On Wed, 2 Jan 2019 14:24:41 -0500 Jintack Lim <jintack@xxxxxxxxxxxxxxx> wrote: > Hi, > > I found that VFIO hides capabilities to userspace if a capability ID > is not in the defined range (PCI_CAP_ID_MAX). What's the reason for > this? Is it because it's not safe to expose an unknown capability to > userspace? If it's an unknown capability, it's unknown whether it's safe to expose, therefore we don't. The capability might require virtualization (such as MSI/X or BAR resource modifications), it might allow the device to diminish the isolation of the host (ACS), or it seed new user controlled devices in the host address space (SR-IOV). There are enough examples that the prudent approach is to analyze and enable specific capabilities. > While we are at it, where can I get the list of all capability IDs > defined other than Linux kernel source (pci_regs.h)? It seems like > each capability ID is defined in PCI-SIG ECNs, but I wonder if there > is an official document having all the IDs fro PCI-SIG? The latest spec generally includes the approved ECNs, but there are always outstanding ECNs. Thanks, Alex
