From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437130; cv=none; d=zohomail.com; s=zohoarc; b=eVhHYEKiPu71S0/1NBoGn2tcHy3PPLm50uo97eqAGEjQ9niWzWgfpx9n1VuOMY/wP+gBPe8n+0vz9l5zyYKPPAlKpzXoN2Y5oGbonhHXFdA5diACg4HL31GcWKXV8Po2Ow4fnAAYjfxSEHXxXoqVkGllb6sHHsuIZB2Lraqg/cE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437130; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GKOEfxYbwSdrTXZEFWiWj/ei+zi84OVrn7iulMS2fTU=; b=JMJhUvKsVA3/rWDFrw6VfRK/SmymJq5D+A2Sm5hJX3p05WqND2pLtNS5jvx7xSInJM4bx+fKyhlFfEDMil2ZjprCI4RM8SsaAbcWpMgGa4XPx8VnFvdCAG37cp3r9n93/ADxptbERDotJmY0qotFRUJskyR8IVsp2ckt51Nvkz8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437130195392.75402334427304; Tue, 9 Sep 2025 09:58:50 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1f8-000674-8z; Tue, 09 Sep 2025 12:57:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1f6-000645-2D for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1f1-0007Vi-NZ for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:43 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-449-IyxQDZmCPXy7Vr4HtQyvqg-1; Tue, 09 Sep 2025 12:57:34 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 802561800371; Tue, 9 Sep 2025 16:57:33 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id CCA911800446; Tue, 9 Sep 2025 16:57:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437058; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GKOEfxYbwSdrTXZEFWiWj/ei+zi84OVrn7iulMS2fTU=; b=CZW2314ODIPNrslT2HSdR8NCN6xsTQrc81YnKc5Uod+9IewSS4u9K0YNIq7kHFWJFA8rd4 d/+j3eKKX3ObTZNhvh/Ho2Hof5HTIGG5kOv5PYkEQ2iKLARbLhYgKmleTQVPc4moiJC6be xxYlzQVsrJnN3HUJo/yhjKjCvErjeFY= X-MC-Unique: IyxQDZmCPXy7Vr4HtQyvqg-1 X-Mimecast-MFC-AGG-ID: IyxQDZmCPXy7Vr4HtQyvqg_1757437053 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 01/15] qom: replace 'abstract' with 'flags' Date: Tue, 9 Sep 2025 17:57:12 +0100 Message-ID: <20250909165726.3814465-2-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437132301124100 This will allow extra boolean flags without expending the memory usage of the Type struct. Signed-off-by: Daniel P. Berrang=C3=A9 --- qom/object.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/qom/object.c b/qom/object.c index 1856bb36c7..a654765e0a 100644 --- a/qom/object.c +++ b/qom/object.c @@ -45,6 +45,10 @@ struct InterfaceImpl const char *typename; }; =20 +enum TypeImplFlags { + TYPE_IMPL_FLAG_ABSTRACT =3D (1 << 0), +}; + struct TypeImpl { const char *name; @@ -63,7 +67,7 @@ struct TypeImpl void (*instance_post_init)(Object *obj); void (*instance_finalize)(Object *obj); =20 - bool abstract; + int flags; =20 const char *parent; TypeImpl *parent_type; @@ -127,7 +131,9 @@ static TypeImpl *type_new(const TypeInfo *info) ti->instance_post_init =3D info->instance_post_init; ti->instance_finalize =3D info->instance_finalize; =20 - ti->abstract =3D info->abstract; + if (info->abstract) { + ti->flags |=3D TYPE_IMPL_FLAG_ABSTRACT; + } =20 for (i =3D 0; info->interfaces && info->interfaces[i].type; i++) { ti->interfaces[i].typename =3D g_strdup(info->interfaces[i].type); @@ -348,11 +354,11 @@ static void type_initialize(TypeImpl *ti) * This means interface types are all abstract. */ if (ti->instance_size =3D=3D 0) { - ti->abstract =3D true; + ti->flags |=3D TYPE_IMPL_FLAG_ABSTRACT; } if (type_is_ancestor(ti, type_interface)) { assert(ti->instance_size =3D=3D 0); - assert(ti->abstract); + assert(ti->flags & TYPE_IMPL_FLAG_ABSTRACT); assert(!ti->instance_init); assert(!ti->instance_post_init); assert(!ti->instance_finalize); @@ -558,7 +564,7 @@ static void object_initialize_with_type(Object *obj, si= ze_t size, TypeImpl *type type_initialize(type); =20 g_assert(type->instance_size >=3D sizeof(Object)); - g_assert(type->abstract =3D=3D false); + g_assert(!(type->flags & TYPE_IMPL_FLAG_ABSTRACT)); g_assert(size >=3D type->instance_size); =20 memset(obj, 0, type->instance_size); @@ -1045,7 +1051,7 @@ ObjectClass *object_get_class(Object *obj) =20 bool object_class_is_abstract(ObjectClass *klass) { - return klass->type->abstract; + return klass->type->flags & TYPE_IMPL_FLAG_ABSTRACT; } =20 const char *object_class_get_name(ObjectClass *klass) @@ -1110,7 +1116,8 @@ static void object_class_foreach_tramp(gpointer key, = gpointer value, type_initialize(type); k =3D type->class; =20 - if (!data->include_abstract && type->abstract) { + if (!data->include_abstract && + (type->flags & TYPE_IMPL_FLAG_ABSTRACT)) { return; } =20 --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437263; cv=none; d=zohomail.com; s=zohoarc; b=gAUJPtEQQprQTmJggDevBNWTqiwTDV7YdzoeExu4gHxKwpRCJuA0KcqzIcHwy3c2kJ2nAmv5+j9gsjWBx7PqNmbgnA74KfnCkEZuxxRqCHsTwKzZIhM76UFwo6iPSCbhZMVjxuxen7HqOnZWQ1cKQIIxy6fWKrJzK0My4ZnZAog= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437263; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=3DqK2BFdY/4B0jfZv0jzbvcZYXlop4Q1Pi9PvHDOxkc=; b=McwHtpO5NXHZNrWKDxSmuoPhu8ylBgFKAxiH9dB6yf9nWBeuKnDBkSsi7F7jIURTNFf17mZyJlMf3a/Wf9mwwkpujdUrAVhcUikQBUJHG2FhBW5StajSLU0E5KtOFZbTIOtHzR9hsDdcCCgcsmI32hBEnNzkKjW0x6xylAVFSG4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437263833583.2077081273252; Tue, 9 Sep 2025 10:01:03 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fT-0006KB-BR; Tue, 09 Sep 2025 12:58:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fF-0006Bc-6e for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:53 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1f5-0007WD-Mp for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:52 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-680-Q-_05tqYMCOlGbaK__ZxFQ-1; Tue, 09 Sep 2025 12:57:37 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3013D18002C2; Tue, 9 Sep 2025 16:57:36 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id F1D331800446; Tue, 9 Sep 2025 