[ovs-dev] Cannot open /dev/vfio/noiommu-0: Permission denied

Aaron Conole aconole at redhat.com
Mon May 7 13:39:26 UTC 2018


Leon Goldberg <lgoldber at redhat.com> writes:

> On Fri, May 4, 2018 at 10:19 PM, Aaron Conole <aconole at redhat.com> wrote:
>
>  Leon Goldberg <lgoldber at redhat.com> writes:
>
>  > Hi list,
>  >
>  > I'm trying to integrate ovs-dpdk into oVirt. For testing purposes, I'm
>  > writing a test that looks to run a VM on top of a dpdk port.
>  >
>  > The testing environment consists of nested virtualization:
>  >
>  > Physical machine -> Jenkins CI VM -> Target VM
>  >
>  > The test merely looks to see that the various components are properly
>  > configured for the real world. For that purpose, I'm using NOIOMMU mode of
>  > VFIO.
>  >
>  > The select virtio device fails to to be attached to dpdk, and I suspect it
>  > is due to $subject.
>  >
>  > Here are the CI logs[1]. I see some other red lights, but $subject seems
>  > the brightest.
>
>  Can you provide:
>
>  $ ps aux | grep ovs-vswitchd
>  $ ls -lah /dev/vfio
>
> Hey Aaron,
>
> Here it is:
>
> [root at lago-network-suite-master-host-0 ~]# ps aux | grep ovs-vswitchd
> openvsw+   840  0.6  6.2 1273732 116716 ?      S<Lsl 07:28   0:10 ovs-vswitchd
> unix:/var/run/openvswitch/db.sock -vconsole:emer -vsyslog:err -vfile:info --mlockall --user
> openvswitch:hugetlbfs --no-chdir --log-file=/var/log/openvswitch/ovs-vswitchd.log
> --pidfile=/var/run/openvswitch/ovs-vswitchd.pid --detach
> root      4425  0.0  0.0 112660   976 pts/0    R+   07:55   0:00 grep --color=auto ovs-vswitchd
>
> [root at lago-network-suite-master-host-0 ~]# ls -lah /dev/vfio
> total 0
> drwxr-xr-x.  2 root root            80 May  6 07:28 .
> drwxr-xr-x. 19 root root          3.2K May  6 07:28 ..
> crw-rw----.  1 root hugetlbfs 244,   0 May  6 07:28 noiommu-0
> crw-rw-rw-.  1 root root       10, 196 May  6 07:28 vfio 

Okay - that looks like it should be okay.

Can you check if there are any selinux violations in audit.log
(specifically from the openvswitch_t domain)?  Maybe there is a missing
selinux policy directive.

>  Just want to see if there's a disconnect between the userid for ovs
>  and the permissions on the vfio file.  If that's the case, we may need
>  to update the vfio rules.
>
>  > Any tips will be greatly appreciated!
>  >
>  > Thanks,
>  > Leon
>  >
>  > [1]
>  >
>  http://jenkins.ovirt.org/job/ovirt-system-tests_standard-check-patch/642/artifact/exported-artifacts/check-patch.network_suite_master.el7.x86_64/tests.test_dpdk/lago-network-suite-master-host-0/_var_log/openvswitch/ovs-vswitchd.log
>  
>  >
>  <http://jenkins.ovirt.org/job/ovirt-system-tests_standard-check-patch/642/artifact/exported-artifacts/check-patch.network_suite_master.el7.x86_64/tests.test_dpdk/lago-network-suite-master-host-0/_var_log/openvswitch/ovs-vswitchd.log>
>  
>  > _______________________________________________
>  > dev mailing list
>  > dev at openvswitch.org
>  > https://mail.openvswitch.org/mailman/listinfo/ovs-dev


More information about the dev mailing list