15.5. PCI passthrough for para-virtualized Xen guests on Red Hat Enterprise Linux
			PCI passthrough is used to allow a Xen guest exclusive access to a PCI device, rather than sharing with other guests or with dom0. PCI passthrough for para-virtualized Xen guests is supported on all Red Hat Enterprise Linux 5 systems, however PCI passthrough with fully virtualized guests is only supported on Red Hat Enterprise Linux 5.4 and newer.
		
Warning
				PCI passthrough to para-virtualized guests is considered insecure and is not supported for Red Hat Enterprise Linux 6 guests.
			
Limitations of Xen PCI passthrough:
Any guest using PCI passthrough will no longer be available for save, restore, or migration capabilities, as it will be tied to a particular non-virtualized hardware configuration.
			A guest which has access to a non-virtualized PCI device via PCI passthrough also has the potential to access the DMA address space of dom0, which is a potential security concern.
		
			To link a PCI device to a guest the device must first be hidden from the host. If the host is using the device, the device cannot be assigned to the guest.
		
Procedure 15.3. Example: attaching a PCI device
- Given a network device which uses the bnx2 driver and has a PCI id of 0000:09:00.0, the following lines added to/etc/modprobe.confhides the device from dom0. Either thebnx2module must be reloaded or the host must be restarted.install bnx2 /sbin/modprobe pciback; /sbin/modprobe --first-time --ignore-install bnx2 options pciback hide=(0000:09:00.0) install bnx2 /sbin/modprobe pciback; /sbin/modprobe --first-time --ignore-install bnx2 options pciback hide=(0000:09:00.0)Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Multiple PCI identifiers can be added to/etc/modprobe.confto hide multiple devices.options pciback hide=(0000:09:00.0)(0000:0a:04.1) options pciback hide=(0000:09:00.0)(0000:0a:04.1)Copy to Clipboard Copied! Toggle word wrap Toggle overflow 
- Use one of the following methods to add the passed-through device to the guest's configuration file:- virsh(Section 15.1, “Adding a PCI device with virsh” - Step 5);
- virt-manager(Section 15.2, “Adding a PCI device with virt-manager”); or
- virt-install(Section 15.3, “PCI passthrough with virt-install”)
 
Warning
				Due to interrupt tracking, repeatedly hotplugging or hotunplugging an assigned device more than 512 times in a brief period of time can cause a kernel error. Please do not repeatedly hotplug/hotunplug an assigned device.
			
Note
				When running Red Hat Enterprise Linux 5 as a KVM guest, the 
acpiphp kernel module must be loaded in the guest to support dynamic addition and removal of PCI devices. This module enables the guest to receive insertion and removal notifications from qemu. To manually load this module, run the following command in the guest:
			modprobe acpiphp
# modprobe acpiphp
				To enable this module to be loaded automatically on every guest boot, perform the following commands in the guest:
			
echo 'modprobe acpiphp' > /etc/sysconfig/modules/acpiphp.modules
# echo 'modprobe acpiphp' > /etc/sysconfig/modules/acpiphp.moduleschmod +x /etc/sysconfig/modules/acpiphp.modules
# chmod +x /etc/sysconfig/modules/acpiphp.modules
				After reboot, the module should be loaded and can be confirmed with the 
lsmod | grep acpiphp command. More information on persistent module loading in Red Hat Enterprise Linux 5 can be found in the Red Hat Enterprise Linux 5 Deployment Guide.