Ask Your Question
0

KVM- Device 'pci-assign' could not be initialized

asked 2013-02-15 18:11:37 -0500

bstamps gravatar image

Having trouble getting a Varian PCI Signal Processing Controller passed through to a Windows HVM guest on KVM. Relatively new to the game with KVM, but I've attempted to be thorough in setting everything up (Passed intel_iommu=on to grub2, ensured VT-d was enabled in the BIOS, pci device was detached in virsh). I'm at a loss-

Error is as follows

Error starting domain: internal error process exited while connecting to monitor: char device redirected to /dev/pts/0 assigneddevregister_regions: Error: Couldn't mmap 0xf7100000! qemu-kvm: -device pci-assign,host=05:02.0,id=hostdev0,configfd=23,bus=pci.0,addr=0x4: Device 'pci-assign' could not be initialized 2013-02-16 00:00:40.503+0000: shutting down

Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 96, in cbwrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 117, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1090, in startup self.backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 678, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: internal error process exited while connecting to monitor: char device redirected to /dev/pts/0 assigneddevregister_regions: Error: Couldn't mmap 0xf7100000! qemu-kvm: -device pci-assign,host=05:02.0,id=hostdev0,configfd=23,bus=pci.0,addr=0x4: Device 'pci-assign' could not be initialized 2013-02-16 00:00:40.503+0000: shutting down

edit retag flag offensive close merge delete

Comments

Does ausearch -m avc return anything that looks related? There are a handful of virtualization-related SELinux booleans that may or may not apply.

randomuser gravatar imagerandomuser ( 2013-10-25 01:17:48 -0500 )edit

3 Answers

Sort by ยป oldest newest most voted
1

answered 2014-03-18 21:19:23 -0500

supmethods gravatar image

The KVM host is potentially exposed to a malicious guest trying to trigger MSI interrupts for denial of service or exploit probing. For this reason, unsafe assigned interrupts isn't permitted which may prevent you from passing through the device to the KVM guest.

If you trust your guest, it's safe to allow this by doing the following: echo 1 > /sys/module/kvm/parameters/allow_unsafe_assigned_interrupts

edit flag offensive delete link more
0

answered 2013-02-16 07:55:14 -0500

domg472 gravatar image

updated 2013-02-16 07:55:57 -0500

There is a bug in there (which should be fixed soon ive been told)

Until then one is required to change the following options in /etc/libvirt/qemu.conf:

# The user ID for QEMU processes run by the system instance.
user = "root"

# The group ID for QEMU processes run by the system instance.
group = "root"

and

# If clear_emulator_capabilities is enabled, libvirt will drop all
# privileged capabilities of the QEmu/KVM emulator. This is enabled by
# default.
#
# Warning: Disabling this option means that a compromised guest can
# exploit the privileges and possibly do damage to the host.
#
clear_emulator_capabilities = 0

Note: This will make your guest run as root with all its capabilities (insecure)

edit flag offensive delete link more
0

answered 2013-10-25 04:21:23 -0500

Run as root solution works for me - Fedora 19 with amd cpu and intel NIC . Do you know more about bug ? Can't find related bugzilla link and fedora is still affected.

edit flag offensive delete link more

Question Tools

Stats

Asked: 2013-02-15 18:11:37 -0500

Seen: 4,920 times

Last updated: Mar 18 '14