Gabriel Laupre <glau...@gmail.com> writes:
> Mmmhh,
> My SELinux is disabled. Is Apparmor not only on debian/ubuntu and suse, am
> I wrong? I have no idea on that :)
Yeah, me neither :) I am just trying to rule out all possibilities.
> 2015-05-20 11:23 GMT-07:00 Bandan Das <b...@makefile.in>:
>
>> Oh and one more thing! You already answered before but just wanted to
>> confirm
>> that you don't have apparmor running, right ?
>>
>> Bandan Das <b...@makefile.in> writes:
>>
>> > Gabriel Laupre <glau...@gmail.com> writes:
>> >
>> >>> Yes, indeed it is. What distro is this ? Do you have SELinux or any
>> other
>> >> security feature enabled ? Can you please verify that the file has a
>> >> appropriate label if SELinux is enabled ? (ls -lZ /dev/vfio/vfio)
>> >> My distrib:
>> >> [root@peryn5 ~]# cat /proc/version
>> >> Linux version 3.10.0-229.1.2.el7.x86_64 (
>> buil...@kbuilder.dev.centos.org)
>> >> (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Fri Mar 27
>> >> 03:04:26 UTC 2015
>> >> [root@peryn5 ~]# cat /etc/centos-release
>> >> CentOS Linux release 7.1.1503 (Core)
>> >>
>> >> [root@peryn5 ~]# ls -lZ /dev/vfio/vfio
>> >> crw-rw-rw- root root ? /dev/vfio/vfio
>> >>
>> >> SELinux is disabled:
>> >> [root@peryn5 ~]# getenforce
>> >> Disabled
>> >>
>> >> I guess no other security feature is enabled that I am aware of. I once
>> had
>> >> a message saying that it can be one of the following issues (listing the
>> >> 5). So I guess it can be any combination of those issues, even something
>> >> completely different.
>> >
>> > Ugh, I am out of options! Can you please try a few more things: Can you
>> try
>> > running qemu directly and see if you see the same behavior ? If you still
>> > haven't tried running as root, please try that too. Also, please check
>> dmesg
>> > for any vfio related errors.
>> >
>> >> libvirtError: internal error: process exited while connecting to
>> >> monitor: 2015-05-19T21:46:21.935043Z qemu-kvm: -device
>> >> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> >> open /dev/vfio/vfio: Operation not permitted
>> > Well, this is the first error from vfio_connect_container() when it does:
>> > fd = qemu_open("/dev/vfio/vfio", O_RDWR);
>> > if (fd < 0) {
>> > error_report("vfio: failed to open /dev/vfio/vfio: %m");
>> > ret = -errno;
>> > ...
>> >
>> > The rest are followup errors printed from the other functions in the
>> > stack due to this error.
>> >
>> > Bandan
>> >
>> >> 2015-05-19T21:46:21.935091Z qemu-kvm: -device
>> >> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> >> setup container for group 24
>> >> 2015-05-19T21:46:21.935107Z qemu-kvm: -device
>> >> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> >> get group 24
>> >> 2015-05-19T21:46:21.935135Z qemu-kvm: -device
>> >> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device
>> >> initialization failed.
>> >> 2015-05-19T21:46:21.935157Z qemu-kvm: -device
>> >> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device
>> >> 'vfio-pci' could not be initialized
>> >>
>> >>
>> >>
>> >>
>> >> 2015-05-19 21:17 GMT-08:00 Bandan Das <b...@makefile.in>:
>> >>
>> >>>
>> >>> > On May 20, 2015, at 12:29 AM, Gabriel Laupre <glau...@gmail.com>
>> wrote:
>> >>> >
>> >>> > Thank Bandan,
>> >>> >
>> >>> >
>> >>> > > Assuming you are on an intel box, have you booted your kernel with
>> >>> intel_iommu=on ?
>> >>> > Yes, I have booted my kernel with the intel_iommu=on. (I don't
>> remember
>> >>> how to check that now though ^^)
>> >>> >
>> >>> > > Please paste the output of dmesg | grep -e DMAR -e IOMMU ?
>> >>> > [root@peryn5 ~]# dmesg | grep -e DMAR -e IOMMU
>> >>> > [ 0.000000] ACPI: DMAR 00000000bf79e0c0 00118 (v01 AMI OEMDMAR
>> >>> 00000001 MSFT 00000097)
>> >>> > [ 0.000000] Intel-IOMMU: enabled
>> >>> > [ 0.039149] dmar: IOMMU 0: reg_base_addr fbffe000 ver 1:0 cap
>> >>> c90780106f0462 ecap f020f6
>> >>> > [ 0.550126] IOMMU 0 0xfbffe000: using Queued invalidation
>> >>> > [ 0.550131] IOMMU: Setting RMRR:
>> >>> > [ 0.550149] IOMMU: Setting identity map for device 0000:00:1a.0
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550184] IOMMU: Setting identity map for device 0000:00:1a.1
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550211] IOMMU: Setting identity map for device 0000:00:1a.2
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550241] IOMMU: Setting identity map for device 0000:00:1a.7
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550272] IOMMU: Setting identity map for device 0000:00:1d.0
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550302] IOMMU: Setting identity map for device 0000:00:1d.1
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550329] IOMMU: Setting identity map for device 0000:00:1d.2
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550358] IOMMU: Setting identity map for device 0000:00:1d.7
>> >>> [0xbf7ec000 - 0xbf7fffff]
>> >>> > [ 0.550375] IOMMU: Setting identity map for device 0000:00:1a.0
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550387] IOMMU: Setting identity map for device 0000:00:1a.1
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550399] IOMMU: Setting identity map for device 0000:00:1a.2
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550410] IOMMU: Setting identity map for device 0000:00:1a.7
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550421] IOMMU: Setting identity map for device 0000:00:1d.0
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550433] IOMMU: Setting identity map for device 0000:00:1d.1
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550444] IOMMU: Setting identity map for device 0000:00:1d.2
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550458] IOMMU: Setting identity map for device 0000:00:1d.7
>> >>> [0xec000 - 0xeffff]
>> >>> > [ 0.550471] IOMMU: Prepare 0-16MiB unity mapping for LPC
>> >>> > [ 0.550483] IOMMU: Setting identity map for device 0000:00:1f.0
>> [0x0
>> >>> - 0xffffff]
>> >>> >
>> >>>
>> >>> Yeah, this looks ok. Actually, taking a second look, I can’t think of
>> >>> anyway how this could be related to file permissions on /dev/vfio/vfio.
>> >>>
>> >>> > > Why does opening /dev/vfio/vfio fail ? Can you please confirm that
>> you
>> >>> have read/write permissions as the user you are trying to run ?
>> >>> > [root@peryn5 ~]# cd /dev/vfio/
>> >>> > [root@peryn5 vfio]# ls -la | grep vfio
>> >>> > crw-rw-rw- 1 root root 10, 196 May 18 11:54 vfio
>> >>> > The right should be okay I guess.
>> >>> >
>> >>> Yes, indeed it is. What distro is this ? Do you have SELinux or any
>> other
>> >>> security feature enabled ? Can you please verify that the file has a
>> >>> appropriate label if SELinux is enabled ? (ls -lZ /dev/vfio/vfio)
>> >>>
>> >>> Bandan
>> >>> >
>> >>> >
>> >>> >
>> >>> > 2015-05-19 18:54 GMT-08:00 Bandan Das <b...@makefile.in>:
>> >>> >
>> >>> > Hello Gabriel,
>> >>> >
>> >>> > > On May 19, 2015, at 8:03 PM, Gabriel Laupre <glau...@gmail.com>
>> wrote:
>> >>> > >
>> >>> > > Hello everyone,
>> >>> > >
>> >>> > > I am using a Centos 7.1 machine with the kernel 3.10.229. I want to
>> >>> use my host with SR-IOV to use a virtual function on my NIC as the
>> vNIC in
>> >>> my new VM.
>> >>> > >
>> >>> > > I have an instance started with a old NIC using macvtap that I
>> want to
>> >>> change. I am using the
>> >>> > > virsh edit instance-00000034
>> >>> > > command to edit the XML configuration to add the new device I want
>> to
>> >>> attach.
>> >>> > …
>> >>> > Assuming you are on an intel box, have you booted your kernel with
>> >>> intel_iommu=on ?
>> >>> > Please paste the output of dmesg | grep -e DMAR -e IOMMU ?
>> >>> >
>> >>> > > When I try to reboot the VM I get this error:
>> >>> > > Error starting domain: internal error: process exited while
>> connecting
>> >>> to monitor: 2015-05-19T21:46:21.935043Z qemu-kvm: -device
>> >>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> open
>> >>> /dev/vfio/vfio: Operation not permitted
>> >>> > Why does opening /dev/vfio/vfio fail ? Can you please confirm that
>> you
>> >>> have read/write permissions as the user you are trying to run ?
>> >>> >
>> >>> > > 2015-05-19T21:46:21.935091Z qemu-kvm: -device
>> >>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> setup
>> >>> container for group 24
>> >>> > > 2015-05-19T21:46:21.935107Z qemu-kvm: -device
>> >>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> get
>> >>> group 24
>> >>> > > 2015-05-19T21:46:21.935135Z qemu-kvm: -device
>> >>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device
>> initialization
>> >>> failed.
>> >>> > > 2015-05-19T21:46:21.935157Z qemu-kvm: -device
>> >>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device 'vfio-pci'
>> >>> could not be initialized
>> >>> > >
>> >>> > > total Trace here: http://sprunge.us/XZFB
>> >>> > >
>> >>> > > Any idea how to fix that?
>> >>> > >
>> >>> > > Thank you very much :)
>> >>> > >
>> >>> > > Gabriel
>> >>> > >
>> >>> >
>> >>> >
>> >>>
>> >>>
>>
