On Mon, Nov 13, 2017 at 03:41:24PM +0000, George Dunlap wrote: > Signed-off-by: George Dunlap <george.dun...@citrix.com> > --- > CC: Ian Jackson <ian.jack...@citrix.com> > CC: Wei Liu <wei.l...@citrix.com> > CC: Andrew Cooper <andrew.coop...@citrix.com> > CC: Jan Beulich <jbeul...@suse.com> > CC: Stefano Stabellini <sstabell...@kernel.org> > CC: Konrad Wilk <konrad.w...@oracle.com> > CC: Tim Deegan <t...@xen.org> > CC: Rich Persaud <pers...@gmail.com> > CC: Marek Marczykowski-Górecki <marma...@invisiblethingslab.com> > CC: Christopher Clark <christopher.w.cl...@gmail.com> > CC: James McKenzie <james.mcken...@bromium.com> > --- > SUPPORT.md | 33 ++++++++++++++++++++++++++++++++- > 1 file changed, 32 insertions(+), 1 deletion(-) > > diff --git a/SUPPORT.md b/SUPPORT.md > index 3e352198ce..a8388f3dc5 100644 > --- a/SUPPORT.md > +++ b/SUPPORT.md
(...) > @@ -522,6 +536,23 @@ Virtual Performance Management Unit for HVM guests > Disabled by default (enable with hypervisor command line option). > This feature is not security supported: see > http://xenbits.xen.org/xsa/advisory-163.html > > +### x86/PCI Device Passthrough > + > + Status: Supported, with caveats > + > +Only systems using IOMMUs will be supported. s/will be/are/ ? > + > +Not compatible with migration, altp2m, introspection, memory sharing, or > memory paging. > + > +Because of hardware limitations > +(affecting any operating system or hypervisor), > +it is generally not safe to use this feature > +to expose a physical device to completely untrusted guests. > +However, this feature can still confer significant security benefit > +when used to remove drivers and backends from domain 0 > +(i.e., Driver Domains). > +See docs/PCI-IOMMU-bugs.txt for more information. > + > ### ARM/Non-PCI device passthrough > > Status: Supported -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
signature.asc
Description: PGP signature
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
