From patchwork Wed Sep 8 23:20:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12481993 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31E67C433EF for ; Wed, 8 Sep 2021 23:20:48 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C59A6610E8 for ; Wed, 8 Sep 2021 23:20:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C59A6610E8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182405.329943 (Exim 4.92) (envelope-from ) id 1mO6ru-0005Hm-Ex; Wed, 08 Sep 2021 23:20:38 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182405.329943; Wed, 08 Sep 2021 23:20:38 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6ru-0005Hd-BZ; Wed, 08 Sep 2021 23:20:38 +0000 Received: by outflank-mailman (input) for mailman id 182405; Wed, 08 Sep 2021 23:20:37 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6rt-0005H5-57 for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:20:37 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [170.10.133.124]) by us1-rack-iad1.inumbo.com (Halon) with ESMTP id 29ae4109-0146-4d0d-9aab-02903dff8a94; Wed, 08 Sep 2021 23:20:36 +0000 (UTC) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-188-xr-uShr_OCCOqUsQg9aBEA-1; Wed, 08 Sep 2021 19:20:32 -0400 Received: by mail-wm1-f72.google.com with SMTP id h1-20020a05600c350100b002e751bf6733so27556wmq.8 for ; Wed, 08 Sep 2021 16:20:32 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id d24sm351621wmb.35.2021.09.08.16.20.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:30 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 29ae4109-0146-4d0d-9aab-02903dff8a94 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143235; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=24r6QApw3vBXmuZyf+4hmvAM+x9sjvcUeNKNebXV07M=; b=cHMSEsH74t2LvVloVlfq4EvD+YK4jqLIsSY4YFJusw8TgkB2ciE6ChM/g1pmYKdE0f9ZOJ XPBjIoKkp3S6WWLeZg8vBtc3kD6MGqMCDuJziJOhsqagrbrF1YyCwNW8JW8rlivQ5In0B6 LSsJq/esbeEV0randd9PzKnI4N0eeac= X-MC-Unique: xr-uShr_OCCOqUsQg9aBEA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=24r6QApw3vBXmuZyf+4hmvAM+x9sjvcUeNKNebXV07M=; b=OSEQ+1btCzwIP0Fjw06aUhpWT7CZ/JirzP7Qh7uRHA81iDx+/TKmGKriDqYzsIU3Qt 0QpPU6aL5Ceb0AFD2H7U3GG315dR29AZjzFvZlDb4G4wweNG95prTSd5nqwMFHCvpGdX OEceVtNGpKlh8VUdH8y0Ul1xHwmkQi1TxaMhGf03/a9BMS2WvpjTeHwjjUsS9Ao3AnTO DPCyQSdViIRS78NO+mbdtYjKdfsrGr0jplBiABg3nBLWH//w5p1kt4G6bZJkatONQYD4 dzFNmseoLFC4tclXtDcDK8CQHWcoTcNve/6hEIoGziRoazq+S5imVpqZpJpz3lHJExxm USXw== X-Gm-Message-State: AOAM533OX6TrTHtxLJU8dl6515fkYRDl0SSQ795hNvUAN8nD0pdiiKMJ RMOcjOb3p5nCgmS4XFuVYV46vOwhvCRkXsuaszn9eruDL9V8+hUObr4uuQ6kZvA74jskDRQqDTI G+aAlbPxWLMtK66MxyDzQmfsWQtM= X-Received: by 2002:a1c:a505:: with SMTP id o5mr581205wme.32.1631143231080; Wed, 08 Sep 2021 16:20:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxASJCusoNVcbOBdnL042tIJLhajKX+g6Wmf6M6mn99T6nfkEBgAxNrSyEjSzJ0g2TtZ/mq2Q== X-Received: by 2002:a1c:a505:: with SMTP id o5mr581183wme.32.1631143230848; Wed, 08 Sep 2021 16:20:30 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 01/10] sysemu: Introduce qemu_security_policy_taint() API Date: Thu, 9 Sep 2021 01:20:15 +0200 Message-Id: <20210908232024.2399215-2-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Introduce qemu_security_policy_taint() which allows unsafe (read "not very maintained") code to 'taint' QEMU security policy. The "security policy" is the @SecurityPolicy QAPI enum, composed of: - "none" (no policy, current behavior) - "warn" (display a warning when the policy is tainted, keep going) - "strict" (once tainted, exit QEMU before starting the VM) The qemu_security_policy_is_strict() helper is also provided, which will be proved useful once a VM is started (example we do not want to kill a running VM if an unsafe device is hot-added). Signed-off-by: Philippe Mathieu-Daudé --- qapi/run-state.json | 16 +++++++++++ include/qemu-common.h | 19 ++++++++++++ softmmu/vl.c | 67 +++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 17 +++++++++++ 4 files changed, 119 insertions(+) diff --git a/qapi/run-state.json b/qapi/run-state.json index 43d66d700fc..b15a107fa01 100644 --- a/qapi/run-state.json +++ b/qapi/run-state.json @@ -638,3 +638,19 @@ { 'struct': 'MemoryFailureFlags', 'data': { 'action-required': 'bool', 'recursive': 'bool'} } + +## +# @SecurityPolicy: +# +# An enumeration of the actions taken when the security policy is tainted. +# +# @none: do nothing. +# +# @warn: display a warning. +# +# @strict: prohibit QEMU to start a VM. +# +# Since: 6.2 +## +{ 'enum': 'SecurityPolicy', + 'data': [ 'none', 'warn', 'strict' ] } diff --git a/include/qemu-common.h b/include/qemu-common.h index 73bcf763ed8..bf0b054bb66 100644 --- a/include/qemu-common.h +++ b/include/qemu-common.h @@ -139,4 +139,23 @@ void page_size_init(void); * returned. */ bool dump_in_progress(void); +/** + * qemu_security_policy_taint: + * @tainting whether any security policy is tainted (compromised). + * @fmt: taint reason format string + * ...: list of arguments to interpolate into @fmt, like printf(). + * + * Allow unsafe code path to taint the global security policy. + * See #SecurityPolicy. + */ +void qemu_security_policy_taint(bool tainting, const char *fmt, ...) + GCC_FMT_ATTR(2, 3); + +/** + * qemu_security_policy_is_strict: + * + * Return %true if the global security policy is 'strict', %false otherwise. + */ +bool qemu_security_policy_is_strict(void); + #endif diff --git a/softmmu/vl.c b/softmmu/vl.c index 55ab70eb97f..92c05ac97ee 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -489,6 +489,20 @@ static QemuOptsList qemu_action_opts = { }, }; +static QemuOptsList qemu_security_policy_opts = { + .name = "security-policy", + .implied_opt_name = "policy", + .merge_lists = true, + .head = QTAILQ_HEAD_INITIALIZER(qemu_security_policy_opts.head), + .desc = { + { + .name = "policy", + .type = QEMU_OPT_STRING, + }, + { /* end of list */ } + }, +}; + const char *qemu_get_vm_name(void) { return qemu_name; @@ -600,6 +614,52 @@ static int cleanup_add_fd(void *opaque, QemuOpts *opts, Error **errp) } #endif +static SecurityPolicy security_policy = SECURITY_POLICY_NONE; + +bool qemu_security_policy_is_strict(void) +{ + return security_policy == SECURITY_POLICY_STRICT; +} + +static int select_security_policy(const char *p) +{ + int policy; + char *qapi_value; + + qapi_value = g_ascii_strdown(p, -1); + policy = qapi_enum_parse(&SecurityPolicy_lookup, qapi_value, -1, NULL); + g_free(qapi_value); + if (policy < 0) { + return -1; + } + security_policy = policy; + + return 0; +} + +void qemu_security_policy_taint(bool tainting, const char *fmt, ...) +{ + va_list ap; + g_autofree char *efmt = NULL; + + if (security_policy == SECURITY_POLICY_NONE || !tainting) { + return; + } + + va_start(ap, fmt); + if (security_policy == SECURITY_POLICY_STRICT) { + efmt = g_strdup_printf("%s taints QEMU security policy, exiting.", fmt); + error_vreport(efmt, ap); + exit(EXIT_FAILURE); + } else if (security_policy == SECURITY_POLICY_WARN) { + efmt = g_strdup_printf("%s taints QEMU security policy.", fmt); + warn_vreport(efmt, ap); + } else { + g_assert_not_reached(); + } + va_end(ap); +} + /***********************************************************/ /* QEMU Block devices */ @@ -2764,6 +2824,7 @@ void qemu_init(int argc, char **argv, char **envp) qemu_add_opts(&qemu_semihosting_config_opts); qemu_add_opts(&qemu_fw_cfg_opts); qemu_add_opts(&qemu_action_opts); + qemu_add_opts(&qemu_security_policy_opts); module_call_init(MODULE_INIT_OPTS); error_init(argv[0]); @@ -3230,6 +3291,12 @@ void qemu_init(int argc, char **argv, char **envp) exit(1); } break; + case QEMU_OPTION_security_policy: + if (select_security_policy(optarg) == -1) { + error_report("unknown -security-policy parameter"); + exit(1); + } + break; case QEMU_OPTION_parallel: add_device_config(DEV_PARALLEL, optarg); default_parallel = 0; diff --git a/qemu-options.hx b/qemu-options.hx index 8f603cc7e65..d9939f7ae1d 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4298,6 +4298,23 @@ SRST ERST +DEF("security-policy", HAS_ARG, QEMU_OPTION_security_policy, \ + "-security-policy none|warn|strict\n" \ + " action when security policy is tainted [default=none]\n", + QEMU_ARCH_ALL) +SRST +``-security-policy policy`` + The policy controls what QEMU will do when an unsecure feature is + used, tainting the process security. The default is ``none`` (do + nothing). Other possible actions are: ``warn`` (display a warning + and keep going) or ``strict`` (exits QEMU before launching a VM). + + Examples: + + ``-security-policy warn``; \ ``-security-policy strict`` + +ERST + DEF("echr", HAS_ARG, QEMU_OPTION_echr, \ "-echr chr set terminal escape character instead of ctrl-a\n", QEMU_ARCH_ALL) From patchwork Wed Sep 8 23:20:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12481995 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75FA8C433F5 for ; Wed, 8 Sep 2021 23:20:48 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3155F61108 for ; Wed, 8 Sep 2021 23:20:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 3155F61108 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182406.329955 (Exim 4.92) (envelope-from ) id 1mO6rw-0005Zq-PB; Wed, 08 Sep 2021 23:20:40 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182406.329955; Wed, 08 Sep 2021 23:20:40 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6rw-0005Zf-Ld; Wed, 08 Sep 2021 23:20:40 +0000 Received: by outflank-mailman (input) for mailman id 182406; Wed, 08 Sep 2021 23:20:39 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6rv-0005Yv-Pb for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:20:39 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [170.10.133.124]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 60e9c8ca-10fb-11ec-b18c-12813bfff9fa; Wed, 08 Sep 2021 23:20:39 +0000 (UTC) Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-352-HPvg9sFIMMGFOrpSD9GX4g-1; Wed, 08 Sep 2021 19:20:37 -0400 Received: by mail-wm1-f71.google.com with SMTP id v2-20020a7bcb420000b02902e6b108fcf1so32012wmj.8 for ; Wed, 08 Sep 2021 16:20:37 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id j14sm30789wrp.21.2021.09.08.16.20.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:35 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 60e9c8ca-10fb-11ec-b18c-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143238; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VWnIa1NnZmGclGfmWQAc+byFrHYlEtTXg6KMBnsWc1s=; b=CNr7uEMA9kce1mHm8iJRelPNGfg/Oj7Dn6LovQY5TTLblc8kbJOcFtS22RRLTtSaNaEl4E VLYd9KZkuGraLYmHaL3r2Jw+BHe28d/3lc1D6u88BLC7NtYOvuGSOhyDdvS8coF4RZ+KJH 4/0/Kg2IXtekjoQnjG/sd5TxZZtASz4= X-MC-Unique: HPvg9sFIMMGFOrpSD9GX4g-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VWnIa1NnZmGclGfmWQAc+byFrHYlEtTXg6KMBnsWc1s=; b=RH7+oWKce2XP0YN2dFIErhB/jA8c+W2j/w03VzJZmANWkMrz2FWInpTq0m0Z0Aq73x oXb7vaIHFMzmGgbD/kL+t7yTaipEiQWYtcNDnuRvY95QtciR2wZWHpomshwxsSGTW24O EVEn6q5Bi0bxk1mBXfjwN4mRHEaoNSqRd97Kii1F9RlYFIilNXYLRUQ4NqGv1Fx485NF YYRQCdJ1p8atR+cX9p3Hj42lTEl5dNOeHOLJGQjYupxAtPxhbL1Et1reuj9h9uS7YeTr GcElue3bYxB6D8PFFAXeJeYvw5n53tC1dtZ9uuJVVeI0dB4uVHdIztZX9PF35UvWXaAG 2ACg== X-Gm-Message-State: AOAM532BP1yKPsT69m06v3Ty57MrFE5memNP3fIQWyUTWtu3n8rLWYW2 5TV1ldXz+xk1onfmn+H7yRuheQh5PspEIk+wXw8+3JTBIhXnhqqU8jhiDVRGfSQZmZy/G0Ul5ce UlRpD6DVt3RODQy5mjMIOpiVsl8M= X-Received: by 2002:a1c:448a:: with SMTP id r132mr557411wma.105.1631143236078; Wed, 08 Sep 2021 16:20:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw6WkilBgiH6FuwGNniEzqjgdLM6GzbGQfLFFCepoIH7M5nhemfkyQL//fRVRjKLyNs63E1PQ== X-Received: by 2002:a1c:448a:: with SMTP id r132mr557389wma.105.1631143235880; Wed, 08 Sep 2021 16:20:35 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe Date: Thu, 9 Sep 2021 01:20:16 +0200 Message-Id: <20210908232024.2399215-3-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add the AccelClass::secure_policy_supported field to classify safe (within security boundary) vs unsafe accelerators. Signed-off-by: Philippe Mathieu-Daudé --- include/qemu/accel.h | 5 +++++ accel/kvm/kvm-all.c | 1 + accel/xen/xen-all.c | 1 + softmmu/vl.c | 3 +++ 4 files changed, 10 insertions(+) diff --git a/include/qemu/accel.h b/include/qemu/accel.h index 4f4c283f6fc..895e30be0de 100644 --- a/include/qemu/accel.h +++ b/include/qemu/accel.h @@ -44,6 +44,11 @@ typedef struct AccelClass { hwaddr start_addr, hwaddr size); #endif bool *allowed; + /* + * Whether the accelerator is withing QEMU security policy boundary. + * See: https://www.qemu.org/contribute/security-process/ + */ + bool secure_policy_supported; /* * Array of global properties that would be applied when specific * accelerator is chosen. It works like MachineClass.compat_props diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 0125c17edb8..eb6b9e44df2 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -3623,6 +3623,7 @@ static void kvm_accel_class_init(ObjectClass *oc, void *data) ac->init_machine = kvm_init; ac->has_memory = kvm_accel_has_memory; ac->allowed = &kvm_allowed; + ac->secure_policy_supported = true; object_class_property_add(oc, "kernel-irqchip", "on|off|split", NULL, kvm_set_kernel_irqchip, diff --git a/accel/xen/xen-all.c b/accel/xen/xen-all.c index 69aa7d018b2..57867af5faf 100644 --- a/accel/xen/xen-all.c +++ b/accel/xen/xen-all.c @@ -198,6 +198,7 @@ static void xen_accel_class_init(ObjectClass *oc, void *data) ac->setup_post = xen_setup_post; ac->allowed = &xen_allowed; ac->compat_props = g_ptr_array_new(); + ac->secure_policy_supported = true; compat_props_add(ac->compat_props, compat, G_N_ELEMENTS(compat)); diff --git a/softmmu/vl.c b/softmmu/vl.c index 92c05ac97ee..e4f94e159c3 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -2388,6 +2388,9 @@ static int do_configure_accelerator(void *opaque, QemuOpts *opts, Error **errp) return 0; } + qemu_security_policy_taint(!ac->secure_policy_supported, + "%s accelerator", acc); + return 1; } From patchwork Wed Sep 8 23:20:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12481999 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1005FC433F5 for ; Wed, 8 Sep 2021 23:20:57 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C45466113C for ; Wed, 8 Sep 2021 23:20:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C45466113C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182408.329966 (Exim 4.92) (envelope-from ) id 1mO6s5-00061U-3h; Wed, 08 Sep 2021 23:20:49 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182408.329966; Wed, 08 Sep 2021 23:20:49 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6s4-00061L-WF; Wed, 08 Sep 2021 23:20:49 +0000 Received: by outflank-mailman (input) for mailman id 182408; Wed, 08 Sep 2021 23:20:47 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6s3-0005H5-3u for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:20:47 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [170.10.133.124]) by us1-rack-iad1.inumbo.com (Halon) with ESMTP id 8209b610-f9ec-45d7-bcba-940fde5c21dd; Wed, 08 Sep 2021 23:20:43 +0000 (UTC) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-542-sjj3yeEOOUaRxEH5KLTLSw-1; Wed, 08 Sep 2021 19:20:42 -0400 Received: by mail-wm1-f72.google.com with SMTP id f17-20020a05600c155100b002f05f30ff03so43144wmg.3 for ; Wed, 08 Sep 2021 16:20:42 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id u8sm3407763wmq.45.2021.09.08.16.20.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:40 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 8209b610-f9ec-45d7-bcba-940fde5c21dd DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143243; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AztXDO9JQH0V78yza1WhT6PPCcwDZClDQJU1AbRxT1E=; b=DzNscKHD3B+rraynLTiG6CcFw3GBOY0qxjYVo/6Orqx2lRKrTmHUdjS8qLxwmpQcj7StRN Mykf0lwDYaebs39zHs5SnQpcb9VgCmEOSsSQ8VtDZoP1M16PR3lxxWqBDQNoTCfYQwlhAW wdLaQ24zI0jb7CYEshHXMM+oVlnWEZo= X-MC-Unique: sjj3yeEOOUaRxEH5KLTLSw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AztXDO9JQH0V78yza1WhT6PPCcwDZClDQJU1AbRxT1E=; b=MOOYlBQB7VUncjPvHrY9A58y11LIRsd18zsn5d/ixPQSNRlXNlXq+5+a6hox/755LX inmYWNWYojUpOLganr1IVzHI62giFbvp2OTJuPZCViPNIsR2wMxIOBtu1GYL/lW4AqN7 QyolSkjUQMHUYy1VVeJexdx9O3eg0+meXSz6UjIBEMyrzLpDpn8Wn6QGJmnsEUYwmErZ 9zMwJcAbXcp6ahn1lJXu1CrcNydWCj+ySTf0KVzJGVDyOOBhajrIkVi6iX5sUzXtq+28 HpMIrvFxooe5Z5GNgZ/dFKYfOyZHWo/gpI1WrYyEm8hFe4wmptkMyFjyHnsycjXVJl0I iksw== X-Gm-Message-State: AOAM532nFPnv2t/J71ziI8G0D0p0guTYtbAOpUdizLYOjfjU+KaHfjPM 1VqhK+PXyPsI2/aIYfpQkdi7EKXZWDiLNNcJxdhujiMPwZJmDHlzy0aSxBRWuSa2uuvc2FDeoGF XtMI34D59poA8m/mREwgJf7ppTJ0= X-Received: by 2002:adf:cd92:: with SMTP id q18mr84501wrj.211.1631143241058; Wed, 08 Sep 2021 16:20:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXGBcGkm4TBFmSADncXUcjFYrWCY3XIJ3gTrnp0jPkA2D2pCoYXECv5ulk3hjXuxgjKt0f9A== X-Received: by 2002:adf:cd92:: with SMTP id q18mr84482wrj.211.1631143240917; Wed, 08 Sep 2021 16:20:40 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 03/10] block: Use qemu_security_policy_taint() API Date: Thu, 9 Sep 2021 01:20:17 +0200 Message-Id: <20210908232024.2399215-4-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add the BlockDriver::bdrv_taints_security_policy() handler. Drivers implementing it might taint the global QEMU security policy. Signed-off-by: Philippe Mathieu-Daudé --- include/block/block_int.h | 6 +++++- block.c | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/include/block/block_int.h b/include/block/block_int.h index f1a54db0f8c..0ec0a5c06e9 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -169,7 +169,11 @@ struct BlockDriver { int (*bdrv_file_open)(BlockDriverState *bs, QDict *options, int flags, Error **errp); void (*bdrv_close)(BlockDriverState *bs); - + /* + * Return %true if the driver is withing QEMU security policy boundary, + * %false otherwise. See: https://www.qemu.org/contribute/security-process/ + */ + bool (*bdrv_taints_security_policy)(BlockDriverState *bs); int coroutine_fn (*bdrv_co_create)(BlockdevCreateOptions *opts, Error **errp); diff --git a/block.c b/block.c index b2b66263f9a..696ba486001 100644 --- a/block.c +++ b/block.c @@ -49,6 +49,7 @@ #include "qemu/timer.h" #include "qemu/cutils.h" #include "qemu/id.h" +#include "qemu-common.h" #include "block/coroutines.h" #ifdef CONFIG_BSD @@ -1587,6 +1588,11 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv, } } + if (drv->bdrv_taints_security_policy) { + qemu_security_policy_taint(drv->bdrv_taints_security_policy(bs), + "Block protocol '%s'", drv->format_name); + } + return 0; open_failed: bs->drv = NULL; From patchwork Wed Sep 8 23:20:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12482001 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7352CC433EF for ; Wed, 8 Sep 2021 23:20:57 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 36C8460295 for ; Wed, 8 Sep 2021 23:20:57 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 36C8460295 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182409.329977 (Exim 4.92) (envelope-from ) id 1mO6s6-0006Km-Kw; Wed, 08 Sep 2021 23:20:50 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182409.329977; Wed, 08 Sep 2021 23:20:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6s6-0006Ka-Fn; Wed, 08 Sep 2021 23:20:50 +0000 Received: by outflank-mailman (input) for mailman id 182409; Wed, 08 Sep 2021 23:20:49 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6s5-00061E-13 for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:20:49 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [216.205.24.124]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 667b4552-10fb-11ec-b18c-12813bfff9fa; Wed, 08 Sep 2021 23:20:48 +0000 (UTC) Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-501-bkO3WsiWMvqQSzdibUOoCQ-1; Wed, 08 Sep 2021 19:20:47 -0400 Received: by mail-wm1-f71.google.com with SMTP id r126-20020a1c4484000000b002e8858850abso23995wma.0 for ; Wed, 08 Sep 2021 16:20:47 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id p13sm36976wro.8.2021.09.08.16.20.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:45 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 667b4552-10fb-11ec-b18c-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143248; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AWN2pZpGs6sHyN/PrFeo6PGJIp1YJY+EJRzHbkMHcxk=; b=eFitySEzpqjh8S+blF/SNzqVLEpUBdOl9Tl+W/tlo6SNOaMsUbPVLtr9QFRC+SKfXNh1ce +4MjvYeIqHgWHSLNxR21Zvm1DaZoMu/qYaFBul8PzCVbFxxXaN3/yTADnb7KInf2kDt3Mk StBfjU7YSg7SugwQnNyiteCvgiUVdHI= X-MC-Unique: bkO3WsiWMvqQSzdibUOoCQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AWN2pZpGs6sHyN/PrFeo6PGJIp1YJY+EJRzHbkMHcxk=; b=xcGqj8lDBFIGP7CUP6lMfOGltp1vO2rKCH09ZyGWJ+B9tebSoXeLcQS1AMTLw1UEJ9 qvp79D88CfGChEF6o/67kvIQ1EQlFkjae8v8Nqln717wm0blO8wmVFzUUrPPrAKPQZ4f yNUeMCgAa4Zv5TY55Pj+s9AHrsAJEa8KQlrOnMLJ/9Ib8TCcS3e3zHys6hHbBzUZhoOe yrP1csqmSd6i5gAWgbU+HkU7ZmfAZqB96w3lyBYKz9+gyU0x++BQXJa1Gz+ebBm1PSY2 5HQb8HkFr9pHK4D8yutCkTYbNzXJwwX9TJ0D7ZzjuPzKpHZdzDySOie51vQ0ULfh4rSl twnw== X-Gm-Message-State: AOAM532LAW26Qy2VTTn1KFe59mltfZQEqRmTkSJ6fesBngeBtVHa5Jhj Gn7oXTIahvWQUiJtFxt/KC1mXxH4WkHPOfhJFI6fE0MMZZd7xAt8E0y2imCSOrW7/bwVoR2SH9r 4/Kone+40YC3hPDQe/mBWw4Wleac= X-Received: by 2002:a05:600c:3641:: with SMTP id y1mr5746027wmq.181.1631143245828; Wed, 08 Sep 2021 16:20:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyRx5vddYT6ifvfXuEUZzDhSVwlkW5T8HDOd0oz2QEHRH1Qx3AckLgtuI1lDwOwP+2e9s6Xjw== X-Received: by 2002:a05:600c:3641:: with SMTP id y1mr5746017wmq.181.1631143245705; Wed, 08 Sep 2021 16:20:45 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 04/10] block/vvfat: Mark the driver as unsafe Date: Thu, 9 Sep 2021 01:20:18 +0200 Message-Id: <20210908232024.2399215-5-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com While being listed as 'supported' in MAINTAINERS, this driver does not have many reviewers and contains various /* TODO */ unattended since various years. Not safe enough for production environment, so have it taint the global security policy. Signed-off-by: Philippe Mathieu-Daudé --- block/vvfat.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/block/vvfat.c b/block/vvfat.c index 34bf1e3a86e..993e40727d6 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -3199,6 +3199,11 @@ static void vvfat_close(BlockDriverState *bs) } } +static bool vvfat_taints_security_policy(BlockDriverState *bs) +{ + return true; +} + static const char *const vvfat_strong_runtime_opts[] = { "dir", "fat-type", @@ -3219,6 +3224,7 @@ static BlockDriver bdrv_vvfat = { .bdrv_refresh_limits = vvfat_refresh_limits, .bdrv_close = vvfat_close, .bdrv_child_perm = vvfat_child_perm, + .bdrv_taints_security_policy = vvfat_taints_security_policy, .bdrv_co_preadv = vvfat_co_preadv, .bdrv_co_pwritev = vvfat_co_pwritev, From patchwork Wed Sep 8 23:20:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12482003 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84D07C433F5 for ; Wed, 8 Sep 2021 23:21:05 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 50CDE60295 for ; Wed, 8 Sep 2021 23:21:05 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 50CDE60295 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182411.329988 (Exim 4.92) (envelope-from ) id 1mO6sE-0006yb-1O; Wed, 08 Sep 2021 23:20:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182411.329988; Wed, 08 Sep 2021 23:20:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sD-0006yQ-Su; Wed, 08 Sep 2021 23:20:57 +0000 Received: by outflank-mailman (input) for mailman id 182411; Wed, 08 Sep 2021 23:20:56 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sC-0006qz-06 for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:20:56 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [170.10.133.124]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 6aa80e62-10fb-11ec-b18c-12813bfff9fa; Wed, 08 Sep 2021 23:20:55 +0000 (UTC) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-120-R6zlE6tdNA-tMDGhi21A2g-1; Wed, 08 Sep 2021 19:20:51 -0400 Received: by mail-wm1-f72.google.com with SMTP id 5-20020a1c00050000b02902e67111d9f0so4241wma.4 for ; Wed, 08 Sep 2021 16:20:51 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id c3sm30713wrd.34.2021.09.08.16.20.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:50 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6aa80e62-10fb-11ec-b18c-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p6u3sclI6JBi/0aQ8m/8uYmNWK6u/Efc+CTX33mwcn4=; b=UAbntxhNMDLfhVBJUanQ/nbNFX8SsAgORd8PabEo0ooHKj4cGHZLtZJV1Ap4C+4U+v4W1m 9JXqOZLnbflNIhvAsLodB2QDw6saRyC5xk4oXokL4grrM0ug0kgsIlLCH43ermB775L6GW OxaKR8ypL7bHx7uyTyNf2AXNhuX1iS8= X-MC-Unique: R6zlE6tdNA-tMDGhi21A2g-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=p6u3sclI6JBi/0aQ8m/8uYmNWK6u/Efc+CTX33mwcn4=; b=sT9ulG+ZLywii1VxtIiObwE6Cfz6u6/yBn70EPuwbVCw6/ZfKA7qU6gdGHNv+JLu4O xlNFhV2PQQmkq3Ag8ta/I/6EmwPQXwbfwYBp4TwLJzPK4Ya5gMyGCHwxZcdADwRphnPo ZMz0xm+EBplM2vappXNzHx52zdCcBrGNbpKrcbsOLUPBmfbPnmudlQ8a/FudIlvcfhoE 9uAoRPeUjJTuaNaFnRG/XrJBd/pjvFcFQwa8bdVkI8v9Vbmqhrkf7dIADSo/nSKlawVI wsNSYxohSKxP/6aKtAx2qd6p37SER7F1rBI67QD/mQrHWPtaD/5iLGcAjXST6f5Bs6KP YBlA== X-Gm-Message-State: AOAM533FLPUp4ly/iDks+MJ/+x1m+bKmxFUHVLy/dT6Ux8hPMnJStnIi MakxHz1GfiQpUmSh/Tj+/OZTLTNAXNjqcEYY6kZeLBdqbnkenuQsMrM8bKjPAoWJPpC+zj1xuL8 mwPT2FIrR3Klpf1KaWlgBJty5t08= X-Received: by 2002:adf:fb8d:: with SMTP id a13mr108073wrr.164.1631143250631; Wed, 08 Sep 2021 16:20:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrh/n5wSnZqfaTQvrzl6IJ2DKh1pSXkkHEuOdKtVrOvCH+TWDpEiwg1GoyEgBtyhNoco5QeA== X-Received: by 2002:adf:fb8d:: with SMTP id a13mr108055wrr.164.1631143250497; Wed, 08 Sep 2021 16:20:50 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 05/10] block/null: Mark 'read-zeroes=off' option as unsafe Date: Thu, 9 Sep 2021 01:20:19 +0200 Message-Id: <20210908232024.2399215-6-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com See commit b317006a3f1 ("docs/secure-coding-practices: Describe how to use 'null-co' block driver") for rationale. Signed-off-by: Philippe Mathieu-Daudé --- block/null.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/block/null.c b/block/null.c index cc9b1d4ea72..11e428f3cc2 100644 --- a/block/null.c +++ b/block/null.c @@ -99,6 +99,13 @@ static int null_file_open(BlockDriverState *bs, QDict *options, int flags, return ret; } +static bool null_taints_security_policy(BlockDriverState *bs) +{ + BDRVNullState *s = bs->opaque; + + return !s->read_zeroes; +} + static int64_t null_getlength(BlockDriverState *bs) { BDRVNullState *s = bs->opaque; @@ -283,6 +290,7 @@ static BlockDriver bdrv_null_co = { .bdrv_parse_filename = null_co_parse_filename, .bdrv_getlength = null_getlength, .bdrv_get_allocated_file_size = null_allocated_file_size, + .bdrv_taints_security_policy = null_taints_security_policy, .bdrv_co_preadv = null_co_preadv, .bdrv_co_pwritev = null_co_pwritev, From patchwork Wed Sep 8 23:20:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12482007 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 987A1C433EF for ; Wed, 8 Sep 2021 23:21:21 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 62E0260295 for ; Wed, 8 Sep 2021 23:21:21 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 62E0260295 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182429.330010 (Exim 4.92) (envelope-from ) id 1mO6sT-0000HH-Jn; Wed, 08 Sep 2021 23:21:13 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182429.330010; Wed, 08 Sep 2021 23:21:13 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sT-0000H3-Fh; Wed, 08 Sep 2021 23:21:13 +0000 Received: by outflank-mailman (input) for mailman id 182429; Wed, 08 Sep 2021 23:21:12 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sS-0005H5-4e for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:21:12 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [216.205.24.124]) by us1-rack-iad1.inumbo.com (Halon) with ESMTP id a74451f7-6faf-4990-9bed-d74110fca1f2; Wed, 08 Sep 2021 23:20:58 +0000 (UTC) Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-347-PIP6fDH6OSiC69KndTpGiA-1; Wed, 08 Sep 2021 19:20:56 -0400 Received: by mail-wm1-f71.google.com with SMTP id v21-20020a05600c215500b002fa7eb53754so32601wml.4 for ; Wed, 08 Sep 2021 16:20:56 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id b22sm390180wmn.18.2021.09.08.16.20.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:54 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: a74451f7-6faf-4990-9bed-d74110fca1f2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143257; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l2rov07jCDHA26r/9GcgxSj1NkWhTs7Eb1vPCWPgxnA=; b=RozFAsnnwYFkaB0pfKzK9DQMb1u2uHJ5zI8M5bmUzi/8hI+7Pz8yqiGnYTuGIZcu00cbVd JmeiTD2j6hg3mLMbDNIkcel7sy77u4AYx80QLjruhpnw+Lg4gp+vWK9gnX7w3kR66fr74F 62kzflqAg8uWRDuspmlsA44ZS6bwqdo= X-MC-Unique: PIP6fDH6OSiC69KndTpGiA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=l2rov07jCDHA26r/9GcgxSj1NkWhTs7Eb1vPCWPgxnA=; b=kR8hMkI2S4iwZtUou3lLCHFrDw+8RpsgTXEtGs/RPHjiBFbCcyGmyNQUbTA3N/txfS BdNSN51WTj49n+IqZ1uL/u2/W7oi+L+dza9e0mWZeHsWVyQMYEQr/gOUV+qkUv6dj7qS BDyMPADUNpZgEfbSO2uCZekSN3XHW4R+p7dEZs+8Uwhw3e2gdkKELDEZ7YRJ6sx+CQ35 T7h0toaQYBmIXxJpLwrXVJwPT5+TEt6fpqkqkC3jrFrsCP+6NK4uRkcj03V+v8pZ2uzP fLdnvrdHBxrfxgkmTACjpu7Y/CxDwLu15eCTzDPeIb4uqbc/6i89YNbx8JtpAz4VGJiu MkJA== X-Gm-Message-State: AOAM531v68+ynw+Inc1TgGyog7K9WC8J3U9nXR0E69/CvdZSr6XlVIoB It9pXAaNinQBpkLWkBJ5qr301TFjRsceulaLWMJcQr8XuS5bjrzl2VL5xm/18N/kHFOW9BxuXmA WAJk2GUcTgd5A9hI479KtGBpSKTo= X-Received: by 2002:a5d:6781:: with SMTP id v1mr82997wru.249.1631143255221; Wed, 08 Sep 2021 16:20:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx0YS7l2ozSVHS0MrlXrrjEkKOBRZTLJQiA3uLjalXryjpOEItjin5eop39X0TrxKIC57agAQ== X-Received: by 2002:a5d:6781:: with SMTP id v1mr82983wru.249.1631143255072; Wed, 08 Sep 2021 16:20:55 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 06/10] qdev: Use qemu_security_policy_taint() API Date: Thu, 9 Sep 2021 01:20:20 +0200 Message-Id: <20210908232024.2399215-7-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add DeviceClass::taints_security_policy field to allow an unsafe device to eventually taint the global security policy in DeviceRealize(). Signed-off-by: Philippe Mathieu-Daudé --- include/hw/qdev-core.h | 6 ++++++ hw/core/qdev.c | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h index bafc311bfa1..ff9ce6671be 100644 --- a/include/hw/qdev-core.h +++ b/include/hw/qdev-core.h @@ -122,6 +122,12 @@ struct DeviceClass { */ bool user_creatable; bool hotpluggable; + /* + * %false if the device is within the QEMU security policy boundary, + * %true if there is no guarantee this device can be used safely. + * See: https://www.qemu.org/contribute/security-process/ + */ + bool taints_security_policy; /* callbacks */ /* diff --git a/hw/core/qdev.c b/hw/core/qdev.c index cefc5eaa0a9..a5a00f3564c 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -31,6 +31,7 @@ #include "qapi/qmp/qerror.h" #include "qapi/visitor.h" #include "qemu/error-report.h" +#include "qemu-common.h" #include "qemu/option.h" #include "hw/hotplug.h" #include "hw/irq.h" @@ -257,6 +258,13 @@ bool qdev_hotplug_allowed(DeviceState *dev, Error **errp) MachineClass *mc; Object *m_obj = qdev_get_machine(); + if (qemu_security_policy_is_strict() + && DEVICE_GET_CLASS(dev)->taints_security_policy) { + error_setg(errp, "Device '%s' can not be hotplugged when" + " 'strict' security policy is in place", + object_get_typename(OBJECT(dev))); + } + if (object_dynamic_cast(m_obj, TYPE_MACHINE)) { machine = MACHINE(m_obj); mc = MACHINE_GET_CLASS(machine); @@ -385,6 +393,9 @@ bool qdev_realize(DeviceState *dev, BusState *bus, Error **errp) } else { assert(!DEVICE_GET_CLASS(dev)->bus_type); } + qemu_security_policy_taint(DEVICE_GET_CLASS(dev)->taints_security_policy, + "device type %s", + object_get_typename(OBJECT(dev))); return object_property_set_bool(OBJECT(dev), "realized", true, errp); } From patchwork Wed Sep 8 23:20:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12482005 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5B41DC433F5 for ; Wed, 8 Sep 2021 23:21:12 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1F35D60295 for ; Wed, 8 Sep 2021 23:21:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1F35D60295 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182420.329998 (Exim 4.92) (envelope-from ) id 1mO6sK-0007am-Au; Wed, 08 Sep 2021 23:21:04 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182420.329998; Wed, 08 Sep 2021 23:21:04 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sK-0007ab-6v; Wed, 08 Sep 2021 23:21:04 +0000 Received: by outflank-mailman (input) for mailman id 182420; Wed, 08 Sep 2021 23:21:03 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sI-0006qz-W6 for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:21:03 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [170.10.133.124]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 6ed5206a-10fb-11ec-b18c-12813bfff9fa; Wed, 08 Sep 2021 23:21:02 +0000 (UTC) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-34-BNSDJFlcOr6a8RcCnT7r_Q-1; Wed, 08 Sep 2021 19:21:01 -0400 Received: by mail-wm1-f72.google.com with SMTP id y188-20020a1c7dc5000000b002e80e0b2f87so46767wmc.1 for ; Wed, 08 Sep 2021 16:21:01 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id e8sm14000wrc.96.2021.09.08.16.20.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:59 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 6ed5206a-10fb-11ec-b18c-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Qceza/WB3CtMew9GJDkTkDK3S8IfTB0xLv9ykQRmWEY=; b=BZf5flKneby/HH/TUn+2En4hcuRn0nmqUQlhObaQRtHRTS85+MH3RYybtdnDIP/nlNwvYl OqT0y4+C9/70yYBTF9ExiumHax9KbbMvWoqxYzsKno14Lq6ti5oo0k+SYsOzxIrHtDInIZ Ay6kf2TslFss/rF3NzONLuSpIgUsdmU= X-MC-Unique: BNSDJFlcOr6a8RcCnT7r_Q-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Qceza/WB3CtMew9GJDkTkDK3S8IfTB0xLv9ykQRmWEY=; b=wOCRkgEQuiqwpczRegApAqmrcK2g7v20+z3jfm/JbUOQq41fbLpyBc4SHbYcfil34H 3arakN1/uPO+uBzBLSbmVNjBnDthriJf5w5n0ZPHM3eEq5j3dJpeDZlCUE2YOOvhnchp x+5GIXvDXQqTLsikSUG11TMSvdPicBMZKQHx/uGqY7TbQVsNI58sJvoLhIK1rjrMy2gB jLQh1pFYhQtEmM+zfJ3UVOkGQjSGo0uZveJ2aDmcTmd4YNXQ5KInPjOpMoMRayG0hES3 RMyJNWRZS5GnPZzr21xI1BUIMbOxNZfYQhUNFXDJaNOt2zYCUc6R0XoCTHIUEmV3nG1H 9awA== X-Gm-Message-State: AOAM5302j9ezc/2MHgqp6LObCdCJTe7aRS1bSPUe1Sdag9UGtIfQGzUU FU3TQmPpe2NPBA2nP0bCI5N60ydooLTKVrzAlIFyPZP1IukCO/ifAiZnmAjKXvt6Rf3PaXHp+SF s9CblitN6aNxGu+QettFmU7bBfKo= X-Received: by 2002:adf:fd51:: with SMTP id h17mr109105wrs.178.1631143260116; Wed, 08 Sep 2021 16:21:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGCdGOUWAMH7ZAThbx+xTDgHh6zdyfVzIsc9P7NbgQbnC+meNZTqgQ/wi8QkKk51AhWel3JA== X-Received: by 2002:adf:fd51:: with SMTP id h17mr109093wrs.178.1631143259991; Wed, 08 Sep 2021 16:20:59 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 07/10] hw/display: Mark ATI and Artist devices as unsafe Date: Thu, 9 Sep 2021 01:20:21 +0200 Message-Id: <20210908232024.2399215-8-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Signed-off-by: Philippe Mathieu-Daudé --- hw/display/artist.c | 1 + hw/display/ati.c | 1 + 2 files changed, 2 insertions(+) diff --git a/hw/display/artist.c b/hw/display/artist.c index 21b7fd1b440..067a4b2cb59 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -1482,6 +1482,7 @@ static void artist_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_artist; dc->reset = artist_reset; device_class_set_props(dc, artist_properties); + dc->taints_security_policy = true; } static const TypeInfo artist_info = { diff --git a/hw/display/ati.c b/hw/display/ati.c index 31f22754dce..2f27ab69a87 100644 --- a/hw/display/ati.c +++ b/hw/display/ati.c @@ -1024,6 +1024,7 @@ static void ati_vga_class_init(ObjectClass *klass, void *data) device_class_set_props(dc, ati_vga_properties); dc->hotpluggable = false; set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories); + dc->taints_security_policy = true; k->class_id = PCI_CLASS_DISPLAY_VGA; k->vendor_id = PCI_VENDOR_ID_ATI; From patchwork Wed Sep 8 23:20:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12482009 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8FDF6C433EF for ; Wed, 8 Sep 2021 23:21:28 