[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and global permissive config options for pci passthrough

To: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
From: George Dunlap <george.dunlap@xxxxxxxxxxxxx>
Date: Mon, 2 Apr 2012 16:43:14 +0100
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Delivery-date: Mon, 02 Apr 2012 15:44:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 02/04/12 16:20, Ian Jackson wrote:

George Dunlap writes ("[Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and 
global permissive config options for pci passthrough"):

+By default pciback only allows PV guests to write "known safe" values into
+PCI config space.  But many devices require writes to other areas of config
+space in order to operate properly.  This tells the pciback driver to
+allow all writes to PCI config space for this domain and this device.  This
+option should be enabled with caution, as there may be stability or security
+implications of doing so.

Is this security warning not overly mealy-mouthed ?  Surely it should
be more definite.

I'm not sure how we can make it more definite. What's possible (i.e.,the security implications) entirely depends on the card; and what'slikely (i.e., the stability implications) entirely depends on the cardand the driver. Short of giving a short discourse on the vices ofvarious cards PCI config space (which is entirely inappropriate for aman page, IMHO), I'm not sure what more we can say.

+Changes the default value of 'permissive' for all PCI devices for this
+VM.  This can still be overriden on a per-device basis. See the
+"pci=" section for more information on the "permissive" flag.

And this should mention it as well I think.

I thought it was unnecessary to duplicate, but I can do so if you prefer.

+                LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "write to %s returned 
%d",

Please keep the lines to 75-80 characters at most.

Ack.


I think you should consider breakibg out the sysfs writing function
and refactoring with the very similar code in libxl__device_pci_reset,
rather than introducing yet another clone.

I shall consider it. :-)

 -George

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and global permissive config options for pci passthrough
  - From: Ian Jackson

References:
- [Xen-devel] [PATCH 0 of 2] [v2] Add per-device and global permissive config options for pci passthrough
  - From: George Dunlap
- [Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and global permissive config options for pci passthrough
  - From: George Dunlap
- Re: [Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and global permissive config options for pci passthrough
  - From: Ian Jackson

Prev by Date: Re: [Xen-devel] removal of ia64 port
Next by Date: Re: [Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and global permissive config options for pci passthrough
Previous by thread: Re: [Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and global permissive config options for pci passthrough
Next by thread: Re: [Xen-devel] [PATCH 2 of 2] xl, libxl: Add per-device and global permissive config options for pci passthrough
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.