|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [TESTDAY] PV / HVM pass-through works when IOMMU present; weird failures when not
>>> On 28.06.13 at 18:10, George Dunlap <george.dunlap@xxxxxxxxxxxxx> wrote: > Either way, if someone *is* passing through a device, it is probably a > security issue. After looking around a bit, I'm convinced that the other day I must have tried this with xm (for whatever reason) - libxl has at least two issues here compared to xend/xm: - Missing error handling: Errors for the domain creation case propagate all the way back up to domcreate_attach_pci(), at which point they get silently ignored. Without having looked deeper, my first suggestion would be to simply drop devices from the d_config->pcidevs[] and decrement d_config->num_pcidevs upon failure, thus skipping any respective backend setup. - Not making use of xc_test_assign_device() (which would allow detecting the situation before _any_ other setup gets done for the device). Of course it is all but helpful that the backend in qemu has no way of verifying that the device is in fact owned by the guest, i.e. it has to blindly set up things trusting that the information handed to it is consistent. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |