Dear SR-IOV and 82599 experts,
I’m testing KVM device(pci) pass-through with new 3.x kernel (RHEL 7.0)
It seems new device pass-through framework, VFIO, has been merged since kernel 3.6.
Before VFIO (prior pci-stub) we could simply assign each PF or VF to different guest VM freely but with VFIO, kernel strictly prohibit assigning devices to different guest (or host) in case they are in same iommu_group. I know it is required because security and PCIe ACS(Access Control Services) can avoid this limitation.
Attachment is about test environment and in this file you can see the test machine definitely support PCIe ACS. So I expected both of VFs and PFs are splitted to different iommu_group so that they can be assigned to different guest VM each.
Against expectation, the two PF on a single X520-SR2 are grouped in same iommu_group while VFs are splitted as I expected. It means I cannot assign dual port NIC to two guest VM each. Is this correct?
It is not easy to understand why PFs are tied in the same iommu_group while VFs are not.
Please someone help me to understand why this limitation still remains and let me know if there is any way I can avoid this.
For performance reason, I need PF pass-through I don't consider VF.