[TUTORIAL] Compile Proxmox VE with patched intel-iommu driver to remove RMRR check

Thank you for your answering, i'm really novice to do these patch, is there some video tutorial link for patch applying?
My proxmox installation is to follow default installation, I don't know my kernel version
 
Thank you for your answering, i'm really novice to do these patch, is there some video tutorial link for patch applying?
My proxmox installation is to follow default installation, I don't know my kernel version

I'm not aware of any video tutorial, but the original repo by kiler129 is very well documented. The installation has exact instructions here:

https://github.com/kiler129/relax-intel-rmrr/blob/master/README.md#proxmox---premade-packages-easy

To find out which kernel you have just run
Code:
uname -r
in the host terminal
 
I'm trying to use this tutorial to build my own kernel with this patch: https://lore.kernel.org/all/BL1PR12...99@BL1PR12MB5144.namprd12.prod.outlook.com/T/

However I'm now stuck with:

Code:
dpkg-source: warning: can't parse dependency pve-headers-5.13.18-1-pve-pci_amd_crypto_noflr
dpkg-source: error: cannot parse Build-Conflicts field
dpkg-buildpackage: error: dpkg-source --before-build . subprocess returned exit status 255
make: *** [Makefile:60: pve-kernel-5.13.18-1-pve-pci_amd_crypto_noflr_5.13.18-1_amd64.deb] Error 255

Anyone able to point a noob in the right direction?
 
I came across this thread and the original repo trying to get an HP Microserver Gen 8 working; here's the compiled binary for 5.11.x (and repo fork if you want to compile yourself)

I've updated the build scripts to work with proxmox 7, but the kernel snapshot shortcut doesn't work for hirsute yet, so it takes a lot longer to compile (but functionally identical)

The original idea behind the patches still work, just the sources for 5.11.x is slightly different so the diffs need to be recalculated. There's also a patch_notes.sh roughly outlining how to generate the .patch files for the 3 modifications for any kernel

https://github.com/crankswagon/relax-intel-rmrr/releases
Thank you very much for your patch! It works well for my setup.

Still I have an issue even if it seems to work: I try to use a PCI-E P420 card in HBA mode and when starting the VM, the card works but the fan speed of my HP G8 maxes out immediately, until I reboot the server. I tried to find something online but could not figure out a solution. Is there a specific reason for this behavior, and how can it be prevented?

Thank you in advance!
 
@crankyjay I edited a couple of path lines in build.sh and got it working. The ones that had double ../../ I just put the full path. Thanks! :cool:
Apologies for the slow reply.

Beyond the script itself, best way is to look at the actual lines being modified in the source driver instead of using the script, which may or may not continue to work on up stream

I've pulled source for 5.15 and will be compiling in the next day or so.

My assumption is that it will fail with the script. I'll only have to insert the lines manually
 
  • Like
Reactions: Whitterquick
@Whitterquick My machine died of the infamous power plain issue common on this series a few months back, and I've since moved to 12th gen Core for AVX512 developement.

what may be best moving forward would be to use gits patch application mechanism directly, or otherwise provide notes on how to search for and change the lines in question.

Doing it that way instead might be best, it's what I've found to help the most people with other issues. See for example how to get the RadeonPro drivers going: PopOS_amdgpu.md


In principle you should be able to do a `grep -r` from the head of the directory to find the specific file, vim||nano into the file, search inside that file for the string and go from there.

In essence that's all the script is attempting to do, but by not communicating that, we end up with issues every time the kernel updates.


P.S. not sure why I got a ghost ping, but try and avoid that if possible
 
Last edited:
  • Like
Reactions: Whitterquick
sed is usually used for this and these are probably the sed commands you will need to patch the file:
Code:
'/^static int iommu_skip_te_disable;.*/a static int intel_relaxable_rmrr = 0;'
'/intel_iommu_tboot_noforce = 1;/a \\    \    } else if (!strncmp(str, "relax_rmrr", 10)) {\n\    \    \    pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\\n");\n\    \    \    intel_relaxable_rmrr = 1;'
's/if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))/if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))/g'

Assuming each line above is $INPUT

sed $INPUT iommu.c

*Warning* I have not tested the above as part of the script, only in the sed live editor.

See:
Note: Above I can already see paste issues as a result of tab conversion into spaces, any time you see a "\ " (aka 4 spaces) this actually needs to be a tab.

See: https://raw.githubusercontent.com/A...r/master/patches/relaxable-rmrr-patch-sed.txt
 
Last edited:
  • Like
Reactions: Whitterquick
I've now amended the build script to use sed rather than patch. Tested it once and it seems fine (I've not rebooted to check the patched kernel actually works, just compiled and installed it), so let me know if otherwise. Explanation in the README.

https://github.com/Aterfax/relax-intel-rmrr

At some point I will need to make a PR back to the main repo / have a chat and find out what the main repo is or should be (depending on who is active.)
 