16:57:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437060; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3DqK2BFdY/4B0jfZv0jzbvcZYXlop4Q1Pi9PvHDOxkc=; b=PPU5hhmiXDHmAgbZb3eqqQiafClkjDAFRb4dwps4nk6msducTBtATLbT0yvk4weQoKcJ4u 1g+K159Os6lYy02D00cjdsDDBgd52cIXYJlolsXW5cln6ntmuGwm5R2Uf7n7Jmc/NJ8C3Z RUaXKMJwAYazYrAKNXtlB3KCygC3Lvs= X-MC-Unique: Q-_05tqYMCOlGbaK__ZxFQ-1 X-Mimecast-MFC-AGG-ID: Q-_05tqYMCOlGbaK__ZxFQ_1757437056 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 02/15] qom: add tracking of security state of object types Date: Tue, 9 Sep 2025 17:57:13 +0100 Message-ID: <20250909165726.3814465-3-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437265959124100 This introduces two new flags "secure" and "insecure" against the Type struct, and helpers to check this against the ObjectClass struct. An object type can be considered secure if it is either marked 'secure', or is not marked 'insecure'. The gives an incremental path where the security status is undefined for most types, but with the possibility to require explicitly secure types, or exclude explicitly insecure types. Signed-off-by: Daniel P. Berrang=C3=A9 --- include/qom/object.h | 24 ++++++++++++++++++++++++ qom/object.c | 19 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/include/qom/object.h b/include/qom/object.h index 26df6137b9..4b9c70f06f 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -453,6 +453,11 @@ struct Object * function. * @abstract: If this field is true, then the class is considered abstract= and * cannot be directly instantiated. + * @secure: If this field is true, then the class is considered to provide + * a security boundary. If false, the security status is not defined. + * @insecure: If this field is true, then the class is considered to NOT + * provide a security boundary. If false, the security status is not + * defined. * @class_size: The size of the class object (derivative of #ObjectClass) * for this object. If @class_size is 0, then the size of the class wil= l be * assumed to be the size of the parent class. This allows a type to av= oid @@ -485,6 +490,8 @@ struct TypeInfo void (*instance_finalize)(Object *obj); =20 bool abstract; + bool secure; + bool insecure; size_t class_size; =20 void (*class_init)(ObjectClass *klass, const void *data); @@ -996,6 +1003,23 @@ const char *object_class_get_name(ObjectClass *klass); */ bool object_class_is_abstract(ObjectClass *klass); =20 +/** + * object_class_is_secure: + * @klass: The class to check security of + * + * Returns: %true if @klass is declared to be secure, %false if not declar= ed + */ +bool object_class_is_secure(ObjectClass *klass); + + +/** + * object_class_is_insecure: + * @klass: The class to check security of + * + * Returns: %true if @klass is declared to be insecure, %false if not decl= ared + */ +bool object_class_is_insecure(ObjectClass *klass); + /** * object_class_by_name: * @typename: The QOM typename to obtain the class for. diff --git a/qom/object.c b/qom/object.c index a654765e0a..a516ea0fea 100644 --- a/qom/object.c +++ b/qom/object.c @@ -47,6 +47,8 @@ struct InterfaceImpl =20 enum TypeImplFlags { TYPE_IMPL_FLAG_ABSTRACT =3D (1 << 0), + TYPE_IMPL_FLAG_SECURE =3D (1 << 1), + TYPE_IMPL_FLAG_INSECURE =3D (1 << 2), }; =20 struct TypeImpl @@ -134,6 +136,13 @@ static TypeImpl *type_new(const TypeInfo *info) if (info->abstract) { ti->flags |=3D TYPE_IMPL_FLAG_ABSTRACT; } + assert(!(info->secure && info->insecure)); + if (info->secure) { + ti->flags |=3D TYPE_IMPL_FLAG_SECURE; + } + if (info->insecure) { + ti->flags |=3D TYPE_IMPL_FLAG_INSECURE; + } =20 for (i =3D 0; info->interfaces && info->interfaces[i].type; i++) { ti->interfaces[i].typename =3D g_strdup(info->interfaces[i].type); @@ -1054,6 +1063,16 @@ bool object_class_is_abstract(ObjectClass *klass) return klass->type->flags & TYPE_IMPL_FLAG_ABSTRACT; } =20 +bool object_class_is_secure(ObjectClass *klass) +{ + return klass->type->flags & TYPE_IMPL_FLAG_SECURE; +} + +bool object_class_is_insecure(ObjectClass *klass) +{ + return klass->type->flags & TYPE_IMPL_FLAG_INSECURE; +} + const char *object_class_get_name(ObjectClass *klass) { return klass->type->name; --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437117; cv=none; d=zohomail.com; s=zohoarc; b=mEkmHBJbXa5q3w+HpgFlVn+UfxwhAzDt1282fywvh5x9pCrhrmwnoz2jm4fNHGkdS/I62RHRFNjZjzqDfEbMowSSROPqQtf/oFeaXXklYixVxdtqmEZmdIWiaYVd9ATl0y8+gCosSQyq+Q3Ndk3MzcKKtaQifosePjy3rVR3nXI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437117; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=BfxFnH+lEOQAd+2OGBF/DRY1rm//a62ECPegzMFOTXo=; b=k9HDlfIU2cFn3BiG/TP2DtYKLbY9wslnVxxZv1yAKdgEbJDEGq9t8G/b5BCBtbAy41bkoHXhF+yJfXI3KZpT55n0O4q5gFAtw252keTJ/2j1HSJup4Zfd1cDWQxjZVNeoMP82uM1xDeuHVU9qZ4aIOvfp4kYszu+n7JqQOvq20E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437117668449.0358644283202; Tue, 9 Sep 2025 09:58:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fF-0006BM-Hc; Tue, 09 Sep 2025 12:57:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fC-0006Ap-Ez for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:50 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1f9-0007Wz-8Q for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:50 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-511-FMbmylTdOmObc010OEyBjg-1; Tue, 09 Sep 2025 12:57:39 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 15A97180047F; Tue, 9 Sep 2025 16:57:39 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A31581800446; Tue, 9 Sep 2025 16:57:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437063; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=BfxFnH+lEOQAd+2OGBF/DRY1rm//a62ECPegzMFOTXo=; b=QvJG95EBu50vNUFFtKU2xYfYDZNPsMKFQMZLk9uCf//Bm7dPyN5LZSonV4LwviHBFIsSg6 vlIxgUKeaisUmIze4OHiw7cv/uw8kJ8ZviDh9Vlc2KjlMC4DzR3VXofpTYpQekfY+/E7sU xNU8ZLHdpXA0kQ2nzRyqO9gRmABehKw= X-MC-Unique: FMbmylTdOmObc010OEyBjg-1 X-Mimecast-MFC-AGG-ID: FMbmylTdOmObc010OEyBjg_1757437059 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 03/15] machine: add 'require-secure' and 'prohibit-insecure' properties Date: Tue, 9 Sep 2025 17:57:14 +0100 Message-ID: <20250909165726.3814465-4-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437120458124100 Both default to 'false' to maintain the historical behaviour. If 'require-secure' is set to 'yes', then types which explicitly declare themselves as secure are required. If 'prohibit-insecure' is set to 'yes', then types which explicitly declare themselves as insecure are forbidden. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/core/machine.c | 60 +++++++++++++++++++++++++++++++++++++++++++++ include/hw/boards.h | 5 ++++ 2 files changed, 65 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index 38c949c4f2..b43c315bab 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -440,6 +440,34 @@ static void machine_set_dump_guest_core(Object *obj, b= ool value, Error **errp) ms->dump_guest_core =3D value; } =20 +static bool machine_get_require_secure(Object *obj, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + return ms->require_secure; +} + +static void machine_set_require_secure(Object *obj, bool value, Error **er= rp) +{ + MachineState *ms =3D MACHINE(obj); + + ms->require_secure =3D value; +} + +static bool machine_get_prohibit_insecure(Object *obj, Error **errp) +{ + MachineState *ms =3D MACHINE(obj); + + return ms->prohibit_insecure; +} + +static void machine_set_prohibit_insecure(Object *obj, bool value, Error *= *errp) +{ + MachineState *ms =3D MACHINE(obj); + + ms->prohibit_insecure =3D value; +} + static bool machine_get_mem_merge(Object *obj, Error **errp) { MachineState *ms =3D MACHINE(obj); @@ -1245,6 +1273,17 @@ static void machine_class_init(ObjectClass *oc, cons= t void *data) NULL, NULL); object_class_property_set_description(oc, "memory", "Memory size configuration"); + + object_class_property_add_bool(oc, "require-secure", + machine_get_require_secure, machine_set_require_secure); + object_class_property_set_description(oc, "require-secure", + "Define whether explicitly secure impls are required"); + + object_class_property_add_bool(oc, "prohibit-insecure", + machine_get_prohibit_insecure, machine_set_prohibit_insecure); + object_class_property_set_description(oc, "prohibit-insecure", + "Define whether explicitly insecure impls are prohibited"); + } =20 static void machine_class_base_init(ObjectClass *oc, const void *data) @@ -1269,6 +1308,8 @@ static void machine_initfn(Object *obj) MachineClass *mc =3D MACHINE_GET_CLASS(obj); =20 ms->dump_guest_core =3D true; + ms->require_secure =3D false; + ms->prohibit_insecure =3D false; ms->mem_merge =3D (QEMU_MADV_MERGEABLE !=3D QEMU_MADV_INVALID); ms->enable_graphics =3D true; ms->kernel_cmdline =3D g_strdup(""); @@ -1362,6 +1403,25 @@ bool machine_dump_guest_core(MachineState *machine) return machine->dump_guest_core; } =20 +bool machine_check_security(MachineState *machine, + ObjectClass *cls, + Error **errp) +{ + if (machine->require_secure && + !object_class_is_secure(cls)) { + error_setg(errp, "Type '%s' is not declared as secure", + object_class_get_name(cls)); + return false; + } + if (machine->prohibit_insecure && + object_class_is_insecure(cls)) { + error_setg(errp, "Type '%s' is declared as insecure", + object_class_get_name(cls)); + return false; + } + return true; +} + bool machine_mem_merge(MachineState *machine) { return machine->mem_merge; diff --git a/include/hw/boards.h b/include/hw/boards.h index 665b620121..61f6942016 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -36,6 +36,9 @@ void machine_run_board_init(MachineState *machine, const = char *mem_path, Error * bool machine_usb(MachineState *machine); int machine_phandle_start(MachineState *machine); bool machine_dump_guest_core(MachineState *machine); +bool machine_check_security(MachineState *machine, + ObjectClass *cls, + Error **errp); bool machine_mem_merge(MachineState *machine); bool machine_require_guest_memfd(MachineState *machine); HotpluggableCPUList *machine_query_hotpluggable_cpus(MachineState *machine= ); @@ -403,6 +406,8 @@ struct MachineState { int phandle_start; char *dt_compatible; bool dump_guest_core; + bool require_secure; + bool prohibit_insecure; bool mem_merge; bool usb; bool usb_disabled; --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437192; cv=none; d=zohomail.com; s=zohoarc; b=he1FKlhbe1sCocH6NBLqCn/4cuS650hj/USteczmqLwR4mv062zd/lcy6pYFC1FdlzavY+CMBT1qZ3uyJmKXlr9a1J8T/gFnGwAqAxl1Ma1zykryJI67O7o+lfHyVFg1xbFGf4b31B0ZiPTtQhlKpUvqy2tiWLFyNHNs22iQ864= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437192; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Hj2NPUU9/dKy1eaPYCeskZcnLUJnV1pQu9w2J/UBW8g=; b=eiQA3JEBSe7TLly+zAlIM/r9xeZNdGcnfYi0h5cIdI/nOjIuLN+b+/S/l8DfANdbdOWuEiUPiT+rMXFycsOufaOlPh9/pQgQZXLIoZW2JdpNk5kbY4lf58rdsHHtTAvUhrRFIzNKUk9LnKJMQZbT3fyFgJUkDdR4EgE5vMmBCQY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437192114377.79283874410305; Tue, 9 Sep 2025 09:59:52 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fZ-0006LA-0g; Tue, 09 Sep 2025 12:58:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fF-0006Bz-Og for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:55 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fA-0007Xu-FA for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:53 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-350-bnC46liGNoitGZqdjXIfdA-1; Tue, 09 Sep 2025 12:57:42 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B76C1180057B; Tue, 9 Sep 2025 16:57:41 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 71E591800447; Tue, 9 Sep 2025 16:57:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437066; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hj2NPUU9/dKy1eaPYCeskZcnLUJnV1pQu9w2J/UBW8g=; b=AdtKmgi34ootv3J8lbBKj38l7HiGmYAuY52+AmLfh94OWT4lcdukdVfI57tj8BRE1psSNr w6wbdi3m80FYCCs1aAajpJnY91GltkMS+igJTb83OdzXRgK6IWqsaJEH306KDEgseSeNPo ERoiFAaoeA/8nrBh1hsNafdXPBiKGd4= X-MC-Unique: bnC46liGNoitGZqdjXIfdA-1 X-Mimecast-MFC-AGG-ID: bnC46liGNoitGZqdjXIfdA_1757437061 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 04/15] machine: check security for machine and accelerator types Date: Tue, 9 Sep 2025 17:57:15 +0100 Message-ID: <20250909165726.3814465-5-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437195052124100 This wires up the AccelClass and MachineClass types to have their security check when machines are initialized. