validate IOMMU support
119 views
Skip to first unread message
Wim Vervoorn
Jan 11, 2018, 4:44:01 AM1/11/18
to qubes-users
Hello,
I added IOMMU support to coreboot (DMAR tables with filled DHRD and RMRR structures) and want to make sure everything is configured correctly.
I did check this using the Ubuntu fwts and also checked using qubues-hcl-report. All of these seem fine and I don't notice any obvious issues issues in my Qubes 4.0 rc 3 installation.
There are no warnings regarding this in the dmesg and journalctl.
Can I assume everything has been implemented correctly in Qubes or should I perform additional testing to make sure this is really working?
Best regards,
Wim Vervoorn
I added IOMMU support to coreboot (DMAR tables with filled DHRD and RMRR structures) and want to make sure everything is configured correctly.
I did check this using the Ubuntu fwts and also checked using qubues-hcl-report. All of these seem fine and I don't notice any obvious issues issues in my Qubes 4.0 rc 3 installation.
There are no warnings regarding this in the dmesg and journalctl.
Can I assume everything has been implemented correctly in Qubes or should I perform additional testing to make sure this is really working?
Best regards,
Wim Vervoorn
awokd
Jan 11, 2018, 4:50:07 AM1/11/18
to Wim Vervoorn, qubes-users
passthrough to an HVM and it works, you should be good.
Wim Vervoorn
Jan 12, 2018, 3:25:01 AM1/12/18
to aw...@danwin1210.me, qubes-users
Hello,
Thanks. I tried this. Now I am running into problems with the PCI devices I am using. Qubes can't reset those. For some reason they are not exposing the FLR capability. I am trying to find out why because they should according to the datasheet.
Best regards,
Thanks. I tried this. Now I am running into problems with the PCI devices I am using. Qubes can't reset those. For some reason they are not exposing the FLR capability. I am trying to find out why because they should according to the datasheet.
Best regards,
awokd
Jan 12, 2018, 6:31:26 AM1/12/18
to Wim Vervoorn, aw...@danwin1210.me, qubes-users
On Fri, January 12, 2018 8:23 am, Wim Vervoorn wrote:
> Hello,
>
>
> Hello,
>
>
> Thanks. I tried this. Now I am running into problems with the PCI devices
> I am using. Qubes can't reset those. For some reason they are not
> exposing the FLR capability. I am trying to find out why because they
> should according to the datasheet.
I'm personally interested in this because I have the same issue with a
> I am using. Qubes can't reset those. For some reason they are not
> exposing the FLR capability. I am trying to find out why because they
> should according to the datasheet.
Corebooted laptop so please let me know if you figure it out, but there
are probably going to be more subject matter experts over on the Coreboot
mailing list!
For purposes of validating IOMMU support though, as long as you can get
one PCI device passed through I think that would be all that matters?
Tai...@gmx.com
Jan 12, 2018, 12:24:14 PM1/12/18
to aw...@danwin1210.me, Wim Vervoorn, qubes-users
IOMMU-IR is enabled in dmesg then you are good to go.
I too would like to know how to modify the PCI capabilities list.
Wim Vervoorn
Jan 15, 2018, 4:42:09 AM1/15/18
to qubes...@googlegroups.com
Hello,
I can understand that but there is no general rule for that. In many cases this won't be possible at all. In some cases this can be achieved by changing some configurations in the chip but in many cases this will not be documented in public documents.
I do think some things in Qubes can be improved regarding this support.
What I noticed is that all PCI devices in the systems are listed and can be assigned to a VM BUT when I try to do this the VM will not start (without any message to the user). I think two things can be improved here.
1) Only list the devices that can actually be used ( so they should support FLR or PM reset or bus reset). Listing the others is confusing and will cause frustration by the users
2) Provide some user feedback anyhow when a VM fails to start. Now a user needs to consult the log to check what happens. This is not really convenient.
Best regards,
Wim Vervoorn
-----Original Message-----
From: Frans Hendriks
Sent: Monday, January 15, 2018 9:42 AM
To: Wim Vervoorn <wver...@eltan.com>
Subject: FW: [SPAM] Re: [qubes-users] validate IOMMU support
-----Original Message-----
From: Tai...@gmx.com [mailto:Tai...@gmx.com]
Sent: vrijdag 12 januari 2018 18:24
To: aw...@danwin1210.me; Wim Vervoorn <wver...@eltan.com>
Cc: qubes-users <qubes...@googlegroups.com>
I can understand that but there is no general rule for that. In many cases this won't be possible at all. In some cases this can be achieved by changing some configurations in the chip but in many cases this will not be documented in public documents.
I do think some things in Qubes can be improved regarding this support.
What I noticed is that all PCI devices in the systems are listed and can be assigned to a VM BUT when I try to do this the VM will not start (without any message to the user). I think two things can be improved here.
1) Only list the devices that can actually be used ( so they should support FLR or PM reset or bus reset). Listing the others is confusing and will cause frustration by the users
2) Provide some user feedback anyhow when a VM fails to start. Now a user needs to consult the log to check what happens. This is not really convenient.
Best regards,
Wim Vervoorn
-----Original Message-----
From: Frans Hendriks
Sent: Monday, January 15, 2018 9:42 AM
To: Wim Vervoorn <wver...@eltan.com>
-----Original Message-----
From: Tai...@gmx.com [mailto:Tai...@gmx.com]
Sent: vrijdag 12 januari 2018 18:24
To: aw...@danwin1210.me; Wim Vervoorn <wver...@eltan.com>
Cc: qubes-users <qubes...@googlegroups.com>
awokd
Jan 15, 2018, 6:27:14 AM1/15/18
to Wim Vervoorn, qubes...@googlegroups.com
On Mon, January 15, 2018 9:40 am, Wim Vervoorn wrote:
> Hello,
>
>
> Hello,
>
>
> I can understand that but there is no general rule for that. In many
> cases this won't be possible at all. In some cases this can be achieved
> by changing some configurations in the chip but in many cases this will
> not be documented in public documents.
>
> I do think some things in Qubes can be improved regarding this support.
>
>
> What I noticed is that all PCI devices in the systems are listed and can
> be assigned to a VM BUT when I try to do this the VM will not start
> (without any message to the user). I think two things can be improved
> here. 1) Only list the devices that can actually be used ( so they should
> support FLR or PM reset or bus reset). Listing the others is confusing
> and will cause frustration by the users 2) Provide some user feedback
> anyhow when a VM fails to start. Now a user needs to consult the log to
> check what happens. This is not really convenient.
There is a FAQ entry on it at least: https://www.qubes-os.org/faq/
> cases this won't be possible at all. In some cases this can be achieved
> by changing some configurations in the chip but in many cases this will
> not be documented in public documents.
>
> I do think some things in Qubes can be improved regarding this support.
>
>
> What I noticed is that all PCI devices in the systems are listed and can
> be assigned to a VM BUT when I try to do this the VM will not start
> (without any message to the user). I think two things can be improved
> here. 1) Only list the devices that can actually be used ( so they should
> support FLR or PM reset or bus reset). Listing the others is confusing
> and will cause frustration by the users 2) Provide some user feedback
> anyhow when a VM fails to start. Now a user needs to consult the log to
> check what happens. This is not really convenient.
Often you can still use them if you disable the strict reset requirement.
Wim Vervoorn
Jan 15, 2018, 7:08:07 AM1/15/18
to aw...@danwin1210.me, qubes...@googlegroups.com
Hello,
Thanks, I overlooked the no-strict-reset option. I will give this a try and see how it works out.
Wim
-----Original Message-----
From: awokd [mailto:aw...@danwin1210.me]
Sent: Monday, January 15, 2018 12:26 PM
To: Wim Vervoorn <wver...@eltan.com>
Thanks, I overlooked the no-strict-reset option. I will give this a try and see how it works out.
Wim
-----Original Message-----
From: awokd [mailto:aw...@danwin1210.me]
Sent: Monday, January 15, 2018 12:26 PM
To: Wim Vervoorn <wver...@eltan.com>
Reply all
Reply to author
Forward
0 new messages