From 34c11725483beb45499f934c7e06e00b55f04ef4 Mon Sep 17 00:00:00 2001 From: George Dunlap Date: Tue, 26 Nov 2019 15:49:20 +0000 Subject: [PATCH] docs/xl: Document pci-assignable state Changesets 319f9a0ba9 ("passthrough: quarantine PCI devices") and ba2ab00bbb ("IOMMU: default to always quarantining PCI devices") introduced PCI device "quarantine" behavior, but did not document how the pci-assignable-add and -remove functions act in regard to this. Rectify this. Signed-off-by: George Dunlap Acked-by: Ian Jackson Acked-by: Wei Liu Reviewed-by: Paul Durrant Release-acked-by: Juergen Gross --- docs/man/xl.1.pod.in | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/docs/man/xl.1.pod.in b/docs/man/xl.1.pod.in index 2303b81e4f..d4b5e8e362 100644 --- a/docs/man/xl.1.pod.in +++ b/docs/man/xl.1.pod.in @@ -1589,10 +1589,12 @@ backend driver in domain 0 rather than a real driver. =item B I Make the device at PCI Bus/Device/Function BDF assignable to guests. -This will bind the device to the pciback driver. If it is already -bound to a driver, it will first be unbound, and the original driver -stored so that it can be re-bound to the same driver later if desired. -If the device is already bound, it will return success. +This will bind the device to the pciback driver and assign it to the +"quarantine domain". If it is already bound to a driver, it will +first be unbound, and the original driver stored so that it can be +re-bound to the same driver later if desired. If the device is +already bound, it will assign it to the quarantine domain and return +success. CAUTION: This will make the device unusable by Domain 0 until it is returned with pci-assignable-remove. Care should therefore be taken @@ -1602,11 +1604,22 @@ being used. =item B [I<-r>] I -Make the device at PCI Bus/Device/Function BDF not assignable to guests. This -will at least unbind the device from pciback. If the -r option is specified, -it will also attempt to re-bind the device to its original driver, making it -usable by Domain 0 again. If the device is not bound to pciback, it will -return success. +Make the device at PCI Bus/Device/Function BDF not assignable to +guests. This will at least unbind the device from pciback, and +re-assign it from the "quarantine domain" back to domain 0. If the -r +option is specified, it will also attempt to re-bind the device to its +original driver, making it usable by Domain 0 again. If the device is +not bound to pciback, it will return success. + +Note that this functionality will work even for devices which were not +made assignable by B. This can be used to allow +dom0 to access devices which were automatically quarantined by Xen +after domain destruction as a result of Xen's B +command-line default. + +As always, this should only be done if you trust the guest, or are +confident that the particular device you're re-assigning to dom0 will +cancel all in-flight DMA on FLR. =item B I I -- 2.39.5