Re: [mlx5 driver] Usage of mlx5 with unpriviledged LXC container
Thank you for the response. Yes, these capabilities are necessary in order to run dpdk-testpmd inside a container. However, they are not sufficient. I tried again with a 6.8 kernel and the Nvidia tools/libraries suite: "doca-host_3.1.0-091000-25.07-ubuntu2404_amd64.deb". The log is more informative this time: "mlx5_common: DevX create TIS failed errno=121 status=0x3 syndrome=0x6a6678". Do you have any idea how to investigate this issue, especially regarding "status" and "syndrome"? On Mon, Aug 25, 2025 at 2:24 PM David Marchand wrote: > On Mon, 25 Aug 2025 at 14:09, Julien wrote: > > > > Hello, > > I have a question about using the mlx5 driver with LXC. > > I'm trying to use dpdk-testpmd in an LXC container whose root user isn't > mapped to the host's root user. > > Note: The entire physical interface is given to the LXC container, not a > virtual interface. > > > > The following error occured: > > mlx5_common: DevX create TIS failed errno=22 status=0 syndrome=0 > > mlx5_net: Failed to create TIS 0/0 for [bonding] device mlx5_2. > > mlx5_net: TIS allocation failure > > mlx5_net: probe of PCI device :27:00.0 aborted after encountering an > error: Cannot allocate memory > > mlx5_common: Failed to load driver mlx5_eth > > EAL: Requested device :27:00.0 cannot be used > > EAL: Bus (pci) probe failed. > > > > The "transport_domain" is created, and the mlx5_devx_cmd_create_td() > function runs normally. > > The call to mlx5dv_devx_obj_create() receives an errno of 22. > > > > I don't encounter any problems when the container's root user is mapped > to the host's root user. > > Has anyone experienced this before? > > Is it possible to use the driver in an unprivileged LXC container? > > There is probably something missing in terms of capabilities. > I don't know how LXC behaves in this regard. > > I suggest you look at "5.5.1.5. Run as Non-Root" in > https://doc.dpdk.org/guides/platform/mlx5.html. > > > -- > David Marchand > >
RE: [mlx5 driver] Usage of mlx5 with unpriviledged LXC container
+ @Maayan Kashani, please help here Regards, Asaf Penso >-Original Message- >From: David Marchand >Sent: Wednesday, 3 September 2025 18:07 >To: Julien >Cc: [email protected]; Dariusz Sosnowski ; Slava >Ovsiienko ; Bing Zhao ; Ori >Kam ; Suanming Mou ; Matan >Azrad >Subject: Re: [mlx5 driver] Usage of mlx5 with unpriviledged LXC container > >On Wed, 3 Sept 2025 at 16:54, Julien wrote: >> >> Thank you for the response. >> Yes, these capabilities are necessary in order to run dpdk-testpmd inside a >container. However, they are not sufficient. >> I tried again with a 6.8 kernel and the Nvidia tools/libraries suite: "doca- >host_3.1.0-091000-25.07-ubuntu2404_amd64.deb". >> The log is more informative this time: "mlx5_common: DevX create TIS failed >errno=121 status=0x3 syndrome=0x6a6678". >> Do you have any idea how to investigate this issue, especially regarding >"status" and "syndrome"? > >Sorry, I can't help about such low level details for the mlx5 driver. >I copied the DPDK mlx5 maintainers, maybe they can help. > >However, I am a bit concerned as you are mixing in some DOCA proprietary >libraries. >If you need DOCA, you should probably contact the NVIDIA DOCA support >team. > > >-- >David Marchand
Re: [mlx5 driver] Usage of mlx5 with unpriviledged LXC container
On Wed, 3 Sept 2025 at 16:54, Julien wrote: > > Thank you for the response. > Yes, these capabilities are necessary in order to run dpdk-testpmd inside a > container. However, they are not sufficient. > I tried again with a 6.8 kernel and the Nvidia tools/libraries suite: > "doca-host_3.1.0-091000-25.07-ubuntu2404_amd64.deb". > The log is more informative this time: "mlx5_common: DevX create TIS failed > errno=121 status=0x3 syndrome=0x6a6678". > Do you have any idea how to investigate this issue, especially regarding > "status" and "syndrome"? Sorry, I can't help about such low level details for the mlx5 driver. I copied the DPDK mlx5 maintainers, maybe they can help. However, I am a bit concerned as you are mixing in some DOCA proprietary libraries. If you need DOCA, you should probably contact the NVIDIA DOCA support team. -- David Marchand
Re: [mlx5 driver] Usage of mlx5 with unpriviledged LXC container
On Mon, 25 Aug 2025 at 14:09, Julien wrote: > > Hello, > I have a question about using the mlx5 driver with LXC. > I'm trying to use dpdk-testpmd in an LXC container whose root user isn't > mapped to the host's root user. > Note: The entire physical interface is given to the LXC container, not a > virtual interface. > > The following error occured: > mlx5_common: DevX create TIS failed errno=22 status=0 syndrome=0 > mlx5_net: Failed to create TIS 0/0 for [bonding] device mlx5_2. > mlx5_net: TIS allocation failure > mlx5_net: probe of PCI device :27:00.0 aborted after encountering an > error: Cannot allocate memory > mlx5_common: Failed to load driver mlx5_eth > EAL: Requested device :27:00.0 cannot be used > EAL: Bus (pci) probe failed. > > The "transport_domain" is created, and the mlx5_devx_cmd_create_td() function > runs normally. > The call to mlx5dv_devx_obj_create() receives an errno of 22. > > I don't encounter any problems when the container's root user is mapped to > the host's root user. > Has anyone experienced this before? > Is it possible to use the driver in an unprivileged LXC container? There is probably something missing in terms of capabilities. I don't know how LXC behaves in this regard. I suggest you look at "5.5.1.5. Run as Non-Root" in https://doc.dpdk.org/guides/platform/mlx5.html. -- David Marchand
