On Tue, 18 Jul 2017 22:37:00 -0700 Feng Kan <fkan@xxxxxxx> wrote: > > > > I don't know what that means, does the hardware support an equivalent > > to source validation or not? > > Yes, source validation is done through the smmu. The SMMU does a context lookup based on the bdf, but if the root port does not support SV, what is it that prevents the device from spoofing a different bdf? How does the smmu intercept this? Thanks, Alex > What's the response of the root port if > > the downstream device issues a transaction spoofing devices not within > > the bus number ranges of the bridge? > HW guys informs me there is way to disable transactions between root port. > I will confirm later. > > > > >> Alex, the goal here is to enable virtualization to work correctly. > >> Please let me know if the > >> above is sufficient. Much thanks. > > > > Of course, but that means that the hardware vendor is vouching that > > this device provides the equivalent isolation for each of the missing > > components of ACS. Claiming to have isolation capabilities that don't > > exist would be irresponsible and put users of that hardware at risk. > Agreed, I believe we do have isolation in our case based on the conference > we had today. > > > Thanks, > > > > Alex
