I'm using CentOS 5.4 on my dom0 with a stock Xen kernel. I'm attempting to use the pciback module to hide some of the Ethernet ports from the host and reserve them for a domU I intend to use for a firewall (process described here and here). However, when I launch the domU, I get the following error message:
Using config file "/etc/xen/firewall".
Error: pci: improper device assignment specified: pci: 0000:01:04.0 must be co-assigned to the same guest with 0000:01:06.0, but it is not owned by pciback.
lspci gives me the following output:
00:00.0 Host bridge: Intel Corporation 82945G/GZ/P/PL Memory Controller Hub (rev 02)
00:02.0 VGA compatible controller: Intel Corporation 82945G/GZ Integrated Graphics Controller (rev 02)
00:1d.0 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #1 (rev 01)
00:1d.1 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #2 (rev 01)
00:1d.2 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #3 (rev 01)
00:1d.3 USB Controller: Intel Corporation 82801G (ICH7 Family) USB UHCI Controller #4 (rev 01)
00:1d.7 USB Controller: Intel Corporation 82801G (ICH7 Family) USB2 EHCI Controller (rev 01)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev e1)
00:1f.0 ISA bridge: Intel Corporation 82801GB/GR (ICH7 Family) LPC Interface Bridge (rev 01)
00:1f.2 IDE interface: Intel Corporation 82801GB/GR/GH (ICH7 Family) SATA IDE Controller (rev 01)
00:1f.3 SMBus: Intel Corporation 82801G (ICH7 Family) SMBus Controller (rev 01)
01:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:06.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
01:07.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
From the sound of the error message, it seems like I also need to dedicate eth0 (PCI ID 01:04.0) to the domU. Am I correct? If not, what am I doing wrong? Thanks!
Correct - multifunction devices (by spec) must be assigned to the same domain.
However, in certain cases it will still work. You may get lucky - looks you have multiple devices on the same card rather than a single multifunction device.
Try setting
pci-passthrough-strict-check no
in/etc/xen/xend-config.sxp
and it just may work.