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/core/machine.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/core/machine.c b/hw/core/machine.c index b43c315bab..d356710d94 100644 --- a/hw/core/machine.c +++ b/hw/core/machine.c @@ -1672,6 +1672,12 @@ void machine_run_board_init(MachineState *machine, c= onst char *mem_path, Error * { ERRP_GUARD(); MachineClass *machine_class =3D MACHINE_GET_CLASS(machine); + AccelClass *ac =3D ACCEL_GET_CLASS(machine->accelerator); + + if (!machine_check_security(machine, OBJECT_CLASS(machine_class), errp= ) || + !machine_check_security(machine, OBJECT_CLASS(ac), errp)) { + return; + } =20 /* This checkpoint is required by replay to separate prior clock reading from the other reads, because timer polling functions query --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437143; cv=none; d=zohomail.com; s=zohoarc; b=O28bgtOwejhGHq+eAS2ikwJf0vXItUOxUjEsCTZw9o/KVjVi4XIAWdh456HHrX/+c/QLIlliqRZ+EU2m9O8ev2jTSJNfe3KJE87R5acK/BB4U8LOOU6GBMoBo0asSkKWHyqWtlCowi7NOv/RuEXuJCqkGXzTWeEut0vSxAVw3Gs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437143; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=X90i3lDhO5GKZF8jGV61sydE0PCwbavuOqD3n20P+q4=; b=oFe0QIPx0Di6ioKvPltstV7ohl+N6UVS6EgkVvc3Cebs8qEZUhal7JQ9MYfEiQ46caZR4OndrbCYrE8/21mCXWZBDal/X8nT+Ptm/Mc7VYKK1HKXC7IuCtMnqSkuYMR8fFlbsodGkUVabpWs/tEAFHG1AMkh6SV+d0FQ09wIXnE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437143573776.4073315574802; Tue, 9 Sep 2025 09:59:03 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fZ-0006MZ-CI; Tue, 09 Sep 2025 12:58:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fE-0006BR-OS for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:52 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fB-0007Z5-Bt for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:51 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-370-yX39LkFbOUuflJe5qn9LqA-1; Tue, 09 Sep 2025 12:57:45 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C2BBD1800577; Tue, 9 Sep 2025 16:57:44 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 37E8D1800446; Tue, 9 Sep 2025 16:57:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437068; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=X90i3lDhO5GKZF8jGV61sydE0PCwbavuOqD3n20P+q4=; b=JMYK21DcDZA8hHEuqc4ikREoBkzfy6dxQ81NSvHbeDoqZeQEUUU8njlSKGgf7l2SGOH9m0 mXJ1KrtoZJQ3mFBuaQkco0MiDrLTZ6cwFVkNjxM8j8O91m2izJBfPW3NQ/M2j9cDWHQcNv 0V8LngCL2IayxlIPaGjBw5IphbGQ4EI= X-MC-Unique: yX39LkFbOUuflJe5qn9LqA-1 X-Mimecast-MFC-AGG-ID: yX39LkFbOUuflJe5qn9LqA_1757437065 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 05/15] system: report machine security status in help output Date: Tue, 9 Sep 2025 17:57:16 +0100 Message-ID: <20250909165726.3814465-6-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437146420124100 When '-machine help' is given, report the security status of each machine. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/vl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/system/vl.c b/system/vl.c index 3b7057e6c6..0695af433f 100644 --- a/system/vl.c +++ b/system/vl.c @@ -1578,9 +1578,11 @@ static void machine_help_func(const QDict *qdict) if (mc->alias) { printf("%-20s %s (alias of %s)\n", mc->alias, mc->desc, mc->na= me); } - printf("%-20s %s%s%s\n", mc->name, mc->desc, + printf("%-20s %s%s%s%s%s\n", mc->name, mc->desc, mc->is_default ? " (default)" : "", - mc->deprecation_reason ? " (deprecated)" : ""); + mc->deprecation_reason ? " (deprecated)" : "", + object_class_is_secure(OBJECT_CLASS(mc)) ? " (secure)" : "", + object_class_is_insecure(OBJECT_CLASS(mc)) ? " (insecure)" = : ""); } } =20 --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437246; cv=none; d=zohomail.com; s=zohoarc; b=RtcLbWGa4uBdwkV7RzXiNWpeONAGbw+ShMSnO8RGc+YrmJnvtgazbKMT+tWBD7rm67QRsZEQR1iNakzlymH57J1mt9n1Fajoi7j6HG8M9UIXjcEo3X4FYMUCvMew88ih4LHeQaHsCmCImfD2J4n6rotx6rU+JkOpVk5um87nCS4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437246; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=uSulGWf/4BT015hg9UPm9aKpH+KuurOTOQds7bKm/uM=; b=VuG58JeJZjhIwxS+KcC78Pgs5PNwzHlM2OqCJJ7hO3guUMO/NiWWd1cEVgII/Bl3tyXCkjRdFWygObjhlr9I1l3DMCA2vdtytMF5yPAzLrzJZIc7WNlIvckQOjy1hiGsipv2dyUEfA2+9TEIiIYyz2+cRAk7LLsfLIsNuROk/X4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437246507307.6912289930892; Tue, 9 Sep 2025 10:00:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1ft-0006ko-MX; Tue, 09 Sep 2025 12:58:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fK-0006Fi-S1 for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:59 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fF-0007aA-GM for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:57:58 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-361-6CtqgeCDNCKsPFxwTq_fWw-1; Tue, 09 Sep 2025 12:57:48 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5BDC71800371; Tue, 9 Sep 2025 16:57:47 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id F36A01800446; Tue, 9 Sep 2025 16:57:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437071; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=uSulGWf/4BT015hg9UPm9aKpH+KuurOTOQds7bKm/uM=; b=fGGmRZvyC7OsSkFX9LWLExPPgsc0iccav73Qp07bXQrgwkKIW+V13ArT6+Ex9Ehbv2GN50 bqHJKyU/SaHBHbyVW5JUG9sv6jfOftfH3Xy75ZsE2CuKVSHCRAezKvAj9TmkdAnvrrGFe+ Vx/m0MdRXO/MI6MNgjcwVuB9V4kTkO0= X-MC-Unique: 6CtqgeCDNCKsPFxwTq_fWw-1 X-Mimecast-MFC-AGG-ID: 6CtqgeCDNCKsPFxwTq_fWw_1757437067 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 06/15] system: check security of device types Date: Tue, 9 Sep 2025 17:57:17 +0100 Message-ID: <20250909165726.3814465-7-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437247580124100 This wires up the DeviceClass types to have their security checked when devices are created. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/qdev-monitor.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c index 2ac92d0a07..f99907a311 100644 --- a/system/qdev-monitor.c +++ b/system/qdev-monitor.c @@ -644,6 +644,10 @@ DeviceState *qdev_device_add_from_qdict(const QDict *o= pts, return NULL; } =20 + if (!machine_check_security(current_machine, OBJECT_CLASS(dc), errp)) { + return NULL; + } + /* find bus */ path =3D qdict_get_try_str(opts, "bus"); if (path !=3D NULL) { --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437271; cv=none; d=zohomail.com; s=zohoarc; b=HaSnIga8LWt3OR9ZodEZ9kH47R8UgYd2ZJA4teNtGkE7LyamQqD9mYH4MttFrWz17apXo3ttZbnwR6dEXezXJ2KqmWb8JpeVXoFkuCO+n3kYodspmISK84V1BgPKSn3AGK72GyqiY4g0IEO4KFul57TGyGot+spmnHxYi6/pTnE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437271; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=1xlWotupO+rJbOeq0JRAHcOxSfEzLclZK8YUpb2D+Gw=; b=jT+PC163q4s6u7v3sfvPdprQR3pc5AnXMsYOXzhwmisxNqzJO7bjwNn3LT3/hzUHODuHFPBeTNZWTGNCh4hi6M51uZqCKpEZZvi3NTvb1tAn+nIeeDO61hunqN5cN+xAEng4IgA/szmUP7ZJUV4swMDVDK7LWrmf+VrEmx8qrqg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175743727152837.26722454383321; Tue, 9 Sep 2025 10:01:11 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fy-0006rz-Uv; Tue, 09 Sep 2025 12:58:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fQ-0006KY-IP for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:07 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fM-0007by-3G for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:02 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-643--REpneGcObeN6Kz4sHYjAQ-1; Tue, 09 Sep 2025 12:57:51 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 66E3A1955F3D; Tue, 9 Sep 2025 16:57:50 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id CC4331800447; Tue, 9 Sep 2025 16:57:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437076; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1xlWotupO+rJbOeq0JRAHcOxSfEzLclZK8YUpb2D+Gw=; b=BAikJlendEG22bzLk2oD5k7SJfhxubl7s4opfNRTOIfXmTIg9Lq1eSUCsSnvkPsKTyGcBS hC+dD37O3w9i5axX5qHeQGgWql2sa3W3nzC13hcJnUveNkNjfP/L/Esv58NM3sCvWZoB9s f5jkzHvr6+awv0xyRHJKYnykIoOduRI= X-MC-Unique: -REpneGcObeN6Kz4sHYjAQ-1 X-Mimecast-MFC-AGG-ID: -REpneGcObeN6Kz4sHYjAQ_1757437070 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 07/15] system: report device security status in help output Date: Tue, 9 Sep 2025 17:57:18 +0100 Message-ID: <20250909165726.3814465-8-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437273844124100 When '-device help' is given, report the security status of each device. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/qdev-monitor.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c index f99907a311..db34b83923 100644 --- a/system/qdev-monitor.c +++ b/system/qdev-monitor.c @@ -164,6 +164,12 @@ static void qdev_print_devinfo(DeviceClass *dc) if (!dc->user_creatable) { qemu_printf(", no-user"); } + if (object_class_is_secure(OBJECT_CLASS(dc))) { + qemu_printf(", secure"); + } + if (object_class_is_insecure(OBJECT_CLASS(dc))) { + qemu_printf(", insecure"); + } qemu_printf("\n"); } =20 --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437160; cv=none; d=zohomail.com; s=zohoarc; b=e5tYQiLSfdGwzDDlTVawqs4WLzo9d1e3vNWOz6kkcQlRzBzzia71jXOsuK8t9GoXUH9CoeLicc/v+1rF4HXRNidW7HoPz8wu7+OlmUDZP4Lb3XJBs1tff/QQgKxvGvjGhtJwSpIP8DqCKerr2/yM/DKmDrw05GiBlxwkfAYoWLY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437160; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=reeHWg5i9UC3bmZs64SCWX3539n4gk5y3JvHWF0QkQk=; b=br1XPY2zGrZ220+b88Ror0dAIJewSFk/mXctaV5BE9Xsb0hEoYFy93/3Acye7vhZQ651JKC2xBRLW8/rggFcmssiFjHcaRf0xuUkrqwPwvIlTYi1GEwZ43/R6WvaQgHBPYcP0Bwf+/uSlaPMThuBGO6A6GfjTLYkQtXIgox8kek= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437160365717.3080952398042; Tue, 9 Sep 2025 09:59:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fk-0006QD-2p; Tue, 09 Sep 2025 12:58:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fN-0006GW-L6 for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fK-0007bt-L8 for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:01 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-637-etfenAe3MPe4JbSWIi66FQ-1; Tue, 09 Sep 2025 12:57:54 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2D1AB180047F; Tue, 9 Sep 2025 16:57:53 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id C5D671800446; Tue, 9 Sep 2025 16:57:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437075; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=reeHWg5i9UC3bmZs64SCWX3539n4gk5y3JvHWF0QkQk=; b=BWoU8pnbMrnWIuNUhytK0U+G0CaozxV8m0qlHiksfJPoDXnfk4+mzkDgxxNoat+E7hfvZc iEX55tLzJ5cGrJiBC/bdeVCzIEzD2m3uhHT22ii77pHuYVuc+Hx1nG+rxgdFWdZHGfki3I +DOb9R4DlWU2K+o176W5YtyPdQH103g= X-MC-Unique: etfenAe3MPe4JbSWIi66FQ-1 X-Mimecast-MFC-AGG-ID: etfenAe3MPe4JbSWIi66FQ_1757437073 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 08/15] hw/core: report secure/insecure status in query-machines Date: Tue, 9 Sep 2025 17:57:19 +0100 Message-ID: <20250909165726.3814465-9-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437162565124100 Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/core/machine-qmp-cmds.c | 2 ++ qapi/machine.json | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c index 6aca1a626e..4ef2d06d32 100644 --- a/hw/core/machine-qmp-cmds.c +++ b/hw/core/machine-qmp-cmds.c @@ -100,6 +100,8 @@ MachineInfoList *qmp_query_machines(bool has_compat_pro= ps, bool compat_props, if (mc->default_ram_id) { info->default_ram_id =3D g_strdup(mc->default_ram_id); } + info->secure =3D object_class_is_secure(OBJECT_CLASS(mc)); + info->insecure =3D object_class_is_insecure(OBJECT_CLASS(mc)); =20 if (compat_props && mc->compat_props) { int i; diff --git a/qapi/machine.json b/qapi/machine.json index 038eab281c..ff1f9bf076 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -194,6 +194,12 @@ # present when `query-machines` argument @compat-props is true. # (since 9.1) # +# @secure: If true, the machine is declared to provide a security +# boundary from the guest; if false the status is undefined. +# +# @insecure: If true, the machine is declared to NOT provide a security +# boundary from the guest; if false the status is undefined. +# # Features: # # @unstable: Member @compat-props is experimental. @@ -207,7 +213,8 @@ 'deprecated': 'bool', '*default-cpu-type': 'str', '*default-ram-id': 'str', 'acpi': 'bool', '*compat-props': { 'type': ['CompatProperty'], - 'features': ['unstable'] } } } + 'features': ['unstable'] }, + 'secure': 'bool', 'insecure': 'bool' } } =20 ## # @query-machines: --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437156; cv=none; d=zohomail.com; s=zohoarc; b=WsJcLk6ndG5HI9sgjUudxloOEELMAzLMQ4zx/ARQeybydI7aUFvGf/GTW6t5gBAQiopHd5Qigda6jHkXHBeD/fhaGbsAfhizsOXGqGCApVo5AxU4CprmPc8lsqDPgtLzPcUNWDpLUfjaThdbbyRR7Mw6iSzVnJKJ1jJGYs96wh0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437156; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=cfr02aDddyM4f+cQuRHngl/25SfiMaK12tyjEfawCpc=; b=mlGySXEtBnT+jaY8dIsX5K0skGKogii1Sls3ismpOyukk3oIL8QHNxu5OaGmpLxeHDSxvKd7LcLzif/BUw2b/eHWoBNmTlMYFZMdsOEVh0HxeKvrOVK544K7Xu/yPghrCz9s/shOsaUGcNH8WRo2oGhoz0A+koYOFLdH2GwYKGo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437156853828.2556522139124; Tue, 9 Sep 2025 09:59:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fk-0006Qs-5w; Tue, 09 Sep 2025 12:58:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fO-0006GZ-FD for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:05 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fM-0007cU-Fh for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:02 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-359-zAWk9m70PVKjp_GYDXE6Fg-1; Tue, 09 Sep 2025 12:57:57 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 46D341800562; Tue, 9 Sep 2025 16:57:56 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D71B21800446; Tue, 9 Sep 2025 16:57:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437078; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cfr02aDddyM4f+cQuRHngl/25SfiMaK12tyjEfawCpc=; b=KLbV+9vzelO/FwR3xDd07vOEo2kXJajmltWSidx5IXpvGpurNiB+ZF34+QkILn2SfZFKqU pZNqfs4ux2daimUtkmKRrzwHtVjoOkvX0iRIWqBPNCwWbLUZ1ww9mML7YD59w22wdnI9K9 hexlSR9pn1CaybfKHOZ4SROdeJupmuk= X-MC-Unique: zAWk9m70PVKjp_GYDXE6Fg-1 X-Mimecast-MFC-AGG-ID: zAWk9m70PVKjp_GYDXE6Fg_1757437076 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 09/15] accel: mark 'kvm' as secure and 'tcg' as insecure Date: Tue, 9 Sep 2025 17:57:20 +0100 Message-ID: <20250909165726.3814465-10-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437158490124100 Signed-off-by: Daniel P. Berrang=C3=A9 --- accel/kvm/kvm-all.c | 1 + accel/tcg/tcg-all.c | 1 + 2 files changed, 2 insertions(+) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index f36dfe3349..53b89d0560 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -4068,6 +4068,7 @@ static const TypeInfo kvm_accel_type =3D { .instance_init =3D kvm_accel_instance_init, .class_init =3D kvm_accel_class_init, .instance_size =3D sizeof(KVMState), + .secure =3D true, }; =20 static void kvm_type_init(void) diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c index 5125e1a4e2..3904df4e78 100644 --- a/accel/tcg/tcg-all.c +++ b/accel/tcg/tcg-all.c @@ -275,6 +275,7 @@ static const TypeInfo tcg_accel_type =3D { .instance_init =3D tcg_accel_instance_init, .class_init =3D tcg_accel_class_init, .instance_size =3D sizeof(TCGState), + .insecure =3D true, }; module_obj(TYPE_TCG_ACCEL); =20 --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437253; cv=none; d=zohomail.com; s=zohoarc; b=UVnXlhkQE2jZS+I6+BXQvYGTvuQMU58N59iMLvNrCNS7ZdaPSjJKVS3T6YPtQfkZMalu5v7z5Xr0Tf2ynWYPPIIO2ZqnP8yJZYVf3ECZoXeRJVRMqSf8pC7MLTVwH+JijSN5FVydWM8v59sLJ8opBb35mitbjeJ6Di71qBL1E9s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437253; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=YKYCnPa2j5HEUjmt+gy6hq2Fa7FzPDEoXHj0GPtbA7k=; b=jTolRwnfOfll9UtsZ1Oxs5ZdGddSAZX1YRka1XAsaHb8UvLdkGBFlrSjUH0sX88yIgYjdPzK8soTgczKQ4yP+FG/PupilAdyWDvtdSaYXompu/p2gYP8XVOgoTMCctkwEhH2tvLF/H5WbEl5FUVLqZV2W3mJ0aIOzXMkgeGW+GU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437253289284.27433403501254; Tue, 9 Sep 2025 10:00:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fm-0006Rf-08; Tue, 09 Sep 2025 12:58:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fW-0006Ld-VX for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:12 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fS-0007cx-DB for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:09 -0400 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-673--k451QWOPLmfnzBiH8U29Q-1; Tue, 09 Sep 2025 12:57:59 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0618D1956096; Tue, 9 Sep 2025 16:57:59 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A309A1800447; Tue, 9 Sep 2025 16:57:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437081; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=YKYCnPa2j5HEUjmt+gy6hq2Fa7FzPDEoXHj0GPtbA7k=; b=AnZeupw7gOZT1K/8B8y+01wxY3NBKbLoFIg5j3o1HM2qyxxxmPNu7PTXznXsaycLY7HXeU KY2ThxB1t6ooW207KdJXxyoKczGNr9acdtJ7UcPnLyqfduHMElO5CZXUW7s7oCxU1X/UWB wWlbQJPo1fgOsOLRv3l9ihpGz29E+r4= X-MC-Unique: -k451QWOPLmfnzBiH8U29Q-1 X-Mimecast-MFC-AGG-ID: -k451QWOPLmfnzBiH8U29Q_1757437079 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 10/15] hw/virtio: mark all virtio PCI devices as secure Date: Tue, 9 Sep 2025 17:57:21 +0100 Message-ID: <20250909165726.3814465-11-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437255607116600 Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/virtio/virtio-pci.