|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] xen-pciback.hide syntax
On Sat, May 19, 2012 at 10:46:15AM +0200, Sander Eikelenboom wrote: > Hi Konrad, > > The syntax for specifying the devices for pciback to hide is > "bus:device.function". > While thinking about cooking up a patch to be able to use a "*" wildcard for > the function, i was wondering if not hiding all functions of a device is > feasible at all. > > For what I understand of PCI, function 0 is always required, so if I only > hide function 0, i can't use the other functions in dom0, since those > functions would require a function 0, which is hidden. > > So would it be more logical to drop/ignore the function from the BDF, and > always hide all functions from a device ? That might run afoul of the SR-IOV virtual devices. They (when loaded) provide a fake bus:device:function, where the device is port (so if the SR-IOV card has two jacks, you get 00 and 01), and the function is for the amount of VFs it can make. On the Intel SR-IOV NIC with 'igbvf.max_vfs=7' I end up with 14 PCI devices, where the function bear no resemblence to each other (and can be passed in different guests). The PCI restriction I know of is if the device is behind a bridge. The issue here is that .. well, you could pass in a different function to a different guest, but one guest's hardware device could listen on the other guests' function. It would require tweaking the driver to dump the contents of some registers and some deep hacking, but that is the security issue with that. > > -- > Regards, > > Sander > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |