Re: [libvirt] [PATCH 4/4] virt-host-validate: check for intel_iommu=on cmdline flag
On Wed, 2015-10-07 at 17:50 +0100, Daniel P. Berrange wrote:
This looks for existance of /sys/firmware/acpi/tables/DMAR
as a reasonable hint that the BIOS support an Intel IOMMU.
This file is only present if enabled in the BIOS, so the
check only does something if the BIOS is enabled but the
kernel has it disabled.
TBD figure out a check for AMD too, which doesn't involve
grepping dmesg which might have already been purged.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tools/virt-host-validate-common.c | 36 ++++++++++++++++++++++++++++++++++++
tools/virt-host-validate-common.h | 5 +++++
tools/virt-host-validate-qemu.c | 10 ++++++++++
3 files changed, 51 insertions(+)
diff --git a/tools/virt-host-validate-common.c b/tools/virt-host-validate-common.c
index 7e8d619..093acf6 100644
--- a/tools/virt-host-validate-common.c
+++ b/tools/virt-host-validate-common.c
@@ -340,3 +340,39 @@ extern int virHostValidateCGroupController(const char *hvname,
return -1;
return 0;
}
+
+extern int virHostValidateKernelCmdline(const char *hvname,
+ const char *arg,
+ virHostValidateLevel level,
+ const char *hint)
+{
+ FILE *fp = fopen("/proc/cmdline", "r");
+ char *line = NULL;
+ size_t len = 0;
+ char *tmp;
+
+ virHostMsgCheck(hvname, "/proc/cmdline for '%s'", arg);
+
+ if (!fp)
+ goto error;
+
+ if (getline(&line, &len, fp) < 0)
+ goto error;
+
+ tmp = strstr(line, arg);
+ if (!tmp)
+ goto error;
+ tmp += strlen(arg);
+ if (*tmp != '\0' &&
+ *tmp != ' ')
+ goto error;
+
+ fclose(fp);
+ virHostMsgPass();
+ return 0;
+
+ error:
+ fclose(fp);
+ virHostMsgFail(level, "%s", hint);
+ return -1;
+}
diff --git a/tools/virt-host-validate-common.h b/tools/virt-host-validate-common.h
index 1547e22..a01e47b 100644
--- a/tools/virt-host-validate-common.h
+++ b/tools/virt-host-validate-common.h
@@ -60,6 +60,11 @@ extern int virHostValidateLinuxKernel(const char *hvname,
virHostValidateLevel level,
const char *hint);
+extern int virHostValidateKernelCmdline(const char *hvname,
+ const char *arg,
+ virHostValidateLevel level,
+ const char *hint);
+
extern int virHostValidateNamespace(const char *hvname,
const char *ns_name,
virHostValidateLevel level,
diff --git a/tools/virt-host-validate-qemu.c b/tools/virt-host-validate-qemu.c
index b0ae293..1917962 100644
--- a/tools/virt-host-validate-qemu.c
+++ b/tools/virt-host-validate-qemu.c
@@ -20,6 +20,8 @@
*/
#include <config.h>
+#include <unistd.h>
+
#include "virt-host-validate-qemu.h"
#include "virt-host-validate-common.h"
@@ -87,5 +89,13 @@ int virHostValidateQEMU(void)
"BLK_CGROUP") < 0)
ret = -1;
+ if (access("/sys/firmware/acpi/tables/DMAR", F_OK) == 0 &&
+ virHostValidateHasCPUFlag("vmx") &&
+ virHostValidateKernelCmdline("QEMU", "intel_iommu=on",
+ VIR_HOST_VALIDATE_WARN,
+ "IOMMU present in system but disabled in
kernel. "
+ "Add intel_iommu=on to kernel cmdline
arguments") < 0)
+ ret = -1;
+
return ret;
}
The IVRS table is the equivalent that you'd look for on AMD.
amd_iommu=on is more often enabled by default, so the test probably
still applies (s/vmx/svm/), but it usually seems to be less often a
problem that it's simply not enabled. Intel can also be configured on
by default so you might get some false hits if the firmware tables or
hardware are just too broken to be initialized, but it at least still
points users to a kernel problem rather than a libvirt issue. Thanks,
Alex