[PATCH] QEMU as non-root and PCI passthrough do not mix

From: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
To: xen-devel@lists.xensource.com
Cc: Wei Liu <wei.liu2@citrix.com>,
	Ian Jackson <Ian.Jackson@eu.citrix.com>,
	Ian Campbell <Ian.Campbell@citrix.com>,
	Stefano Stabellini <Stefano.Stabellini@eu.citrix.com>
Subject: [PATCH] QEMU as non-root and PCI passthrough do not mix
Date: Tue, 12 Jan 2016 16:52:35 +0000	[thread overview]
Message-ID: <alpine.DEB.2.02.1601121645431.13564@kaball.uk.xensource.com> (raw)

PCI passthrough cannot work if QEMU is run as a non-root process today,
as QEMU needs to open /dev/mem to mmap the MSI-X table of the device and
read/write relevant nodes on sysfs.

Update the docs to reflect that.

Run QEMU as root and print a warning if at least one PCI device has been
assigned to the guest at domain creation. Print a debug message on pci
hotplug.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>

diff --git a/docs/misc/qemu-deprivilege.txt b/docs/misc/qemu-deprivilege.txt
index dde74ab..cf52547 100644
--- a/docs/misc/qemu-deprivilege.txt
+++ b/docs/misc/qemu-deprivilege.txt
@@ -29,3 +29,13 @@ adduser --no-create-home --system xen-qemuuser-shared
 
 3) root
 As a last resort, libxl will start QEMU as root.
+
+
+Please note that QEMU will still be run as root when PCI devices are
+assigned to the virtual machine (if you specified pci=["$PCI_BDF"] in
+your VM config file, where $PCI_BDF is the PCI BDF of the device you
+want to assign). If you want to hotplug a PCI device sometime after the
+VM has started, you need to make sure that the QEMU instance of that VM
+has root privileges (for example by not specifying either
+xen-qemuuser-shared or xen-qemuuser-domid$domid, or by giving root
+privileges to xen-qemuuser-domid$domid).
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index 0aaefd9..6b98750 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -1254,6 +1254,12 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
             break;
         }
 
+        /* Do not run QEMU as non-root if PCI devices are assigned */
+        if (guest_config->num_pcidevs > 0) {
+            LOG(WARN, "Cannot run QEMU as non-root when PCI devices are being assigned to the guest VM");
+            goto end_search;
+        }
+
         if (b_info->device_model_user) {
             user = b_info->device_model_user;
             goto end_search;
diff --git a/tools/libxl/libxl_pci.c b/tools/libxl/libxl_pci.c
index dc10cb7..04d0dd4 100644
--- a/tools/libxl/libxl_pci.c
+++ b/tools/libxl/libxl_pci.c
@@ -1176,6 +1176,9 @@ int libxl_device_pci_add(libxl_ctx *ctx, uint32_t domid,
 {
     AO_CREATE(ctx, domid, ao_how);
     int rc;
+
+    LOG(DEBUG, "QEMU needs to be run as root for PCI passthrough to work");
+
     rc = libxl__device_pci_add(gc, domid, pcidev, 0);
     libxl__ao_complete(egc, ao, rc);
     return AO_INPROGRESS;
