xen-devel
RE: [Xen-devel] [PATCH] xend: passthrough: add an option pci-passthrough
By default the option is "yes" so we're safe and since the option is in the
global xend config file, only an administrator can change it.
In some cases, if an administrator knows clearly what he's doing, he may want
to try to use the device assignment feature at the risk of some potential
security issues -- usually some of the potential issue are not very likely to
occur. So I guess the option should be useful. :-)
Thanks,
-- Dexuan
-----Original Message-----
From: Simon Horman [mailto:horms@xxxxxxxxxxxx]
Sent: 2009?9?8? 7:42
To: Cui, Dexuan
Cc: Keir Fraser; xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] [PATCH] xend: passthrough: add an option
pci-passthrough-strict-check
On Mon, Sep 07, 2009 at 06:02:02PM +0800, Cui, Dexuan wrote:
> Currently when assigning device to HVM guest, we use the strict check for HVM
> guest by default.(For PV guest we use loose check automatically if necessary.)
>
> When we assign device to HVM guest, if we meet with the co-assignment issues
> or
> the ACS issue (see changeset 20081: 4a517458406f), we could try changing the
> option to 'no' -- however, we have to realize this may incur security issue
> and
> we can't make sure the device assignment could really work properly even after
> we do this.
>
> The option is located in /etc/xen/xend-config.sxp:
> (pci-passthrough-strict-check yes)
This sounds like it opens a can of worms to me.
I take it that you have equipment and a set-up in
mind that needs this.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|