RE: [Xen-devel] [PATCH][RFC] Support more Capability Structures andDevice Specific

[Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>]

Dong, Eddie writes ("RE: [Xen-devel] [PATCH][RFC] Support more Capability 
Structures andDevice Specific"):
> Per current data, pass through get many known bug fixed as the case
> Dexuan mentioned. But we didn't see a HW damaging host. Some know issue
> could be a device issuing tons of PCIe traffic, absorbing extra power,
> issuing interrupt storm etc, but right now we didn't see issues yet.

Most people doing PCI passthrough appear to be under the impression
that the guest cannot escape and cannot damage the host.  (Even those
currently doing PCI passthrough with current production hardware
without an iommu!)

I think it is fine to have a passthrough option which doesn't properly
protect the host from the guest - this is a useful setup in many
situations.  But it should not be enabled by default, surely ?

Note that this is a _security_ problem.  So `data' about `issues'
which you have `seen' is irrelevant.  Just because you haven't
actually observed any misbehaviour with non-malicious guests doesn't
mean that a malicious guest couldn't cause the hardware to melt.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel