Managing PCI devices in virtual machines

In a default configuration, all PCI (Peripheral Component Interconnect) devices are available for all virtual machines. In some cases, this shouldn't happen. Think, for example, of dongles that should be available for one specific virtual machine (VM) only, or network boards that you want to reserve to reach better performance. In this article, you'll learn what management options exist with regard to PCI devices. I'll use a Xen environment in this example.

To reserve a PCI device for one virtual machine, you must make sure that it isn't claimed by the Dom0 operating system when that comes up. To do that, you need the pciback module. To let this module do its work, you must ensure that it is activated at a very early stage of the boot procedure. Typically, that would mean that you have to put it in your server's initrd. If you are using SUSE, open /etc/sysconfig/kernel and add pciback to the list of initrd modules. Next, run the mkinitrd command to generate the new initrd.

Now that you have ensured that the pciback module loads as one of the first things when your server boots, you can assign PCI interfaces to it. To do that, you need the lspci command as shown in listing 1 below:

(For listing 1, see the "Code" section after the rest of the tip.)

In the example of the lspci command output, you see that a short notation of the PCI device ID is used. Put 0000 in front of that to get the complete device ID. Next, use the /etc/modprobe.conf.local configuration

    Requires Free Membership to View

file to tell pciback that a certain module should be excluded. For example, to include the IEEE 1394 interface from the list of module above, put the following line in /etc/modprobe.conf:

options pciback hide=(0000:03:01.0)

Make sure that after editing the modprobe configuration file, you rebuild the initrd, using the mkinitrd command. Don't forget to reboot your virtual machine as well.

After excluding a PCI device this way, you need to bind it to a specific virtual machine. To do that, you have to put it in its configuration file, or specify the name of the device when booting the virtual machine. If you want to put it permanently in the virtual machine's configuration file, include the following line in that file:

pci=[ '0000:03:01.0', ]

Next, start the virtual machine. You should now see the PCI device in that virtual machine. The virtual machine will be the only machine that has access to this PCI device. As an alternative, you can perform a manual binding as well. For example, the following command assigns a PCI device temporarily when booting a virtual machine:

xm create pci=0000:03:01.0 /etc/xen/vm/virtualserver

When making this setting on a virtualization platform where Virtual Machine Manager is used, don't forget to use the xm new /etc/xen/vm/virtualserver command next. This will add the virtual machine to the managed Xen environment as well.

Pros, cons of device sharing

The major benefit of working in a virtual environment, is the ability to share physical devices. In some cases, however, it is better not to share devices, but to reserve them to a particular virtual machine. In this article, you have learned how to do that with PCI devices.

About the author: Sander van Vugt is an author and independent technical trainer, specializing in Linux since 1994. Vugt is also a technical consultant for high-availability (HA) clustering and performance optimization, as well as an expert on SLED 10 administration.
Listing 1: Use the lspci command to find the PCI ID of the PCI interface you want to exclude

BTN:~ # lspci 

00:00.0 Host bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML 
          and 945GT Express Memory Controller Hub (rev 03) 
00:01.0 PCI bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML 
          and 945GT Express PCI Express Root Port (rev 03) 
00:1b.0 Audio device: Intel Corporation 82801G (ICH7 Family) 
          High Definition Audio Controller (rev 01) 
00:1c.0 PCI bridge: Intel Corporation 82801G (ICH7 Family) 
         PCI Express Port 1 (rev 01) 
00:1c.1 PCI bridge: Intel Corporation 82801G (ICH7 Family) 
         PCI Express Port 2 (rev 01) 
00:1c.2 PCI bridge: Intel Corporation 82801G (ICH7 Family)
          PCI Express Port 3 (rev 01) 
00:1c.3 PCI bridge: Intel Corporation 82801G (ICH7 Family) 
          PCI Express Port 4 (rev 01) 
00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) 
           USB UHCI Controller #1 (rev 01) 
00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) 
           USB UHCI Controller #2 (rev 01) 
00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family)
          USB UHCI Controller #3 (rev 01) 
00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) 
         USB UHCI Controller #4 (rev 01) 
00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family)
         USB2 EHCI Controller (rev 01) 
00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev e1) 
00:1f.0 ISA bridge: Intel Corporation 82801GBM (ICH7-M) 
          LPC Interface Bridge (rev 01) 
00:1f.2 IDE interface: Intel Corporation 82801GBM/GHM (ICH7 Family)
          SATA IDE Controller (rev 01) 
00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus 
          Controller (rev 01) 
01:00.0 VGA compatible controller: nVidia Corporation GeForce
          Go 7950 GTX (rev a1) 
03:01.0 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 IEEE 1394 Controller 
03:01.1 Generic system peripheral [Class 0805]: Ricoh Co 
          Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter (rev 19) 
03:01.2 System peripheral: Ricoh Co Ltd R5C843 MMC 
          Host Controller (rev 01) 
03:01.3 System peripheral: Ricoh Co Ltd R5C592 Memory 
          Stick Bus Host Adapter (rev 0a) 
03:01.4 System peripheral: Ricoh Co Ltd xD-Picture 
          Card Controller (rev 05) 
09:00.0 Ethernet controller: Broadcom Corporation NetXtreme 
         BCM5752 Gigabit Ethernet PCI Express (rev 02) 
0c:00.0 Network controller: Broadcom Corporation BCM4328 
         802.11a/b/g/n (rev 01)

This was first published in November 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.