[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.5] docs: xl.cfg: permissive option is not PV only.
commit 80e9f5624f9d1ef2e7bbd9b9b185e96b45e1bb17 Author: Ian Campbell <ian.campbell@xxxxxxxxxx> AuthorDate: Tue Oct 6 09:42:35 2015 +0100 Commit: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> CommitDate: Tue Oct 20 17:57:09 2015 +0100 docs: xl.cfg: permissive option is not PV only. Since XSA-131 qemu-xen has defaulted to non-permissive mode and the option was extended to cover that case in 015a373351e5 "tools: libxl: allow permissive qemu-upstream pci passthrough". Since I was rewrapping to adjust the text anyway I've split the safety warning into a separate paragraph to make it more obvious. Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx> Cc: Eric <epretorious@xxxxxxxxx> Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> (cherry picked from commit 7f25baba1c0942e50757f4ecb233202dbbc057b9) --- docs/man/xl.cfg.pod.5 | 24 +++++++++++++----------- 1 files changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 index 622ea53..620acef 100644 --- a/docs/man/xl.cfg.pod.5 +++ b/docs/man/xl.cfg.pod.5 @@ -613,14 +613,17 @@ Possible B<KEY>s are: =item B<permissive=BOOLEAN> -(PV only) By default pciback only allows PV guests to write "known -safe" values into PCI config space. But many devices require writes -to other areas of config space in order to operate properly. This -tells the pciback driver to allow all writes to PCI config space of -this device by this domain. This option should be enabled with -caution: it gives the guest much more control over the device, which -may have security or stability implications. It is recommended to -enable this option only for trusted VMs under administrator control. +By default pciback only allows PV guests to write "known safe" values +into PCI config space, likewise QEMU (both qemu-xen and +qemu-traditional) imposes the same contraint on HVM guests. However +many devices require writes to other areas of config space in order to +operate properly. This option tells the backend (pciback or QEMU) to +allow all writes to PCI config space of this device by this domain. + +This option should be enabled with caution: it gives the guest much +more control over the device, which may have security or stability +implications. It is recommended to enable this option only for +trusted VMs under administrator control. =item B<msitranslate=BOOLEAN> @@ -651,9 +654,8 @@ default. =item B<pci_permissive=BOOLEAN> -(PV only) Changes the default value of 'permissive' for all PCI -devices passed through to this VM. See L<permissive|/"permissive_boolean"> -above. +Changes the default value of 'permissive' for all PCI devices passed +through to this VM. See L<permissive|/"permissive_boolean"> above. =item B<pci_msitranslate=BOOLEAN> -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.5 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxx http://lists.xensource.com/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |