6:24 a.m.
Hi everybody!
On a Centos 5.8 with libvirt qemu-0.10.5-1.el5.2, libvirt-0.8.2-22.el5 and
2.6.18-308.11.1.el5 I have a Windows machine that used to have pci-passthrough for a
device enabled and working.
After an update (kernel, libvirt afaik) and a reboot, pci-passthrough stopped working.
Intel IOMMU is enabled (can see that from the dmesg output). All i get on the console when
i try to start the vm is the following:
Fehler: internal error process exited while connecting to monitor: char device redirected
to /dev/pts/3
Failed to assign device "14:00.2" : Invalid argument
Failed to deassign device "14:00.2" : Invalid argument
Failed to initialize assigned device host=14:00.2
SELinux ist disabled.
Does anyone have any hint what could have possibly gone wrong?
As an additional info: "virsh nodeddev-list" also doesn't work. I don't
know if I mix that up, but i seem to remember that that used to work on that machine.
root@kvm ~]# virsh nodedev-list --tree
Fehler: Failed to count node devices
Fehler: this function is not supported by the connection driver: virNodeNumOfDevices
Any hints are greatly appreciated!
Thanks & Cheers,
Rouven
--
Blinkenlichten Open Source Solutions
Maass Sacha GbR | Weigandufer 45 | 12059 Berlin
tel: +493013896247 | fax: +493013896249 | mob: +491744220127
Web: http://www.blinkenlichten.de/ G+: http://gplus.to/blinkenlichten
Blinkenlichten Zarafa Hosted Tweets: http://twitter.com/zarafamail/
6:38 a.m.
On 07/11/2012 04:24 PM, Rouven Sacha wrote:
Hi everybody!
On a Centos 5.8 with libvirt qemu-0.10.5-1.el5.2, libvirt-0.8.2-22.el5
and 2.6.18-308.11.1.el5 I have a Windows machine that used to have
pci-passthrough for a device enabled and working.
After an update (kernel, libvirt afaik) and a reboot, pci-passthrough
stopped working. Intel IOMMU is enabled (can see that from the dmesg
output).
This may be the result of a security fix in the new kernel. I know at
least one older version of Intel chips has a bug where IOMMU can be
exploited by a guest to take control over the host, so on those chips,
newer kernels now require to explicitly enable a kernel module parameter
to state that you are going to allow passthrough to the guest in spite
of the security risk. That is, you may need to use:
modprobe kvm allow_unsafe_assigned_interrupts=1
with your newer kernel. Unfortunately, I wasn't able to find a better
URL to a page documenting this issue, so that implies we probably also
need a patch to the libvirt documentation with regards to using device
passthrough.
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
3:55 p.m.
Am 12.07.2012 00:38, schrieb Eric Blake:
This may be the result of a security fix in the new kernel. I know at
least one older version of Intel chips has a bug where IOMMU can be
exploited by a guest to take control over the host, so on those chips,
newer kernels now require to explicitly enable a kernel module
parameter to state that you are going to allow passthrough to the
guest in spite of the security risk. That is, you may need to use:
modprobe kvm allow_unsafe_assigned_interrupts=1 with your newer
kernel. Unfortunately, I wasn't able to find a better URL to a page
documenting this issue, so that implies we probably also need a patch
to the libvirt documentation with regards to using device passthrough.
Hi Eric,
thanks for the info.
Reading https://bugzilla.redhat.com/show_bug.cgi?id=715555 , it seems
that 5.8 shouldn't be affected since the kvm on that version doesn't
support interrupt remapping, if I understand correctly. Additionally, if
I run the script provided in the issue description, the check passes
with "Interrupt remapping support available" and the error message
differs: I don't get "Operation not permitted" but "Invalid
argument".
I also can't set provides switch in
/sys/module/kvm/parameters/allow_unsafe_assigned_interrupts, since the
file isn't there on my box.
Are there any other circumstances where pci passthrough could fail?
Googling for the error message i get, I can't seem to find any case that
matches mine. This makes me guess that I'd rather accidentally
introduced a misconfiguration than encountered a qemu-kvm/libvirt bug. I
have attached the configuration file of that machine, maybe someone
could have a look at the hostdev section?
Unfortunately, i am currently not able to switch back to the prior
kernel, since the system is in production right now - I will test that
later during the day.
Thanks & cheers,
Rouven
--
Blinkenlichten Open Source Solutions
Maass Sacha GbR | Weigandufer 45 | 12059 Berlin
tel: +493013896247 | fax: +493013896249 | mob: +491744220127
Web: http://www.blinkenlichten.de/ G+: http://gplus.to/blinkenlichten
Blinkenlichten Zarafa Hosted Tweets: http://twitter.com/zarafamail/
4497
days inactive
4498
days old
2 comments
2 participants
participants (2)
-
Eric Blake -
Rouven Sacha