[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] Other PCI devices to mark mark as read-only for dom0
>>> On 22.06.12 at 12:08, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
> On 22/06/12 10:43, Jan Beulich wrote:
>>>>> On 22.06.12 at 11:04, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
>>> Following Jan's infrastructure to mark certain PCI devices as read only,
>>> I think it wise to now consider what other PCI devices should really be
>>> read only to dom0.
>>> My preliminary thoughts include:
>>> * PCI serial devices which Xen is configured to use
>> But only if they're single-function.
> Why only single function? Should Xen not turn all the functions it is
> using to read-only ?
Because, just like for normal, non-PCI based serial ones, ports
that Xen doesn't use should remain usable by Dom0. For
example, I have a PCI card with two serial and one parallel
ports, so with Xen using one serial port for itself, there's no
reason not to allow Dom0 to use the other or the parallel one.
>>> * Chipset devices (AMD IOMMU covered by previous patch)
>>> * Cpu information
>> What are you thinking of here specifically.
> See attached lspci from a new sandybridge machine we have gained. Quite
> a lot of that looks rather dangerous for dom0 to play around with.
But that can't be easily qualified into some rule, the more that
some of these - iirc - are needed e.g. by the EDAC drivers.
Xen-devel mailing list