5:52 a.m.
---
Note: virPCIProbeStubDriver is currently broken because of 2f8babc,
I've sent a fix:
https://www.redhat.com/archives/libvir-list/2013-July/msg01154.html
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 2 ++
src/qemu/qemu_conf.h | 2 ++
src/qemu/qemu_hostdev.c | 8 ++++++++
src/qemu/test_libvirtd_qemu.aug.in | 1 +
6 files changed, 19 insertions(+)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 5344125..62399fa 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -53,6 +53,7 @@ module Libvirtd_qemu =
| str_array_entry "cgroup_controllers"
| str_array_entry "cgroup_device_acl"
| int_entry "seccomp_sandbox"
+ | bool_entry "pci_passthrough"
let save_entry = str_entry "save_image_format"
| str_entry "dump_image_format"
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index cdf1ec4..23d63d1 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -212,6 +212,11 @@
# Set to 0 to disable file ownership changes.
#dynamic_ownership = 1
+# Whether PCI passthrough is enabled.
+# Set to 0 to disable PCI passthrough.
+#
+#pci_passthrough = 1
+
# What cgroup controllers to make use of with QEMU guests
#
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index c91551f..fbfff66 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -132,6 +132,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
cfg->group = (gid_t)-1;
}
cfg->dynamicOwnership = privileged;
+ cfg->pciPassthrough = true;
cfg->cgroupControllers = -1; /* -1 == auto-detect */
@@ -547,6 +548,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
GET_VALUE_LONG("keepalive_count", cfg->keepAliveCount);
GET_VALUE_LONG("seccomp_sandbox", cfg->seccompSandbox);
+ GET_VALUE_BOOL("pci_passthrough", cfg->pciPassthrough);
ret = 0;
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 19893c8..b12c011 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -156,6 +156,8 @@ struct _virQEMUDriverConfig {
unsigned int keepAliveCount;
int seccompSandbox;
+
+ bool pciPassthrough;
};
/* Main driver state */
diff --git a/src/qemu/qemu_hostdev.c b/src/qemu/qemu_hostdev.c
index 21fe47f..1916ad1 100644
--- a/src/qemu/qemu_hostdev.c
+++ b/src/qemu/qemu_hostdev.c
@@ -492,6 +492,14 @@ int qemuPrepareHostdevPCIDevices(virQEMUDriverPtr driver,
if (!(pcidevs = qemuGetPciHostDeviceList(hostdevs, nhostdevs)))
goto cleanup;
+ if (virPCIDeviceListCount(pcidevs) > 0 &&
+ !cfg->pciPassthrough) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("PCI passthrough is disabled in qemu.conf"
+ " but host PCI devices are present"));
+ goto cleanup;
+ }
+
/* We have to use 9 loops here. *All* devices must
* be detached before we reset any of them, because
* in some cases you have to reset the whole PCI,
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qemu.aug.in
index d4e4fae..f251616 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -25,6 +25,7 @@ module Test_libvirtd_qemu =
{ "user" = "root" }
{ "group" = "root" }
{ "dynamic_ownership" = "1" }
+{ "pci_passthrough" = "1" }
{ "cgroup_controllers"
{ "1" = "cpu" }
{ "2" = "devices" }
--
1.8.1.5
6:03 a.m.
On Thu, Jul 18, 2013 at 12:52:56PM +0200, Ján Tomko wrote:
---
Note: virPCIProbeStubDriver is currently broken because of 2f8babc,
I've sent a fix:
https://www.redhat.com/archives/libvir-list/2013-July/msg01154.html
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 2 ++
src/qemu/qemu_conf.h | 2 ++
src/qemu/qemu_hostdev.c | 8 ++++++++
src/qemu/test_libvirtd_qemu.aug.in | 1 +
6 files changed, 19 insertions(+)
diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index 5344125..62399fa 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -53,6 +53,7 @@ module Libvirtd_qemu =
| str_array_entry "cgroup_controllers"
| str_array_entry "cgroup_device_acl"
| int_entry "seccomp_sandbox"
+ | bool_entry "pci_passthrough"
let save_entry = str_entry "save_image_format"
| str_entry "dump_image_format"
Why do we need this non-feature ? If you don't want pci passthrough
then just don't use it. We don't need global config params to disble
arbitrary guest device types like this.
NACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
8:05 a.m.
On 07/18/2013 01:03 PM, Daniel P. Berrange wrote:
Why do we need this non-feature ? If you don't want pci
passthrough
then just don't use it. We don't need global config params to disble
arbitrary guest device types like this.
Oh, I didn't write a commit message.
VDSM asked for this for Common Criteria certification.
Jan
8:07 a.m.
On Thu, Jul 18, 2013 at 03:05:04PM +0200, Ján Tomko wrote:
On 07/18/2013 01:03 PM, Daniel P. Berrange wrote:
> Why do we need this non-feature ? If you don't want pci passthrough
> then just don't use it. We don't need global config params to disble
> arbitrary guest device types like this.
Oh, I didn't write a commit message.
VDSM asked for this for Common Criteria certification.
That is totally bogus. Base Libvirt / KVM have been common criteria
certified already, and PCI passthrough is simply declared to be out
of scope of the certification. There is no need to add a global config
parameter to disable it in qemu.conf to satisfy CCC.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
4145
days inactive
4145
days old
3 comments
2 participants
participants (2)
-
Daniel P. Berrange -
Ján Tomko