KVM PCI Passthrough and Omni-Path » History » Version 21
Brian Smith, 08/09/2019 06:40 PM
| 1 | 16 | Brian Smith | # KVM PCI Passthrough and Omni-Path |
|---|---|---|---|
| 2 | 1 | Brian Smith | |
| 3 | 16 | Brian Smith | A KVM guest can use OPA hardware when configured for PCI passthrough. This document is OPA and Debian-centric, but the concepts should apply to other Linux host operating systems and PCI devices. |
| 4 | 1 | Brian Smith | |
| 5 | ## BIOS Settings |
||
| 6 | |||
| 7 | 1. Intel VT must be enabled. |
||
| 8 | 4 | Brian Smith | 2. Integrated IO / IntelVT must be enabled. |
| 9 | 1 | Brian Smith | |
| 10 | ## Kernel Command Line |
||
| 11 | |||
| 12 | 9 | Brian Smith | Add this to the host's kernel command line and reboot the host: |
| 13 | |||
| 14 | 10 | Brian Smith | ``` |
| 15 | intel_iommu=on iommu=pt |
||
| 16 | ``` |
||
| 17 | 1 | Brian Smith | |
| 18 | 5 | Brian Smith | When configured properly, ```/sys/kernel/iommu_groups/``` will contain many subdirectories. If that path is empty, IOMMU is not working. |
| 19 | |||
| 20 | 1 | Brian Smith | ## Install KVM |
| 21 | |||
| 22 | ``` |
||
| 23 | 17 | Brian Smith | $ sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system virtinst libosinfo-bin |
| 24 | 1 | Brian Smith | ``` |
| 25 | 21 | Brian Smith | |
| 26 | 1 | Brian Smith | |
| 27 | ## Disable hfi1 on host |
||
| 28 | |||
| 29 | The hfi1 driver must not be loaded on the host machine, in order to use PCI passthrough. In /etc/modprobe.d/hfi1.conf: |
||
| 30 | |||
| 31 | ``` |
||
| 32 | blacklist hfi1 |
||
| 33 | ``` |
||
| 34 | |||
| 35 | Also, there is no reason to have IFS installed on the host. The host machine should have no OPA functionality enabled. |
||
| 36 | |||
| 37 | ## Configure PCI Passthrough |
||
| 38 | |||
| 39 | The hfi1 device must be setup for PCI passthrough. Find the device's port in the output of lspci: |
||
| 40 | |||
| 41 | ``` |
||
| 42 | 19 | Brian Smith | $ lspci -vnn | grep Omni | cut -f1 '-d ' |
| 43 | 1 | Brian Smith | ``` |
| 44 | |||
| 45 | For the scripts below, prepend the port with 0000:, like "0000:80:02.0". |
||
| 46 | |||
| 47 | |||
| 48 | Use the following script, replace PCI_PORT with the port of the hfi1: |
||
| 49 | |||
| 50 | ``` |
||
| 51 | 15 | Brian Smith | |
| 52 | 1 | Brian Smith | #!/bin/bash |
| 53 | |||
| 54 | PCI_PORT=0000:80:02.0 |
||
| 55 | DEV_VENDOR=8086 |
||
| 56 | DEV_MODEL=24f0 |
||
| 57 | |||
| 58 | rmmod vfio_pci |
||
| 59 | 15 | Brian Smith | rmmod vfio |
| 60 | 1 | Brian Smith | echo "$PCI_PORT" > /sys/bus/pci/devices/$PCI_PORT/driver/unbind |
| 61 | modprobe vfio |
||
| 62 | modprobe vfio_pci |
||
| 63 | echo $DEV_VENDOR $DEV_MODEL > /sys/bus/pci/drivers/vfio-pci/new_id |
||
| 64 | ``` |
||
| 65 | |||
| 66 | 2 | Brian Smith | |
| 67 | 1 | Brian Smith | ## Create Guest |
| 68 | |||
| 69 | 16 | Brian Smith | While it is possible to manage guests for an unprivileged user, they get a non-functional network setup in the default config. |
| 70 | 3 | Brian Smith | |
| 71 | **Use virsh as root.** |
||
| 72 | 1 | Brian Smith | |
| 73 | ``` |
||
| 74 | $ systemctl start libvirtd |
||
| 75 | 20 | Brian Smith | $ virt-install --name GUEST_NAME \ |
| 76 | 1 | Brian Smith | --vcpus=4 --virt-type kvm --cdrom $HOME/kvm-guest/debian-8.7.0-amd64-DVD-1.iso \ |
| 77 | -v --os-variant debian8 \ |
||
| 78 | 8 | Brian Smith | --disk path=PATH_TO_CREATE_DISK,size=16 --memory 4096 --graphics vnc |
| 79 | 1 | Brian Smith | ``` |
| 80 | |||
| 81 | Connect a VNC client to a tunneled connection to the host. |
||
| 82 | |||
| 83 | From the workstation: |
||
| 84 | |||
| 85 | ``` |
||
| 86 | 14 | Brian Smith | $ ssh -L5910:localhost:5900 YOU@HOST |
| 87 | 1 | Brian Smith | ``` |
| 88 | |||
| 89 | Now connect a VNC client to localhost:5910 and complete the install. |
||
| 90 | |||
| 91 | ## Import Existing Disk to New Guest |
||
| 92 | |||
| 93 | To import an existing guest disk image, use the following command: |
