On Mon, Jan 7, 2019 at 10:41 AM Alex Williamson <alex.williamson@xxxxxxxxxx> wrote: > > On Wed, 2 Jan 2019 14:24:41 -0500 > Jintack Lim <jintack@xxxxxxxxxxxxxxx> wrote: > > > Hi, > > > > I found that VFIO hides capabilities to userspace if a capability ID > > is not in the defined range (PCI_CAP_ID_MAX). What's the reason for > > this? Is it because it's not safe to expose an unknown capability to > > userspace? > > If it's an unknown capability, it's unknown whether it's safe to > expose, therefore we don't. The capability might require > virtualization (such as MSI/X or BAR resource modifications), it might > allow the device to diminish the isolation of the host (ACS), or it > seed new user controlled devices in the host address space (SR-IOV). > There are enough examples that the prudent approach is to analyze and > enable specific capabilities. Thanks for the explanation, Alex. That makes sense! > > > While we are at it, where can I get the list of all capability IDs > > defined other than Linux kernel source (pci_regs.h)? It seems like > > each capability ID is defined in PCI-SIG ECNs, but I wonder if there > > is an official document having all the IDs fro PCI-SIG? > > The latest spec generally includes the approved ECNs, but there are > always outstanding ECNs. Thanks, FYI, as I replied to myself, I found that 'PCI Code and ID Assignment Specification' contains the list of capability IDs. > > Alex >
