[vfio-users] How to spoof device (sub)class ID for passthrough devices?
Alex Williamson
alex.williamson at redhat.com
Mon Feb 11 16:12:37 UTC 2019
On Sun, 10 Feb 2019 20:01:47 +0100
Björn Ruytenberg <bjorn at bjornweb.nl> wrote:
> Hi Alex,
>
> Thanks for your quick response and the patch!
>
> I am looking into passing through a muxless GeForce GPU to a Windows guest.
>
> Having been through several resources, passing through muxed and desktop
> cards seems quite straightforward. Either no configuration is necessary,
> or exposing the (UEFI GOP) VBIOS through the ACPI _ROM method will do
> the trick. From what I gather, the latter will also work with the
> proprietary NVIDIA driver on Linux. However, on Windows guests, it will
> simply bail out with error 43.
>
> I have been doing some ACPI debugging on Windows (using windbg and QEMU,
> which is excellent for this :-)), and it looks like the NVIDIA driver
> does several _DSM calls instead. I'm not entirely sure what these
> methods do. One method contains a number of magic strings such as
> `NVIDIA Certified Optimus Ready Motherboard`, which presumably lets the
> driver verify it's not running in a VM.
>
> Rather than trying to (partially) replicate the ACPI table from the host
> in the guest, I figured it might be possible to trick the NVIDIA driver
> into detecting a muxed/desktop card. For this I'll need to:
>
> 1. Find a VBIOS with a UEFI GOP header from a non-muxless GPU, ideally
> one that is the same model (muxed/desktop) or similar (Quadro).
> 2. Spoof the PCI sub vendor and sub device id, or patch the VBIOS to
> have these match my own card.
> 3. Spoof the PCI device class, changing it from 0302 (3D controller,
> i.e. muxless card) to 0300 (VGA device).
>
> Now that your patch enables the last, I'll try and see if this works. If
> you are interested, I'd be happy to report back the results.
I'm certainly curious to see what you find, I imagine others are too.
When I looked at Optimus on a Thinkpad it looked like some of the _DSM
calls were hooking into SMI services, so they're beyond obfuscated.
Good luck! Thanks,
Alex
More information about the vfio-users
mailing list