Last edited:
  • Like
Reactions: Whitterquick
I've now amended the build script to use sed rather than patch. Tested it once and it seems fine (I've not rebooted to check the patched kernel actually works, just compiled and installed it), so let me know if otherwise. Explanation in the README.

https://github.com/Aterfax/relax-intel-rmrr

At some point I will need to make a PR back to the main repo / have a chat and find out what the main repo is or should be (depending on who is active.)
That was @kiler129 but I don’t think he’s working on it anymore. Glad to see this work continue :)
 
@Aterfax thanks for picking up where kiler129 and others left off and making the sed based version that can compile a kernel for 7.1.10+ I've been scrambling to find a solution to deal with the rmrr issues on my Proliant DL380 G7 and I think your kernel patch is it! Everything downloaded, compiled, installed, and booted correctly. I'm still getting "DMAR: Device is ineligible for IOMMU domain attach due to platform RMRR requirement. Contact your platform vendor." when I do the dmesg | grep command. There is also an interesting message being thrown in the dmesg | grep command that says "DMAR: Unknown option - 'relax_rmrr'". With that unknown option error that makes me think something went sideways in the patch process? Any ideas how to proceed?
 
Hmm, I did write this at 4 or 5 in the morning so there is a distinct chance I have made a mistake somewhere, but I did uninstall recompile and re-install as part of my testing and my current booted kernel is doing passthrough ok.

Have a look and see if you've got the right kernel booted by clicking on your node and the summary page. Mine currently shows
Kernel Version Linux 5.15.35-1-pve-relaxablermrr #1 SMP PVE 5.15.35-2 (Thu, 05 May 2022 13:54:35 +0200)

I'm pretty sure I only compiled 5.15.35-2 with the new script :confused: (Debs timestamp is May 11 06:33 linux-tools-5.15_5.15.35-2_amd64.deb which would appear to agree.)

I know that a recent PVE kernel update came out so by updating you might be using that, you may need to pin your chosen kernel version to avoid automatically using the newest unpatched PVE kernels.

See: https://pve.proxmox.com/wiki/Host_Bootloader
 
Last edited:
Well I compiled and installed the new kernel around 6AM this morning so I might have missed something too. :)

My Kernel Version as shown on the node summary is below.
Kernel Version Linux 5.13.19-6-pve-relaxablermrr #1 SMP PVE 5.13.19-14 (Thu, 10 Mar 2022 16:24:52 +0100)

Based on the above it appears the new kernel is being used on boot. My PVE version prior to the custom compile was 5.13.19-14 so if that isn't compatible with the patches that could be the issue. If I wait is there a possibility the newest kernel will get patched? I'm by no means a wizard at modifying bash files and compiling code, but I can code and am familiar with Git. If it is just a matter of some text being changed I can clone your repo and do that.

I work at a print shop and our press operators and getting antsy about their RIP servers being offline. I might have to put the hardware cards back in the old ESIX 5.5 machine for now. :(
 
Hmm, that is odd since if you forked my repo it should have built the most recent kernel (the pve-kernel master branch) if you used build7.1-12.sh.
I'd give it ago using that version first if you haven't. (Did you use build7.sh?) I should probably rename build7.1-12.sh to build_latest.sh

There's a chance the sed patching is not compatible with the older versions if there's sufficient differences in the code and I only tested with the most recent.

You should be able to check the patched files as it is compiling in another SSH session and check it really did find and add the needed sections based on one of the older patches e.g. https://github.com/Aterfax/relax-intel-rmrr/blob/master/patches/add-relaxable-rmrr-5_15.patch

Failing that, you can use my master branch but only pull up to commit 81cf6fac78df2348354df4067dcecc8c6c5e7960 as this was working but used the older patch method.

Edit: If you have the previous kernel versions installed that were working you can also choose to pin to a working version and reboot for an immediate fix.
 
Last edited:
I used build7.1-10.sh since that matched my currently running Proxmox version and kernel version. It looks like the build7.1-10.sh and build7.1-12.sh files set some variables for use in the build.sh file so I ran the 7.1-10 file. I did have to edit the build.sh file to change the perl-modules dependency to perl-modules-5.32 to get rid of the "no installation candidate" error that popped up. Apparently you have to specify which version of perl-modules right now since there is also a 5.28 available or so said the Great Google Oracle. :)

I'll give it a go using the build7.1-12.sh file with the newer 5.15 kernel and see if that will work. Worst case is the machine doesn't boot and I can roll back to an older kernel version. I'll post my results for others who might be in the same boat. *fingers crossed*
 
Ah well, I've kicked off a recompile which will take a bit but as I said I am running 5.15.35-1-pve-relaxablermrr and pass through is definitely working as I am passing a quadro card through to a VM!

Let me know if you want me to upload the finished debs!
 
  • Like
Reactions: Whitterquick
Ah well, I've kicked off a recompile which will take a bit but as I said I am running 5.15.35-1-pve-relaxablermrr and pass through is definitely working as I am passing a quadro card through to a VM!

Let me know if you want me to upload the finished debs!
I looked around your Git branch to see if you had uploaded the finished debs and I didn't see those. Could you upload those debs for me? I think you were onto something in our other conversation about the build process not working on my machine even though it ran fine.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!