Am 12.07.2012 00:38, schrieb Eric Blake:
This may be the result of a security fix in the new kernel. I know at
least one older version of Intel chips has a bug where IOMMU can be
exploited by a guest to take control over the host, so on those chips,
newer kernels now require to explicitly enable a kernel module
parameter to state that you are going to allow passthrough to the
guest in spite of the security risk. That is, you may need to use:
modprobe kvm allow_unsafe_assigned_interrupts=1 with your newer
kernel. Unfortunately, I wasn't able to find a better URL to a page
documenting this issue, so that implies we probably also need a patch
to the libvirt documentation with regards to using device passthrough.
Hi Eric,
thanks for the info.
Reading https://bugzilla.redhat.com/show_bug.cgi?id=715555 , it seems
that 5.8 shouldn't be affected since the kvm on that version doesn't
support interrupt remapping, if I understand correctly. Additionally, if
I run the script provided in the issue description, the check passes
with "Interrupt remapping support available" and the error message
differs: I don't get "Operation not permitted" but "Invalid argument".
I also can't set provides switch in
/sys/module/kvm/parameters/allow_unsafe_assigned_interrupts, since the
file isn't there on my box.
Are there any other circumstances where pci passthrough could fail?
Googling for the error message i get, I can't seem to find any case that
matches mine. This makes me guess that I'd rather accidentally
introduced a misconfiguration than encountered a qemu-kvm/libvirt bug. I
have attached the configuration file of that machine, maybe someone
could have a look at the hostdev section?
Unfortunately, i am currently not able to switch back to the prior
kernel, since the system is in production right now - I will test that
later during the day.
Thanks & cheers,
Rouven
--
Blinkenlichten Open Source Solutions
Maass Sacha GbR | Weigandufer 45 | 12059 Berlin
tel: +493013896247 | fax: +493013896249 | mob: +491744220127
Web: http://www.blinkenlichten.de/ G+: http://gplus.to/blinkenlichten
Blinkenlichten Zarafa Hosted Tweets: http://twitter.com/zarafamail/
<domain type='kvm'>
<name>ld-vm002-vectron</name>
<uuid>79ea445c-3d14-3ae8-c90c-9ce79ddc7d77</uuid>
<memory>1048576</memory>
<currentMemory>1048576</currentMemory>
<vcpu>2</vcpu>
<os>
<type arch='i686' machine='rhel5.4.0'>hvm</type>
<boot dev='cdrom'/>
<boot dev='hd'/>
<boot dev='fd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='localtime'>
<timer name='pit' tickpolicy='delay'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='1' unit='0'/>
</disk>
<disk type='file' device='floppy'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/virtio-win-1.1.11-0.vfd'/>
<target dev='fda' bus='fdc'/>
<address type='drive' controller='0' bus='0' unit='0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/var/lib/libvirt/images/Vectron.img'/>
<target dev='vda' bus='virtio'/>
</disk>
<controller type='fdc' index='0'/>
<controller type='ide' index='0'/>
<interface type='bridge'>
<mac address='52:54:00:2f:e1:02'/>
<source bridge='br0.1'/>
<model type='virtio'/>
</interface>
<interface type='bridge'>
<mac address='52:54:00:c3:0b:45'/>
<source bridge='br0.3'/>
<model type='virtio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<serial type='dev'>
<source path='/dev/ttyS0'/>
<target port='1'/>
</serial>
<console type='pty'>
<target port='0'/>
</console>
<hostdev mode='subsystem' type='pci' managed='yes'>
<source>
<address domain='0x0000' bus='0x14' slot='0x00' function='0x2'/>
</source>
</hostdev>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes' keymap='de'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
</video>
</devices>
</domain>
_______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
