PCI passthrough in nested virtualization (rhel7)

最新推荐文章于 2023-04-24 11:52:18 发布
最新推荐文章于 2023-04-24 11:52:18 发布
阅读量423 收藏 1
点赞数 1
文章标签: 嵌入式 游戏 开发工具
原文链接:http://blog.51cto.com/11527071/2135675
版权

Frist, you need an Intel host support Vt-d, and enabled nested virtualization.
By default, nested virtualization is disabled:

[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested
N
  1. To enable nested virtualization: 
    [root@kvm-hypervisor ~]# vi /etc/modprobe.d/kvm-nested.conf
options kvm-intel nested=1
options kvm-intel enable_shadow_vmcs=1
options kvm-intel enable_apicv=1
options kvm-intel ept=1

    Save & exit the file

    [root@kvm-hypervisor ~]# modprobe -r kvm_intel
[root@kvm-hypervisor ~]# modprobe -a kvm_intel

Now verify whether nested virtualization feature enabled or not.

[root@kvm-hypervisor ~]# cat /sys/module/kvm_intel/parameters/nested
Y

  1. host should enable Vt-d and "iommu=pt intel_iommu=on" in kernel cmdline.

  2. To enabled L2 guest to use the PCI passthrough, need to configure the L1 guest as below:
<domain>
......
<os>
    <type arch='x86_64' machine='pc-q35-rhelxxx'>hvm</type>
   ......
  </os>
  <features>
......
    <ioapic driver='qemu'/>
  </features>
  <cpu mode='host-passthrough' check='none'>
    <feature policy='require' name='vmx'/>
  </cpu>
    ......
    <devices>
    ......
    <iommu model='intel'>
      <driver intremap='on' caching_mode='on' iotlb='on'/>
    </iommu>
        ...
      <controller type='pci' index='8' model='pcie-expander-bus'>
      <model name='pxb-pcie'/>
      <target busNr='254'>
        <node>1</node>
      </target>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </controller>
    <controller type='pci' index='9' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='9' port='0x17'/>
      <address type='pci' domain='0x0000' bus='0x08' slot='0x00' function='0x0'/>
    </controller>
    <interface type='hostdev' managed='yes'>
      <mac address='52:54:00:19:78:c6'/>
      <driver name='vfio'/>
      <source>
        <address type='pci' domain='0x0000' bus='0x82' slot='0x0a' function='0x3'/>
      </source>
      <alias name='hostdev0'/>
      <address type='pci' domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
    </interface>
        ...
  </devices>
</domain>
  • vmx is need for nested virtualization(L1 guest should use 'host-model' or 'host-passthrough' cpu or have the vmx as required);
  • The guest vIOMMU is a general device in QEMU. Currently only Q35 platform supports guest vIOMMU;
  • intremap=[on|off] shows whether the guest vIOMMU will support interrupt remapping. To fully enable vIOMMU functionality, we need to provide intremap=on here. Currently, interrupt remapping does not support full kernel irqchip, only "split" and "off" are supported, It depends on <ioapic driver='qemu'/>;
  • Most of the full emulated devices (like e1000 mentioned above) should be able to work seamlessly now with Intel vIOMMU. However there are some special devices that need extra cares. These devices are:
     Assigned devices (like, vfio-pci)
     Virtio devices (like, virtio-net-pci)
  • caching-mode=on is required when we have assigned devices with the intel-iommu device. The above example assigned the host PCI device 02:00.0 to the guest;
  • They will make qemu cmdline like this:
    ......kernel_irqchip=split .... -device intel-iommu,intremap=on,caching-mode=on
  • virtio devices need "iommu_platform=on,ats=on" defined in device like memballoon device as above. And "device-iotlb=on" in the iommu device;
  1. And on L1 guest, enable "iommu=pt intel_iommu=on" in kernel cmdline. 
    # vim /etc/default/grub  (apend "intel_iommu=on" to GRUB_CMDLINE_LINUX)

    if you use seabios:

    # grub2-mkconfig -o /boot/grub2//grub.cfg

    if you use OVMF:

    # grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg

    Reboot the L1 guest, then on L1 guest check if the env is ok:
    1). the kvm device is there, otherwise, check the 'enable nested virtualization' step(step 1)

    # ls -al /dev/kvm
crw-rw-rw-. 1 root kvm 10, 232 Jul  3 14:30 /dev/kvm
    # lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                10
On-line CPU(s) list:   0-9
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             10
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 63
Model name:            Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz
Stepping:              2
CPU MHz:               2397.222
BogoMIPS:              4794.44
Virtualization:        VT-x
Hypervisor vendor:     KVM
Virtualization type:   full
......

2). Checkpoint for vIOMMU enable

# dmesg  | grep -i DMAR
[    0.000000] ACPI: DMAR 0x000000007FFE2541 000048 (v01 BOCHS  BXPCDMAR 00000001 BXPC 00000001)
[    0.000000] DMAR: IOMMU enabled
[    0.203737] DMAR: Host address width 39
[    0.203739] DMAR: DRHD base: 0x000000fed90000 flags: 0x1
[    0.203776] DMAR: dmar0: reg_base_addr fed90000 ver 1:0 cap 12008c22260206 ecap f02
[    2.910862] DMAR: No RMRR found
[    2.910863] DMAR: No ATSR found
[    2.914870] DMAR: dmar0: Using Queued invalidation
[    2.914924] DMAR: Setting RMRR:
[    2.914926] DMAR: Prepare 0-16MiB unity mapping for LPC
[    2.915039] DMAR: Setting identity map for device 0000:00:1f.0 [0x0 - 0xffffff]
[    2.915140] DMAR: Intel(R) Virtualization Technology for Directed I/O

Make sure the "DMAR: Intel(R) Virtualization Technology for Directed I/O" is there – if that’s missing something went wrong – don’t be mislead by the earlier “DMAR: IOMMU enabled” line which merely says the kernel saw the “intel_iommu=on” command line option.

3). The IOMMU should also have registered the PCI devices into various groups

# dmesg  | grep -i iommu  |grep device
[    2.915212] iommu: Adding device 0000:00:00.0 to group 0
[    2.915226] iommu: Adding device 0000:00:01.0 to group 1
...snip...
[    5.588723] iommu: Adding device 0000:b5:00.0 to group 14
[    5.588737] iommu: Adding device 0000:b6:00.0 to group 15
[    5.588751] iommu: Adding device 0000:b7:00.0 to group 16

Now you can assgin the 3 interfaces to L2 guest.

Above steps expected to works well, but in fact, some devices share the same iommu group. How to make the devices into separated iommu group?

Reference:
https://www.linuxtechi.com/enable-nested-virtualization-kvm-centos-7-rhel-7/
https://www.linux-kvm.org/page/Nested_Guests
https://www.redhat.com/en/blog/inception-how-usable-are-nested-kvm-guests
https://www.berrange.com/posts/2017/02/16/setting-up-a-nested-kvm-guest-for-developing-testing-pci-device-assignment-with-numa/
https://wiki.qemu.org/Features/VT-d

转载于:https://blog.51cto.com/11527071/2135675

weixin_33858485
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
nested hardware-assisted virtualization
liukuan73的专栏
07-20 3446
一.nested kvm Configure nested KVM. It's possible to install KVM and create virtual machines as nested KVM on KVM host. 1.CentOS7 (1)Enable the setting for Nested KVM. [root@dlp ~]# 
在windows10启动docker出现Hardware assisted virtualization and data execution protection must be enabled i
霓虹深处
05-07 3740
解决方法 Docker在Win10中是基于Win10自带的虚拟机Hyper-V运作的。安装前需要确保在BIOS中已经开启了CPU虚拟化,不然的话在安装完后的初启动会报以上错误。 点击“任务管理器”->"性能"查看虚拟化是否被开启。下图显示本机虚拟化被禁用,需要启用。 进入BIOS > >Intel Virtual Technology> Enabled,按...
虚拟化技术 — Libvirt 异构虚拟化管理组件
烟云的计算
04-24 2969
IP 地址伪装规则,使得 VMs 可以使用 Host 的 IP 地址访问外部网络,但外部网络无法主动访问到 VMs,因为 VMs 对于外部网络而言是不可见的。随着循环次数的增加,所需要复制的 dirty pages 就会明显减少,而复制所耗费的时间就会逐渐变短,那么内存就有可能没有足够的时间发生变化。在 Tunnel 传输模式下,同一份数据需要被拷贝多次,并且所有的流量都通过一个端口,在大内存、高业务(快速增加 RAM 脏数据)的场景下,同样的网络带宽,Tunnel 传输模式迁移速率较慢。
SR-IOV 网卡虚拟化技术
mabin2005的专栏
05-13 2553
目录 目录 目录 SR-IOV 在 KVM 中启用 SR-IOV 网卡 手动挂载 VF 到虚拟机 指令方式挂载 SR-IOV 的数据包分发机制 SR-IOV SR-IOV(Single-Root I/O Virtualization,单根 I/O 虚拟化)是 PCI-SIG 推出的一项标准,定义了一种 PCIe 设备虚拟化技术的标准机制,是 “虚拟通道” 的一种技术实现,用于将一个 PCIe 设备虚拟成多个 PCIe 设备,每个虚拟 PCIe 设备都具有自己的 PCIe 配置空间..
使用Intel82599 VF 功能,在虚拟机里运行 (f-stack)nginx 代理功能多进程总结
shaoyunzhe的专栏
06-02 5518
f-stack 官网http://www.f-stack.org/ f-stack是一个移植了freebsd 协议栈和支持dpdk的用户空间协议栈,源码里包含了对nginx的支持。 网卡SRIOVhttp://dpdk.org/doc/guides/nics/intel_vf.html 1、准备工作 使用intel 82599网卡的SRIOV功能开启VF,创建虚拟机直接使用网卡
NEVE:Nested Virtualization Extensions for ARM
11-30
NEVE:基于ARM架构的嵌套虚拟化扩展 随着ARM服务器在云基础设施部署中的不断深入,在ARM上支持嵌套虚拟化是近年来随着ARM体系结构引入嵌套虚拟化支持而出现的一个关键因素。
templates-in-nested-addons
06-25
嵌套插件中的模板这是... preprocessTemplates ( / Users / rjackson / Source / sandbox / ember - cli / templates - in - nested - addons / node_modules / ember - cli / lib / preprocessors . js : 83 : 11 ) a
Java-Docs-3.zip_nested
09-23
在Java编程语言中,"nested classes" 是一个重要的概念,特别是在面试中经常被问到。这个主题涵盖了内部类(inner classes)、静态嵌套类(static nested classes)以及其他相关的概念,这些都是理解和编写复杂Java...
41 pal2010_nestedarray_
09-30
标题中的"41 pal2010_nestedarray_"可能是一个编码或者版本标识,指的是一个关于nested array技术的具体讨论或研究,而"pal2010"可能是作者、会议或者出版年份的缩写。描述中提到的"A Novel Approach to Array ...
MySQL中Nested-Loop Join算法小结
09-10
MySQL中的Nested-Loop Join(NLJ)是一种基本的JOIN操作实现方式,主要用于处理两个或多个表之间的连接。NLJ的基本思想是逐行遍历一张表(称为外部表),然后对每一行与另一张表(称为内部表)进行匹配。这个过程...
