Has anyone successfully passed through the Intel HDA device (1f:3) to a guest without exposing it to the LOM NIC (1f:6) that they carelessly left in the same IOMMU group?
And now the guest sees virtualized ACPI interfaces for battery, ac adapter and, most importantly, laptop lid.
@th, IIRC, I've ended up changing the power flag or the access, I don't remember exactly, and I've started using a dedicated USB hub on a new PCIe card for both v4l and snd.
P.S. And, of course, I've bought a couple of DIP packaged PICs with the intention of making a USB "firewall" one day. We need a way to lock down the "U" in USB.
@walter unfortunately on a laptop there is no where to install an extra PCIe card, so we're limited to what is on the mainboard chipset...
@th Oh? That looks like a curious find… What hardware platform are you running on?
@Kensan this is an X1 gen 8 CometLake, although I see the same PCIe topology on older Skylake systems as well.
Hacking the pcie_acs_override patch to ignore the test for non-PCIe devices seems create separate iommu groups for the Intel HDA Audio device and the Intel NIC, although at what cost to stability and security?