Xen project Mailing List

[Xen-devel] [PATCH v2 2/2] xl: dm_restrict: Document that it does not work with PV

From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

Date: Thu, 12 Oct 2017 13:04:41 +0100

Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Thu, 12 Oct 2017 12:05:09 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx> Reported-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Acked-by: Wei Liu <wei.liu2@xxxxxxxxxx> --- docs/man/xl.cfg.pod.5.in | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/man/xl.cfg.pod.5.in b/docs/man/xl.cfg.pod.5.in index 9b27233..b7b91d8 100644 --- a/docs/man/xl.cfg.pod.5.in +++ b/docs/man/xl.cfg.pod.5.in @@ -1270,7 +1270,7 @@ connectors=id0:1920x1080;id1:800x600;id2:640x480 =item B<dm_restrict=BOOLEAN> -Restrict the HVM device model after startup, +Restrict the device model after startup, to limit the consequencese of security vulnerabilities in qemu. With this feature enabled, @@ -1285,6 +1285,11 @@ There are some significant limitations: =item +This is not likely to work at all for PV guests +nor guests using qdisk backends for their block devices. + +=item + You must have a new enough qemu. In particular, if your qemu does not have the commit -- 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.