|
|
S-292: xen Security and Bug Fix Update
|
|
PCIBACK(4) BSD/xen Kernel Interfaces Manual PCIBACK(4) NAME
pciback -- Xen backend paravirtualized PCI pass-through driver SYNOPSIS
pciback* at pci? DESCRIPTION
The pciback driver is the backend part of the PCI pass-through functionality that can be used by the Xen dom0 to export pci(4) devices to a guest domain. To export a PCI device to a guest domain, the device has to be attached to pciback in the dom0. When the guest domain is NetBSD, the device attached to the pciback driver will attach to a xpci(4) bus inside the guest domain. EXAMPLES
To attach a device to the pciback driver, follow these steps: 1. look for the device PCI ID, via pcictl(8). 2. edit boot.cfg(5) and add the PCI ID to the list of PCI IDs that you want to attach to pciback, in bus:device.function notation. The list is passed to dom0 module via the pciback.hide parameter: pciback.hide=(bus:dev.fun)(bus:dev.func)(...) See also boot(8). 3. reboot dom0. 4. add the PCI ID to the list of PCI devices in the domain configuration file: pci = ['bus:dev.fun', '...'] 5. start the guest domain. SEE ALSO
pci(4), xpci(4), boot(8), pcictl(8) HISTORY
The pciback driver first appeared in NetBSD 5.1. AUTHORS
The pciback driver was written by Manuel Bouyer <bouyer@NetBSD.org>. CAVEATS
Currently, to attach a device to the pciback backend, this procedure has to be performed at boot(8) time. In the future, it will be possible to do it without requiring a dom0 reboot. SECURITY CONSIDERATIONS
As PCI passthrough offers the possibility for guest domains to send arbitrary PCI commands to a physical device, this has direct impact on the overall stability and security of the system. For example, in case of erroneous or malicious commands, the device could overwrite physi- cal memory portions, via DMA. BSD
January 8, 2011 BSD
