Am 12.07.2012 00:38, schrieb Eric
Blake:
This may be the result of a security fix in the new kernel. I know
at
least one older version of Intel chips has a bug where IOMMU can
be
exploited by a guest to take control over the host, so on those
chips,
newer kernels now require to explicitly enable a kernel module
parameter
to state that you are going to allow passthrough to the guest in
spite
of the security risk. That is, you may need to use:
modprobe kvm allow_unsafe_assigned_interrupts=1
with your newer kernel. Unfortunately, I wasn't able to find a
better
URL to a page documenting this issue, so that implies we probably
also
need a patch to the libvirt documentation with regards to using
device
passthrough.
Hi Eric,
thanks for the info.
Reading
https://bugzilla.redhat.com/show_bug.cgi?id=715555
, it seems that 5.8 shouldn't be affected since the kvm on that
version doesn't support interrupt remapping, if I understand
correctly. Additionally, if I run the script provided in the issue
description, the check passes with "Interrupt remapping support
available" and the error message differs: I don't get "Operation not
permitted" but "Invalid argument". I also can't set provides switch
in /sys/module/kvm/parameters/allow_unsafe_assigned_interrupts,
since the file isn't there on my box.
Are there any other circumstances where pci passthrough could fail?
Googling for the error message i get, I can't seem to find any case
that matches mine. This makes me guess that I'd rather accidentally
introduced a misconfiguration than encountered a qemu-kvm/libvirt
bug. I have attached the configuration file of that machine, maybe
someone could have a look at the hostdev section?
Unfortunately, i am currently not able to switch back to the prior
kernel, since the system is in production right now - I will test
that later during the day.
Thanks & cheers,
Rouven
--
Blinkenlichten Open Source Solutions
Maass Sacha GbR | Weigandufer 45 | 12059 Berlin
tel: +493013896247 | fax: +493013896249 | mob: +491744220127
Web: http://www.blinkenlichten.de/ G+: http://gplus.to/blinkenlichten
Blinkenlichten Zarafa Hosted Tweets: http://twitter.com/zarafamail/