diff mbox series

[2/2] sd: disable sdhci-pci device by default

Message ID 20200520152450.200362-3-ppandit@redhat.com (mailing list archive)
State New, archived
Headers show
Series avoid OOB access in SD card emulator | expand

Commit Message

Prasad Pandit May 20, 2020, 3:24 p.m. UTC
From: Prasad J Pandit <pjp@fedoraproject.org>

Disable rarely used sdhci-pci device build by default.

Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
---
 hw/sd/Kconfig | 1 -
 1 file changed, 1 deletion(-)

Comments

Peter Maydell May 20, 2020, 3:39 p.m. UTC | #1
On Wed, 20 May 2020 at 16:28, P J P <ppandit@redhat.com> wrote:
>
> From: Prasad J Pandit <pjp@fedoraproject.org>
>
> Disable rarely used sdhci-pci device build by default.
>
> Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> ---

Doesn't this break existing working command lines? The
device exists, some people use it. We should treat it like
other PCI devices -- if the guest arch/machine can handle
PCI the device should be built.

There's obviously scope for being more general and allowing
some kind of "only build the subset of devices we feel
more confident abut the security of" setup (don't RH do
something like this downstream?), but upstream we don't
have a concept like that, we just build everything.

thanks
-- PMM
Philippe Mathieu-Daudé May 20, 2020, 4:33 p.m. UTC | #2
+Kevin, Paolo, Emanuele

On 5/20/20 5:39 PM, Peter Maydell wrote:
> On Wed, 20 May 2020 at 16:28, P J P <ppandit@redhat.com> wrote:
>>
>> From: Prasad J Pandit <pjp@fedoraproject.org>
>>
>> Disable rarely used sdhci-pci device build by default.
>>
>> Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
>> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
>> ---
> 
> Doesn't this break existing working command lines? The
> device exists, some people use it. We should treat it like
> other PCI devices -- if the guest arch/machine can handle
> PCI the device should be built.

Prasad, I once tried to remove it, and Kevin said he was using it:

https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg02765.html

   I do find qemu's PCI SDHCI support useful for testing.
   SeaBIOS can launch an OS from PCI SDHCI (qemu-system-x86_64
   -device sdhci-pci -device sd-card,drive=drive0 -drive
   id=drive0,if=none,file=dos-drivec) and linux has drivers for
   it as well.  A number of the Chromebooks ship with PCI SDHCI
   devices on them, so it's not an unheard of configuration.

> 
> There's obviously scope for being more general and allowing
> some kind of "only build the subset of devices we feel
> more confident abut the security of" setup (don't RH do
> something like this downstream?), but upstream we don't
> have a concept like that, we just build everything.

Prasad, again back at that time I tried to remove this (as the device 
appears unused) Paolo told me after asking explanation for his comment 
"PCI devices can be created with -device, they don't have to be added by
boards." [*] - I guess it was on IRC - to check commit 224d10ff5ae, this 
device was added with RH PCI ID because it was useful for testing:

static void sdhci_pci_class_init(ObjectClass *klass, void *data)
{
     DeviceClass *dc = DEVICE_CLASS(klass);
     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);

     k->init = sdhci_pci_init;
     k->exit = sdhci_pci_exit;
     k->vendor_id = PCI_VENDOR_ID_REDHAT;
     k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI;
     k->class_id = PCI_CLASS_SYSTEM_SDHCI;
     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
     ...

This device is also nicely used as example for the qgraph testing (see 
tests/test-qgraph.c added in fc281c80202).

[*] https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg02819.html

Peter, indeed the Kconfig was added to allow distributions to disable 
piece of code, and we want to keep this device in mainstream QEMU.
Distributions are free to disable it setting SDHCI_PCI=n

So to this patch:

Nack.

> 
> thanks
> -- PMM
>
Daniel P. Berrangé May 20, 2020, 4:38 p.m. UTC | #3
On Wed, May 20, 2020 at 04:39:45PM +0100, Peter Maydell wrote:
> On Wed, 20 May 2020 at 16:28, P J P <ppandit@redhat.com> wrote:
> >
> > From: Prasad J Pandit <pjp@fedoraproject.org>
> >
> > Disable rarely used sdhci-pci device build by default.
> >
> > Suggested-by: Stefan Hajnoczi <stefanha@redhat.com>
> > Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
> > ---
> 
> Doesn't this break existing working command lines? The
> device exists, some people use it. We should treat it like
> other PCI devices -- if the guest arch/machine can handle
> PCI the device should be built.
> 
> There's obviously scope for being more general and allowing
> some kind of "only build the subset of devices we feel
> more confident abut the security of" setup (don't RH do
> something like this downstream?), but upstream we don't
> have a concept like that, we just build everything.

Yeah, disabling undesired devices is really a job for downstream and Red
Hat do indeed do this in RHEL builds of QEMU.

What's missing from an upstream side I think is largely a documentation
issue. ie a way to actually tell our users the good, bad & the ugly
for QEMU features, so they can make informed decision to disable stuff
if they wish.

Regards,
Daniel
Prasad Pandit May 21, 2020, 10:08 a.m. UTC | #4
+-- On Wed, 20 May 2020, Philippe Mathieu-Daudé wrote --+
| Prasad, I once tried to remove it, and Kevin said he was using it:
| 
| https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg02765.html
| 
|   I do find qemu's PCI SDHCI support useful for testing.
|   SeaBIOS can launch an OS from PCI SDHCI (qemu-system-x86_64
|   -device sdhci-pci -device sd-card,drive=drive0 -drive
|   id=drive0,if=none,file=dos-drivec) and linux has drivers for
|   it as well.  A number of the Chromebooks ship with PCI SDHCI
|   devices on them, so it's not an unheard of configuration.
| 
| Prasad, again back at that time I tried to remove this (as the device appears
| unused) Paolo told me after asking explanation for his comment "PCI devices
| can be created with -device, they don't have to be added by
| boards." [*] - I guess it was on IRC - to check commit 224d10ff5ae, this
| device was added with RH PCI ID because it was useful for testing:
| 
|     ...
| 
| This device is also nicely used as example for the qgraph testing (see
| tests/test-qgraph.c added in fc281c80202).
| 
| [*] https://lists.nongnu.org/archive/html/qemu-devel/2017-12/msg02819.html
| 
| Peter, indeed the Kconfig was added to allow distributions to disable piece of
| code, and we want to keep this device in mainstream QEMU.
| Distributions are free to disable it setting SDHCI_PCI=n
| 
| So to this patch:
| 
| Nack.

Right, okay. (I half expected it ;)

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
diff mbox series

Patch

diff --git a/hw/sd/Kconfig b/hw/sd/Kconfig
index c5e1e5581c..93dea61285 100644
--- a/hw/sd/Kconfig
+++ b/hw/sd/Kconfig
@@ -16,6 +16,5 @@  config SDHCI
 
 config SDHCI_PCI
     bool
-    default y if PCI_DEVICES
     depends on PCI
     select SDHCI