-
Jan Beulich authoredXSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment, and libvirt uses its own ways as well. Hosts where these alternate methods are used will still leave the system in a vulnerable state after the device comes back from a guest. Default to always quarantining PCI devices, but provide a command line option to revert back to prior behavior (such that people who both sufficiently trust their guests and want to be able to use devices in Dom0 again after they had been in use by a guest wouldn't need to "manually" move such devices back from DomIO to Dom0). This is XSA-306. Reported-by:
Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Wei Liu <wl@xen.org>ba2ab00b