On Mon, Apr 28, 2025 at 02:25:58PM -0600, Alex Williamson wrote: > PCI config space is a slow path, it's already trapped, and it's > theoretically architected that we could restrict and audit much of it, > though some devices do rely on access to unarchitected config space. > But even within the architected space there are device specific > capabilities with undocumented protocols, exposing unknown features of > devices. Does this incrementally make things better in general, or is > this largely masking a poorly behaved device/system? I think there would be merit in having a qemu option to secure the config space. We talked about this before about presenting a perscribed virtualized config space. But we still have the issue that userpace with access to VFIO could crash the machine, on these uncontained platforms, which is not great. It would be nice if the kernel could discover this, but it doesn't seem possible. There is so much in the SOC design and FW implementation that has to be done correctly for errors to be properly containable. Jason
