On 11.12.2024 08:57, Chen, Jiqian wrote:
> On 2024/12/10 19:25, Roger Pau Monné wrote:
>> So you suggest that the capability should be hidden in that case? We
>> have logic to hide capabilities, just not used for the hardware
>> domain. It would need some extra wiring to be capable of hiding
>> failed capabilities.
> Can you give me a guidance on how to hide a failed capability?
> What codes are current logic to hide capabilities?
> Then maybe I can add a patch to implement it.
It's really the other way around right now for "normal" capabilities:
We whitelist what we expose. See init_header()'s logic after checking
the PCI_STATUS_CAP_LIST bit. Actually past that block there's
/* Extended capabilities read as zero, write ignore */
rc = vpci_add_register(pdev->vpci, vpci_read_val, NULL, 0x100, 4,
(void *)0);
I.e. no extended capabilities are exposed at all right now to DomU-s.
For Dom0 I guess we shouldn't use whitelisting, but the (extended)
capability list(s) would need similarly virtualizing to be able to
hide some.
Jan
