[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] xen-pciback.hide syntax

On Sat, May 19, 2012 at 10:46:15AM +0200, Sander Eikelenboom wrote:
> Hi Konrad,
> The syntax for specifying the devices for pciback to hide is 
> "bus:device.function".
> While thinking about cooking up a patch to be able to use a "*" wildcard for 
> the function, i was wondering if not hiding all functions of a device is 
> feasible at all.
> For what I understand of PCI, function 0 is always required, so if I only 
> hide function 0, i can't use the other functions in dom0, since those 
> functions would require a function 0, which is hidden.
> So would it be more logical to drop/ignore the function from the BDF, and 
> always hide all functions from a device ?

That might run afoul of the SR-IOV virtual devices. They (when loaded) provide 
a fake
bus:device:function, where the device is port (so if the SR-IOV card has two
jacks, you get 00 and 01), and the function is for the amount of VFs it can 
On the Intel SR-IOV NIC with 'igbvf.max_vfs=7' I end up with 14 PCI devices, 
the function bear no resemblence to each other (and can be passed in different 

The PCI restriction I know of is if the device is behind a bridge. The issue 
is that .. well, you could pass in a different function to a different guest, 
one guest's hardware device could listen on the other guests' function. It would
require tweaking the driver to dump the contents of some registers and some deep
hacking, but that is the security issue with that.

> --
> Regards,
> Sander

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.