Signed-off-by: George Dunlap <george.dun...@citrix.com> --- Changes since v2: - Separate PV and HVM passthrough (excluding PVH by implication) - + not compatible with PoD - 'will be' -> 'are'
NB that we don't seem to have the referenced file yet; left as a reference. CC: Ian Jackson <ian.jack...@citrix.com> CC: Wei Liu <wei.l...@citrix.com> CC: Andrew Cooper <andrew.coop...@citrix.com> CC: Jan Beulich <jbeul...@suse.com> CC: Stefano Stabellini <sstabell...@kernel.org> CC: Konrad Wilk <konrad.w...@oracle.com> CC: Tim Deegan <t...@xen.org> CC: Rich Persaud <pers...@gmail.com> CC: Marek Marczykowski-Górecki <marma...@invisiblethingslab.com> CC: Christopher Clark <christopher.w.cl...@gmail.com> CC: James McKenzie <james.mcken...@bromium.com> --- SUPPORT.md | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/SUPPORT.md b/SUPPORT.md index 63f6a6d127..c8fec4daa8 100644 --- a/SUPPORT.md +++ b/SUPPORT.md @@ -486,9 +486,23 @@ but has no xl support. ## Security +### Driver Domains + + Status: Supported, with caveats + +"Driver domains" means allowing non-Domain 0 domains +with access to physical devices to act as back-ends. + +See the appropriate "Device Passthrough" section +for more information about security support. + ### Device Model Stub Domains - Status: Supported + Status: Supported, with caveats + +Vulnerabilities of a device model stub domain +to a hostile driver domain (either compromised or untrusted) +are excluded from security support. ### KCONFIG Expert @@ -559,6 +573,26 @@ Virtual Performance Management Unit for HVM guests Disabled by default (enable with hypervisor command line option). This feature is not security supported: see http://xenbits.xen.org/xsa/advisory-163.html +### x86/PCI Device Passthrough + + Status, x86 PV: Supported, with caveats + Status, x86 HVM: Supported, with caveats + +Only systems using IOMMUs are supported. + +Not compatible with migration, populate-on-demand, altp2m, +introspection, memory sharing, or memory paging. + +Because of hardware limitations +(affecting any operating system or hypervisor), +it is generally not safe to use this feature +to expose a physical device to completely untrusted guests. +However, this feature can still confer significant security benefit +when used to remove drivers and backends from domain 0 +(i.e., Driver Domains). + +XXX See docs/PCI-IOMMU-bugs.txt for more information. + ### ARM/Non-PCI device passthrough Status: Supported, not security supported -- 2.15.0 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
