[libvirt] [PATCH] qemu: add qemu.conf option to disable PCI passthrough
--- Note: virPCIProbeStubDriver is currently broken because of 2f8babc, I've sent a fix: https://www.redhat.com/archives/libvir-list/2013-July/msg01154.html src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 5 +++++ src/qemu/qemu_conf.c | 2 ++ src/qemu/qemu_conf.h | 2 ++ src/qemu/qemu_hostdev.c | 8 ++++++++ src/qemu/test_libvirtd_qemu.aug.in | 1 + 6 files changed, 19 insertions(+) diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 5344125..62399fa 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -53,6 +53,7 @@ module Libvirtd_qemu = | str_array_entry "cgroup_controllers" | str_array_entry "cgroup_device_acl" | int_entry "seccomp_sandbox" + | bool_entry "pci_passthrough" let save_entry = str_entry "save_image_format" | str_entry "dump_image_format" diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index cdf1ec4..23d63d1 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -212,6 +212,11 @@ # Set to 0 to disable file ownership changes. #dynamic_ownership = 1 +# Whether PCI passthrough is enabled. +# Set to 0 to disable PCI passthrough. +# +#pci_passthrough = 1 + # What cgroup controllers to make use of with QEMU guests # diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index c91551f..fbfff66 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -132,6 +132,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged) cfg->group = (gid_t)-1; } cfg->dynamicOwnership = privileged; + cfg->pciPassthrough = true; cfg->cgroupControllers = -1; /* -1 == auto-detect */ @@ -547,6 +548,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg, GET_VALUE_LONG("keepalive_count", cfg->keepAliveCount); GET_VALUE_LONG("seccomp_sandbox", cfg->seccompSandbox); + GET_VALUE_BOOL("pci_passthrough", cfg->pciPassthrough); ret = 0; diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 19893c8..b12c011 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -156,6 +156,8 @@ struct _virQEMUDriverConfig { unsigned int keepAliveCount; int seccompSandbox; + + bool pciPassthrough; }; /* Main driver state */ diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c index 21fe47f..1916ad1 100644 --- a/src/qemu/qemu_hostdev.c +++ b/src/qemu/qemu_hostdev.c @@ -492,6 +492,14 @@ int qemuPrepareHostdevPCIDevices(virQEMUDriverPtr driver, if (!(pcidevs = qemuGetPciHostDeviceList(hostdevs, nhostdevs))) goto cleanup; + if (virPCIDeviceListCount(pcidevs) > 0 && + !cfg->pciPassthrough) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("PCI passthrough is disabled in qemu.conf" + " but host PCI devices are present")); + goto cleanup; + } + /* We have to use 9 loops here. *All* devices must * be detached before we reset any of them, because * in some cases you have to reset the whole PCI, diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in index d4e4fae..f251616 100644 --- a/src/qemu/test_libvirtd_qemu.aug.in +++ b/src/qemu/test_libvirtd_qemu.aug.in @@ -25,6 +25,7 @@ module Test_libvirtd_qemu = { "user" = "root" } { "group" = "root" } { "dynamic_ownership" = "1" } +{ "pci_passthrough" = "1" } { "cgroup_controllers" { "1" = "cpu" } { "2" = "devices" } -- 1.8.1.5
On Thu, Jul 18, 2013 at 12:52:56PM +0200, Ján Tomko wrote:
---
Note: virPCIProbeStubDriver is currently broken because of 2f8babc, I've sent a fix: https://www.redhat.com/archives/libvir-list/2013-July/msg01154.html
src/qemu/libvirtd_qemu.aug | 1 + src/qemu/qemu.conf | 5 +++++ src/qemu/qemu_conf.c | 2 ++ src/qemu/qemu_conf.h | 2 ++ src/qemu/qemu_hostdev.c | 8 ++++++++ src/qemu/test_libvirtd_qemu.aug.in | 1 + 6 files changed, 19 insertions(+)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug index 5344125..62399fa 100644 --- a/src/qemu/libvirtd_qemu.aug +++ b/src/qemu/libvirtd_qemu.aug @@ -53,6 +53,7 @@ module Libvirtd_qemu = | str_array_entry "cgroup_controllers" | str_array_entry "cgroup_device_acl" | int_entry "seccomp_sandbox" + | bool_entry "pci_passthrough"
let save_entry = str_entry "save_image_format" | str_entry "dump_image_format"
Why do we need this non-feature ? If you don't want pci passthrough then just don't use it. We don't need global config params to disble arbitrary guest device types like this. NACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 07/18/2013 01:03 PM, Daniel P. Berrange wrote:
Why do we need this non-feature ? If you don't want pci passthrough then just don't use it. We don't need global config params to disble arbitrary guest device types like this.
Oh, I didn't write a commit message. VDSM asked for this for Common Criteria certification. Jan
On Thu, Jul 18, 2013 at 03:05:04PM +0200, Ján Tomko wrote:
On 07/18/2013 01:03 PM, Daniel P. Berrange wrote:
Why do we need this non-feature ? If you don't want pci passthrough then just don't use it. We don't need global config params to disble arbitrary guest device types like this.
Oh, I didn't write a commit message.
VDSM asked for this for Common Criteria certification.
That is totally bogus. Base Libvirt / KVM have been common criteria certified already, and PCI passthrough is simply declared to be out of scope of the certification. There is no need to add a global config parameter to disable it in qemu.conf to satisfy CCC. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Daniel P. Berrange -
Ján Tomko