akam1oの日記

クラウドを作るお仕事をしています

Proxmox VE で Intel N100 の iGPU を SR-IOV で VM に PCI Passthrough する

Proxmox

0. 目次

1. 概要

Intel N100 がハードウェア的に SR-IOV に対応していたため Proxmox VE で VMPCI Passthrough します。

2. 背景

元々 Ryzen Renoir のホストを運用していて、それを vfio-mdev で VM に見せようとしていましたが時間がかかりそうなため、手軽にできそうな Intel の iGPU の SR-IOV で VMGPU に見せることにしました。 Intel の iGPU は Tiger Lake から SR-IOV に対応しています。

AMD iGPU のドライバをあれこれして vfio-mdev VM に見せる手法については追々検証予定です。

3. 手順

3.1 build 環境構築

# apt install pve-headers-$(uname -r) build-essential dkms mokutil sysfsutil git

3.2 dkms build

git clone

# git clone https://github.com/strongtz/i915-sriov-dkms.git

dkms.conf を編集

# KERNEL=$(uname -r); KERNEL=${KERNEL%-pve}
# sed -i 's/"@_PKGBASE@"/"i915-sriov-dkms"/g' ~/i915-sriov-dkms/dkms.conf
# sed -i 's/"@PKGVER@"/"'"$KERNEL"'"/g' ~/i915-sriov-dkms/dkms.conf

# cat dkms.conf
PACKAGE_NAME="i915-sriov-dkms"
PACKAGE_VERSION="6.5.11-8"

MAKE[0]="make -C ${kernel_source_dir} M=${dkms_tree}/${PACKAGE_NAME}/${PACKAGE_VERSION}/build KVER=${kernelver}"
CLEAN="make -C ${kernel_source_dir} M=${dkms_tree}/${PACKAGE_NAME}/${PACKAGE_VERSION}/build KVER=${kernelver} clean"

BUILT_MODULE_NAME[0]="i915"
DEST_MODULE_LOCATION[0]=/kernel/drivers/gpu/drm/i915

AUTOINSTALL=yes

dkms add

# dkms add .
# cd /usr/src/i915-sriov-dkms-$KERNEL
# dkms status

dkms build install

# dkms install -m i915-sriov-dkms -v $KERNEL -k $(uname -r) --force -j `nproc`
Sign command: /lib/modules/6.5.11-8-pve/build/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub

Building module:
Cleaning build area...
make -j4 KERNELRELEASE=6.5.11-8-pve -C /lib/modules/6.5.11-8-pve/build M=/var/lib/dkms/i915-sriov-dkms/6.5.11-8/build KVER=6.5.11-8-pve............................................................................................
Signing module /var/lib/dkms/i915-sriov-dkms/6.5.11-8/build/i915.ko
Cleaning build area...

i915.ko:
Running module version sanity check.
 - Original module
   - This kernel never originally had a module by this name
 - Installation
   - Installing to /lib/modules/6.5.11-8-pve/updates/dkms/
depmod...

3.3 grub.conf 更新

/etc/defaults/grubGRUB_CMDLINE_LINUXiommu=pt intel_iommu=on i915.enable_guc=3 i915.max_vfs=7 を追記してください。

参考までに私の grub.conf の一部を示します。

GRUB_CMDLINE_LINUX_DEFAULT="quiet "
GRUB_CMDLINE_LINUX="intel_idle.max_cstate=1 processor.max_cstate=1 cpufreq.default_governor=performance iommu=pt intel_iommu=on i915.enable_guc=3 i915.max_vfs=7"

update-grub, initramfs 更新

# update-grub
# update-initramfs -u -k all

3.4 sysfs.conf に追記

# echo "devices/pci0000:00/0000:00:02.0/sriov_numvfs = 2" > /etc/sysfs.conf

3.5 reboot

無事に上がってくることを祈りながら reboot

# reboot

3.6 確認

dmesg

# dmesg | grep i915
[    0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-6.5.11-8-pve root=/dev/mapper/pve-root ro intel_idle.max_cstate=1 processor.max_cstate=1 cpufreq.default_governor=performance iommu=pt intel_iommu=on video=efifb:off i915.enable_guc=3 i915.max_vfs=7 quiet
[    0.070552] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-6.5.11-8-pve root=/dev/mapper/pve-root ro intel_idle.max_cstate=1 processor.max_cstate=1 cpufreq.default_governor=performance iommu=pt intel_iommu=on video=efifb:off i915.enable_guc=3 i915.max_vfs=7 quiet
[    3.435960] i915: module verification failed: signature and/or required key missing - tainting kernel
[    4.115709] i915 0000:00:02.0: Running in SR-IOV PF mode
[    4.116313] i915 0000:00:02.0: [drm] VT-d active for gfx access
[    4.116340] i915 0000:00:02.0: vgaarb: deactivate vga console
[    4.116410] i915 0000:00:02.0: [drm] Using Transparent Hugepages
[    4.116814] i915 0000:00:02.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[    4.119663] i915 0000:00:02.0: [drm] Finished loading DMC firmware i915/adlp_dmc.bin (v2.20)
[    4.119791] mei_hdcp 0000:00:16.0-b638ab7e-94e2-4ea2-a552-d1c54b627f04: bound 0000:00:02.0 (ops i915_hdcp_ops [i915])
[    4.130395] i915 0000:00:02.0: [drm] GT0: GuC firmware i915/tgl_guc_70.bin version 70.13.1
[    4.130403] i915 0000:00:02.0: [drm] GT0: HuC firmware i915/tgl_huc.bin version 7.9.3
[    4.135982] i915 0000:00:02.0: [drm] GT0: HuC: authenticated for all workloads!
[    4.136431] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled
[    4.136433] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled
[    4.136921] i915 0000:00:02.0: [drm] GuC RC: enabled
[    4.139594] mei_pxp 0000:00:16.0-fbf6fcf1-96cf-4e2e-a6a6-1bab8cbe36b1: bound 0000:00:02.0 (ops i915_pxp_tee_component_ops [i915])
[    4.139861] i915 0000:00:02.0: [drm] Protected Xe Path (PXP) protected content support initialized
[    4.197366] [drm] Initialized i915 1.6.0 20201103 for 0000:00:02.0 on minor 0
[    4.199293] snd_hda_intel 0000:00:1f.3: bound 0000:00:02.0 (ops i915_audio_component_bind_ops [i915])
[    4.199523] i915 0000:00:02.0: [drm] Cannot find any crtc or sizes
[    4.199631] i915 0000:00:02.0: [drm] Cannot find any crtc or sizes
[    4.199682] i915 0000:00:02.0: 7 VFs could be associated with this PF

PF mode で動いていることと 7VF まで割当できるログが確認できます。

[    4.115709] i915 0000:00:02.0: Running in SR-IOV PF mode
[    4.199682] i915 0000:00:02.0: 7 VFs could be associated with this PF

4. 利用

4.1 VF 作成

sysfs から VF 数を指定できます。 PCI device id は PF, VF とも同一になるので注意。

# echo 2 > /sys/bus/pci/devices/0000\:00\:02.0/sriov_numvfs

# lspci -vnn | grep VGA
00:02.0 VGA compatible controller [0300]: Intel Corporation Alder Lake-N [UHD Graphics] [8086:46d1] (prog-if 00 [VGA controller])
00:02.1 VGA compatible controller [0300]: Intel Corporation Alder Lake-N [UHD Graphics] [8086:46d1] (prog-if 00 [VGA controller])
00:02.2 VGA compatible controller [0300]: Intel Corporation Alder Lake-N [UHD Graphics] [8086:46d1] (prog-if 00 [VGA controller])

4.2 VMPCIバイスを追加

5. 起動

無事起動できました。

参考