CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 17:52:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix hardware passthrough for pci devices

Browse Source
This commit is contained in:
m0duspwnens
2025-01-24 17:19:41 -05:00
parent ab97d3b8b7
commit b3969a6ce0
4 changed files with 48 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
salt/hypervisor/tools/sbin/so-kvm-modify-hardware
View File

@@ -25,7 +25,8 @@ used during VM provisioning and hardware reconfiguration tasks.
-v, --vm Name of the virtual machine to modify.
-c, --cpu Number of virtual CPUs to assign.
-m, --memory Amount of memory to assign in MiB.
-p, --pci PCI hardware ID(s) to passthrough to the VM (e.g., 0000:00:1f.2). Can be specified multiple times.
-p, --pci PCI hardware ID(s) to passthrough to the VM (e.g., 0000:c7:00.0). Can be specified multiple times.
Format: domain:bus:device.function
-s, --start Start the VM after modification.
**Examples:**
@@ -33,7 +34,7 @@ used during VM provisioning and hardware reconfiguration tasks.
1. **Modify CPU and Memory with Multiple PCI Devices:**
```bash
so-kvm-modify-hardware -v vm1_sensor -c 4 -m 8192 -p 0000:00:1f.2 -p 0000:00:1f.3 -s
so-kvm-modify-hardware -v vm1_sensor -c 4 -m 8192 -p 0000:c7:00.0 -p 0000:c8:00.0 -s
```
This command modifies a VM with the following settings:
@@ -41,18 +42,18 @@ used during VM provisioning and hardware reconfiguration tasks.
- Hardware Configuration:
- CPUs: `4`
- Memory: `8192` MiB
- PCI Device Passthrough: `0000:00:1f.2`, `0000:00:1f.3`
- PCI Device Passthrough: `0000:c7:00.0`, `0000:c8:00.0`
- The VM is started after modification due to the `-s` flag
2. **Add PCI Device Without Other Changes:**
```bash
so-kvm-modify-hardware -v vm2_master -p 0000:00:1f.4
so-kvm-modify-hardware -v vm2_master -p 0000:c7:00.0
```
This command adds a single PCI device passthrough to the VM:
- VM Name: `vm2_master`
- PCI Device: `0000:00:1f.4`
- PCI Device: `0000:c7:00.0`
- Existing CPU and memory settings are preserved
3. **Update Resource Allocation:**
@@ -70,19 +71,19 @@ used during VM provisioning and hardware reconfiguration tasks.
4. **Add Multiple PCI Devices:**
```bash
so-kvm-modify-hardware -v vm4_node -p 0000:00:1f.2 -p 0000:00:1f.3 -p 0000:00:1f.4 -s
so-kvm-modify-hardware -v vm4_node -p 0000:c7:00.0 -p 0000:c4:00.0 -p 0000:c4:00.1 -s
```
This command adds multiple PCI devices and starts the VM:
- VM Name: `vm4_node`
- PCI Devices: `0000:00:1f.2`, `0000:00:1f.3`, `0000:00:1f.4`
- PCI Devices: `0000:c7:00.0`, `0000:c4:00.0`, `0000:c4:00.1`
- VM is started after modification
**Notes:**
- The script automatically stops the VM if it's running before making modifications.
- At least one modification option (-c, -m, or -p) should be provided.
- The PCI hardware IDs must be in the format `domain:bus:slot.function` (e.g., `0000:00:1f.2`).
- The PCI hardware IDs must be in the format `domain:bus:device.function` (e.g., `0000:c7:00.0`).
- Multiple PCI devices can be added by using the `-p` option multiple times.
- Without the `-s` flag, the VM remains stopped after modification.
- Existing hardware configurations are preserved if not explicitly modified.
@@ -183,9 +184,19 @@ def modify_vm(dom, cpu_count, memory_amount, pci_ids, logger):
'managed': 'yes'
})
source_elem = ET.SubElement(hostdev_elem, 'source')
domain_id, bus_slot_func = pci_id.split(':', 1)
bus_slot, function = bus_slot_func.split('.')
bus, slot = bus_slot[:2], bus_slot[2:]
# Split PCI ID into components (domain:bus:slot.function)
parts = pci_id.split(':')
if len(parts) != 3:
logger.error(f"Invalid PCI ID format: {pci_id}. Expected format: domain:bus:slot.function")
sys.exit(1)
domain_id = parts[0]
bus = parts[1]
slot_func = parts[2].split('.')
if len(slot_func) != 2:
logger.error(f"Invalid PCI ID format: {pci_id}. Expected format: domain:bus:slot.function")
sys.exit(1)
slot = slot_func[0]
function = slot_func[1]
address_attrs = {
'domain': f'0x{domain_id}',
'bus': f'0x{bus}',