[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain

To: Roger Pau Monné <roger.pau@xxxxxxxxxx>
From: Jan Beulich <jbeulich@xxxxxxxx>
Date: Mon, 2 Sep 2019 16:56:52 +0200
Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, TimDeegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 02 Sep 2019 14:57:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 02.09.2019 16:23, Roger Pau Monné  wrote:
> So the problem I found, and that I was trying to address with this
> patch is that a PVH dom0 on AMD hardware finds the iommus by scanning
> the PCI bus, and a Linux dom0 seems to immediately turn off the MSI
> enable control bit on any devices it finds, thus leaving the iommu
> without being able to generate interrupts.
> 
> I can implement the RO stuff, but it seems weird to me. AFAICT the
> only devices owned by Xen should be the serial console, the iommu and
> the HPET maybe. How can hiding those cause anomalies in bus
> enumeration?

Both the serial device and an IOMMU may in principle be func 0 of a
multi-function device. By fully hiding such devices, you also hide
funcs 1-7 afaict. Furthermore, from a tech support pov it seems
rather desirable to have e.g. lspci output in Dom0 to be as complete
as possible.

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

References:
- [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain
  - From: Roger Pau Monne
- Re: [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain
  - From: Roger Pau Monné
- Re: [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain
  - From: Jan Beulich
- Re: [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain
  - From: Roger Pau Monné

Prev by Date: Re: [Xen-devel] [PATCH v7 1/6] x86/domain: remove the 'oos_off' flag
Next by Date: Re: [Xen-devel] [PATCH v7] x86/emulate: Send vm_event from emulate
Previous by thread: Re: [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain
Next by thread: Re: [Xen-devel] [PATCH] vpci: don't allow access to devices not assigned to the domain
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.