On 2016/6/12 5:34, Steve Novakov wrote:
Hello,
I was instructed to send an email to the KVM-devel group about this. I
made a post on reddit about some issues I've had virtualizating an X58
environment. The details are here:
https://www.reddit.com/r/homelab/comments/4njtoi/x58_virtualization_w_linux_xpost_rlinux4noobs/
I'm asking around to see if anyone has a straightforward solution, or
any advice on how to approach this problem. Also (please read the reddit
post first):
- can I just pass "GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on
vfio_iommu_type1.allow_unsafe_interrupts=1" safely?
allow_unsafe_interupts actually means the interrupt remapping on Intel
IOMMU which is a security feature. Without it, a malicious VM can attack
the host, see below document for more details:
http://invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
- is there a way to fix the DMAR table for my BIOS (see post)? How
might I dump it and fix it?
You can dump it from /sys/firmware/acpi/tables/DMAR. I remember linux
kernel allow you to use the customized ACPI table but i am not sure
whether DMAR is suitable for it. Also, you can try to upgrade your BIOS
to fix it.
I'm running barebones Arch and KVM/QEMU. My progress is outlined in that
reddit post and discussion. At the moment, I'm after "safe" passthrough
of a PCIe NIC and video card to separate VMs. "Safe" may mean totally
secure (secure passthrough), or just stable enough that I don't have to
debug problems every kernel update *whichever is possible*. Thank you
in advance for any help.
Sincerely,
--
best regards
yang
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
