
66~~~{.sh}
67$ readlink "/sys/bus/pci/devices/0000:00:04.0/iommu_group"
68~~~
69
70The output should be e.g.
71`../../../kernel/iommu_groups/5`
72
73Which means that the device is a part of the IOMMU group 5. We can check if
74there are any other devices in that group.
75
76~~~{.sh}
77$ ls /sys/kernel/iommu_groups/5/devices/
780000:00:04.0  0000:00:04.1  0000:00:04.2  0000:00:04.3  0000:00:04.4  0000:00:04.5  0000:00:04.6  0000:00:04.7
79~~~
80
81In this case `0000:04:00.0` is an I/OAT channel which comes with 7 different
82channels associated with the same IOMMU group.
83
84To give the user `spdk` full access to the VFIO IOMMU group 5 and all its
85devices, use the following:
86
87~~~{.sh}
88# chown spdk /dev/vfio/5
89~~~
90
91## Memory constraints {#system_configuration_nonroot_memory_constraints}
92
93As soon as the first device is attached to SPDK, all of SPDK memory will be
94mapped to the IOMMU through the VFIO APIs. VFIO will try to mlock that memory and
95will likely exceed user ulimit on locked memory. Besides having various
96SPDK errors and failures, this would also pollute the syslog with the following
97entries:
98
99`vfio_pin_pages: RLIMIT_MEMLOCK`
100
101The limit can be checked by running the following command as target user:
102(output in kilobytes)
103
104~~~{.sh}
105$ ulimit -l
106~~~
107
108On Ubuntu 18.04 this returns 16384 (16MB) by default, which is way below
109what SPDK needs.
110
111The limit can be increased with one of the methods below. Keep in mind SPDK will
112try to map not only its reserved hugepages, but also all the memory that's
113shared by its vhost clients as described in the
114[Vhost processing guide](https://spdk.io/doc/vhost_processing.html#vhost_processing_init).
115
116### Increasing the memlock limit permanently
117
118Open the `/etc/security/limits.conf` file as root and append the following:
119
120```
121spdk     hard   memlock           unlimited
122spdk     soft   memlock           unlimited
123```
124
125Then logout from the target user account. The changes will take effect after the next login.
126
127### Increasing the memlock for a specific process
128
129Linux offers a `prlimit` utility that can override limits of any given process.
130On Ubuntu, it is a part of the `util-linux` package.
131
132~~~{.sh}
133# prlimit --pid <pid> --memlock=<soft>:<hard>
134~~~
135
136Note that the above needs to be executed before the first device is attached to
137the SPDK application.
138