How to setup LUN Passthrough with support for custom SCSI commands on RHEL KVM?

Solution Verified - Updated

Environment

  • Red Hat Enterprise Linux
    • 9.4
    • 9.6 or later
    • 10.1 or later

Issue

  • How to allow the Guest to send custom SCSI commands to a LUN device?
  • How to use SGIO with custom SCSI commands?
  • How to enable RAWIO on lun devices?

Resolution

1. RAWIO is only supported on RHEL versions where SGIO is also supported. Ensure the RHEL KVM host satisfies the following conditions: Required RHEL versions for SGIO support in virtual machines

2. In addition, if using RHEL 9.4, ensure the selinux-policy-38.1.35-2.el9_4.6 package, or higher version, is installed on the host to avoid a SELinux denial problem when starting virtual machines (VMs) with RAWIO.

3. In the domain XML of a shut-down VM, configure the virtual disk to enable RAWIO. For example:

   <disk type='block' device='lun' rawio='yes'>          <---- add rawio='yes'
     <driver name='qemu' type='raw'/>
     <source dev='/dev/mapper/some_lun_device' index='1'/>
     <target dev='sdc' bus='scsi'/>
     <alias name='ua-scsi-lun0'/>
     <address type='drive' controller='0' bus='0' target='0' unit='0'/>
   </disk>

4. Start the VM.

Root Cause

  • Note that to use custom SCSI commands, QEMU needs RAWIO enabled. However, the qemu-kvm process with CAP_SYS_RAWIO becomes a highly privileged process, which might have security implications. The privileged capability is for the entire process and is not restricted just to the disk that has RAWIO enabled. Do not use this option unless it is absolutely required.
SBR
Product(s)
Components
Category

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.