Re: vfio problem

[Alex Williamson <alex.williamson@redhat.com>]

On Fri, 2012-06-08 at 19:39 +0200, Andreas Hartmann wrote:
> Andreas Hartmann wrote:
> > Hello Alex,
> > 
> > You can probably say, what this message on host side means:
> > 
> > kernel: [ 3902.124109] vfio_dma_do_map: RLIMIT_MEMLOCK (65536) exceeded
> > 
> > The WLAN card in the VM doesn't work any more. It came up after a few
> > times of restarting the VM (with unbinding / rebinding - procedures).
> > 
> > I'll see if it is reproducible. I had to reboot to get it working again.
> 
> It is reproducible. And id seems not to be a problem of binding /
> unbinding, but the fact of not starting it as root user seems to be the
> problem.
> 
> I never saw these problems with a root VM (and root does have the same
> value for ulimit -l).

Yes, this is expected when running as non-root.  VFIO needs to lock
pages on behalf of the user, so the user needs limits granted to be able
to do that.  Otherwise a VFIO user could lock down all the memory in the
system.

> - Is it possible to run the VM / VFIO in user context?

Yes, this is one of the key design requirements of VFIO.
Pre-requirements are that a privileged entity has sequestered all the
devices as being owned by vfio-pci or pci-stub, the user has permissions
to /dev/vfio/<group#> and /dev/vfio/vfio (the latter is expected to be
safe to leave as 0666), and the user has limits set to lock pages
sufficient for what they need (note that the default of 64k might be
enough for some userspace driver applications).

> - What size should be used for ulimit -l?

It should be about the size of memory assigned to the guest.

Once we have libvirt support, all of this should be relatively
transparent as that will take care of the limits setting.  For now, it's
a bit of a pain running it as a normal user.  If you come up with an
easy way of doing it, please share.  Thanks,

Alex