From: Ian Campbell <ian.campbell@citrix.com>
Date: Tue, 6 Oct 2015 08:42:35 +0000 (+0100)
Subject: docs: xl.cfg: permissive option is not PV only.
X-Git-Tag: 4.7.0-rc1~1261
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=7f25baba1c0942e50757f4ecb233202dbbc057b9;p=xen.git

docs: xl.cfg: permissive option is not PV only.

Since XSA-131 qemu-xen has defaulted to non-permissive mode and the
option was extended to cover that case in 015a373351e5 "tools: libxl:
allow permissive qemu-upstream pci passthrough".

Since I was rewrapping to adjust the text anyway I've split the safety
warning into a separate paragraph to make it more obvious.

Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Eric <epretorious@yahoo.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
---

diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
index f8fa48f7aa..b63846a6a6 100644
--- a/docs/man/xl.cfg.pod.5
+++ b/docs/man/xl.cfg.pod.5
@@ -752,14 +752,17 @@ Possible B<KEY>s are:
 
 =item B<permissive=BOOLEAN>
 
-(PV only) By default pciback only allows PV guests to write "known
-safe" values into PCI config space.  But many devices require writes
-to other areas of config space in order to operate properly.  This
-tells the pciback driver to allow all writes to PCI config space of
-this device by this domain.  This option should be enabled with
-caution: it gives the guest much more control over the device, which
-may have security or stability implications.  It is recommended to
-enable this option only for trusted VMs under administrator control.
+By default pciback only allows PV guests to write "known safe" values
+into PCI config space, likewise QEMU (both qemu-xen and
+qemu-traditional) imposes the same contraint on HVM guests. However
+many devices require writes to other areas of config space in order to
+operate properly.  This option tells the backend (pciback or QEMU) to
+allow all writes to PCI config space of this device by this domain.
+
+This option should be enabled with caution: it gives the guest much
+more control over the device, which may have security or stability
+implications.  It is recommended to enable this option only for
+trusted VMs under administrator control.
 
 =item B<msitranslate=BOOLEAN>
 
@@ -798,9 +801,8 @@ Note this would override global B<rdm> option.
 
 =item B<pci_permissive=BOOLEAN>
 
-(PV only) Changes the default value of 'permissive' for all PCI
-devices passed through to this VM. See L<permissive|/"permissive_boolean">
-above.
+Changes the default value of 'permissive' for all PCI devices passed
+through to this VM. See L<permissive|/"permissive_boolean"> above.
 
 =item B<pci_msitranslate=BOOLEAN>