Xen project Mailing List

[Xen-devel] [PATCH] docs: xl.cfg: permissive option is not PV only.

To: <ian.jackson@xxxxxxxxxxxxx>, <wei.liu2@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxx>

From: Ian Campbell <ian.campbell@xxxxxxxxxx>

Date: Tue, 6 Oct 2015 09:42:35 +0100

Cc: Eric <epretorious@xxxxxxxxx>, Ian Campbell <ian.campbell@xxxxxxxxxx>

Delivery-date: Tue, 06 Oct 2015 08:43:21 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Since XSA-131 qemu-xen has defaulted to non-permissive mode and the option was extended to cover that case in 015a373351e5 "tools: libxl: allow permissive qemu-upstream pci passthrough". Since I was rewrapping to adjust the text anyway I've split the safety warning into a separate paragraph to make it more obvious. Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Cc: Eric <epretorious@xxxxxxxxx> --- docs/man/xl.cfg.pod.5 | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 index f8fa48f..b63846a 100644 --- a/docs/man/xl.cfg.pod.5 +++ b/docs/man/xl.cfg.pod.5 @@ -752,14 +752,17 @@ Possible B<KEY>s are: =item B<permissive=BOOLEAN> -(PV only) By default pciback only allows PV guests to write "known -safe" values into PCI config space. But many devices require writes -to other areas of config space in order to operate properly. This -tells the pciback driver to allow all writes to PCI config space of -this device by this domain. This option should be enabled with -caution: it gives the guest much more control over the device, which -may have security or stability implications. It is recommended to -enable this option only for trusted VMs under administrator control. +By default pciback only allows PV guests to write "known safe" values +into PCI config space, likewise QEMU (both qemu-xen and +qemu-traditional) imposes the same contraint on HVM guests. However +many devices require writes to other areas of config space in order to +operate properly. This option tells the backend (pciback or QEMU) to +allow all writes to PCI config space of this device by this domain. + +This option should be enabled with caution: it gives the guest much +more control over the device, which may have security or stability +implications. It is recommended to enable this option only for +trusted VMs under administrator control. =item B<msitranslate=BOOLEAN> @@ -798,9 +801,8 @@ Note this would override global B<rdm> option. =item B<pci_permissive=BOOLEAN> -(PV only) Changes the default value of 'permissive' for all PCI -devices passed through to this VM. See L<permissive|/"permissive_boolean"> -above. +Changes the default value of 'permissive' for all PCI devices passed +through to this VM. See L<permissive|/"permissive_boolean"> above. =item B<pci_msitranslate=BOOLEAN> -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.