In a default configuration, all PCI (Peripheral Component Interconnect) devices are available for all virtual machines. In some cases, this shouldn't happen. Think, for example, of dongles that should be available for one specific virtual machine (VM) only, or network boards that you want to reserve to reach better performance. In this article, you'll learn what management options exist with regard to PCI devices. I'll use a Xen environment in this example.
To reserve a PCI device for one virtual machine, you must make sure that it isn't claimed by the Dom0 operating system when that comes up. To do that, you need the pciback module. To let this module do its work, you must ensure that it is activated at a very early stage of the boot procedure. Typically, that would mean that you have to put it in your server's initrd. If you are using SUSE, open /etc/sysconfig/kernel and add pciback to the list of initrd modules. Next, run the mkinitrd command to generate the new initrd.
Now that you have ensured that the pciback module loads as one of the first things when your server boots, you can assign PCI interfaces to it. To do that, you need the lspci command as shown in listing 1 below:
(For listing 1, see the "Code" section after the rest of the tip.)
In the example of the lspci command output, you see that a short notation of the PCI device ID is used. Put 0000 in front of that to get the complete device ID. Next, use the /etc/modprobe.conf.local configuration file to tell pciback that a certain module should be excluded. For example, to include the IEEE 1394 interface from the list of module above, put the following line in /etc/modprobe.conf:
options pciback hide=(0000:03:01.0)
Make sure that after editing the modprobe configuration file, you rebuild the initrd, using the mkinitrd command. Don't forget to reboot your virtual machine as well.
After excluding a PCI device this way, you need to bind it to a specific virtual machine. To do that, you have to put it in its configuration file, or specify the name of the device when booting the virtual machine. If you want to put it permanently in the virtual machine's configuration file, include the following line in that file:
pci=[ '0000:03:01.0', ]
Next, start the virtual machine. You should now see the PCI device in that virtual machine. The virtual machine will be the only machine that has access to this PCI device. As an alternative, you can perform a manual binding as well. For example, the following command assigns a PCI device temporarily when booting a virtual machine:
xm create pci=0000:03:01.0 /etc/xen/vm/virtualserver
When making this setting on a virtualization platform where Virtual Machine Manager is used, don't forget to use the xm new /etc/xen/vm/virtualserver command next. This will add the virtual machine to the managed Xen environment as well.
Pros, cons of device sharing
The major benefit of working in a virtual environment, is the ability to share physical devices. In some cases, however, it is better not to share devices, but to reserve them to a particular virtual machine. In this article, you have learned how to do that with PCI devices.
About the author: Sander van Vugt is an author and independent technical trainer, specializing in Linux since 1994. Vugt is also a technical consultant for high-availability (HA) clustering and performance optimization, as well as an expert on SLED 10 administration.
Listing 1: Use the lspci command to find the PCI ID of the PCI interface you want to exclude
BTN:~ # lspci 00:00.0 Host bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express Memory Controller Hub (rev 03) 00:01.0 PCI bridge: Intel Corporation Mobile 945GM/PM/GMS, 943/940GML and 945GT Express PCI Express Root Port (rev 03) 00:1b.0 Audio device: Intel Corporation 82801G (ICH7 Family) High Definition Audio Controller (rev 01) 00:1c.0 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 1 (rev 01) 00:1c.1 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 2 (rev 01) 00:1c.2 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 3 (rev 01) 00:1c.3 PCI bridge: Intel Corporation 82801G (ICH7 Family) PCI Express Port 4 (rev 01) 00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1 (rev 01) 00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2 (rev 01) 00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3 (rev 01) 00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4 (rev 01) 00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 01) 00:1e.0 PCI bridge: Intel Corporation 82801 Mobile PCI Bridge (rev e1) 00:1f.0 ISA bridge: Intel Corporation 82801GBM (ICH7-M) LPC Interface Bridge (rev 01) 00:1f.2 IDE interface: Intel Corporation 82801GBM/GHM (ICH7 Family) SATA IDE Controller (rev 01) 00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus Controller (rev 01) 01:00.0 VGA compatible controller: nVidia Corporation GeForce Go 7950 GTX (rev a1) 03:01.0 FireWire (IEEE 1394): Ricoh Co Ltd R5C832 IEEE 1394 Controller 03:01.1 Generic system peripheral [Class 0805]: Ricoh Co Ltd R5C822 SD/SDIO/MMC/MS/MSPro Host Adapter (rev 19) 03:01.2 System peripheral: Ricoh Co Ltd R5C843 MMC Host Controller (rev 01) 03:01.3 System peripheral: Ricoh Co Ltd R5C592 Memory Stick Bus Host Adapter (rev 0a) 03:01.4 System peripheral: Ricoh Co Ltd xD-Picture Card Controller (rev 05) 09:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5752 Gigabit Ethernet PCI Express (rev 02) 0c:00.0 Network controller: Broadcom Corporation BCM4328 802.11a/b/g/n (rev 01)