From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Jan Beulich" Subject: Re: [TESTDAY] PV / HVM pass-through works when IOMMU present; weird failures when not Date: Mon, 01 Jul 2013 13:14:21 +0100 Message-ID: <51D18EBD02000078000E1F09@nat28.tlf.novell.com> References: <51CDCF5302000078000E1A47@nat28.tlf.novell.com> <51CDB565.3040004@eu.citrix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <51CDB565.3040004@eu.citrix.com> Content-Disposition: inline List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Ian Campbell , George Dunlap , Ian Jackson Cc: "xen-devel@lists.xen.org" List-Id: xen-devel@lists.xenproject.org >>> On 28.06.13 at 18:10, George Dunlap wrote: > Either way, if someone *is* passing through a device, it is probably a > security issue. After looking around a bit, I'm convinced that the other day I must have tried this with xm (for whatever reason) - libxl has at least two issues here compared to xend/xm: - Missing error handling: Errors for the domain creation case propagate all the way back up to domcreate_attach_pci(), at which point they get silently ignored. Without having looked deeper, my first suggestion would be to simply drop devices from the d_config->pcidevs[] and decrement d_config->num_pcidevs upon failure, thus skipping any respective backend setup. - Not making use of xc_test_assign_device() (which would allow detecting the situation before _any_ other setup gets done for the device). Of course it is all but helpful that the backend in qemu has no way of verifying that the device is in fact owned by the guest, i.e. it has to blindly set up things trusting that the information handed to it is consistent. Jan