| Summary: | QEMU PCI Passthrough | ||
|---|---|---|---|
| Product: | IPFire | Reporter: | Edouard Magharian <emagharian> |
| Component: | --- | Assignee: | Peter Müller <peter.mueller> |
| Status: | CLOSED FIXED | QA Contact: | |
| Severity: | - Unknown - | ||
| Priority: | Will affect almost no one | CC: | emagharian, michael.tremer, peter.mueller, peter.mueller, zone1189-target |
| Version: | 2 | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
|
Description
Edouard Magharian
2021-12-24 20:12:19 UTC
Any updates on this? Would it help if I were to submit a patch instead? If Arne gives his okay, I would like you submitting a patch. +1 It is a common module in all major linux distros quite for a while. In the meanwhile, how do I compile the kernel modules myself? Loaded the sources so far, stuck at getting gcc. Do you have a special way to compile the kernel? (In reply to Michael K from comment #3) > In the meanwhile, how do I compile the kernel modules myself? You will have to compile the entire distribution. IPFire won't load any kernel modules that have been built later on for security reasons. > Loaded the sources so far, stuck at getting gcc. Do you have a special way > to compile the kernel? Build instructions are here: https://wiki.ipfire.org/devel/ipfire-2-x/build-howto With regards to security, I would like to stress the importance of IOMMU support. In case of vfio-pci being enabled on hardware without IOMMU support (configurable through kconfig), all devices share a flat view of physical memory without any memory translation operation, with obvious security implications, given that vfio-pci exists to make such devices available to userspace. Therefore, I am okay with enabling this, as long as CONFIG_VFIO_NOIOMMU remains unset. I asked Arne this week to enable this in one of the next kernel builds. |