-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sun, Apr 26, 2015 at 11:11:45PM +0200, Fabian Wloch wrote:
>
> >This is a "feature"... Toolstack used in Qubes R2 ignore any errors
> >during reset of PCI device (either during device assignment to VM, or
> >cleanup). In R3 we use libvirt, which does not ignore such errors. And
> >it isn't configurable there.
> >I'm working on some workaround for that, but the default is correct -
> >assigning to VM a PCI device which does not support reset isn't safe and
> >shouldn't be done.
>
> Why exactly isnt it safe?
> I mean, i dont really know what (for example) the FLR does (technically),
> but as far as i can imagine it "resets" the Device after releasing it from a
> VM, so another VM can use it.
> But since i use Qubes, i never unattached the USB-Controller from that vm,
> nor i shut the usbvm down/the usbvm crashed.
> So this is at least safer than not using a usbvm at all, right?
Theoretically if the device isn't properly reset, it can compromise the
next VM you assign the device to.
In case of UsbVM in practice it shouldn't be a problem, because - as
you've said - you never detach the USB controller from UsbVM. But
libvirt does not know that.
Using UsbVM, even without proper PCI reset, is much safer than leaving
that USB controller in dom0.
> Beside that - so i simply dont use usb hardware till this is fixed. Luckily
> i dont do this very often anyways..
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVPWBQAAoJENuP0xzK19csrDkH/jHPb2QCYvR5yS47JWgkvMt5
jYNHMWhj5/AF/lLYBDOfNMbLM+HHJ+XR32H5CLp5GTsr47NVwQWVIbTrqylq+Jh7
q3g58pC4D5pOcil1MdGmP9pWdwzgces/aKQIw3AAfAwVSRlx+iFnGicK/z0nc79c
fH+JGAMlfjiE7NXjYy9wz17hbziwABDXZ78SJgAiWmyUEEl0HIJ3kK9n0BHEAC2p
O19fvrOuGDlALEQXsF9dn3o7Od0hv7WoZoK9PiOBRJ+e//Q4iKNXviduvL2rQERe
OdGhd3qioUGu9k+4qg2vOyrh+Y3e0D09KjUlOKeEPGnia7iSCs+F0fZkmvlX3VE=
=15+F
-----END PGP SIGNATURE-----