Enable the vfio-pci module so PCI passthrough to QEMU VM's can work. Please see here for more information: https://community.ipfire.org/t/qemu-pci-passthrough/6883 https://community.ipfire.org/t/vfio-kernel-module-for-pci-passthrough/1056
Any updates on this? Would it help if I were to submit a patch instead?
If Arne gives his okay, I would like you submitting a patch.
+1 It is a common module in all major linux distros quite for a while. In the meanwhile, how do I compile the kernel modules myself? Loaded the sources so far, stuck at getting gcc. Do you have a special way to compile the kernel?
(In reply to Michael K from comment #3) > In the meanwhile, how do I compile the kernel modules myself? You will have to compile the entire distribution. IPFire won't load any kernel modules that have been built later on for security reasons. > Loaded the sources so far, stuck at getting gcc. Do you have a special way > to compile the kernel? Build instructions are here: https://wiki.ipfire.org/devel/ipfire-2-x/build-howto
With regards to security, I would like to stress the importance of IOMMU support. In case of vfio-pci being enabled on hardware without IOMMU support (configurable through kconfig), all devices share a flat view of physical memory without any memory translation operation, with obvious security implications, given that vfio-pci exists to make such devices available to userspace. Therefore, I am okay with enabling this, as long as CONFIG_VFIO_NOIOMMU remains unset.
I asked Arne this week to enable this in one of the next kernel builds.
https://patchwork.ipfire.org/project/ipfire/patch/1fa0c74d-4dc5-9e12-4c09-73db1278cbf3@ipfire.org/
https://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=38a5d03f590f5c7438f9c3abc77580df486e1f6e
https://blog.ipfire.org/post/ipfire-2-27-core-update-170-is-available-for-testing
https://blog.ipfire.org/post/ipfire-2-27-core-update-170-released