USB Controller Passthrough That Actually Stays Stable (IOMMU + Interrupt Remapping)

What “stable” actually means for USB passthrough

“Stable” isn’t “it booted once.” Stable is:

• No surprise disconnects during device re-enumeration (common with audio interfaces, smartcard readers, SDRs, HID dongles).
• No host lockups when the guest resets the controller or a device misbehaves.
• Predictable latency without periodic stutters due to interrupt storms or host-driver fights.
• Survivable suspend/resume and guest reboots without leaving the controller wedged until host reboot.
• Clean ownership: either the host owns the controller or the guest owns it. Not both “sometimes.”

USB controller passthrough is “PCIe device passthrough with extra ways to fail.” Controllers reset, endpoints renegotiate,
hubs lie, and low-cost silicon does creative interpretations of the spec. If you treat USB passthrough as a checkbox,
you’ll get checkbox reliability.

Joke #1: USB stands for “Usually Sorta Behaves”—until you try to virtualize it.

Interesting facts and history you can use

• USB 1.1 used OHCI/UHCI host controllers; USB 2.0 standardized on EHCI plus companion controllers for low/full-speed devices.
• xHCI (USB 3.x) unified the mess: one controller model for low/full/high/super speed. Great for OSes, but the reset and power-management paths are more complex.
• Interrupt remapping became a must once we started giving VMs direct device access; without it, a device can inject interrupts in unsafe ways.
• VT-d (Intel) and AMD-Vi (AMD IOMMU) solve DMA isolation, but early generations had rough edges around ATS/PRI and interrupt routing.
• MSI/MSI-X largely replaced legacy INTx for modern PCIe devices; that’s good news for passthrough, but only if remapping is enabled and sane.
• ACS (Access Control Services) on PCIe switches/root ports influences IOMMU group separation; consumer platforms often cut corners here.
• USB controllers can share silicon with other functions (SATA, Ethernet, audio), creating ugly multi-function IOMMU groups that resist clean passthrough.
• “USB device passthrough” and “USB controller passthrough” are different universes: one is emulation/proxying, the other is real hardware ownership.

The real architecture: IOMMU, DMA, interrupts, and why USB is special

USB controller passthrough is a DMA and interrupt story

When you pass through a PCIe USB controller (xHCI/EHCI), you’re handing a DMA-capable device to a guest. The guest driver
programs the controller with physical addresses (guest “physical,” translated by the hypervisor/IOMMU), and the controller
DMA’s data into guest memory. That’s the whole point: remove the host from the datapath.

This works when two things are true:

1. DMA isolation is correct. The controller must only reach guest memory, not host memory, and the translations must not fault under load.
2. Interrupt delivery is correct. The controller’s interrupts must go to the guest reliably, without getting “stuck,” misrouted, or causing storms on the host.

Where it breaks in practice

Instability usually comes from one (or a combination) of these:

• No interrupt remapping (or it’s disabled/buggy), leading to unsafe or unreliable MSI delivery in passthrough scenarios.
• IOMMU group contamination: the controller shares a group with something the host must keep (or something the guest shouldn’t get).
• Power management: ASPM, runtime PM, and USB autosuspend interact poorly with passthrough, especially on consumer boards.
• Reset semantics: some xHCI controllers don’t reset cleanly via FLR (Function Level Reset) and can wedge until full power cycle.
• Kernel quirks and driver ownership: the host grabs the controller early (xhci_hcd), then VFIO tries to bind it later; results vary from fine to flaky.
• Firmware/BIOS settings: IOMMU enabled but “interrupt remapping” off; or “Above 4G decoding” off; or broken PCIe routing tables.

What you should aim for

A stable setup has these properties:

• The USB controller is alone in its IOMMU group (or grouped only with harmless siblings you can pass through together).
• The host never loads its normal driver for that controller; VFIO owns it from early boot.
• IOMMU is enabled and operating in a mode that supports DMA translation at scale (not falling back).
• Interrupt remapping is enabled and confirmed in kernel logs.
• MSI/MSI-X is used (modern controllers), and legacy INTx is avoided unless you know why you’re doing it.

One useful “paraphrased idea” quote that operations people tend to learn the hard way:
paraphrased idea: “Hope is not a strategy.” — often attributed to multiple reliability leaders; the point stands regardless.

Interrupt remapping: the quiet hero

Interrupt remapping is the part many guides treat like an optional garnish. It is not optional when you care about stability.
In the VFIO world, “it works” without it sometimes, until you scale interrupts, saturate I/O, or hit a device/firmware edge case.

What interrupt remapping actually does

With PCIe, devices typically use MSI/MSI-X interrupts: writes to a specific address/data pair that the platform interprets as an interrupt.
Without remapping, those writes can be poorly constrained. With remapping, the IOMMU/interrupt remapper provides a translation layer so
the hypervisor can safely and reliably route device interrupts to the correct guest vector/CPU.

Failure modes you’ll see when remapping is absent or broken

• Random device dropouts when load changes (audio crackles, HID lag, dongle resets).
• Guest “hangs” where the device is alive but interrupts stop arriving, so the driver times out.
• Host dmesg shows IOMMU faults or “IRQ stuck” style symptoms.
• VFIO refuses to start the VM with warnings about unsafe interrupts, depending on kernel settings.

The punchline: if your platform doesn’t do interrupt remapping correctly, stop trying to coax it. Swap the platform or isolate the workload.
You’ll spend less money than your time costs.

Hardware choices that decide your fate

Choose controllers known to behave

If you can pick the USB controller, pick one with a reputation for clean reset behavior and stable MSI delivery.
In the field, discrete PCIe USB cards are often easier than onboard controllers because:
they’re more likely to be isolated into their own IOMMU group, and they’re less likely to share lanes/functions.

Also: avoid passing through the platform’s only USB controller if the host needs it for emergency console access.
Give the host its own “boring” USB path (even a basic USB2 controller) and pass through a separate xHCI controller for the VM.

Motherboard firmware matters more than you want

Two boards with the same chipset can behave wildly differently due to BIOS settings and vendor ACPI/PCIe table quality.
Look specifically for:

• Intel VT-d / AMD IOMMU enabled.
• Interrupt remapping enabled (sometimes called “IRQ remapping” or lumped under VT-d).
• Above 4G decoding enabled on systems with lots of PCIe devices.
• SR-IOV setting doesn’t directly matter for USB, but boards that expose it tend to be less “toy.”
• CSM/Legacy boot off if possible; UEFI-only tends to be cleaner for modern virtualization.

Don’t “ACS override” your way out of physics unless you have to

ACS override can split IOMMU groups in software by pretending ACS features exist where they don’t.
It’s tempting. It also increases the blast radius if a device misbehaves, because isolation is now aspirational.
If this is a production-like system, avoid ACS override unless you’ve accepted the risk and can tolerate the consequences.

Joke #2: Turning on ACS override to “fix” groups is like labeling a cardboard box “safe” and calling it a fireproof safe.

Hands-on tasks: commands, expected outputs, and decisions

These are the tasks I actually run when someone says, “USB passthrough is unstable.” Each task includes:
a command, what the output means, and the decision you make from it.

Task 1: Confirm IOMMU is enabled in the kernel command line

cr0x@server:~$ cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-6.8.0 root=UUID=... ro quiet intel_iommu=on iommu=pt

Meaning: You want to see intel_iommu=on (Intel) or amd_iommu=on (AMD).
iommu=pt is common to reduce overhead for host devices by using pass-through mappings.

Decision: If IOMMU flags aren’t present, add them in your bootloader and reboot. No IOMMU, no trustworthy passthrough.

Task 2: Verify the IOMMU actually initialized (don’t trust the cmdline)

cr0x@server:~$ dmesg | egrep -i 'iommu|vt-d|amd-vi|dmari' | head -n 30
[    0.000000] Command line: ... intel_iommu=on iommu=pt
[    0.112233] DMAR: IOMMU enabled
[    0.112240] DMAR: Interrupt remapping enabled
[    0.112250] DMAR: x2apic is enabled

Meaning: The money line is “IOMMU enabled” and “Interrupt remapping enabled.” On AMD you’ll see AMD-Vi/IOMMU messages.

Decision: If you don’t see interrupt remapping enabled, go to BIOS/UEFI and fix it. If the platform can’t, treat it as a hard stop for stability.

Task 3: Check for “no interrupt remapping” or “unsafe interrupts” warnings

cr0x@server:~$ dmesg | egrep -i 'remapping|unsafe|vfio|irq' | tail -n 40
[    1.234567] DMAR: No interrupt remapping support. Use 'intremap=off' to disable interrupt remapping.
[    8.765432] vfio-pci 0000:03:00.0: vfio_ecap_init: hiding ecap 0x19@0x168

Meaning: “No interrupt remapping support” is the red flag. The VFIO line is normal noise.

Decision: If the platform lacks remapping, you can sometimes limp along, but you should expect spurious problems. For production, replace hardware.

Task 4: Identify the USB controller’s PCI address and vendor/device ID

cr0x@server:~$ lspci -nn | egrep -i 'usb|xhci|ehci'
03:00.0 USB controller [0c03]: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller [1b21:2142]
00:14.0 USB controller [0c03]: Intel Corporation 200 Series PCH USB 3.0 xHCI Controller [8086:a2af]

Meaning: You now have the BDF (03:00.0) and the ID (1b21:2142).

Decision: Prefer passing through a discrete controller (here 03:00.0) instead of the chipset-integrated one (00:14.0).

Task 5: Check IOMMU group isolation

cr0x@server:~$ for g in /sys/kernel/iommu_groups/*; do echo "Group $(basename "$g")"; ls -l "$g/devices"; done | sed -n '1,40p'
Group 13
total 0
lrwxrwxrwx 1 root root 0 Feb  4 09:12 0000:03:00.0 -> ../../../../devices/pci0000:00/0000:00:01.0/0000:03:00.0
Group 7
total 0
lrwxrwxrwx 1 root root 0 Feb  4 09:12 0000:00:14.0 -> ../../../../devices/pci0000:00/0000:00:14.0
lrwxrwxrwx 1 root root 0 Feb  4 09:12 0000:00:14.2 -> ../../../../devices/pci0000:00/0000:00:14.2

Meaning: Group 13 contains only 03:00.0—good. Group 7 contains 00:14.0 and 00:14.2—shared functions.

Decision: Pass through devices that are isolated, or pass through the entire group. Do not surgically take one function from a multi-function group.

Task 6: See what driver currently owns the controller

cr0x@server:~$ lspci -nnk -s 03:00.0
03:00.0 USB controller [0c03]: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller [1b21:2142]
        Subsystem: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller [1b21:2142]
        Kernel driver in use: xhci_hcd
        Kernel modules: xhci_pci

Meaning: The host driver (xhci_hcd) currently owns it. That’s not what we want for passthrough.

Decision: Bind this device to vfio-pci early, before xHCI grabs it, or unbind/rebind carefully.

Task 7: Bind the controller to vfio-pci (runtime method)

cr0x@server:~$ sudo modprobe vfio-pci
cr0x@server:~$ echo 0000:03:00.0 | sudo tee /sys/bus/pci/devices/0000:03:00.0/driver/unbind
0000:03:00.0
cr0x@server:~$ echo 1b21 2142 | sudo tee /sys/bus/pci/drivers/vfio-pci/new_id
1b21 2142

Meaning: We unbound from the current driver and told vfio-pci to claim that vendor/device ID.

Decision: If the device refuses to unbind, it may be in use by the host (root filesystem on USB, console keyboard, etc.). Fix the dependency first.

Task 8: Confirm vfio-pci is now in use

cr0x@server:~$ lspci -nnk -s 03:00.0
03:00.0 USB controller [0c03]: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller [1b21:2142]
        Subsystem: ASMedia Technology Inc. ASM2142 USB 3.1 Host Controller [1b21:2142]
        Kernel driver in use: vfio-pci
        Kernel modules: xhci_pci

Meaning: Correct. The host is no longer driving it.

Decision: Proceed to attach it to the VM. If it flips back to xHCI on reboot, implement persistent binding.

Task 9: Make vfio-pci binding persistent with modprobe config

cr0x@server:~$ sudo tee /etc/modprobe.d/vfio.conf >/dev/null <<'EOF'
options vfio-pci ids=1b21:2142 disable_vga=1
EOF
cr0x@server:~$ sudo update-initramfs -u
update-initramfs: Generating /boot/initrd.img-6.8.0

Meaning: The initramfs will now include the binding so vfio-pci grabs the controller early.

Decision: Reboot and confirm driver ownership remains vfio-pci. Early binding prevents boot-time races and “works unless…” weirdness.

Task 10: Confirm interrupt mode (MSI/MSI-X) for the passed-through controller

cr0x@server:~$ cat /proc/interrupts | egrep -i 'xhci|03:00.0' || true
  45:          0          0          0          0  IR-PCI-MSI 65536-edge      xhci_hcd:usb3

Meaning: While host-owned, it uses “IR-PCI-MSI” (interrupt remapped MSI). Once bound to vfio-pci, it should disappear from host interrupts.