||
| 94 | |||
| 95 | ``` |
||
| 96 | 7 | Brian Smith | $ sudo virt-install --virt-type kvm --name GUEST_NAME \ |
| 97 | 1 | Brian Smith | --vcpus=4 --virt-type kvm --import \ |
| 98 | -v --os-variant debian8 \ |
||
| 99 | --disk PATH_TO_DISK_IMAGE,device=disk,bus=virtio --memory 4096 --graphics vnc |
||
| 100 | 2 | Brian Smith | ``` |
| 101 | |||
| 102 | ## Connect to Guest, Configure DNS |
||
| 103 | |||
| 104 | The default network for KVM is 192.168.122.0/24 and the guest should be assigned a DHCP address when it boots. Use the VNC connection to execute ```$ ip addr``. ssh should be able to connect to the guest from the host. |
||
| 105 | 1 | Brian Smith | |
| 106 | 2 | Brian Smith | Unfortunately, dnsmasq doesn't appear to set the search domain properly. For Debian, configure a search domain in the guest's ```/etc/network/interfaces```. |
| 107 | |||
| 108 | ``` |
||
| 109 | allow-hotplug eth0 |
||
| 110 | iface eth0 inet dhcp |
||
| 111 | 16 | Brian Smith | dns-search MYDOMAIN |
| 112 | 1 | Brian Smith | ``` |
| 113 | 2 | Brian Smith | |
| 114 | 1 | Brian Smith | ## Configure Guest for PCI Passthrough |
| 115 | |||
| 116 | Shutdown the guest if it is running. |
||
| 117 | |||
| 118 | ``` |
||
| 119 | 16 | Brian Smith | $ virsh shutdown GUEST_NAME |
| 120 | 1 | Brian Smith | ``` |
| 121 | |||
| 122 | Look for the PCI device in virsh. Look for a pci device that matches the port found via lspci. |
||
| 123 | |||
| 124 | ``` |
||
| 125 | $ virsh nodedev-list --tree |
||
| 126 | ``` |
||
| 127 | |||
| 128 | Detach the device. Use the child device of the one that matches the device you found via lspci. |
||
| 129 | |||
| 130 | ``` |
||
| 131 | $ virsh nodedev-detach pci_0000_81_00_0 |
||
| 132 | ``` |
||
| 133 | |||
| 134 | Dump the device info. |
||
| 135 | |||
| 136 | ``` |
||
| 137 | $ virsh nodedev-dumpxml pci_0000_81_00_0 |
||
| 138 | ``` |
||
| 139 | |||
| 140 | 16 | Brian Smith | Convert bus, slot and function to hex. The printf utility may be used to do this. |
| 141 | 1 | Brian Smith | |
| 142 | 16 | Brian Smith | |
| 143 | ``` |
||
| 144 | $ printf %x VALUE |
||
| 145 | ``` |
||
| 146 | |||
| 147 | 1 | Brian Smith | Edit the guest and add a hostdev section: |
| 148 | |||
| 149 | ``` |
||
| 150 | 16 | Brian Smith | $ virsh edit GUEST_NAME |
| 151 | |||
| 152 | 1 | Brian Smith | <hostdev mode='subsystem' type='pci' managed='yes'> |
| 153 | <source> |
||
| 154 | <address domain='0x0000' bus='0x81' slot='0x0' function='0x0'/> |
||
| 155 | </source> |
||
| 156 | </hostdev> |
||
| 157 | ``` |
||
| 158 | |||
| 159 | 16 | Brian Smith | Boot the guest |
| 160 | 1 | Brian Smith | |
| 161 | 16 | Brian Smith | ``` |
| 162 | $ virsh start GUEST_NAME |
||
| 163 | ``` |
||
| 164 | 1 | Brian Smith | |
| 165 | 16 | Brian Smith | Upon booting the guest, the passthrough device should be present in the guest's lspci output. The passthrough device should be usable by the guest's kernel drivers. |
| 166 | |||
| 167 | **Note**: the PCI device may have different capabilities in the VM than it has on the physical host. Hopefully, the driver takes this into account. Refer to https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4c009af473b2026caaa26107e34d7cc68dad7756 for a patch that fixes one such problem in hfi1. Hope it helps. |
||
| 168 | |||
| 169 | 1 | Brian Smith | ## References |
| 170 | |||
| 171 | 1. https://wiki.debian.org/KVM |
||
| 172 | 2. https://jamielinux.com/docs/libvirt-networking-handbook/nat-based-network.html |
||
| 173 | 3. https://www.linux-kvm.org/page/How_to_assign_devices_with_VT-d_in_KVM |
||
| 174 | 4. https://wiki.archlinux.org/index.php/PCI_passthrough_via_OVMF |
||
| 175 | 5. https://wiki.debian.org/VGAPassthrough |
||
| 176 | |||
| 177 | ---- |
||
| 178 | |||
| 179 | 16 | Brian Smith | Brian T. Smith |
| 180 | Senior Technical Staff |
||
| 181 | System Fabric Works, Inc. |
||
| 182 | bsmith@systemfabricworks.com |