From: Yang Zhang <yang.zhang.wz@gmail.com>
To: Steve Novakov <steve@stevenovakov.com>, kvm@vger.kernel.org
Subject: Re: X58 Virtualization w/ Linux
Date: Sun, 12 Jun 2016 09:46:47 +0800 [thread overview]
Message-ID: <ce629b1f-d85c-d93d-25a0-9c377cfc1500@gmail.com> (raw)
In-Reply-To: <03f27bbf-f8ad-b377-c194-adaefe808077@stevenovakov.com>
On 2016/6/12 5:34, Steve Novakov wrote:
> Hello,
>
> I was instructed to send an email to the KVM-devel group about this. I
> made a post on reddit about some issues I've had virtualizating an X58
> environment. The details are here:
>
> https://www.reddit.com/r/homelab/comments/4njtoi/x58_virtualization_w_linux_xpost_rlinux4noobs/
>
>
> I'm asking around to see if anyone has a straightforward solution, or
> any advice on how to approach this problem. Also (please read the reddit
> post first):
> - can I just pass "GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on
> vfio_iommu_type1.allow_unsafe_interrupts=1" safely?
allow_unsafe_interupts actually means the interrupt remapping on Intel
IOMMU which is a security feature. Without it, a malicious VM can attack
the host, see below document for more details:
http://invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
> - is there a way to fix the DMAR table for my BIOS (see post)? How
> might I dump it and fix it?
You can dump it from /sys/firmware/acpi/tables/DMAR. I remember linux
kernel allow you to use the customized ACPI table but i am not sure
whether DMAR is suitable for it. Also, you can try to upgrade your BIOS
to fix it.
>
> I'm running barebones Arch and KVM/QEMU. My progress is outlined in that
> reddit post and discussion. At the moment, I'm after "safe" passthrough
> of a PCIe NIC and video card to separate VMs. "Safe" may mean totally
> secure (secure passthrough), or just stable enough that I don't have to
> debug problems every kernel update *whichever is possible*. Thank you
> in advance for any help.
>
> Sincerely,
--
best regards
yang
next prev parent reply other threads:[~2016-06-12 1:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-11 21:34 X58 Virtualization w/ Linux Steve Novakov
2016-06-12 1:46 ` Yang Zhang [this message]
2016-06-12 1:55 ` Steve Novakov
2016-06-12 2:54 ` Steve Novakov
2016-06-12 2:57 ` Steve Novakov
2016-06-13 1:46 ` Yang Zhang
2016-06-13 3:32 ` Steve Novakov
2016-06-13 20:11 ` Steve Novakov
2016-06-14 22:00 ` Steve Novakov
2016-06-15 5:04 ` Steve Novakov
2016-06-15 6:59 ` Paolo Bonzini
2016-06-15 15:40 ` Steve Novakov
2016-06-16 1:19 ` Yang Zhang
2016-06-16 1:22 ` Steve Novakov
2016-06-16 7:17 ` Paolo Bonzini
2016-06-20 2:07 ` Yang Zhang
2016-06-20 4:05 ` Steve Novakov
[not found] ` <97e6a96d-4139-2469-a8c9-f79df48727a6@stevenovakov.com>
2016-06-21 1:21 ` Yang Zhang
2016-06-21 1:24 ` Steve Novakov
2016-06-27 2:21 ` Yang Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ce629b1f-d85c-d93d-25a0-9c377cfc1500@gmail.com \
--to=yang.zhang.wz@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=steve@stevenovakov.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox