From: Alex Williamson <alex.williamson@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: qemu-devel@nongnu.org, chen.fan.fnst@cn.fujitsu.com,
lersek@redhat.com, zhoujie2011@cn.fujitsu.com
Subject: Re: [Qemu-devel] [PATCH] vfio/pci: Hide SR-IOV capability
Date: Mon, 20 Jun 2016 16:31:32 -0600 [thread overview]
Message-ID: <20160620163132.6943a6d7@t450s.home> (raw)
In-Reply-To: <57686CCB.6080101@redhat.com>
On Mon, 20 Jun 2016 16:23:07 -0600
Eric Blake <eblake@redhat.com> wrote:
> On 06/20/2016 04:04 PM, Alex Williamson wrote:
> > The kernel currently exposes the SR-IOV capability as read-only
> > through vfio-pci. This is sufficient to protect the host kernel, but
> > has the potential to confuse guests without further virtualization.
> > In particular, OVMF tries to size the VF BARs and comes up with absurd
> > results, ending with an assert. There's not much point in adding
> > virtualization to a read-only capability, so we simply hide it for
> > now. If the kernel ever enables SR-IOV virtualization, we should
> > easily be able to test it through VF BAR sizing or explicit flags.
> >
> > Testing whether we should parse extended capabilities is also pulled
> > into the function to keep these assumptions in one place.
> >
> > Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
> > ---
>
> > + * Extended capabilities are chained with each pointing to the next, so we
> > + * can drop anything other than the head of the chain simply by modifying
> > + * the previous next pointer. For the head of the chain, we can modify the
> > + * capability ID to something that cannot match a valid capability. ID
> > + * 0 is reserved for this since absence of capabilities is indicated by
> > + * 0 for the ID, version, AND next pointer. However, pcie_add_capability()
> > + * uses ID 0 as reserved for list management and will incorrectly match and
> > + * assert if we attempt to pre-load the head of the chain with with this
> > + * ID. Use ID 0xFFFF temporarily since it is also seems to be reserved in
> > + * part for identifying abscense of capabilities in a root complex register
>
> s/abscense/absence/
>
Thanks, updated:
diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c
index 36d5e00..2418b93 100644
--- a/hw/vfio/pci.c
+++ b/hw/vfio/pci.c
@@ -1796,7 +1796,7 @@ static int vfio_add_ext_cap(VFIOPCIDevice *vdev)
* uses ID 0 as reserved for list management and will incorrectly match and
* assert if we attempt to pre-load the head of the chain with with this
* ID. Use ID 0xFFFF temporarily since it is also seems to be reserved in
- * part for identifying abscense of capabilities in a root complex register
+ * part for identifying absence of capabilities in a root complex register
* block. If the ID still exists after adding capabilities, switch back to
* zero. We'll mark this entire first dword as emulated for this purpose.
*/
next prev parent reply other threads:[~2016-06-20 22:31 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-20 22:04 [Qemu-devel] [PATCH] vfio/pci: Hide SR-IOV capability Alex Williamson
2016-06-20 22:23 ` Eric Blake
2016-06-20 22:31 ` Alex Williamson [this message]
2016-06-21 0:15 ` Laszlo Ersek
2016-06-21 3:54 ` Alex Williamson
2016-06-28 13:10 ` Laszlo Ersek
2016-06-28 20:05 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160620163132.6943a6d7@t450s.home \
--to=alex.williamson@redhat.com \
--cc=chen.fan.fnst@cn.fujitsu.com \
--cc=eblake@redhat.com \
--cc=lersek@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zhoujie2011@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).