On Mon, Sep 02, 2019 at 01:58:07PM +0200, Jan Beulich wrote: > On 02.09.2019 13:30, Roger Pau Monne wrote: > > Don't allow the hardware domain to access the PCI config space of > > devices not assigned to it. Ie: the config space of iommu devices > > in use by Xen should not be accessible to the hardware domain. > > Well, I agree with what you say above, but the code change disallows > much more than this. In particular Dom0 (and maybe stub domains too) > need to be able to access the config space of devices assigned to > guests, e.g. for qemu to control MSI and/or MSI-X.
Right, I was overlooking the fact that a domain using vPCI itself should be able to handle passthrough backends for other domains. I think the condition should instead check if the device is assigned to dom_xen, and don't allow domains access to devices assigned to dom_xen. Thanks, Roger. _______________________________________________ Xen-devel mailing list [email protected] https://lists.xenproject.org/mailman/listinfo/xen-devel