Decision: If you only see legacy INTx-style lines or no “IR-” on platforms that should support it, suspect missing remapping or odd firmware.

Task 11: Validate VFIO/IOMMU mapping health under load (look for faults)

cr0x@server:~$ sudo dmesg -w
[  412.123456] vfio-pci 0000:03:00.0: enabling device (0000 -> 0002)
[  418.654321] DMAR: DRHD: handling fault status reg 2
[  418.654330] DMAR: [DMA Read NO_PASID] Request device [03:00.0] fault addr 0x12345000 [fault reason 0x05] PTE Read access is not set

Meaning: DMA fault. This is not “harmless.” The controller tried to DMA somewhere the IOMMU didn’t map.

Decision: If faults occur only under load, suspect buggy hardware, a platform IOMMU quirk, or a guest driver doing something the controller/firmware mishandles.
Try a different controller, update BIOS, update kernel, and disable suspicious PCIe features (see later tasks).

Task 12: Check for PCIe Advanced Error Reporting (AER) spew

cr0x@server:~$ dmesg | egrep -i 'aer|pcie.*error|corrected error' | tail -n 20
[  987.111222] pcieport 0000:00:01.0: AER: Corrected error received: 0000:00:01.0
[  987.111240] pcieport 0000:00:01.0: PCIe Bus Error: severity=Corrected, type=Physical Layer, (Receiver ID)
[  987.111260] pcieport 0000:00:01.0:   device [8086:1901] error status/mask=00000001/00002000

Meaning: Corrected errors aren’t instantly fatal, but they correlate suspiciously well with random resets and “USB vanished” events.

Decision: Reseat the card, change slot, force Gen3 instead of “Auto,” disable aggressive ASPM, or replace questionable hardware.

Task 13: Inspect power management settings that commonly break USB passthrough

cr0x@server:~$ cat /sys/module/pcie_aspm/parameters/policy
default

Meaning: ASPM is in “default.” Some platforms behave. Others invent new failure modes.

Decision: If you see link flaps or AER around the passed-through controller, consider booting with pcie_aspm=off as a test.
If stability improves, you found a power-management bug, not a virtualization bug.

Task 14: Confirm the VM sees the controller and uses a real driver

cr0x@server:~$ sudo virsh domiflist win11
 Interface  Type       Source     Model       MAC
-------------------------------------------------------
 vnet0       bridge     br0        virtio      52:54:00:aa:bb:cc

cr0x@server:~$ sudo virsh dumpxml win11 | egrep -n 'hostdev|03:00.0' -n
132:    
136:      
137:        

138:      
139:    

Meaning: The VM config includes the passed-through device.

Decision: If the guest can’t install/use the xHCI controller, you may be missing UEFI settings, or the device is not actually bound to vfio-pci on the host.

Task 15: Check for reset problems (FLR/D3cold) after guest reboot

cr0x@server:~$ sudo dmesg | egrep -i 'reset|flr|D3cold|vfio-pci 0000:03:00.0' | tail -n 30
[ 1322.333444] vfio-pci 0000:03:00.0: not ready 1023ms after FLR; waiting
[ 1323.444555] vfio-pci 0000:03:00.0: not ready 2047ms after FLR; giving up

Meaning: The device didn’t come back from reset cleanly. This is a classic “works until you reboot the VM” problem.

Decision: Try a different USB controller model, update BIOS, and avoid runtime power saving. Some controllers simply do not reset reliably in passthrough contexts.

Task 16: Confirm IOMMU mode and domain type (performance vs safety tradeoffs)

cr0x@server:~$ sudo dmesg | egrep -i 'iommu.*domain|Default domain' | head -n 20
[    0.113000] DMAR: Default domain type: Passthrough (set via iommu=pt)

Meaning: The host uses passthrough mappings by default; VFIO devices still get isolated domains.

Decision: If you’re debugging weird DMA faults, temporarily remove iommu=pt to test whether full translation changes behavior. Not as a permanent fix, as a diagnostic lever.

Fast diagnosis playbook (check first/second/third)

When USB controller passthrough is flaky, you want to identify the bottleneck fast: platform capability, isolation, reset behavior,
or something as boring as a bad slot.

First: “Can this platform do safe interrupts?”

1. Check dmesg for “Interrupt remapping enabled.” If it’s not there, don’t waste a week on tuning.
2. Check if the controller uses MSI/MSI-X under host driver ownership (before VFIO grabs it). If you’re stuck on legacy INTx, expect trouble.
3. Look for VFIO warnings about unsafe interrupts.

Second: “Is isolation real, or am I fighting IOMMU group physics?”

1. List IOMMU groups. If the USB controller is glued to other devices you can’t pass through, your choices are: different slot, different controller, different motherboard.
2. Avoid ACS override as a first-line solution. Use it only when the risk is acceptable and you can test thoroughly.

Third: “Does it reset cleanly?”

1. Reboot the guest repeatedly and watch for FLR timeouts, device not ready messages, or the controller disappearing from PCI config space.
2. If it wedges after a single guest reboot, this is often a controller silicon/firmware behavior. Swap the controller before you rewrite your stack.

Fourth: “Is it a link/power problem in disguise?”

1. Search for AER corrected errors around the controller’s root port.
2. Test with ASPM disabled and PCIe generation forced (Gen3/Gen4) rather than Auto.
3. Move the card to a different slot and retest. Yes, really. Slots can be flaky, bifurcation can be weird, and the root port matters.

Fifth: “Is the workload triggering a real USB edge case?”

1. Audio interfaces: watch for isochronous transfers and periodic XRUN-like behavior. That’s often interrupt delivery or scheduling.
2. HID dongles: look for brief power dips or re-enumeration loops; those often come from power management and resets.
3. High-bandwidth storage: check if the controller shares lanes or gets throttled; USB3 storage can generate brutal interrupt patterns.

Three corporate mini-stories from the trenches

1) The incident caused by a wrong assumption: “IOMMU is on, so we’re safe”

A mid-sized company ran Windows VMs for a few hardware-tethered workflows: licensing dongles, measurement devices, a smartcard reader.
They’d already learned that per-device USB passthrough was flaky, so they standardized on passing through a dedicated USB controller.
The rollout looked clean in the lab. Then production users started reporting that the dongle “falls off” every few hours.

The virtualization team did what teams do: blame Windows, blame QEMU, blame cosmic rays. They swapped dongles. They swapped hubs.
They even pinned guest CPUs. The issue persisted and had an ugly pattern: it happened more often during peak hours, when the hosts
were busier and the VMs had more interrupts flying around.

The wrong assumption was subtle: they had confirmed intel_iommu=on and saw DMAR logs, so they concluded the platform was “IOMMU capable.”
What they didn’t verify was interrupt remapping. The BIOS had VT-d enabled but an additional “Interrupt Remapping” toggle was off by default
after a firmware update. The kernel politely told them, but nobody was looking for that exact line.

Once interrupt remapping was enabled, the mysterious dropouts stopped. The resolution felt anticlimactic, which is how good fixes often feel.
The actual postmortem note that mattered: “IOMMU enabled” is not a binary state. DMA translation and interrupt remapping are separate legs of the stool.
Remove one, and you’re balancing on vibes.

2) The optimization that backfired: “Let’s save a PCIe slot and share the onboard controller”

Another org had standardized on compact servers with limited PCIe slots. Somebody proposed an optimization:
instead of buying a dedicated USB controller card per host, they’d pass through the onboard xHCI controller and keep host USB needs minimal.
On paper, that saved slots and reduced cost. In reality, it made the host fragile.

The onboard controller was in an IOMMU group with another platform function. Sometimes it was a companion device; sometimes it was a
chipset subsystem the host needed for stable operation. They forced the issue with group splitting tricks. It worked—until it didn’t.
A guest reboot triggered a controller reset that the host noticed in just the wrong way, and suddenly the host lost its only local USB keyboard
and a couple of internal devices. Remote hands were required. Operations loves that.

The next attempt was to “optimize” interrupts and power: enabling deeper C-states and aggressive ASPM because the systems were “mostly idle.”
That made the problem intermittent and therefore more expensive. The VM was stable during business hours, flaky overnight, and the logs looked innocent.
Eventually AER logs and link state changes tied the instability to power management interacting with the controller reset path.

They backed out the optimization: dedicated USB controller cards, host retains onboard USB, conservative PCIe power settings.
It cost more. It also removed a whole category of failure. That’s the kind of ROI nobody brags about in slides, but everybody enjoys at 3 a.m.

