[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.6] docs: xl.cfg: permissive option is not PV only.



commit e4a1dcbfaeb4aa30101b2c9befaca9d460713396
Author:     Ian Campbell <ian.campbell@xxxxxxxxxx>
AuthorDate: Tue Oct 6 09:42:35 2015 +0100
Commit:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
CommitDate: Thu Oct 22 16:03:10 2015 +0100

    docs: xl.cfg: permissive option is not PV only.
    
    Since XSA-131 qemu-xen has defaulted to non-permissive mode and the
    option was extended to cover that case in 015a373351e5 "tools: libxl:
    allow permissive qemu-upstream pci passthrough".
    
    Since I was rewrapping to adjust the text anyway I've split the safety
    warning into a separate paragraph to make it more obvious.
    
    Signed-off-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
    Cc: Eric <epretorious@xxxxxxxxx>
    Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx>
    (cherry picked from commit 7f25baba1c0942e50757f4ecb233202dbbc057b9)
---
 docs/man/xl.cfg.pod.5 |   24 +++++++++++++-----------
 1 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
index d422924..d20cdef 100644
--- a/docs/man/xl.cfg.pod.5
+++ b/docs/man/xl.cfg.pod.5
@@ -741,14 +741,17 @@ Possible B<KEY>s are:
 
 =item B<permissive=BOOLEAN>
 
-(PV only) By default pciback only allows PV guests to write "known
-safe" values into PCI config space.  But many devices require writes
-to other areas of config space in order to operate properly.  This
-tells the pciback driver to allow all writes to PCI config space of
-this device by this domain.  This option should be enabled with
-caution: it gives the guest much more control over the device, which
-may have security or stability implications.  It is recommended to
-enable this option only for trusted VMs under administrator control.
+By default pciback only allows PV guests to write "known safe" values
+into PCI config space, likewise QEMU (both qemu-xen and
+qemu-traditional) imposes the same contraint on HVM guests. However
+many devices require writes to other areas of config space in order to
+operate properly.  This option tells the backend (pciback or QEMU) to
+allow all writes to PCI config space of this device by this domain.
+
+This option should be enabled with caution: it gives the guest much
+more control over the device, which may have security or stability
+implications.  It is recommended to enable this option only for
+trusted VMs under administrator control.
 
 =item B<msitranslate=BOOLEAN>
 
@@ -787,9 +790,8 @@ Note this would override global B<rdm> option.
 
 =item B<pci_permissive=BOOLEAN>
 
-(PV only) Changes the default value of 'permissive' for all PCI
-devices passed through to this VM. See L<permissive|/"permissive_boolean">
-above.
+Changes the default value of 'permissive' for all PCI devices passed
+through to this VM. See L<permissive|/"permissive_boolean"> above.
 
 =item B<pci_msitranslate=BOOLEAN>
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.