On Wed, May 24, 2023 at 04:37:42PM -0700, Stefano Stabellini wrote: > On Wed, 24 May 2023, Jan Beulich wrote: > > >> RFC: _setup_hwdom_pci_devices()' loop may want splitting: For > > >> modify_bars() to consistently respect BARs of hidden devices while > > >> setting up "normal" ones (i.e. to avoid as much as possible the > > >> "continue" path introduced here), setting up of the former may want > > >> doing first. > > > > > > But BARs of hidden devices should be mapped into dom0 physmap? > > > > Yes. > > The BARs would be mapped read-only (not read-write), right? Otherwise we > let dom0 access devices that belong to Xen, which doesn't seem like a > good idea.
It's my understanding that Xen will mark any regions of the BARs in-use by the hypervisor as read-only, but the rest will be writable. > But even if we map the BARs read-only, what is the benefit of mapping > them to Dom0? If Dom0 loads a driver for it and the driver wants to > initialize the device, the driver will crash because the MMIO region is > read-only instead of read-write, right? I think USB is a good example, Xen uses the debug functionality of EHCI/XHCI, but by marking the device as hidden it allows dom0 to also make use of any remaining USB ports. For r/o devices I don't see much point in mapping the BARs to dom0, as dom0 is not allowed to size them in the first place, so will be able to detect the BAR position, but not the BAR size. I guess this could cause issues in the future if dom0 starts repositioning BARs, but let's leave that aside. > How does this device hiding work for dom0? How does dom0 know not to > access a device that is present on the PCI bus but is used by Xen? I think the objective for hidden is to allow dom0 to use the device, but Xen should protect any MMIO region it doesn't want dom0 to modify. > The reason why I was suggesting to hide the device completely in the > past was that I assumed we had to hide the device (make it "disappear" > on the PCI bus) otherwise Dom0 would access it. Is there another way to > mark a PCI devices as "inaccessible" or "disabled"? I'm not aware of anything else, short of using stuff like the ACPI STAO and reporting disabled devices there in addition of marking their config space as r/o. Thanks, Roger.