3) The boring but correct practice that saved the day: “Pre-flight validation and a known-good fallback path”

A financial services team had a policy that looked overly cautious: every new host build had to pass a “passthrough validation” checklist
before entering the virtualization cluster. It included verifying interrupt remapping, checking IOMMU groups, running a guest reboot loop,
and intentionally hotplugging/unplugging devices behind the passed-through controller while collecting logs.

During one procurement cycle, they received a batch of servers with a slightly different motherboard revision. The spec sheet looked the same.
The BIOS screens looked mostly the same. But the IOMMU groups were different: the onboard USB controller was now grouped with another device
due to a routing change. The previous generation had clean isolation; this one didn’t.

Because the validation was mandatory, the issue was caught before the servers hit production workloads.
They adjusted the design: the hosts used a known-good discrete USB controller card for passthrough, and the onboard controller stayed with the host.
The “boring practice” here wasn’t heroics—it was refusing to accept “almost the same hardware” as the same platform.

The best part: when an executive asked why the go-live date didn’t slip, the honest answer was “because we did the tedious tests we always do.”
Nobody applauded. The systems stayed up. That’s the applause you actually want.

Common mistakes: symptom → root cause → fix

1) VM randomly loses USB devices behind the passed-through controller

Symptom: HID/audio/storage devices disconnect and reconnect; guest logs show device resets; host logs look mostly fine.

Root cause: Interrupt remapping disabled or broken, leading to unreliable MSI delivery under load.

Fix: Enable interrupt remapping in BIOS/UEFI, confirm in dmesg. If unsupported, change platform.

2) Host freezes or becomes sluggish when the guest reboots

Symptom: Guest reboot triggers a host hang; sometimes only I/O stalls; sometimes total lock requiring power cycle.

Root cause: Controller reset behavior interacts with host driver or chipset; host still owns related functions or shares resources in the group.

Fix: Ensure vfio-pci binds early; avoid passing through a device in a shared IOMMU group; use a discrete controller; update BIOS.

3) VFIO refuses to start the VM or complains about unsafe interrupts

Symptom: VM fails to start; errors mention interrupt mapping or “no interrupt remapping support.”

Root cause: Platform lacks or disabled interrupt remapping; sometimes kernel settings enforce safety.

Fix: Enable remapping; if impossible, don’t use controller passthrough for that workload (or accept reduced safety with eyes open).

4) Works until you reboot the VM; then the controller never comes back

Symptom: First boot fine; after guest reboot/shutdown, subsequent start fails or device missing; dmesg shows FLR timeouts.

Root cause: Controller cannot perform FLR reliably; stuck in bad power state (D3cold), or firmware bug.

Fix: Change controller model; try different slot; disable runtime PCIe power saving; sometimes only a host reboot/power cycle resets it.

5) USB audio crackles or has periodic dropouts in the guest

Symptom: Audio pops every few seconds; USB interface stays connected but performance is awful.

Root cause: Interrupt handling latency: vCPU scheduling, host CPU power states, or interrupt remapping/affinity issues.

Fix: Pin vCPUs, isolate host CPUs for latency workloads, avoid deep C-states, and verify MSI with remapping. Consider a dedicated controller per VM.

6) Controller shares an IOMMU group with SATA/NIC/other critical devices

Symptom: You can’t pass through without also losing something the host needs.

Root cause: Platform lacks ACS separation; board layout ties functions together behind the same upstream port.

Fix: Use a different PCIe slot or discrete card; choose a motherboard with better IOMMU group separation; avoid ACS override for production.

7) Everything looks correct, but performance is inconsistent

Symptom: Throughput dips; random latency spikes; USB storage sometimes stalls.

Root cause: PCIe link issues (AER corrected errors), marginal cables, or power delivery problems to high-draw USB devices.

Fix: Check AER logs, disable ASPM, try a powered hub with clean supply, replace the PCIe card, and don’t use front-panel header cabling for critical devices.