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5FC4D61108 for ; Wed, 8 Sep 2021 23:21:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5FC4D61108 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182436.330021 (Exim 4.92) (envelope-from ) id 1mO6sb-0000xG-TT; Wed, 08 Sep 2021 23:21:21 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182436.330021; Wed, 08 Sep 2021 23:21:21 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sb-0000x7-QC; Wed, 08 Sep 2021 23:21:21 +0000 Received: by outflank-mailman (input) for mailman id 182436; Wed, 08 Sep 2021 23:21:21 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sa-0006qz-Vv for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:21:21 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [216.205.24.124]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 728db82a-10fb-11ec-b18c-12813bfff9fa; Wed, 08 Sep 2021 23:21:08 +0000 (UTC) Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-217-gyJtz0OhPtunCPLAYwdHHw-1; Wed, 08 Sep 2021 19:21:07 -0400 Received: by mail-wm1-f69.google.com with SMTP id y188-20020a1c7dc5000000b002e80e0b2f87so46882wmc.1 for ; Wed, 08 Sep 2021 16:21:07 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id t18sm13191wrp.97.2021.09.08.16.21.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:21:04 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 728db82a-10fb-11ec-b18c-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143268; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=geCiN4saZ2frlXmhHZT44DYe1b4J1aCN7Xj/FRob9pQ=; b=CaYMj3N+mpDrdOYIZRw3OMS8+U1HPeApFqVvZrJ0UT+LcSu3TEg3HvtNM9os+t679YTvpe genSjISt4UB146LgJlsDk0k2YHFL0f2Z8fLX1oikJ83kr9o53TPnbkwsDKwwymEYFBSKJQ Q8XQTJmqzMkpuKzx1Lw+oAvxx0bhd+Y= X-MC-Unique: gyJtz0OhPtunCPLAYwdHHw-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=geCiN4saZ2frlXmhHZT44DYe1b4J1aCN7Xj/FRob9pQ=; b=l0oHGb9+yotHZR3/8j2KfSySbXpxrTJiLylNY39n3gmROqKuvnW2mZkuXwZy3WNLH+ ap8YoiZU/Mf2g1altnKyZ55NTeEcu5vd48lFV3xilxot6Nh1JoiJqylvXIF8FQdO+TGg 6sPTLq2uyzZJSzBwIrPUhvx9D46HzwO7pYF8HyXLFFXgW16zljBtztzSLfOLOUeCtAaz P3YLVU4gWCOoogcUstsI6wJ20OAYs5/SmZs6YYPZiixgWoWfw6XIUJrcrwIKaX/eScO6 7wj9w+LLNxUbj46gigygl4CBTDOG7VI7EoWqJCIdM5O5R1GhU7ycQUDCZHFDzlSB8DNM OeYg== X-Gm-Message-State: AOAM530xxyJ/5fZ/k9FmIb925hpg3nJG9GZ0O1/7rGqZn0hK5dL9MDlN r5wsCxq3kv+mCRQb3UIrRc/0CU+lr9Tsy6gTH/y+Wb65aRABGkrAGVUvZkru7NPpZ4zoHwHvFbJ CNuDFYJuSDqlPnlGrwPI1FJjI9mE= X-Received: by 2002:a05:600c:3b84:: with SMTP id n4mr5902095wms.50.1631143265001; Wed, 08 Sep 2021 16:21:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCzGiWOShaEshb6oqBDiWr1/WLhbErNDpTZCYYbU0bD2w0oJKgL2kMezD9hKtqCektWiLpSA== X-Received: by 2002:a05:600c:3b84:: with SMTP id n4mr5902087wms.50.1631143264855; Wed, 08 Sep 2021 16:21:04 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 08/10] hw/misc: Mark testdev devices as unsafe Date: Thu, 9 Sep 2021 01:20:22 +0200 Message-Id: <20210908232024.2399215-9-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Signed-off-by: Philippe Mathieu-Daudé --- hw/hyperv/hyperv_testdev.c | 1 + hw/misc/pc-testdev.c | 1 + hw/misc/pci-testdev.c | 1 + 3 files changed, 3 insertions(+) diff --git a/hw/hyperv/hyperv_testdev.c b/hw/hyperv/hyperv_testdev.c index 9a56ddf83fe..6a75c350389 100644 --- a/hw/hyperv/hyperv_testdev.c +++ b/hw/hyperv/hyperv_testdev.c @@ -310,6 +310,7 @@ static void hv_test_dev_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); dc->realize = hv_test_dev_realizefn; + dc->taints_security_policy = true; } static const TypeInfo hv_test_dev_info = { diff --git a/hw/misc/pc-testdev.c b/hw/misc/pc-testdev.c index e3896518694..6294b80ec1b 100644 --- a/hw/misc/pc-testdev.c +++ b/hw/misc/pc-testdev.c @@ -199,6 +199,7 @@ static void testdev_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); dc->realize = testdev_realizefn; + dc->taints_security_policy = true; } static const TypeInfo testdev_info = { diff --git a/hw/misc/pci-testdev.c b/hw/misc/pci-testdev.c index 03845c8de34..189eb9bf1bb 100644 --- a/hw/misc/pci-testdev.c +++ b/hw/misc/pci-testdev.c @@ -340,6 +340,7 @@ static void pci_testdev_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); dc->reset = qdev_pci_testdev_reset; device_class_set_props(dc, pci_testdev_properties); + dc->taints_security_policy = true; } static const TypeInfo pci_testdev_info = { From patchwork Wed Sep 8 23:20:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12482011 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E7A8C433EF for ; Wed, 8 Sep 2021 23:21:34 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 6944160295 for ; Wed, 8 Sep 2021 23:21:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 6944160295 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182439.330032 (Exim 4.92) (envelope-from ) id 1mO6sh-0001Yn-Bb; Wed, 08 Sep 2021 23:21:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182439.330032; Wed, 08 Sep 2021 23:21:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sh-0001YZ-6O; Wed, 08 Sep 2021 23:21:27 +0000 Received: by outflank-mailman (input) for mailman id 182439; Wed, 08 Sep 2021 23:21:26 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sf-0006qz-W6 for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:21:26 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [170.10.133.124]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 75dabf6e-10fb-11ec-b18c-12813bfff9fa; Wed, 08 Sep 2021 23:21:14 +0000 (UTC) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-436-rMRz529aM0mahUiIOwrOvA-1; Wed, 08 Sep 2021 19:21:11 -0400 Received: by mail-wm1-f72.google.com with SMTP id m22-20020a7bcb96000000b002f7b840d9dcso39609wmi.1 for ; Wed, 08 Sep 2021 16:21:10 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id e2sm29478wra.40.2021.09.08.16.21.