Sharing PCIe virtual functions available on the host with a docker container

Question

My host is running in SRIOV mode and has several physical devices that appear on the PCIe bus. Each physical function has a collection of 32 virtual functions. I want to share one of the virtual function with a docker container. These are crypto/compression accelerators, and I wrote a driver for one; so I'm familiar with SRIOV when I'm dealing with bare-metal or SRIOV hypervisors launching virtual machines. But now I'm trying to get access to the virtual functions inside a docker container.

On the host I can lspci and see my physical and virtual devices. But when I launch a container, all I see from within the container are the physical functions.

I have seen the "--device" parameter for "docker run", but I don't think it will work for passing a virtual function to a container.

Logistically, here's what I see on the host:

[localhost] config # lspci | grep "^85" | head -4
85:00.0 Co-processor: Intel Corporation DH895XCC Series QAT
85:01.0 Co-processor: Intel Corporation DH895XCC Series QAT Virtual Function
85:01.1 Co-processor: Intel Corporation DH895XCC Series QAT Virtual Function
85:01.2 Co-processor: Intel Corporation DH895XCC Series QAT Virtual Function
[localhost] config # lspci | grep "^85" | wc
     33     295    2524

So we have 1 physical function at 85:00.0, and 32 virtuals.

But when I start the container and do the same examination from inside the container, all I see is the following:

[localhost] config # lspci | grep QAT
04:00.0 Co-processor: Intel Corporation DH895XCC Series QAT
05:00.0 Co-processor: Intel Corporation DH895XCC Series QAT
85:00.0 Co-processor: Intel Corporation DH895XCC Series QAT

I've been told that this can be made to work: I can send in virtuals into the container, and my driver can do the rest.

My question: how can I pass virtual functions from the host into a container?

Sharing PCIe virtual functions available on the host with a docker container

Answers (1)

Related Questions