Gabriel Laupre <glau...@gmail.com> writes:
>> AppArmor is Debian based, but that doesn't stop you from
> running/installing it on other distros
>
>> $ dmesg | grep apparmor
>
> The service isn't started nor present in my machine. Thank you for the hint
> though.
> I am still stuck with this error and it is not dependent of my Intel NIC, I
> used another one and I still got the same error message.
> ps: tks to remind me to send to the mailing list:)
Thanks for the update. Did you get a chance to run qemu standalone without
libvirt ?
> 2015-05-21 12:32 GMT-07:00 Karl Apsite <karl.aps...@dornerworks.com>:
>
>> AppArmor is Debian based, but that doesn't stop you from
>> running/installing it
>> on other distros
>>
>> $ dmesg | grep apparmor
>>
>> On 05/20/2015 02:56 PM, Bandan Das wrote:
>> > Gabriel Laupre <glau...@gmail.com> writes:
>> >
>> >> Mmmhh,
>> >> My SELinux is disabled. Is Apparmor not only on debian/ubuntu and suse,
>> am
>> >> I wrong? I have no idea on that :)
>> >
>> > Yeah, me neither :) I am just trying to rule out all possibilities.
>> >
>> >> 2015-05-20 11:23 GMT-07:00 Bandan Das <b...@makefile.in>:
>> >>
>> >>> Oh and one more thing! You already answered before but just wanted to
>> >>> confirm
>> >>> that you don't have apparmor running, right ?
>> >>>
>> >>> Bandan Das <b...@makefile.in> writes:
>> >>>
>> >>>> Gabriel Laupre <glau...@gmail.com> writes:
>> >>>>
>> >>>>>> Yes, indeed it is. What distro is this ? Do you have SELinux or any
>> >>> other
>> >>>>> security feature enabled ? Can you please verify that the file has a
>> >>>>> appropriate label if SELinux is enabled ? (ls -lZ /dev/vfio/vfio)
>> >>>>> My distrib:
>> >>>>> [root@peryn5 ~]# cat /proc/version
>> >>>>> Linux version 3.10.0-229.1.2.el7.x86_64 (
>> >>> buil...@kbuilder.dev.centos.org)
>> >>>>> (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Fri
>> Mar 27
>> >>>>> 03:04:26 UTC 2015
>> >>>>> [root@peryn5 ~]# cat /etc/centos-release
>> >>>>> CentOS Linux release 7.1.1503 (Core)
>> >>>>>
>> >>>>> [root@peryn5 ~]# ls -lZ /dev/vfio/vfio
>> >>>>> crw-rw-rw- root root ? /dev/vfio/vfio
>> >>>>>
>> >>>>> SELinux is disabled:
>> >>>>> [root@peryn5 ~]# getenforce
>> >>>>> Disabled
>> >>>>>
>> >>>>> I guess no other security feature is enabled that I am aware of. I
>> once
>> >>> had
>> >>>>> a message saying that it can be one of the following issues (listing
>> the
>> >>>>> 5). So I guess it can be any combination of those issues, even
>> something
>> >>>>> completely different.
>> >>>>
>> >>>> Ugh, I am out of options! Can you please try a few more things: Can
>> you
>> >>> try
>> >>>> running qemu directly and see if you see the same behavior ? If you
>> still
>> >>>> haven't tried running as root, please try that too. Also, please check
>> >>> dmesg
>> >>>> for any vfio related errors.
>> >>>>
>> >>>>> libvirtError: internal error: process exited while connecting to
>> >>>>> monitor: 2015-05-19T21:46:21.935043Z qemu-kvm: -device
>> >>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> >>>>> open /dev/vfio/vfio: Operation not permitted
>> >>>> Well, this is the first error from vfio_connect_container() when it
>> does:
>> >>>> fd = qemu_open("/dev/vfio/vfio", O_RDWR);
>> >>>> if (fd < 0) {
>> >>>> error_report("vfio: failed to open /dev/vfio/vfio: %m");
>> >>>> ret = -errno;
>> >>>> ...
