[SOLVED] Nvidia reset issues with GPU passthrough

[dhellstern]

Recently, my working GPU passthrough configuration broke almost completely. I have a Windows 10 VM used for passthrough, with a very simple config including a single entry to pass all GPU functions through and the CPU set to "host". For almost a year, this configuration has been working fine, with the GTX 1660 Super I passed through working perfectly fine, no Code 43 or anything. However, after some updates, this is no longer the case. There are two issues that have come up.

First, the VM would bootloop with a KERNEL_SECURITY_CHECK_FAILURE BSoD, which I solved by setting the -ibpb flag on the CPU. The CPU is a Ryzen 3600, and by booting into an older kernel, I discovered that a kernel update between 5.4.78-2-pve (what I had before) and 5.4.98-1-pve (what I have now) introduced the issue. This appears to only be an issue with the "host" CPU model, as a separate Windows server VM with "kvm64" was perfectly fine.

The bigger not-yet-solved issue is that there appears to now be a strange GPU reset bug, despite this being an Nvidia setup. I know that it's fairly common to experience such bugs on AMD graphics, but I haven't heard of issues with Nvidia besides consistent Code 43s, and the symptoms seem to be of a reset bug. I don't believe the issue has anything to do with the kernel update, because the bug is reproducible on both versions mentioned in the previous paragraph. No matter what I do (I've tried adding "args: -cpu 'host,+kvm_pv_unhalt,+kvm_pv_eoi,hv_vendor_id=NV43FIX,kvm=off'" and setting "cpu: host,hidden=1,flags=-ibpb", as well as trying and failing to dump the ROM, so instead using a TechPowerUp ROM passed through), the VM can only start once after the system boots, any attempts to shut it down and then restart it will result in a Code 43 in the guest. If I want to reboot the guest and continue using it, I have to reboot the host.

pveversion information:

proxmox-ve: 6.3-1 (running kernel: 5.4.98-1-pve)
pve-manager: 6.3-4 (running version: 6.3-4/0a38c56f)
pve-kernel-5.4: 6.3-6
pve-kernel-helper: 6.3-6
pve-kernel-5.3: 6.1-6
pve-kernel-5.4.101-1-pve: 5.4.101-1
pve-kernel-5.4.98-1-pve: 5.4.98-1
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.1.0-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: 0.8.35+pve1
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.20-pve1
libproxmox-acme-perl: 1.0.7
libproxmox-backup-qemu0: 1.0.3-1
libpve-access-control: 6.1-3
libpve-apiclient-perl: 3.1-3
libpve-common-perl: 6.3-4
libpve-guest-common-perl: 3.1-5
libpve-http-server-perl: 3.1-1
libpve-storage-perl: 6.3-7
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.6-2
lxcfs: 4.0.6-pve1
novnc-pve: 1.1.0-1
proxmox-backup-client: 1.0.8-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.4-5
pve-cluster: 6.2-1
pve-container: 3.3-4
pve-docs: 6.3-1
pve-edk2-firmware: 2.20200531-1
pve-firewall: 4.1-3
pve-firmware: 3.2-2
pve-ha-manager: 3.1-1
pve-i18n: 2.2-2
pve-qemu-kvm: 5.2.0-2
pve-xtermjs: 4.7.0-3
qemu-server: 6.3-5
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-2
zfsutils-linux: 2.0.3-pve2

lscpu output:

Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
Address sizes:       43 bits physical, 48 bits virtual
CPU(s):              12
On-line CPU(s) list: 0-11
Thread(s) per core:  2
Core(s) per socket:  6
Socket(s):           1
NUMA node(s):        1
Vendor ID:           AuthenticAMD
CPU family:          23
Model:               113
Model name:          AMD Ryzen 5 3600 6-Core Processor
Stepping:            0
CPU MHz:             4044.844
CPU max MHz:         3600.0000
CPU min MHz:         2200.0000
BogoMIPS:            7200.12
Virtualization:      AMD-V
L1d cache:           32K
L1i cache:           32K
L2 cache:            512K
L3 cache:            16384K
NUMA node0 CPU(s):   0-11
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm constant_tsc rep_good n
opl nonstop_tsc cpuid extd_apicid aperfmperf pni pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a mis
alignsse 3dnowprefetch osvw ibs skinit wdt tce topoext perfctr_core perfctr_nb bpext perfctr_llc mwaitx cpb cat_l3 cdp_l3 hw_pstate sme ssbd mba sev ibpb stibp vmmcall fsgsbase bmi1 avx2 sme
p bmi2 cqm rdt_a rdseed adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local clzero irperf xsaveerptr wbnoinvd arat npt lbrv svm_l
ock nrip_save tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold avic v_vmsave_vmload vgif umip rdpid overflow_recov succor smca

lspci output:

0b:00.0 VGA compatible controller [0300]: NVIDIA Corporation Device [10de:21c4] (rev a1)
Subsystem: Gigabyte Technology Co., Ltd Device [1458:4013]
Kernel driver in use: vfio-pci
Kernel modules: nvidiafb, nouveau
0b:00.1 Audio device [0403]: NVIDIA Corporation Device [10de:1aeb] (rev a1)
Subsystem: Gigabyte Technology Co., Ltd Device [1458:4013]
Kernel driver in use: vfio-pci
Kernel modules: snd_hda_intel
0b:00.2 USB controller [0c03]: NVIDIA Corporation Device [10de:1aec] (rev a1)
Subsystem: Gigabyte Technology Co., Ltd Device [1458:4013]
Kernel driver in use: vfio-pci
Kernel modules: xhci_pci
0b:00.3 Serial bus controller [0c80]: NVIDIA Corporation Device [10de:1aed] (rev a1)
Subsystem: Gigabyte Technology Co., Ltd Device [1458:4013]
Kernel driver in use: vfio-pci
Kernel modules: i2c_nvidia_gpu

 

[Ramalama]

Kernel modules: nvidiafb, nouveau

Did you blacklisted those modules?

 

[dhellstern]

Yes, I did. For good measure, I blacklisted all the Nvidia ones I saw in /etc/modprobe.d/blacklist.conf:

blacklist nouveau
blacklist nvidia
blacklist nvidiafb
blacklist nvidia-gpu
blacklist ucsi_ccg
blacklist snd_hda_intel
blacklist i2c-nvidia-gpu

Then "update-initramfs -u -k all" and reboot. I don't recall whether they're supposed to show up in "Kernel modules" or not, but I do know the blacklist was working correctly before. And VFIO PCI has no issue binding apparently.

 

[Ramalama]

Well, I can't help then, i had an 1080ti passed through without any issues at all.
But this was in December on kernel 5.4.78 or maybe one kernel before...
The one that was the newest in mid December....

But I don't have it in the server right now, as it is gone into a gaming pc xD

So yeah, all i can say is that it worked for me in December.

But i still have all the cmdline arguments and blacklist etc and even the vm still.
So i can put up the config if you want to compare.

Have as cpu an ryzen 5800x, so we are similar. (Host option worked for me without any problem either)

 

[dhellstern]

If you could post yours for comparison that would be a good sanity check. I was on kernel 5.4.78 before the BSoD issue came up, and I know there was an update to pve-qemu-kvm as well at around the same time which could have been related to the passthrough issue, so I'm not surprised your setup was working back then, since mine was.

And you definitely went the smart route of having a separate PC, but that's not a cost-effective option for me right now.

 

[Ramalama]

/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet amd_iommu=on iommu=pt nvme_core.default_ps_max_latency_us=1200 textonly video=astdrmfb video=efifb:off SYSTEMD_RDRAND=0"
nvme_core.default_ps_max_latency_us=1200 -> for Samsung 980 Pro (disable the lowest sleepstate, cause it freezed the system)
textonly video=astdrmfb video=efifb:off -> for AST2500 (ipmi/bmc grapcs), this forces to boot with that integrated graphics, if another gpu is build in
SYSTEMD_RDRAND=0 -> fix for systemd boot issues, broken rdrand on Zen3 before agesa 1.2.0.0 update
amd_iommu=on iommu=pt -> this you know and what we need

/etc/modules

vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd
overlay
aufs

the first are for passthrough and overlay+aufs is for docker inside LXC Container

/etc/modprobe.d/blacklist.conf

blacklist radeon
blacklist nouveau
blacklist nvidia
blacklist ixgbevf

ixgbevf -> is to blacklist Intel x550 virtualized nics (cause im passing this nics to vms)

/etc/modprobe.d/10-docker.conf
options overlay permit_mounts_in_userns=1
unneccessary info

/etc/modprobe.d/pve-blacklist.conf
blacklist nvidiafb
Comes with proxmox already

/etc/modprobe.d/vfio.conf
options vfio-pci ids=10de:1b06,10de:10ef disable_vga=1
10de:1b06 = 1080ti
10de:10ef = audio or something on the 1080ti
however, your line should look like this:
options vfio-pci ids=10de:21c4,10de:1aeb,10de:1aec,10de:1aed disable_vga=1

Vm Config:

agent: 1,fstrim_cloned_disks=1
bios: ovmf
boot: order=virtio0;net0
cores: 8
cpu: host
machine: q35
memory: 16384
name: Terminal-SRV
net0: virtio=EE:8B:AA:EE:5D:20,bridge=vmbr0
numa: 0
ostype: win10
scsihw: virtio-scsi-pci
smbios1: uuid=d5cecd6c-ab11-4627-aeae-fb6c8844fbbc
sockets: 1
vga: memory=128
virtio0: SSD-Win:vm-106-disk-0,cache=writeback,discard=on,size=128G
vmgenid: c8492ab1-5cc3-480f-9d9a-24fb84c03fa0

The only thing here that i removed, was the passed 1080ti, sry.

But as far i remember, i had all functions, PCI-Express, ROM-Bar, Primary GPU, turned on xD
But it is over 3 months, so maybe i didn't had all options on...
However, the VM is turned off since December, only the graphic cards is removed, cause it nerved me optically xD

Hope this helps. Cheers

 

[Ramalama]

If you could post yours for comparison that would be a good sanity check. I was on kernel 5.4.78 before the BSoD issue came up, and I know there was an update to pve-qemu-kvm as well at around the same time which could have been related to the passthrough issue, so I'm not surprised your setup was working back then, since mine was.

And you definitely went the smart route of having a separate PC, but that's not a cost-effective option for me right now.

Erm, you use your vm with the passed graphics as workstation?
And how do you do that with usb mouse/keyboard?

I actually like your idea, it's clever, never camed to this idea to use the proxmox host as workstation xD

I used myself the card simply for playing around with passthrough and for 1-2 games on the tv with moonlight. But however, if i need once another pc, well, that option is cool xD

 

[dhellstern]

Erm, you use your vm with the passed graphics as workstation?
And how do you do that with usb mouse/keyboard?

No, I use the VM as a gaming machine. Hence why it was more cost effective to build a good hypervisor which is fast enough for gaming, if it was a workstation I 100% would not have virtualized it at all (though I do use VMs pretty frequently to host different environments for different tasks, like one for development with a VSCode remote extension).

I actually like your idea, it's clever, never camed to this idea to use the proxmox host as workstation xD

I don't do this, but you absolutely can: https://pve.proxmox.com/wiki/Developer_Workstations_with_Proxmox_VE_and_X11.

Unfortunately, my config is almost exactly the same as yours, so I don't think it's user error this time.

 

[dhellstern]

The issue seems to have resolved itself, there were some updates in the meantime so I assume those fixed it. I've since changed the CPU type from Host as well so the IBPB bug seems to either have been fixed or the Max CPU model doesn't have the same issue.

 

[Ramalama]

https://www.phoronix.com/scan.php?page=news_item&px=NVIDIA-GeForce-Virt-On-Linux

 

[dhellstern]

It's a pretty huge development but unrelated to the issue I was having. The Nvidia update simply disables the artificial Code 43 block in the driver, which wasn't what I was experiencing at all.