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:21:09 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 75dabf6e-10fb-11ec-b18c-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143274; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/j1jkBDfrokHKQKoDNuT1x0UKxyqYOGBFYU13ViaHTo=; b=T1Y/2Ag6QNLFp+5TDQD6naC0EfJRjM1DIO0yKMS+yi1kJLp8RQZ8Q8ySHDA0LubfeN5wqt Ct6Xp0aJPCRCg6EVMi8vptt0ZaeeGkf3llMwD7D9/4m7aQIwYrUcvKe8IcaF+OodnT/q+9 Ui2KNrt8EYk0Gn/ZJ4vGhACGMtwi8bQ= X-MC-Unique: rMRz529aM0mahUiIOwrOvA-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/j1jkBDfrokHKQKoDNuT1x0UKxyqYOGBFYU13ViaHTo=; b=TglR5A+LlYq/bZe6lkoCh2XLmH8W5q2887ulhXHC20+i3wcWnx2q5E8eT9w8uWX4+x sie6sX27guZiUnc0RUBNbia4olFhCxBw4xceAW3ddW2ZYzVyiMUmw7Vu1oz9518skLAo ROFIg691e3kllE/TTTxrb4sPLxs4zXJTUh3Yol4XQpAEdpchHnAVJi7+UNaoti5wlIrB 1b/N6PdvgWOYTMB9zFQju8vaB7oDLF3ytPpgHhdHOEa5WYpnCVLXqd53vPNPotGYninI dr+g4kgmigO1V79bvIJ0YZDdjhS5zW8HYBnDz5s61etlB/V6IscGP45NelQ1CSD5QNCr AG7w== X-Gm-Message-State: AOAM5326pTzA0gKZXJGzRLVBYp0QGWK8re0DeBErzQPBuLe69HelN2Ja qUOAJCtht0IFuNo3PQwMAauAFXiu7Hrh9LZlziDg5D/NZ44hAquhdQZHYL2KwPzpzu/vi6cX4hA Z7E4TVzgelkHoVxCgQPXkDDT7/Yk= X-Received: by 2002:a1c:f709:: with SMTP id v9mr5800239wmh.124.1631143269932; Wed, 08 Sep 2021 16:21:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzsU5M2MRY44dKoBP/lcBIPQuM1MTJ8pmbiG93tEMNWtoFxyRNm7Nzd/6gGAEAcV0FSbIvT1A== X-Received: by 2002:a1c:f709:: with SMTP id v9mr5800221wmh.124.1631143269808; Wed, 08 Sep 2021 16:21:09 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 09/10] hw/net: Mark Tulip device as unsafe Date: Thu, 9 Sep 2021 01:20:23 +0200 Message-Id: <20210908232024.2399215-10-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Signed-off-by: Philippe Mathieu-Daudé --- hw/net/tulip.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/net/tulip.c b/hw/net/tulip.c index ca69f7ea5e1..eaad3266212 100644 --- a/hw/net/tulip.c +++ b/hw/net/tulip.c @@ -1025,6 +1025,7 @@ static void tulip_class_init(ObjectClass *klass, void *data) device_class_set_props(dc, tulip_properties); dc->reset = tulip_qdev_reset; set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); + dc->taints_security_policy = true; } static const TypeInfo tulip_info = { From patchwork Wed Sep 8 23:20:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 12482013 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.1 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CF747C433EF for ; Wed, 8 Sep 2021 23:21:38 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9843061108 for ; Wed, 8 Sep 2021 23:21:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9843061108 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.182443.330043 (Exim 4.92) (envelope-from ) id 1mO6sl-0001zv-Ls; Wed, 08 Sep 2021 23:21:31 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 182443.330043; Wed, 08 Sep 2021 23:21:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sl-0001yo-GJ; Wed, 08 Sep 2021 23:21:31 +0000 Received: by outflank-mailman (input) for mailman id 182443; Wed, 08 Sep 2021 23:21:31 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1mO6sl-0006qz-04 for xen-devel@lists.xenproject.org; Wed, 08 Sep 2021 23:21:31 +0000 Received: from us-smtp-delivery-124.mimecast.com (unknown [216.205.24.124]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTP id 77d9edc6-10fb-11ec-b18c-12813bfff9fa; Wed, 08 Sep 2021 23:21:17 +0000 (UTC) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-317-NgJ5RylbONODu41M2ITodQ-1; Wed, 08 Sep 2021 19:21:16 -0400 Received: by mail-wm1-f72.google.com with SMTP id u14-20020a7bcb0e0000b0290248831d46e4so30001wmj.6 for ; Wed, 08 Sep 2021 16:21:16 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id t64sm344074wma.48.2021.09.08.16.21.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:21:14 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 77d9edc6-10fb-11ec-b18c-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZkBFAMCpq6n9y+VH8JjTuNHo5ej2dLMGMd9K3LlaeP8=; b=MbajT/kNKsg4SXBKvHTR6tDLMIIK9gQUeckCC931eQZSpF/3DAT0PItZYHI/N0H3/BXSkH mgVNMFrCiSG+J/8pX7Eo5vNPU5izZBGZXmdUjY39Rzc5qYqdr1iwlNITyuZWSRp48lgDbc BYG9oZIHlsPUzJa+vTOzD1n6xajIZpI= X-MC-Unique: NgJ5RylbONODu41M2ITodQ-1 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZkBFAMCpq6n9y+VH8JjTuNHo5ej2dLMGMd9K3LlaeP8=; b=kIG9GwTh0qeSOI/bbSX68+/c00cIiyJgEW4DPhZtRPs+XYLojOQVOLx+XsPw3sm+5p 6g9+fcSsCqDtSLnu5BLfagZ91hMd8wkC6HuVRD6waavbK0tBxtxXGgHLvrUWY78x7hH9 ZjJLosWWWiHB/bFK5WodzZ1El/2FOMGg7s6QvgPAUvitBEXLON5SEE99Jkdzlf1rzJLw NzXxKqOE9j5Cp0iQvkSxNHZQJhkRyNlGLK69ORDkp/CWSfhWw+te6Bq/goAaHLYn2FQ3 Y9p5xeMKK+etVYZLjOKNWVKs/JmbThi6quAHDXvNpafrVVoBxMEICd1zr5RISKI/kY00 +iwA== X-Gm-Message-State: AOAM531hMa7IJdvVUFWDH9mCuPpCaf+JdghZlNgVZ/4QnykVPkZhAhyD vgkbKYeOPawhafgboEAZpQ/v4ws2vVyGJCu/hd8qYBqtbyVr4PeYzGaWzFwjH2waVCs15ELLEDU hm24l+E7JyfzqMJjcmWM/aS/tSUI= X-Received: by 2002:a7b:c4cd:: with SMTP id g13mr5796244wmk.91.1631143275278; Wed, 08 Sep 2021 16:21:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJybmoGBTuN4rPAmVNoHLJ613PnCRxyUI7oFmyfrpx3hP5AYKM4updonQnfJItVUJwu02OE/7Q== X-Received: by 2002:a7b:c4cd:: with SMTP id g13mr5796223wmk.91.1631143275096; Wed, 08 Sep 2021 16:21:15 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Prasad J Pandit , "Michael S. Tsirkin" , Markus Armbruster , Paolo Bonzini , Eduardo Habkost , =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= , =?utf-8?q?Daniel?= =?utf-8?q?_P=2E_Berrang=C3=A9?= , Eric Blake , Richard Henderson , qemu-block@nongnu.org, Peter Maydell , xen-devel@lists.xenproject.org, =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Subject: [RFC PATCH 10/10] hw/sd: Mark sdhci-pci device as unsafe Date: Thu, 9 Sep 2021 01:20:24 +0200 Message-Id: <20210908232024.2399215-11-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sdhci-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/sd/sdhci-pci.c b/hw/sd/sdhci-pci.c index c737c8b930e..7a36f88fd87 100644 --- a/hw/sd/sdhci-pci.c +++ b/hw/sd/sdhci-pci.c @@ -64,6 +64,7 @@ static void sdhci_pci_class_init(ObjectClass *klass, void *data) k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI; k->class_id = PCI_CLASS_SYSTEM_SDHCI; device_class_set_props(dc, sdhci_pci_properties); + dc->taints_security_policy = true; sdhci_common_class_init(klass, data); }