[SOLVED] KVMFR Fedora 40 permission denied

Hey guys

Recently migrated to F40 and need to get my vfio setup working again,
i decided to try out kvmfr as opposing to using ivshmem.

However im running into trouble:

I followed the guide on Kernel Module — Looking Glass B5.0.1 documentation

when i try to launch my VM i get:

image

lsmod returns:

# lsmod |grep kvmfr
kvmfr                  24576  0

/dev/kvmfr0 device:

# ls -l |grep kvmfr0
crw-rw----.  1 delta delta   236,     0 May 19 21:49 kvmfr0

delta (uid 1000) is part of both kvm and libvirt groups

kvmfr0 is created at boot time using /etc/modprobe.d/kvmfr.conf

# cat /etc/modprobe.d/kvmfr.conf 
options kvmfr static_size_mb=128

permissions set using udev:

# cat /etc/udev/rules.d/99-kvmfr.rules
SUBSYSTEM=="kvmfr", OWNER="delta", GROUP="kvm", MODE="0660"

(also tried setting manually using chown)

/etc/libvirt/qemu.conf line 565+ looks like this:

cgroup_device_acl = [
    "/dev/null", "/dev/full", "/dev/zero",
    "/dev/random", "/dev/urandom",
    "/dev/ptmx", "/dev/kvm",
    "/dev/userfaultfd",
    "/dev/kvmfr0"
]

Linux localhost 6.8.9-300.fc40.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 2 18:59:06 UTC 2024 x86_64 GNU/Linux

Audit2allow (SElinux) returns no alerts, and i also tried enabling permissive mode.

my config is here: vfio - Pastebin.com
(note: i changed the size of the device to 128M, still fails though)

i tried with both the old and new syntax as suggested on the looking glass guide, no change.

im pretty sure i’m the idiot thats missing something - the VM boots fine without the kvmfr setup.

Please advise :slight_smile:

Check SELinux again. I have this problem with the ivshmem file. When SELinux is on I needed to create custom profile to allow access to the ivshmem file. I know you’ve said you checked but I would urge you to make sure that’s really not it.

Whenever something doesn’t work in Fedora, but after some troubleshooting one cannot make any sense of it, it’s SELinux.

I really like the idea of SELinux, but in 20 years I have still come to terms with it.

PS: while using grep like you did here works, it’s a bit silly. ls -l /dev/kvmfr0 :slight_smile:

Permissions are wrong, /dev/kvmfr0 is delta:delta yet your udev rule has it as delta:kvm.

QEMU runs as the group kvm and unless you added the delta group to the kvm group, it wont be able to access the dev node.

chown delta:kvm /dev/kvmfr0

Please also upgrade and use a modern version of LG, B5 is three years old. You should be using B6, or better, B7-rc1.

https://looking-glass.io/docs/B7-rc1/ivshmem_kvmfr/

3 Likes

Thanks that solved my issue!

I got another error at first, but i changed the syntax to the recommeded in the newer version of libvirt, even if it looks weird after saving the config

Gonna go right ahead and upgrade to B7.

Thanks for the support, and for developing looking glass! - you put the rockstar, in rockstar developer!!

2 Likes