From: Ian Campbell <ian.campbell@citrix.com>
To: ian.jackson@eu.citrix.com, wei.liu2@citrix.com, xen-devel@lists.xen.org
Cc: Eric <epretorious@yahoo.com>, Ian Campbell <ian.campbell@citrix.com>
Subject: [PATCH] docs: xl.cfg: permissive option is not PV only.
Date: Tue, 6 Oct 2015 09:42:35 +0100 [thread overview]
Message-ID: <1444120955-20825-1-git-send-email-ian.campbell@citrix.com> (raw)
Since XSA-131 qemu-xen has defaulted to non-permissive mode and the
option was extended to cover that case in 015a373351e5 "tools: libxl:
allow permissive qemu-upstream pci passthrough".
Since I was rewrapping to adjust the text anyway I've split the safety
warning into a separate paragraph to make it more obvious.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Eric <epretorious@yahoo.com>
---
docs/man/xl.cfg.pod.5 | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
index f8fa48f..b63846a 100644
--- a/docs/man/xl.cfg.pod.5
+++ b/docs/man/xl.cfg.pod.5
@@ -752,14 +752,17 @@ Possible B<KEY>s are:
=item B<permissive=BOOLEAN>
-(PV only) By default pciback only allows PV guests to write "known
-safe" values into PCI config space. But many devices require writes
-to other areas of config space in order to operate properly. This
-tells the pciback driver to allow all writes to PCI config space of
-this device by this domain. This option should be enabled with
-caution: it gives the guest much more control over the device, which
-may have security or stability implications. It is recommended to
-enable this option only for trusted VMs under administrator control.
+By default pciback only allows PV guests to write "known safe" values
+into PCI config space, likewise QEMU (both qemu-xen and
+qemu-traditional) imposes the same contraint on HVM guests. However
+many devices require writes to other areas of config space in order to
+operate properly. This option tells the backend (pciback or QEMU) to
+allow all writes to PCI config space of this device by this domain.
+
+This option should be enabled with caution: it gives the guest much
+more control over the device, which may have security or stability
+implications. It is recommended to enable this option only for
+trusted VMs under administrator control.
=item B<msitranslate=BOOLEAN>
@@ -798,9 +801,8 @@ Note this would override global B<rdm> option.
=item B<pci_permissive=BOOLEAN>
-(PV only) Changes the default value of 'permissive' for all PCI
-devices passed through to this VM. See L<permissive|/"permissive_boolean">
-above.
+Changes the default value of 'permissive' for all PCI devices passed
+through to this VM. See L<permissive|/"permissive_boolean"> above.
=item B<pci_msitranslate=BOOLEAN>
--
2.1.4
next reply other threads:[~2015-10-06 8:42 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-06 8:42 Ian Campbell [this message]
2015-10-06 8:52 ` [PATCH] docs: xl.cfg: permissive option is not PV only Wei Liu
2015-10-07 11:52 ` Ian Campbell
2015-06-02 15:08 ` [PATCH 0/11] Xen PCI Passthrough security fixes Stefano Stabellini
2015-06-02 15:10 ` [PATCH 01/11] xen: properly gate host writes of modified PCI CFG contents Stefano Stabellini
2015-06-02 15:10 ` [PATCH 02/11] xen: don't allow guest to control MSI mask register Stefano Stabellini
2015-06-02 15:10 ` [PATCH 03/11] xen/MSI-X: limit error messages Stefano Stabellini
2015-06-02 15:10 ` [PATCH 04/11] xen/MSI: don't open-code pass-through of enable bit modifications Stefano Stabellini
2015-06-02 15:10 ` [PATCH 05/11] xen/pt: consolidate PM capability emu_mask Stefano Stabellini
2015-06-02 15:10 ` [PATCH 06/11] xen/pt: correctly handle PM status bit Stefano Stabellini
2015-06-02 15:10 ` [PATCH 07/11] xen/pt: split out calculation of throughable mask in PCI config space handling Stefano Stabellini
2015-06-02 15:10 ` [PATCH 08/11] xen/pt: mark all PCIe capability bits read-only Stefano Stabellini
2015-06-02 15:10 ` [PATCH 09/11] xen/pt: mark reserved bits in PCI config space fields Stefano Stabellini
2015-06-02 15:10 ` [PATCH 10/11] xen/pt: add a few PCI config space field descriptions Stefano Stabellini
2015-06-02 15:10 ` [PATCH 11/11] xen/pt: unknown PCI config space fields should be read-only Stefano Stabellini
2015-06-02 15:32 ` [PATCH 0/11] Xen PCI Passthrough security fixes Stefano Stabellini
2015-06-02 15:51 ` Peter Maydell
2015-06-02 15:47 ` Ian Campbell
2015-06-17 12:38 ` [Xen-devel] " Ian Campbell
2015-06-17 13:52 ` Stefano Stabellini
2015-06-17 13:54 ` Ian Campbell
2015-07-03 14:49 ` [PATCH] tools: libxl: allow permissive qemu-upstream pci passthrough Ian Campbell
2015-07-06 12:20 ` George Dunlap
2015-07-06 12:59 ` Anthony PERARD
2015-07-07 13:40 ` Wei Liu
2015-07-07 15:41 ` Ian Campbell
2015-10-06 8:36 ` Ian Campbell
2015-10-06 13:07 ` Stefano Stabellini
2015-10-06 15:18 ` Ian Jackson
2015-10-20 17:09 ` [PATCH] tools: libxl: allow permissive qemu-upstream pci passthrough. [and 1 more messages] Ian Jackson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1444120955-20825-1-git-send-email-ian.campbell@citrix.com \
--to=ian.campbell@citrix.com \
--cc=epretorious@yahoo.com \
--cc=ian.jackson@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).