diff options
| author | George Dunlap <george.dunlap@eu.citrix.com> | 2012-04-04 16:06:42 +0100 |
|---|---|---|
| committer | George Dunlap <george.dunlap@eu.citrix.com> | 2012-04-04 16:06:42 +0100 |
| commit | abda66fdb0eaa1b7ec33e97e3e0e375f948dc651 (patch) | |
| tree | b3bee62f8dc1249e0eaa239e657204de0baf0415 /docs/man | |
| parent | 543e95e992087a26e2e4e3a1a763ffc348bb6f30 (diff) | |
| download | xen-abda66fdb0eaa1b7ec33e97e3e0e375f948dc651.tar.gz xen-abda66fdb0eaa1b7ec33e97e3e0e375f948dc651.tar.bz2 xen-abda66fdb0eaa1b7ec33e97e3e0e375f948dc651.zip | |
xl, libxl: Add per-device and global permissive config options for pci passthrough
By default pciback only allows PV guests to write "known safe" values into
PCI config space. But many devices require writes to other areas of config
space in order to operate properly. One way to do that is with the "quirks"
interface, which specifies areas known safe to a particular device; the
other way is to mark a device as "permissive", which tells pciback to allow
all config space writes for that domain and device.
This adds a "permissive" flag to the libxl_pci struct and teaches libxl how
to write the appropriate value into sysfs to enable the permissive feature for
devices being passed through. It also adds the permissive config options either
on a per-device basis, or as a global option in the xl command-line.
Because of the potential stability and security implications of enabling
permissive, the flag is left off by default.
Signed-off-by: George Dunlap <george.dunlap@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'docs/man')
| -rw-r--r-- | docs/man/xl.cfg.pod.5 | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 index 9c54bc720c..e2cd2519ce 100644 --- a/docs/man/xl.cfg.pod.5 +++ b/docs/man/xl.cfg.pod.5 @@ -301,10 +301,31 @@ XXX XXX +=item B<permissive=BOOLEAN> + +(PV only) By default pciback only allows PV guests to write "known +safe" values into PCI config space. But many devices require writes +to other areas of config space in order to operate properly. This +tells the pciback driver to allow all writes to PCI config space of +this device by this domain. This option should be enabled with +caution: it gives the guest much more control over the device, which +may have security or stability implications. It is recommended to +enable this option only for trusted VMs under administrator control. + =back =back +=item B<pci_permissive=BOOLEAN> + +(PV only) Changes the default value of 'permissive' for all PCI +devices for this VM. This can still be overriden on a per-device +basis. This option should be enabled with caution: it gives the guest +much more control over the device, which may have security or +stability implications. It is recommended to enable this option only +for trusted VMs under administrator control. See the "pci=" section +for more information on the "permissive" flag. + =back =head2 Paravirtualised (PV) Guest Specific Options |