[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] QEMU as non-root and PCI passthrough do not mix
On Tue, 2016-01-12 at 16:52 +0000, Stefano Stabellini wrote: > PCI passthrough cannot work if QEMU is run as a non-root process today, > as QEMU needs to open /dev/mem to mmap the MSI-X table of the device and > read/write relevant nodes on sysfs. > > Update the docs to reflect that. > > Run QEMU as root and print a warning if at least one PCI device has been > assigned to the guest at domain creation. Print a debug message on pci > hotplug. > > Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx> > > diff --git a/docs/misc/qemu-deprivilege.txt b/docs/misc/qemu- > deprivilege.txt > index dde74ab..cf52547 100644 > --- a/docs/misc/qemu-deprivilege.txt > +++ b/docs/misc/qemu-deprivilege.txt > @@ -29,3 +29,13 @@ adduser --no-create-home --system xen-qemuuser-shared > Â > Â3) root > ÂAs a last resort, libxl will start QEMU as root. > + > + > +Please note that QEMU will still be run as root when PCI devices are > +assigned to the virtual machine (if you specified pci=["$PCI_BDF"] in > +your VM config file, where $PCI_BDF is the PCI BDF of the device you > +want to assign). If you want to hotplug a PCI device sometime after the > +VM has started, you need to make sure that the QEMU instance of that VM > +has root privileges (for example by not specifying either > +xen-qemuuser-shared or xen-qemuuser-domid$domid, or by giving root > +privileges to xen-qemuuser-domid$domid). > diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c > index 0aaefd9..6b98750 100644 > --- a/tools/libxl/libxl_dm.c > +++ b/tools/libxl/libxl_dm.c > @@ -1254,6 +1254,12 @@ static int > libxl__build_device_model_args_new(libxl__gc *gc, > ÂÂÂÂÂÂÂÂÂÂÂÂÂbreak; > ÂÂÂÂÂÂÂÂÂ} > Â > +ÂÂÂÂÂÂÂÂ/* Do not run QEMU as non-root if PCI devices are assigned */ > +ÂÂÂÂÂÂÂÂif (guest_config->num_pcidevs > 0) { > +ÂÂÂÂÂÂÂÂÂÂÂÂLOG(WARN, "Cannot run QEMU as non-root when PCI devices are > being assigned to the guest VM"); > +ÂÂÂÂÂÂÂÂÂÂÂÂgoto end_search; > +ÂÂÂÂÂÂÂÂ} What if b_info->device_model_user is NULL or == "root"? Doesn't this warn even then? Conversely if it is != root and num_pcidevs > 0 then it ought to error out, since running as root when the config explicitly says otherwise would be wrong I think. > + > ÂÂÂÂÂÂÂÂÂif (b_info->device_model_user) { > ÂÂÂÂÂÂÂÂÂÂÂÂÂuser = b_info->device_model_user; > ÂÂÂÂÂÂÂÂÂÂÂÂÂgoto end_search; > diff --git a/tools/libxl/libxl_pci.c b/tools/libxl/libxl_pci.c > index dc10cb7..04d0dd4 100644 > --- a/tools/libxl/libxl_pci.c > +++ b/tools/libxl/libxl_pci.c > @@ -1176,6 +1176,9 @@ int libxl_device_pci_add(libxl_ctx *ctx, uint32_t > domid, > Â{ > ÂÂÂÂÂAO_CREATE(ctx, domid, ao_how); > ÂÂÂÂÂint rc; > + > +ÂÂÂÂLOG(DEBUG, "QEMU needs to be run as root for PCI passthrough to work"); Shouldn't there be an if here, and/or an error return? > + > ÂÂÂÂÂrc = libxl__device_pci_add(gc, domid, pcidev, 0); > ÂÂÂÂÂlibxl__ao_complete(egc, ao, rc); > ÂÂÂÂÂreturn AO_INPROGRESS; _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |