[libvirt] [RFC PATCH] hostdev: add support for "managed='detach'"

Daniel P. Berrange berrange at redhat.com
Thu Mar 17 18:32:29 UTC 2016 

On Thu, Mar 17, 2016 at 12:18:49PM -0600, Alex Williamson wrote:
> On Thu, 17 Mar 2016 17:59:53 +0000
> "Daniel P. Berrange" <berrange at redhat.com> wrote:
> 
> > 
> > I don't think it is a significant burden really. Apps which want this
> > blacklisted forever likely want to setup the modprobe blacklist anyway
> > to stop the initial bind at boot up and instead permanently reserve
> > the device. This stops the device being used at startup - eg if we
> > have a bunch of NICs to be given to guests, you don't want the host
> > OS to automatically configure them and give them IP addresses on the
> > host before we start guests. So pre-reserving devices at the host OS
> > level is really want you want todo with data center / cloud management
> > apps like oVirt / OpenStack at least. They could easily use the
> > virNodeDeviceDetach API at the time they decide to assign a device
> > to a guest though.
> 
> modprobe blacklist assumes that all devices managed by a given driver
> are reserved for VM use.  That's very often not the case.  Even with
> SR-IOV VFs, several vendors use the same driver for PF and VF, so
> that's just a poor solution.  For GPU assignment we often recommend
> using pci-stub.ids on the kernel commandline to pre-load the pci-stub
> driver with PCI vendor and device IDs to claim to prevent host drivers
> from attaching, but that also assumes that you want to use everything
> matching those IDs for a VM, which users will quickly find fault with.
> Additionally, using either solution assumes that the device will be
> left entirely alone otherwise, which is also not true.  If I blacklist
> i915 or using pci-stub.ids to make pci-stub claim it, then efifb or
> vesafb is more than happy to make use of it, so it's actually cleaner
> to let i915 grab the device and unbind it when ready.  And of course
> the issue of assuming that the device can go without drivers, which may
> make your user run a headless system.  This is really not the
> simplistic issue that it may seem.  Thanks,

The issues you describe point towards the need for a better blacklisting
facility at the OS level IMHO. eg a way to tell the kernel module to
not automatically bind drivers for devices with a particular device ID.
Combined that with the virNodeDeviceDetach() API usage still feels like
a better solution that adding a managed=detach flag to libvirt.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list