Checklists / step-by-step plan

Step-by-step: build a stable USB controller passthrough setup

1. Pick the controller: prefer a discrete PCIe xHCI card that lands in its own IOMMU group.
2. Firmware setup: enable VT-d/AMD IOMMU and interrupt remapping; enable Above 4G decoding if you have multiple PCIe devices.
3. Kernel cmdline: set intel_iommu=on or amd_iommu=on. Optionally iommu=pt once stable.
4. Verify in dmesg: confirm IOMMU and interrupt remapping enabled. If not, stop and fix.
5. Check IOMMU groups: ensure the controller can be isolated or passed through as a whole group.
6. Bind to vfio-pci early: use /etc/modprobe.d/vfio.conf and rebuild initramfs. Avoid runtime rebinding as a permanent setup.
7. Attach to VM: use libvirt hostdev or your platform’s equivalent. Keep it simple: one controller, one VM, one job.
8. Stability test: guest reboot loop, device unplug/replug behind the controller, and sustained load (USB storage copy, audio stream, etc.).
9. Watch logs: check for DMAR/IOMMU faults, AER errors, and FLR timeouts.
10. Lock down power features: if you see link errors or weird resets, disable ASPM and avoid deep power states. Then retest.

Operational checklist: what you keep after it works

• Record the passed-through device BDF and vendor/device ID in your configuration management.
• Keep a host-accessible USB path for emergency recovery (IPMI virtual media, dedicated onboard USB, or a separate controller).
• After BIOS updates, re-verify interrupt remapping and IOMMU groups. Firmware updates love to “reset to defaults.”
• Maintain a known-good kernel version for VFIO workloads; upgrade intentionally with validation, not “because it’s Tuesday.”
• Alert on DMAR/IOMMU faults and AER storms; they’re early warnings, not trivia.

FAQ

Do I really need interrupt remapping for USB controller passthrough?

If you want stability, yes. DMA isolation alone doesn’t guarantee reliable interrupt delivery. Without remapping, you can get “works until load”
behavior that wastes days of debugging.

Why not just pass through individual USB devices instead of the controller?

Because individual USB device passthrough typically proxies USB transactions through the host. It can be fine for a mouse.
It’s often terrible for devices that reset, stream isochronous audio, or do odd enumeration dances.
Controller passthrough gives the guest the real hardware and removes the host from the datapath.

Is iommu=pt good or bad?

It’s usually fine and often recommended for performance on the host because non-VFIO devices get identity mappings.
For debugging weird translation faults, temporarily remove it to see if behavior changes. Don’t treat it as a magic fix.

My USB controller is in the same IOMMU group as other devices. What now?

Best answer: change the PCIe slot, use a different controller card, or use a motherboard with better ACS/IOMMU grouping.
Passing through partial groups is asking for instability. ACS override can work, but it’s a risk trade, not a free lunch.

Why does the controller disappear after the guest reboots?

Reset behavior. Some controllers don’t implement FLR correctly, or they get stuck in a low-power state. If you see VFIO “not ready after FLR,”
stop treating it as a software bug and try different hardware.

Should I disable ASPM and power saving?

If you see AER errors, link flaps, or strange resets: yes, as a test and often as a permanent choice for latency-sensitive or passthrough-heavy hosts.
Power savings are nice; stable interrupts are nicer.

Can I pass through the chipset USB controller (onboard) safely?

Sometimes. But it’s the most likely to be grouped with other platform functions and the most likely to be needed by the host.
For reliable operations, a discrete controller dedicated to the guest is the clean design.

What’s the difference between MSI and INTx for passthrough?

MSI/MSI-X are message-based interrupts and are the modern default. INTx are legacy shared interrupt lines and can be messier in virtualized setups.
You generally want MSI/MSI-X with interrupt remapping enabled.

My VM starts, but the USB controller shows errors in the guest driver. Is that a host problem?

Not always. It can be a guest driver issue, but start by checking host dmesg for DMAR faults, FLR timeouts, and AER errors.
If the host is clean, then look at guest event logs and driver versions.

Is one USB controller per VM necessary?

For high-stability setups, yes. Sharing a controller between multiple guests isn’t typical because a single physical PCIe function can’t be safely
owned by multiple OSes at once. If you need multiple isolated USB domains, add more controllers.

Next steps you can actually do today

1. Open your host dmesg and confirm “Interrupt remapping enabled.” If it’s missing, fix firmware settings first.
2. Pick the right USB controller target: discrete card, isolated IOMMU group, not the host’s lifeline.
3. Bind it to vfio-pci early via modprobe config + initramfs, not ad-hoc rebinding after boot.
4. Run the reboot-and-load test: repeated guest reboots plus sustained USB traffic while watching for DMAR faults, FLR timeouts, and AER errors.
5. If it still flakes, stop tuning knobs and swap the controller or platform. Some combinations are just bad marriages.

The goal isn’t to make USB passthrough “work.” The goal is to make it predictable. Predictable systems are the ones you can operate without
developing a personal relationship with your logs.