passThrough miniFilter driver
04-10
This is the main module of the passThrough miniFilter driver.This filter hooks all IO operations for both pre and post operationcallbacks. The filter passes through the operations.
「KVM」- Networking @20210226
k4nz
02-26 355
本文介绍基于libvirt的应用程序使用的常见网络配置。 此信息适用于所有「Hypervisor」,无论是Xen,还是KVM,又或者其他。 两种常见设置是: * 虚拟网络:「NAT转发」。开箱即用,无需过多设置。 * 共享设备:「桥接网络」。需要进行特定的手动配置。 本文主要介绍这两种网络。最后一部分是「网络设备直通」相关的内容。 虚拟网络:NAT转发 #1 对Host配置 如果libvirt是标准安装的,那它默认提供基于NAT的虚拟机连接,开箱即用: # virsh net-l.
fedora 18 下kvm虚拟机通过libvirt实现pci pass through
wjw7869的专栏
11-05 1777
原文链接:http://www.server110.com/kvm/201402/5547.html 本文将介绍fedora 18 下kvm虚拟机通过libvirt实现pci pass through (intel处理器) PCI PASS THROUGH的优点:pci pass through 可以使虚拟机直接访问硬件设备,可以获得近乎本机的性能。对于某些网络应用程序(或那
使用libvirt和qemu将pci pass through设备添加到虚拟机上
wangcg123的专栏
09-02 2606
透传的优势 guest使用透传设备可以获得设备近乎原生的性能, PCI pass-throught设备给动态迁移带来的问题, dest host可能没有同样的硬件. 就算可以模拟一个设备,但是原始设备的内部状态不能获得. VT-d support In order to assign devices in KVM, you’ll need a system which
IOMMU_GROUP创建流程
leiyanjie8995的博客
12-22 1018
内核的iommu驱动在drivers/iommu下,因为虚拟化相关的设计与硬件体系架构强相关,所以iommu的驱动包含软件提取的通用框架层代码和各体系结构相关代码,包括intel/amd/arm等。
Intel IOMMU Introduction
宋宝华
05-22 2615
对于Intel的硬件辅助虚拟化方案而言核心的两大技术分别是VT-x和VT-d。其中VT-x中主要引入了non-root模式(VMCS)以及EPT页表等技术,主要关注于vCPU的虚拟化和内...
iommu & intel-iommu实现
OnePiece
03-19 3514
iommu & intel-iommu 本篇文章主要针对iommu和intel-iommu讲述linux代码具体实现。同时由于这里整体实现代码较多,文章主要从iommu、domain、group、device这几个数据结构出发,阐述这几个数据结构如何建立关联,并讲解如果建立的iommu映射。先不考虑vfio的情况,只考虑物理机开启iommu的情况。第二部分会针对vfio做讨论。 iommu...
解决dpdk中出现IOMMU not found的问题
weixin_30670151的博客
07-24 1335
问题 在使用VFIO前,需要在BIOS打开VT-x和VT-d,想把一个PCIe网卡透传到虚拟机中,发现虚拟机启动失败,提示IOMMU没有找到。 输入以下命令确定vt-d开启 dmesg | grep -e DMAR -e IOMMU 出现 IOMMU not found 解决方法 开机后按F12进入BIOS界面,打开VT-x和VT-d 在Linix内核启动选项设置intel_iommu=...
使用passthrough模式,只通过PCI任意设备(该过程是在RHEL7系统进行,其他系统原理一样)
小宇宙的专栏
11-22 5643
1.在HOST 选择PCI设备 [root@localhost~]# dmesg |grep -e DMAR -e IOMMU [    0.000000] ACPI: DMAR 000000007b7be000 00120(v01 INSYDE  HSW-LPT 00000001 ACPI00040000) [    0.155894] dmar: IOMMU 0: reg_base_a
unsatisfied dependency expressed through field propertySourceLocatiors nested exception is
最新发布
01-19
根据提供的引用内容,"unsatisfied dependency expressed through field propertySourceLocatiors nested exception is" 是一个异常信息,表示在字段 propertySourceLocatiors 中存在不满足依赖的问题。 这个异常...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值