Show Table of Contents
15.5. PCI passthrough for para-virtualized Xen guests on Red Hat Enterprise Linux
PCI passthrough is used to allow a Xen guest exclusive access to a PCI device, rather than sharing with other guests or with dom0. PCI passthrough for para-virtualized Xen guests is supported on all Red Hat Enterprise Linux 5 systems, however PCI passthrough with fully virtualized guests is only supported on Red Hat Enterprise Linux 5.4 and newer.
Warning
PCI passthrough to para-virtualized guests is considered insecure and is not supported for Red Hat Enterprise Linux 6 guests.
Limitations of Xen PCI passthrough:
Any guest using PCI passthrough will no longer be available for save, restore, or migration capabilities, as it will be tied to a particular non-virtualized hardware configuration.
A guest which has access to a non-virtualized PCI device via PCI passthrough also has the potential to access the DMA address space of dom0, which is a potential security concern.
To link a PCI device to a guest the device must first be hidden from the host. If the host is using the device, the device cannot be assigned to the guest.
Procedure 15.3. Example: attaching a PCI device
- Given a network device which uses the bnx2 driver and has a PCI id of 0000:09:00.0, the following lines added to
/etc/modprobe.confhides the device from dom0. Either thebnx2module must be reloaded or the host must be restarted.install bnx2 /sbin/modprobe pciback; /sbin/modprobe --first-time --ignore-install bnx2 options pciback hide=(0000:09:00.0)
- Multiple PCI identifiers can be added to
/etc/modprobe.confto hide multiple devices.options pciback hide=(0000:09:00.0)(0000:0a:04.1)
- Use one of the following methods to add the passed-through device to the guest's configuration file:
virsh(Section 15.1, “Adding a PCI device with virsh” - Step 5);virt-manager(Section 15.2, “Adding a PCI device with virt-manager”); orvirt-install(Section 15.3, “PCI passthrough with virt-install”)
Warning
Due to interrupt tracking, repeatedly hotplugging or hotunplugging an assigned device more than 512 times in a brief period of time can cause a kernel error. Please do not repeatedly hotplug/hotunplug an assigned device.
Note
When running Red Hat Enterprise Linux 5 as a KVM guest, the
acpiphp kernel module must be loaded in the guest to support dynamic addition and removal of PCI devices. This module enables the guest to receive insertion and removal notifications from qemu. To manually load this module, run the following command in the guest:
# modprobe acpiphp
To enable this module to be loaded automatically on every guest boot, perform the following commands in the guest:
# echo 'modprobe acpiphp' > /etc/sysconfig/modules/acpiphp.modules
# chmod +x /etc/sysconfig/modules/acpiphp.modules
After reboot, the module should be loaded and can be confirmed with the
lsmod | grep acpiphp command. More information on persistent module loading in Red Hat Enterprise Linux 5 can be found in the Red Hat Enterprise Linux 5 Deployment Guide.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.