|
|
|
|
|
|
|
|
|
|
xen-devel
RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevic
Ian Jackson wrote:
> Dong, Eddie writes ("RE: [Xen-devel] [PATCH][RFC] Support
> more Capability Structures andDevice Specific"):
>> Per current data, pass through get many known bug fixed
>> as the case Dexuan mentioned. But we didn't see a HW
>> damaging host. Some know issue could be a device issuing
>> tons of PCIe traffic, absorbing extra power, issuing
>> interrupt storm etc, but right now we didn't see issues
>> yet.
>
> Most people doing PCI passthrough appear to be under the
> impression
> that the guest cannot escape and cannot damage the host.
> (Even those
> currently doing PCI passthrough with current production
> hardware
> without an iommu!)
What I am aware is only QoS, I didn't know how can a guest program the
device to crash host. Interrupt storm can be blocked by hypervisor at
certain situation. Competing for unnecessary PCIe traffic is never
related to if we pass through guest setting or not. Can you give me a
specific example how host will be crashed?
>
> I think it is fine to have a passthrough option which
> doesn't properly
> protect the host from the guest - this is a useful setup
> in many
> situations. But it should not be enabled by default,
> surely ?
Same reason as above.
>
> Note that this is a _security_ problem. So `data' about
> `issues'
> which you have `seen' is irrelevant. Just because you
> haven't
> actually observed any misbehaviour with non-malicious
> guests doesn't
> mean that a malicious guest couldn't cause the hardware
> to melt.
Examples even in theory?
NOTE here, current pass through logic only support devices under root
port.
>
> Ian.
Thx, eddie
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|