Appendix G. Configuring a Hypervisor Host for PCI Passthrough

Enabling PCI passthrough allows a virtual machine to use a host device as if the device were directly attached to the virtual machine. To enable the PCI passthrough function, you need to enable virtualization extensions and the IOMMU function. The following procedure requires you to reboot the hypervisor host. If the host is attached to the Manager already, ensure you place the host into maintenance mode before running the following procedure.

Prerequisites:

  • Ensure that the host hardware meets the requirements for PCI device passthrough and assignment. See Section 2.2.4, “PCI Device Requirements” for more information.
  • Ensure that either Red Hat Enterprise Linux 7 or RHEV-H 7 is installed.

Procedure G.1. Configuring a Hypervisor Host for PCI Passthrough

  1. Enable the virtualization extension (for example, VT-d or AMD-Vi) in the BIOS. See Enabling Intel VT-x and AMD-V virtualization hardware extensions in BIOS in the Red Hat Enterprise Linux Virtualization and Administration Guide for more information.
  2. Enable IOMMU by editing the grub configuration file.

    Note

    If you are using IBM POWER8 hardware, skip this step as IOMMU is enabled by default.
    • For Intel:
      • For Red Hat Enterprise Linux hosts, boot the machine, and append intel_iommu=on to the end of the GRUB_CMDLINE_LINUX line in the grub configuration file.
        # vi /etc/default/grub
        ...
        GRUB_CMDLINE_LINUX="nofb splash=quiet console=tty0 ... intel_iommu=on
        ...
      • For RHEV-H, boot the machine, and press F2 to enter rescue mode.
        1. Remount the boot image with read and write permissions:
          # mount -o rw,remount LABEL=Root /dev/.initramfs/live
        2. Edit /dev/.initramfs/live/grub/grub.conf and append intel_iommu=on to the end of the kernel /vmlinuz line.
        3. Remount the boot image with read-only permission:
          # mount -o ro,remount LABEL=Root /dev/.initramfs/live
    • For AMD:
      • For Red Hat Enterprise Linux hosts, boot the machine, and append amd_iommu=on to the end of the GRUB_CMDLINE_LINUX line in the grub configuration file.
        # vi /etc/default/grub
        ...
        GRUB_CMDLINE_LINUX="nofb splash=quiet console=tty0 ... amd_iommu=on
        ...
      • For RHEV-H, boot the machine, and press F2 to enter rescue mode.
        1. Remount the boot image with read and write permissions:
          # mount -o rw,remount LABEL=Root /dev/.initramfs/live
        2. Edit /dev/.initramfs/live/grub/grub.conf and append amd_iommu=on to the end of the kernel /vmlinuz line.
        3. Remount the boot image with read-only permission:
          # mount -o ro,remount LABEL=Root /dev/.initramfs/live

    Note

    If intel_iommu=on or amd_iommu=on works, you can try replacing them with intel_iommu=pt or amd_iommu=pt. The pt option only enables IOMMU for devices used in passthrough and will provide better host performance. However, the option may not be supported on all hardware. Revert to previous option if the pt option doesn't work for your host.
    If the passthrough fails because the hardware does not support interrupt remapping, you can consider enabling the allow_unsafe_interrupts option if the virtual machines are trusted. The allow_unsafe_interrupts is not enabled by default because enabling it potentially exposes the host to MSI attacks from virtual machines. To enable the option:
    # vi /etc/modprobe.d
    options vfio_iommu_type1 allow_unsafe_interrupts=1
    
    For RHEV-H, also run persist /etc/modprobe.d so the file change persists over system reboots.
  3. Refresh the grub.cfg file and reboot the host for these changes to take effect:
    # grub2-mkconfig -o /boot/grub2/grub.cfg
    # reboot
  4. Run cat /proc/cmdline to verify the changes. Your system is now capable of PCI device passthrough and assignment.
For GPU passthrough, you need to run additional configuration steps on both the host and the guest system. See Preparing Host and Guest Systems for GPU Passthrough in the Administration Guide for more information.
For enabling SR-IOV and assigning dedicated virtual NICs to virtual machines, see https://access.redhat.com/articles/2335291 for more information.