From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46585) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bF7b9-0002ay-RZ for qemu-devel@nongnu.org; Mon, 20 Jun 2016 18:23:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bF7b3-0003ds-Re for qemu-devel@nongnu.org; Mon, 20 Jun 2016 18:23:14 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37101) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bF7b3-0003do-JU for qemu-devel@nongnu.org; Mon, 20 Jun 2016 18:23:09 -0400 References: <20160620215824.13390.52262.stgit@gimli.home> From: Eric Blake Message-ID: <57686CCB.6080101@redhat.com> Date: Mon, 20 Jun 2016 16:23:07 -0600 MIME-Version: 1.0 In-Reply-To: <20160620215824.13390.52262.stgit@gimli.home> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="XJdsxcHmhOrqq7l2pX3ujMkmFqkM3UQxU" Subject: Re: [Qemu-devel] [PATCH] vfio/pci: Hide SR-IOV capability List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Alex Williamson , qemu-devel@nongnu.org Cc: chen.fan.fnst@cn.fujitsu.com, lersek@redhat.com, zhoujie2011@cn.fujitsu.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XJdsxcHmhOrqq7l2pX3ujMkmFqkM3UQxU From: Eric Blake To: Alex Williamson , qemu-devel@nongnu.org Cc: chen.fan.fnst@cn.fujitsu.com, lersek@redhat.com, zhoujie2011@cn.fujitsu.com Message-ID: <57686CCB.6080101@redhat.com> Subject: Re: [Qemu-devel] [PATCH] vfio/pci: Hide SR-IOV capability References: <20160620215824.13390.52262.stgit@gimli.home> In-Reply-To: <20160620215824.13390.52262.stgit@gimli.home> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 06/20/2016 04:04 PM, Alex Williamson wrote: > The kernel currently exposes the SR-IOV capability as read-only > through vfio-pci. This is sufficient to protect the host kernel, but > has the potential to confuse guests without further virtualization. > In particular, OVMF tries to size the VF BARs and comes up with absurd > results, ending with an assert. There's not much point in adding > virtualization to a read-only capability, so we simply hide it for > now. If the kernel ever enables SR-IOV virtualization, we should > easily be able to test it through VF BAR sizing or explicit flags. >=20 > Testing whether we should parse extended capabilities is also pulled > into the function to keep these assumptions in one place. >=20 > Signed-off-by: Alex Williamson > --- > + * Extended capabilities are chained with each pointing to the nex= t, so we > + * can drop anything other than the head of the chain simply by mo= difying > + * the previous next pointer. For the head of the chain, we can m= odify the > + * capability ID to something that cannot match a valid capability= =2E ID > + * 0 is reserved for this since absence of capabilities is indicat= ed by > + * 0 for the ID, version, AND next pointer. However, pcie_add_cap= ability() > + * uses ID 0 as reserved for list management and will incorrectly = match and > + * assert if we attempt to pre-load the head of the chain with wit= h this > + * ID. Use ID 0xFFFF temporarily since it is also seems to be res= erved in > + * part for identifying abscense of capabilities in a root complex= register s/abscense/absence/ --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --XJdsxcHmhOrqq7l2pX3ujMkmFqkM3UQxU Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJXaGzLAAoJEKeha0olJ0NqWzQIAI3MXlCE2/yuFJUgF53MHSyp 39sc/qRBVuKEiZTsSqbkZHDVCBIWRJAqfoeNv6/5D4+NSzzy8yBzeVcg2/ygQxR+ 5NQBPG/hSCcl1WIOT6O6xLqyZdhOcZQ+XcdBfVN2/54W8QZbZooZ52rEc5tNNyQw 2rlJ/3M+foxjLXckBpxg1mlDyFboF8EbrqAXnyywNkVTSXwD4olow1HQqttDZWmA gzOxScewxvOWfycc4zDa4zPlA/i7RA5zUgu9rLTKsN34JLkvmFqE5g49vQSPT7kL F7ggbCR4h28gBWGVp5+Y7Ks6Qz/fwWmtnP1ww/uIQdru+bzyrtqz7s3sgs8mgII= =AbMV -----END PGP SIGNATURE----- --XJdsxcHmhOrqq7l2pX3ujMkmFqkM3UQxU--