Not able to add pcie card to guest: Operation not permitted
Mauricio Tavares
raubvogel at gmail.com
Sat Apr 25 01:30:54 UTC 2020
On Fri, Apr 24, 2020 at 4:35 PM Peter Crowther
<peter.crowther at melandra.com> wrote:
>
> On Fri, 24 Apr 2020 at 21:10, Mauricio Tavares <raubvogel at gmail.com> wrote:
>>
>> Let's say I have libvirt
>>
>> [root at vmhost2 ~]# virsh version
>> [...]
>>
>> Running hypervisor: QEMU 2.12.0
>> [root at vmhost2 ~]#
>> [...]
>
> When I try to start the guest I get the following error message:
>>
>>
>> [root at vmhost2 ~]# virsh start testfedora
>> error: Failed to start domain testfedora
>> error: internal error: qemu unexpectedly closed the monitor:
>> 2020-04-24T20:01:35.341020Z qemu-kvm: -device
>> vfio-pci,host=01:00.0,id=hostdev0,bus=pci.8,addr=0x0: vfio error:
>> 0000:01:00.0: failed to setup INTx fd: Operation not permitted
>>
>> [root at vmhost2 ~]#
>>
>> Why is it telling me that is not permitted?
>>
> The guest will be running as qemu on the host. Does qemu have appropriate permissions in the host, and does that include in any hardening like SElinux that you're running?
>
I tried with selinux in permissive mode to see if it made a
difference. Not much.
[root at vmhost2 ~]# getenforce
Permissive
[root at vmhost2 ~]# virsh start testfedora
error: Failed to start domain testfedora
error: internal error: qemu unexpectedly closed the monitor:
2020-04-25T00:43:36.621246Z qemu-kvm: -device
vfio-pci,host=01:00.0,id=hostdev0,bus=pci.8,addr=0x0: vfio error:
0000:01:00.0: failed to setup INTx fd: Operation not permitted
[root at vmhost2 ~]#
For the fun of it, I swapped that card with another one (same speed,
number of ports, diff brand), so it is on th every sam epci slot:
[root at vmhost2 ~]# virsh nodedev-dumpxml pci_0000_01_00_0
<device>
<name>pci_0000_01_00_0</name>
<path>/sys/devices/pci0000:00/0000:00:01.0/0000:01:00.0</path>
<parent>pci_0000_00_01_0</parent>
<driver>
<name>vfio-pci</name>
</driver>
<capability type='pci'>
<domain>0</domain>
<bus>1</bus>
<slot>0</slot>
<function>0</function>
<product id='0x4000' />
<vendor id='0x19ee'>Netronome Systems, Inc.</vendor>
<capability type='virt_functions' maxCount='64'/>
<iommuGroup number='1'>
<address domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
<address domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</iommuGroup>
<pci-express>
<link validity='cap' port='0' speed='8' width='8'/>
<link validity='sta' speed='2.5' width='8'/>
</pci-express>
</capability>
</device>
[root at vmhost2 ~]#
And it starts without an issue:
[root at vmhost2 ~]# virsh start testfedora
Domain testfedora started
[root at vmhost2 ~]#
Inside the guest:
[root at testfedora ~]# dmesg |grep -i netronome
[ 12.327316] nfp: NFP PCIe Driver, Copyright (C) 2014-2017 Netronome Systems
[ 12.335036] nfp 0000:07:00.0: Netronome Flow Processor
NFP4000/NFP5000/NFP6000 PCIe Card Probe
[root at testfedora ~]#
so I do not know what is going on.
> Cheers,
>
> - Peter
>
More information about the libvirt-users
mailing list