Re: xen-pciback.hide syntax

[Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>]

On Sat, May 19, 2012 at 10:46:15AM +0200, Sander Eikelenboom wrote:
> Hi Konrad,
> 
> The syntax for specifying the devices for pciback to hide is "bus:device.function".
> While thinking about cooking up a patch to be able to use a "*" wildcard for the function, i was wondering if not hiding all functions of a device is feasible at all.
> 
> For what I understand of PCI, function 0 is always required, so if I only hide function 0, i can't use the other functions in dom0, since those functions would require a function 0, which is hidden.
> 
> So would it be more logical to drop/ignore the function from the BDF, and always hide all functions from a device ?

That might run afoul of the SR-IOV virtual devices. They (when loaded) provide a fake
bus:device:function, where the device is port (so if the SR-IOV card has two
jacks, you get 00 and 01), and the function is for the amount of VFs it can make.
On the Intel SR-IOV NIC with 'igbvf.max_vfs=7' I end up with 14 PCI devices, where
the function bear no resemblence to each other (and can be passed in different guests).

The PCI restriction I know of is if the device is behind a bridge. The issue here
is that .. well, you could pass in a different function to a different guest, but
one guest's hardware device could listen on the other guests' function. It would
require tweaking the driver to dump the contents of some registers and some deep
hacking, but that is the security issue with that.

> 
> --
> Regards,
> 
> Sander
>