Play around with HP ML350 G6

Posted at 2020-05-19 making

I hope to passthrough SAS HBA( LSI SAS3008 PCI-Express Fusion-MPT SAS-3) and HP410i raid controller to Proxmox VM.

RMRR issuse in PCIe passthrough

The SAS HBA fail to passthrough to Proxmox VM, and it shows following error:

1
2
3

vfio: failed to set iommu for container: Operation not permitted
dmesg | grep -e DMAR -e IOMMU
vfio-pci 0000:0X:YY.Z: Device is ineligible for IOMMU domain attach due to platform RMRR requirement.  Contact your platform vendor.

[   58.606116] DMAR: DRHD: handling fault status reg 2
[   58.606158] DMAR: [DMA Write] Request device [04:00.0] PASID ffffffff fault addr ffeee000 [fault reason 05] PTE Write access is not set
[  102.466175] DMAR: DRHD: handling fault status reg 102
[  102.466240] DMAR: [DMA Read] Request device [04:00.0] PASID ffffffff fault addr c763e000 [fault reason 06] PTE Read access is not set

HP ML350 G6 enables RMRR(VT-d Reserved Memory Reporting Regions) in PCIe slot, but linux kernel disables RMRR feature for performance issues. HP ML350 G6 can't disable RMRR by method(ref.1), so I patch kernel following Feni's tutorial. After each kernel update, I have to compile again. Aterfax publish the precompiled packges, so I can use dpkg -i *.deb to install the kernel. But you still can follow the latest tuturial to compile kernel.

STEPS: 1. Download the build script (e.g. use wget https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/master/build/proxmox/build.sh) 2. Run the build.sh script from terminal: RMRR_AUTOINSTALL=1 bash ./build.sh 3. To activate patch, add intel_iommu=relax_rmrr to Linux boot args(/etc/default/grub), and run update-grub 4. After reboot, uname -r should show a version ending with -pve-relaxablermrr. And dmesg | grep 'Intel-IOMMU' show similar result.

1 2	root@hp6:~# dmesg \| grep 'Intel-IOMMU' [ 0.050195] DMAR: Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss

Use P410i as HBA card

To turn hp P410i to HBA model and passthrough it, I follow the hpsahba tool.

root@hp6:~# git clone https://github.com/im-0/hpsahba.git
root@hp6:~# cd hpsahba
root@hp6:~/hpsahab# make
root@hp6:~/hpsahba# ./hpsahba -i /dev/sg1 # show information of P410i
VENDOR_ID='HP'
PRODUCT_ID='P410i'
BOARD_ID='0x3245103c'
SOFTWARE_NAME=''
HARDWARE_NAME=''
RUNNING_FIRM_REV='6.40'
ROM_FIRM_REV='6.40'
REC_ROM_INACTIVE_REV='6.40'
YET_MORE_CONTROLLER_FLAGS='0xfa71a216'
NVRAM_FLAGS='0x00'
HBA_MODE_SUPPORTED=1
HBA_MODE_ENABLED=0

root@hp6:~/hpsahba# ./hpsahba -E /dev/sg1 # enable HBA mode in P410i
 //  CAUTION  //  // CAUTION //  //  CAUTION  //  // CAUTION //  //  CAUTION  //
        HBA MODE CHANGE WILL DESTROY YOU DATA!
        HBA MODE CHANGE MAY DAMAGE YOUR HARDWARE!
Type uppercase "yes" to accept the risks and continue: YES

root@hp6:~/hpsahba# apt install dkms pve-headers
root@hp6:~/hpsahba# cd contrib/dkms/
root@hp6:~/hpsahba/contrib/dkms# cat patch.sh
#!/bin/bash
set -e

VERSION=${1:-5.15} # change to working kernel version

echo "Patching for kernel ${VERSION}"

wget "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/drivers/scsi/hpsa.h?h=linux-${VERSION}.y" -O hpsa.h
wget "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/drivers/scsi/hpsa.c?h=linux-${VERSION}.y" -O hpsa.c
wget "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/plain/drivers/scsi/hpsa_cmd.h?h=linux-${VERSION}.y" -O hpsa_cmd.h

shopt -s nullglob
for PATCH in ../../kernel/"${VERSION}"*/*.patch; do
    echo "Applying ${PATCH}"
    patch --no-backup-if-mismatch -Np3 < "${PATCH}"
done

root@hp6:~/hpsahba/contrib/dkms# ./patch.sh
root@hp6:~/hpsahba/contrib/dkms# dkms add ./
root@hp6:~/hpsahba/contrib/dkms# dkms install --force hpsa-dkms/1.0
root@hp6:~/hpsahba/contrib/dkms# modprobe -r hpsa
root@hp6:~/hpsahba/contrib/dkms# modprobe hpsa hpsa_use_nvram_hba_flag=1
root@hp6:~# dmesg | grep hpsa
[  441.376027] hpsa 0000:04:00.0: can't disable ASPM; OS doesn't have ASPM control
[  441.376424] hpsa 0000:04:00.0: Logical aborts not supported
[  441.376426] hpsa 0000:04:00.0: HP SSD Smart Path aborts not supported
[  441.413464] scsi host2: hpsa
[  441.413839] hpsa can't handle SMP requests
[  441.417137] hpsa 0000:04:00.0: NVRAM HBA flag: enabled
[  441.433014] hpsa 0000:04:00.0: scsi 2:0:0:0: added RAID              HP       P410i            controller SSDSmartPathCap- En- Exp=1
[  441.433020] hpsa 0000:04:00.0: scsi 2:0:1:0: added Direct-Access     ATA      HGST HDN726060AL PHYS DRV SSDSmartPathCap- En- Exp=1
[  441.433024] hpsa 0000:04:00.0: scsi 2:0:2:0: added Direct-Access     ATA      ST4000VX000-1F41 PHYS DRV SSDSmartPathCap- En- Exp=1
[  441.433027] hpsa 0000:04:00.0: scsi 2:0:3:0: added Direct-Access     ATA      ST4000DM004-2CV1 PHYS DRV SSDSmartPathCap- En- Exp=1
[  441.433030] hpsa 0000:04:00.0: scsi 2:0:4:0: masked Enclosure         PMCSIERA  SRC 8x6G        enclosure SSDSmartPathCap- En- Exp=0
root@hp6:~# modinfo hpsa
filename:       /lib/modules/5.15.39-3-pve/updates/dkms/hpsa.ko
alias:          cciss
license:        GPL
version:        3.4.20-200
description:    Driver for HP Smart Array Controller version 3.4.20-200
author:         Hewlett-Packard Company
retpoline:      Y
name:           hpsa
vermagic:       5.15.39-3-pve SMP mod_unload modversions
parm:           hpsa_simple_mode:Use 'simple mode' rather than 'performant mode' (int)
parm:           hpsa_use_nvram_hba_flag:Use flag from NVRAM to enable HBA mode (bool)
root@hp6:~# # you will get one more parm option `hpsa_use_nvram_hba_flag` than orignal hpsa module.
root@hp6:~# # to make persistent change
root@hp6:~# echo "options hpsa hpsa_use_nvram_hba_flag=1" > /etc/modprobe.d/hpsa.conf
root@hp6:~# update-initramfs -u -k all
root@hp6:~# reboot

I don't known why the hpsa-dkms doesn't generate hpsa module with hpsa_use_nvram_hba_flag during kernel upgrade. If I remove hpsa-dkms by dkms remove hpsa-dkms/1.0 --all and patch the kernel again, it works. I can build binary files, but no idea how to package as rpm.

I try to patch P410i in the opensuse VM. https://github.com/openSUSE/kernel-source/blob/master/doc/README.SUSE https://forums.opensuse.org/showthread.php/569506-Kernel-Update https://forum.proxmox.com/threads/hp-proliant-microserver-gen8-raidcontroller-hp-p410-passthrough-probleme.30547/#post-153784

Install kernel-source. Change to the /usr/src/linux directory.
Create a build directory for use in configuring and building the kernel. Using /usr/src/linux directly requires root priviledges and will cause problems if you need to build kernel modules for other installed kernels.
Configure the kernel (for example, ``make -C /usr/src/linux O=$(pwd) oldconfig'', see HOW TO CONFIGURE THE KERNEL SOURCES).
Build the kernel and all its modules (``make'').
Make sure that /etc/modprobe.d/unsupported-modules contains
```
allow_unsupported_modules 1
```
otherwise modprobe will refuse to load any modules.
Install the kernel and the modules (make modules_install'', followed bymake install''). This will automatically create an initrd for the new kernel as well (see ``mkinitrd -h'').

1 2	[ 103.609595] DMAR: DRHD: handling fault status reg 2 [ 103.800729] DMAR: [DMA Read NO_PASID] Request device [04:00.0] fault addr 0xe763e000 [fault reason 0x06] PTE Read access is not set

1
2
3

dmesg | grep -e DMAR -e IOMMU
[  103.609595] DMAR: DRHD: handling fault status reg 2
[  103.800729] DMAR: [DMA Read NO_PASID] Request device [04:00.0] fault addr 0xe763e000 [fault reason 0x06] PTE Read access is not set

Fail https://www.reddit.com/r/Proxmox/comments/hhx77k/the_importance_of_iommupt_with_gpu_pass_through_i/ https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/installation_guide/appe-configuring_a_hypervisor_host_for_pci_passthrough

https://forum.proxmox.com/threads/boot-failure-on-upgrade-to-ve-7-2-with-kernel-5-15-35-1-pve.109144/page-2 This one doesn't work for me.

Remote access by ILO2

Because even on the latest firmware (2.33 as of 2021-04-16), due to hardware limitations, iLO2 does not support modern TLS (and ciphers). But recently java disable TLS 1.0 and 1.1.(ref 8) Therefore, adjusting the JRE's security settings is necessary. Seemingly, this can not be done at runtime, so a custom security file has to be passed to Java.(ref.7)

This viewer doesn't run on my openSUSE. Even I follow tutorial in ref.9 to modify the system java.security, I still get error of SSLException: No appropriate protocol. I doubt that java interacts with java.security in wrong way. But, I'm lucky to find that it works well in RPI 3B.

1
2
3

git clone https://github.com/scrapes/ILO2-Standalone-Remote-Console.git
./gradlew build
./java -Djava.security.properties=java.security -jar ILO2RemCon.jar -c config.properties

Ref:

1. https://www.jimmdenton.com/proliant-intel-dpdk/
1. Fen's build script
1. Feni's tutorial
1. Proxmox Wiki Pass(e) PCI Passthrough
1. Proxmox Wiki Pass Disk
1. Enable IT mode on HP Smart Array P410i RAID card on HP DL380 Gen7 servers
1. ILO2-Standalone-Remote-Console Issues#12
1. Disable TLS 1.0 and 1.1
1. Error "No appropriate protocol" in RSA Access Manager 6.2

Previous post: Build Diskless Fedora Next post: Work with Chromebook

Squirrel Hole

江心一庐

RMRR issuse in PCIe passthrough

Use P410i as HBA card

Remote access by ILO2

Ref: