From mboxrd@z Thu Jan  1 00:00:00 1970
From: Yang Zhang <yang.zhang.wz@gmail.com>
Subject: Re: X58 Virtualization w/ Linux
Date: Sun, 12 Jun 2016 09:46:47 +0800
Message-ID: <ce629b1f-d85c-d93d-25a0-9c377cfc1500@gmail.com>
References: <03f27bbf-f8ad-b377-c194-adaefe808077@stevenovakov.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
To: Steve Novakov <steve@stevenovakov.com>, kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from mail-oi0-f65.google.com ([209.85.218.65]:35149 "EHLO
	mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751960AbcFLBrV (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sat, 11 Jun 2016 21:47:21 -0400
Received: by mail-oi0-f65.google.com with SMTP id u201so4696008oie.2
        for <kvm@vger.kernel.org>; Sat, 11 Jun 2016 18:47:20 -0700 (PDT)
In-Reply-To: <03f27bbf-f8ad-b377-c194-adaefe808077@stevenovakov.com>
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

On 2016/6/12 5:34, Steve Novakov wrote:
> Hello,
>
> I was instructed to send an email to the KVM-devel group about this. I
> made a post on reddit about some issues I've had virtualizating an X58
> environment. The details are here:
>
> https://www.reddit.com/r/homelab/comments/4njtoi/x58_virtualization_w_linux_xpost_rlinux4noobs/
>
>
> I'm asking around to see if anyone has a straightforward solution, or
> any advice on how to approach this problem. Also (please read the reddit
> post first):
>     - can I just pass "GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on
> vfio_iommu_type1.allow_unsafe_interrupts=1" safely?

allow_unsafe_interupts actually means the interrupt remapping on Intel 
IOMMU which is a security feature. Without it, a malicious VM can attack 
the host, see below document for more details:
http://invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf

>     - is there a way to fix the DMAR table for my BIOS (see post)? How
> might I dump it and fix it?

You can dump it from /sys/firmware/acpi/tables/DMAR. I remember linux 
kernel allow you to use the customized ACPI table but i am not sure 
whether DMAR is suitable for it. Also, you can try to upgrade your BIOS 
to fix it.

>
> I'm running barebones Arch and KVM/QEMU. My progress is outlined in that
> reddit post and discussion. At the moment, I'm after "safe" passthrough
> of a PCIe NIC and video card to separate VMs. "Safe" may mean totally
> secure (secure passthrough), or just stable enough that I don't have to
> debug problems every kernel update *whichever is possible*.  Thank you
> in advance for any help.
>
> Sincerely,


-- 
best regards
yang