>> >>>>
>> >>>> The rest are followup errors printed from the other functions in the
>> >>>> stack due to this error.
>> >>>>
>> >>>> Bandan
>> >>>>
>> >>>>> 2015-05-19T21:46:21.935091Z qemu-kvm: -device
>> >>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> >>>>> setup container for group 24
>> >>>>> 2015-05-19T21:46:21.935107Z qemu-kvm: -device
>> >>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed to
>> >>>>> get group 24
>> >>>>> 2015-05-19T21:46:21.935135Z qemu-kvm: -device
>> >>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device
>> >>>>> initialization failed.
>> >>>>> 2015-05-19T21:46:21.935157Z qemu-kvm: -device
>> >>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device
>> >>>>> 'vfio-pci' could not be initialized
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> 2015-05-19 21:17 GMT-08:00 Bandan Das <b...@makefile.in>:
>> >>>>>
>> >>>>>>
>> >>>>>>> On May 20, 2015, at 12:29 AM, Gabriel Laupre <glau...@gmail.com>
>> >>> wrote:
>> >>>>>>>
>> >>>>>>> Thank Bandan,
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>> Assuming you are on an intel box, have you booted your kernel with
>> >>>>>> intel_iommu=on ?
>> >>>>>>> Yes, I have booted my kernel with the intel_iommu=on. (I don't
>> >>> remember
>> >>>>>> how to check that now though ^^)
>> >>>>>>>
>> >>>>>>>> Please paste the output of dmesg | grep -e DMAR -e IOMMU ?
>> >>>>>>> [root@peryn5 ~]# dmesg | grep -e DMAR -e IOMMU
>> >>>>>>> [ 0.000000] ACPI: DMAR 00000000bf79e0c0 00118 (v01 AMI
>> OEMDMAR
>> >>>>>> 00000001 MSFT 00000097)
>> >>>>>>> [ 0.000000] Intel-IOMMU: enabled
>> >>>>>>> [ 0.039149] dmar: IOMMU 0: reg_base_addr fbffe000 ver 1:0 cap
>> >>>>>> c90780106f0462 ecap f020f6
>> >>>>>>> [ 0.550126] IOMMU 0 0xfbffe000: using Queued invalidation
>> >>>>>>> [ 0.550131] IOMMU: Setting RMRR:
>> >>>>>>> [ 0.550149] IOMMU: Setting identity map for device 0000:00:1a.0
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550184] IOMMU: Setting identity map for device 0000:00:1a.1
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550211] IOMMU: Setting identity map for device 0000:00:1a.2
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550241] IOMMU: Setting identity map for device 0000:00:1a.7
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550272] IOMMU: Setting identity map for device 0000:00:1d.0
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550302] IOMMU: Setting identity map for device 0000:00:1d.1
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550329] IOMMU: Setting identity map for device 0000:00:1d.2
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550358] IOMMU: Setting identity map for device 0000:00:1d.7
>> >>>>>> [0xbf7ec000 - 0xbf7fffff]
>> >>>>>>> [ 0.550375] IOMMU: Setting identity map for device 0000:00:1a.0
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550387] IOMMU: Setting identity map for device 0000:00:1a.1
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550399] IOMMU: Setting identity map for device 0000:00:1a.2
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550410] IOMMU: Setting identity map for device 0000:00:1a.7
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550421] IOMMU: Setting identity map for device 0000:00:1d.0
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550433] IOMMU: Setting identity map for device 0000:00:1d.1
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550444] IOMMU: Setting identity map for device 0000:00:1d.2
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550458] IOMMU: Setting identity map for device 0000:00:1d.7
>> >>>>>> [0xec000 - 0xeffff]
>> >>>>>>> [ 0.550471] IOMMU: Prepare 0-16MiB unity mapping for LPC
>> >>>>>>> [ 0.550483] IOMMU: Setting identity map for device 0000:00:1f.0
>> >>> [0x0
>> >>>>>> - 0xffffff]
>> >>>>>>>
>> >>>>>>
>> >>>>>> Yeah, this looks ok. Actually, taking a second look, I can’t think
>> of
>> >>>>>> anyway how this could be related to file permissions on
>> /dev/vfio/vfio.
>> >>>>>>
>> >>>>>>>> Why does opening /dev/vfio/vfio fail ? Can you please confirm that
>> >>> you
>> >>>>>> have read/write permissions as the user you are trying to run ?
>> >>>>>>> [root@peryn5 ~]# cd /dev/vfio/
>> >>>>>>> [root@peryn5 vfio]# ls -la | grep vfio
>> >>>>>>> crw-rw-rw- 1 root root 10, 196 May 18 11:54 vfio
>> >>>>>>> The right should be okay I guess.
>> >>>>>>>
>> >>>>>> Yes, indeed it is. What distro is this ? Do you have SELinux or any
>> >>> other
>> >>>>>> security feature enabled ? Can you please verify that the file has a
>> >>>>>> appropriate label if SELinux is enabled ? (ls -lZ /dev/vfio/vfio)
>> >>>>>>
>> >>>>>> Bandan
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> 2015-05-19 18:54 GMT-08:00 Bandan Das <b...@makefile.in>:
>> >>>>>>>
>> >>>>>>> Hello Gabriel,
>> >>>>>>>
>> >>>>>>>> On May 19, 2015, at 8:03 PM, Gabriel Laupre <glau...@gmail.com>
>> >>> wrote:
>> >>>>>>>>
>> >>>>>>>> Hello everyone,
>> >>>>>>>>
>> >>>>>>>> I am using a Centos 7.1 machine with the kernel 3.10.229. I want
>> to
>> >>>>>> use my host with SR-IOV to use a virtual function on my NIC as the
>> >>> vNIC in
>> >>>>>> my new VM.
>> >>>>>>>>
>> >>>>>>>> I have an instance started with a old NIC using macvtap that I
>> >>> want to
>> >>>>>> change. I am using the
>> >>>>>>>> virsh edit instance-00000034
>> >>>>>>>> command to edit the XML configuration to add the new device I want
>> >>> to
>> >>>>>> attach.
>> >>>>>>> …
>> >>>>>>> Assuming you are on an intel box, have you booted your kernel with
>> >>>>>> intel_iommu=on ?
>> >>>>>>> Please paste the output of dmesg | grep -e DMAR -e IOMMU ?
>> >>>>>>>
>> >>>>>>>> When I try to reboot the VM I get this error:
>> >>>>>>>> Error starting domain: internal error: process exited while
>> >>> connecting
>> >>>>>> to monitor: 2015-05-19T21:46:21.935043Z qemu-kvm: -device
>> >>>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed
>> to
>> >>> open
>> >>>>>> /dev/vfio/vfio: Operation not permitted
>> >>>>>>> Why does opening /dev/vfio/vfio fail ? Can you please confirm that
>> >>> you
>> >>>>>> have read/write permissions as the user you are trying to run ?
>> >>>>>>>
>> >>>>>>>> 2015-05-19T21:46:21.935091Z qemu-kvm: -device
>> >>>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed
>> to
>> >>> setup
>> >>>>>> container for group 24
>> >>>>>>>> 2015-05-19T21:46:21.935107Z qemu-kvm: -device
>> >>>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: vfio: failed
>> to
>> >>> get
>> >>>>>> group 24
>> >>>>>>>> 2015-05-19T21:46:21.935135Z qemu-kvm: -device
>> >>>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device
>> >>> initialization
>> >>>>>> failed.
>> >>>>>>>> 2015-05-19T21:46:21.935157Z qemu-kvm: -device
>> >>>>>> vfio-pci,host=04:10.4,id=hostdev0,bus=pci.0,addr=0x3: Device
>> 'vfio-pci'
>> >>>>>> could not be initialized
>> >>>>>>>>
>> >>>>>>>> total Trace here: http://sprunge.us/XZFB
>> >>>>>>>>
>> >>>>>>>> Any idea how to fix that?
>> >>>>>>>>
>> >>>>>>>> Thank you very much :)
>> >>>>>>>>
>> >>>>>>>> Gabriel
>> >>>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>
>> >>>>>>
>> >>>
>> >
>>
