[UBUNTU 20.04] Cannot use vfio-ccw dasd passthrough for KVM guests under Ubuntu
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
New
|
Medium
|
Skipper Bug Screeners | ||
libvirt (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
---Problem Description (by <email address hidden>) ---
Cannot use vfio-ccw dasd passthrough for KVM guests under Ubuntu 20.04/22.04
Contact Information = Eric Farman <email address hidden>
---uname output---
Linux m34mkvmt5 5.4.0-135-generic #152-Ubuntu SMP Wed Nov 23 21:05:01 UTC 2022 s390x s390x s390x GNU/Linux
---Additional Hardware Info---
ECKD DASD, connected as a mediated device for KVM device passthrough
Machine Type = IBM z14 (3906) LPAR
---Debugger---
A debugger is not configured
---Steps to Reproduce---
Attempting to spawn a guest with a vfio-ccw hostdev device fails with an AppArmor policy restriction on both 20.04 and 22.04, for files that QEMU attempts to open for the device. The failure also occurs when trying to hotplug such a device, which I'll use in these steps to keep the XML simple:
eric@kvmhost:~# chzdev -ea ca8b
eric@kvmhost:~# echo 0.0.ca8b > /sys/bus/
eric@kvmhost:~# echo 0.0.0b16 > /sys/bus/
eric@kvmhost:~# echo 0.0.0b16 > /sys/bus/
eric@kvmhost:~# echo 11f2d2bc-
eric@kvmhost:~# cat hostdev.xml
<hostdev mode='subsystem' type='mdev' model='vfio-ccw'>
<source>
<address uuid='11f2d2bc-
</source>
<address type='ccw' cssid='0xfe' ssid='0x0' devno='0xca8b'/>
</hostdev>
eric@kvmhost:~# virsh attach-device guest hostdev.xml
error: Failed to attach device from hostdev.xml
error: internal error: unable to execute QEMU command 'device_add': s390_ccw_realize: Failed to build initial schib: Invalid argument
eric@kvmhost:~# dmesg | grep DENIED
[ 5949.232089] audit: type=1400 audit(167035024
While the failure occurs with the pimpampom file for the subchannel, there are two others that QEMU would attempt to open after this:
eric:qemu$ git grep -B 2 -pn fopen hw/s390x/
hw/s390x/
--
hw/s390x/
hw/s390x/
hw/s390x/
--
hw/s390x/
--
hw/s390x/
hw/s390x/
hw/s390x/
--
hw/s390x/
--
hw/s390x/
hw/s390x/
hw/s390x/
The first two directories are links to the third, so I made the following entry in /etc/apparmor.
eric@kvmhost:~# cat /etc/apparmor.
/sys/devices/
This is of course a very broad brush, so perhaps there's a better deterministic way to the files in question for the subchannel(s) that are requested. (I apologize if that deterministic logic is tied up in the "hostdev networks" bug I see here: https:/
For what it's worth, those files are not ones that remain open once the device is connected to the guest:
eric@kvmhost:~# cat /etc/apparmor.
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/
"/var/
"/var/
"/run/
"/run/
"/dev/dasdb" rwk,
"/dev/pts/2" rw,
"/dev/vhost-net" rw,
"/dev/vfio/2" rwk,
(The passed through DASD device is /dev/vfio/2 in the above list, not /dev/dasdb. The latter is the guest rootfs, connected via virtio-blk.)
=======
Verified that this still misbehaves with 20.04.6 and 22.04.4. Both with the manual sysfs changes described in the initial comment, and the more convenient driverctl and mdevctl tooling.
=======
eric@host:~# virsh attach-device guest_3c4c hostdev.xml
error: Failed to attach device from hostdev.xml
error: internal error: unable to execute QEMU command 'device_add': s390_ccw_realize: Failed to build initial schib: Invalid argument
eric@host:~# dmesg | grep 0165
[ 127.558194] vfio_ccw 0.0.0165: MDEV: Registered
[ 224.657413] audit: type=1400 audit(170975169
eric@host:~# cat /etc/apparmor.
eric@host:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
eric@host:~# uname -a
Linux host 5.15.0-97-generic #107-Ubuntu SMP Wed Feb 7 13:27:35 UTC 2024 s390x s390x s390x GNU/Linux
eric@host:~# which qemu-system-s390x
/usr/bin/
eric@host:~# qemu-system-s390x --version
QEMU emulator version 6.2.0 (Debian 1:6.2+dfsg-
Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developers
tags: | added: architecture-s39064 bugnameltc-200694 severity-medium targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
affects: | linux (Ubuntu) → libvirt (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in libvirt (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → nobody |
Changed in ubuntu-z-systems: | |
importance: | Undecided → Medium |