NetVM + sys-usb HVMs not isolating pci devices (maybe?)

I deselected all passthrough hardware devices for the netVM HVM in Qube Manager yet many hardware devices are detected when I run lspci and lsusb.

If I passthrough just my network card as per usual in Qube Manager I get the same list of unexpected devices with lspci and lsusb.

Sys-usb behaves in a similar way, listing usb controllers plus unexpected additional hardware.

Switching to PV mode on the same VMs produces the expected output listing only the devices selected for passthrough in Qube Manager.

I tested on different machines and get the same result. I noticed also that the unexpected hardware listed is the same on different machines.

Not to fear, this is expected operation when the VM operates in HVM mode.

In HVM mode, Qubes/Xen simulates the hardware that a PC usually has because the purpose of HVM mode is to enable operation of an operating system that is not virtualization-aware.

In PV mode, the installed operating system is virtualization-aware, and communicates directly with the Xen hypervisor for PCI passthrough.

As an example, run lspci -v|grep Subsystem: in your HVM qube without any PCI passthrough and compare that to the same command run in dom0.

In your HVM qube, you’ll likely see “Red Hat, Qemu virtual machine” for those PCI devices whose presence confused you.

In dom0, you’ll likely see the manufacturer of your computer.

Also if you look closer, in the HVM lspci output, those first devices indicate the chipset that would be found on the motherboard - Intel 440FX. This chipset was available back in the Pentium days in the 90s; I doubt any modern computer has this chipset.

Another giveaway would be that you’d see Intel in the HVM qube even if your computer was an AMD cpu. So, what you are seeing here are simulated devices from qemu which allows the OS inside the HVM to believe it’s running on “bare metal”.

Thanks heaps.