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 767216d795..f2f720792a 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -2494,6 +2494,7 @@ void virtio_pci_types_register(const VirtioPCIDeviceT= ypeInfo *t) .name =3D t->generic_name, .parent =3D base_type_info.name, .class_init =3D virtio_pci_generic_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -2529,6 +2530,7 @@ void virtio_pci_types_register(const VirtioPCIDeviceT= ypeInfo *t) .name =3D t->non_transitional_name, .parent =3D base_type_info.name, .instance_init =3D virtio_pci_non_transitional_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -2543,6 +2545,7 @@ void virtio_pci_types_register(const VirtioPCIDeviceT= ypeInfo *t) .name =3D t->transitional_name, .parent =3D base_type_info.name, .instance_init =3D virtio_pci_transitional_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { /* * Transitional virtio devices work only as Conventional P= CI --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437159; cv=none; d=zohomail.com; s=zohoarc; b=YhM6AW+ywTA30xP/6W3vWkCsKBqlp5fpiK+X4oVKT3XpRNAXBgxMiei9kGjrDQ/XluZbftGFK2fxxzdeduUy3ZXH6rqzSMDy7ox05R5rOIt+SxOMqhh+2zMxPg7Yq4GpvN4Hc+c9qBpKCGK2C+gF7sbfTDUNJlNgff6Egbwucb0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437159; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=43GjTmBiduG3qjxsUo/YeHs+pbqePCg/U9qzDj68t18=; b=DAeZGPfI8ZaG8mr55eX2REKTXgE7M4PfwyFjpiYUL9+B3oGVYWU2P2F+IPAVjfgydt/F9EPdoWFP2wpQNRpe3te1KPXrPhvr0Cs99QmI8cyodryRvalqkNugsHxk77ae5FagAB7kc4v5nkeeSQxQak5BbcT2WYbepVU3CZwWH3A= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437159133321.3128721350737; Tue, 9 Sep 2025 09:59:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fo-0006WG-Rh; Tue, 09 Sep 2025 12:58:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fc-0006Oi-3o for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:19 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fV-0007ds-Pz for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:15 -0400 Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-201-S2S_sLC6M7ayPFbrb0Czwg-1; Tue, 09 Sep 2025 12:58:02 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id F3671195608B; Tue, 9 Sep 2025 16:58:01 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7CF891800447; Tue, 9 Sep 2025 16:57:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437085; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=43GjTmBiduG3qjxsUo/YeHs+pbqePCg/U9qzDj68t18=; b=iLQHUjWMee9Fnxft63Bir/4YbTFPMnJBlM2UR18S3crgsJBnanFpeiVFmaRJF8v+ckfNPr 7RVrNUeEWOv38bRGvW6ws2qAMLHXWoak8IPqCgqgwjYLd3uGrcOUgOZ+1MpgCiB5CZNr8P BUK2KsdJqd775DlkfxdW0Hz27Gvj8bQ= X-MC-Unique: S2S_sLC6M7ayPFbrb0Czwg-1 X-Mimecast-MFC-AGG-ID: S2S_sLC6M7ayPFbrb0Czwg_1757437082 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 11/15] hw: mark x86, s390, ppc, arm versioned machine types as secure Date: Tue, 9 Sep 2025 17:57:22 +0100 Message-ID: <20250909165726.3814465-12-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437160498124100 The versioned machine types are typically present for use in virtualization use cases and can be expected to provide a security barrier. The only exceptions are the m68k versioned machine types which are only used with TCG. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/arm/virt.c | 1 + hw/ppc/spapr.c | 1 + hw/s390x/s390-virtio-ccw.c | 1 + include/hw/i386/pc.h | 1 + 4 files changed, 4 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index e5c4142e82..f54c3c22fd 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -128,6 +128,7 @@ static void arm_virt_compat_set(MachineClass *mc) .name =3D MACHINE_VER_TYPE_NAME("virt", __VA_ARGS__), \ .parent =3D TYPE_VIRT_MACHINE, \ .class_init =3D MACHINE_VER_SYM(class_init, virt, __VA_ARGS__), \ + .secure =3D true, \ }; \ static void MACHINE_VER_SYM(register, virt, __VA_ARGS__)(void) \ { \ diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index eb22333404..3581f581a4 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -4748,6 +4748,7 @@ static void spapr_machine_latest_class_options(Machin= eClass *mc) .name =3D MACHINE_VER_TYPE_NAME("pseries", __VA_ARGS__), \ .parent =3D TYPE_SPAPR_MACHINE, \ .class_init =3D MACHINE_VER_SYM(class_init, spapr, __VA_ARGS__), \ + .secure =3D true, \ }; \ static void MACHINE_VER_SYM(register, spapr, __VA_ARGS__)(void) \ { \ diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c index d0c6e80cb0..54bc4e1b74 100644 --- a/hw/s390x/s390-virtio-ccw.c +++ b/hw/s390x/s390-virtio-ccw.c @@ -896,6 +896,7 @@ static const TypeInfo ccw_machine_info =3D { .name =3D MACHINE_VER_TYPE_NAME("s390-ccw-virtio", __VA_ARGS__), = \ .parent =3D TYPE_S390_CCW_MACHINE, = \ .class_init =3D MACHINE_VER_SYM(class_init, ccw, __VA_ARGS__), = \ + .secure =3D true, = \ }; = \ static void MACHINE_VER_SYM(register, ccw, __VA_ARGS__)(void) = \ { = \ diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index e83157ab35..7c31bf1444 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -342,6 +342,7 @@ extern const size_t pc_compat_2_6_len; .name =3D MACHINE_VER_TYPE_NAME(namestr, __VA_ARGS__), \ .parent =3D TYPE_PC_MACHINE, \ .class_init =3D MACHINE_VER_SYM(class_init, namesym, __VA_ARGS__),= \ + .secure =3D true, \ }; \ static void MACHINE_VER_SYM(register, namesym, __VA_ARGS__)(void) \ { \ --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437139; cv=none; d=zohomail.com; s=zohoarc; b=Wk2OYYgF3KhxzDGhQ0D8oVMOJyToZGdMYGQVLbW8KhbxKdk44xGvmHyJUgSsfsd7a+5ivKgMYOAjNCI4bbVpk1PNiezUn2DHf8tZrGpNnoNLROdQusXyasbF9l4og3cqgGTyIY01vo/Ck1qW9k3x9nCkWcqrTxR/ZCpKod2irHY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437139; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=vkLaMxh9bLXpdIL2Z4N+0XG+jnR5jNzoYt6bWjoMlmQ=; b=l3Mc2kCXc/8Vkt+dDxmX1ybC7kFgBvlq8gEOIDsZGXs+MnY1OTRR9Eub0/Snt4qUr2rWKLi74LvKGSFGcQa4deLzF8s8Emk2TTBqU2MV5+lS12dTOwp0rSeWoNMgYDNCixh4CcEsCPEddS2JIizHuNpRlPPSNo9kKUsRBo7W80I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437139809358.52471579508233; Tue, 9 Sep 2025 09:58:59 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fo-0006VU-Dg; Tue, 09 Sep 2025 12:58:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fc-0006On-Cj for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:20 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fV-0007e5-NE for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:14 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-379-OrDTUahgP-6xmCnBAnoVqQ-1; Tue, 09 Sep 2025 12:58:06 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5B2BA180057B; Tue, 9 Sep 2025 16:58:05 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 763031800447; Tue, 9 Sep 2025 16:58:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437087; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=vkLaMxh9bLXpdIL2Z4N+0XG+jnR5jNzoYt6bWjoMlmQ=; b=RVi37KDbXS7klF0G1n8KdRQmB1QkJ+DUYtLeh17LCWZO6hb03I0Cw9CYjpL30NMfO5mGkm 8Zts95NcWbcClqgVCVD9ywPYcLXMie+adcHo/dgbxyS92m3dBT1ocpGju0gkjvEfxLyAoQ BLJNwAFZ/N9W7PaccoTM+L8BiZwXswI= X-MC-Unique: OrDTUahgP-6xmCnBAnoVqQ-1 X-Mimecast-MFC-AGG-ID: OrDTUahgP-6xmCnBAnoVqQ_1757437085 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 12/15] hw: declare Xen & microvm machines as secure, isapc as insecure Date: Tue, 9 Sep 2025 17:57:23 +0100 Message-ID: <20250909165726.3814465-13-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437142105116600 Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/arm/xen-pvh.c | 1 + hw/i386/isapc.c | 2 +- hw/i386/microvm.c | 1 + hw/i386/pc_piix.c | 4 ++-- hw/i386/xen/xen-pvh.c | 1 + hw/i386/xen/xen_pvdevice.c | 1 + hw/xen/xen-pvh-common.c | 1 + hw/xenpv/xen_machine_pv.c | 2 +- include/hw/boards.h | 13 ++++++++++++- include/hw/i386/pc.h | 4 +++- 10 files changed, 24 insertions(+), 6 deletions(-) diff --git a/hw/arm/xen-pvh.c b/hw/arm/xen-pvh.c index 1a9eeb01c8..d6b777cb20 100644 --- a/hw/arm/xen-pvh.c +++ b/hw/arm/xen-pvh.c @@ -95,6 +95,7 @@ static const TypeInfo xen_arm_machine_type =3D { .class_init =3D xen_arm_machine_class_init, .instance_size =3D sizeof(XenPVHMachineState), .instance_init =3D xen_arm_instance_init, + .secure =3D true, }; =20 static void xen_arm_machine_register_types(void) diff --git a/hw/i386/isapc.c b/hw/i386/isapc.c index 44f4a44672..4564baa5dc 100644 --- a/hw/i386/isapc.c +++ b/hw/i386/isapc.c @@ -186,4 +186,4 @@ static void isapc_machine_options(MachineClass *m) } =20 DEFINE_PC_MACHINE(isapc, "isapc", pc_init_isa, - isapc_machine_options); + isapc_machine_options, false); diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c index 94d22a232a..c9ff29da0e 100644 --- a/hw/i386/microvm.c +++ b/hw/i386/microvm.c @@ -729,6 +729,7 @@ static const TypeInfo microvm_machine_info =3D { .instance_init =3D microvm_machine_initfn, .class_size =3D sizeof(MicrovmMachineClass), .class_init =3D microvm_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { } diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index caf8bab68e..168f1821b6 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -756,7 +756,7 @@ static void xenfv_machine_4_2_options(MachineClass *m) } =20 DEFINE_PC_MACHINE(xenfv_4_2, "xenfv-4.2", pc_xen_hvm_init, - xenfv_machine_4_2_options); + xenfv_machine_4_2_options, true); =20 static void xenfv_machine_3_1_options(MachineClass *m) { @@ -768,5 +768,5 @@ static void xenfv_machine_3_1_options(MachineClass *m) } =20 DEFINE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init, - xenfv_machine_3_1_options); + xenfv_machine_3_1_options, true); #endif diff --git a/hw/i386/xen/xen-pvh.c b/hw/i386/xen/xen-pvh.c index 067f73e977..f30cb82962 100644 --- a/hw/i386/xen/xen-pvh.c +++ b/hw/i386/xen/xen-pvh.c @@ -115,6 +115,7 @@ static const TypeInfo xen_pvh_x86_machine_type =3D { .class_init =3D xen_pvh_machine_class_init, .instance_init =3D xen_pvh_instance_init, .instance_size =3D sizeof(XenPVHx86State), + .secure =3D true, }; =20 static void xen_pvh_machine_register_types(void) diff --git a/hw/i386/xen/xen_pvdevice.c b/hw/i386/xen/xen_pvdevice.c index 87a974ae5a..adf4948b9a 100644 --- a/hw/i386/xen/xen_pvdevice.c +++ b/hw/i386/xen/xen_pvdevice.c @@ -139,6 +139,7 @@ static const TypeInfo xen_pv_type_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(XenPVDevice), .class_init =3D xen_pv_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/xen/xen-pvh-common.c b/hw/xen/xen-pvh-common.c index b93ff80c85..5b1572f531 100644 --- a/hw/xen/xen-pvh-common.c +++ b/hw/xen/xen-pvh-common.c @@ -389,6 +389,7 @@ static const TypeInfo xen_pvh_info =3D { .instance_size =3D sizeof(XenPVHMachineState), .class_size =3D sizeof(XenPVHMachineClass), .class_init =3D xen_pvh_class_init, + .secure =3D true, }; =20 static void xen_pvh_register_types(void) diff --git a/hw/xenpv/xen_machine_pv.c b/hw/xenpv/xen_machine_pv.c index 99c02492ef..26a77ef007 100644 --- a/hw/xenpv/xen_machine_pv.c +++ b/hw/xenpv/xen_machine_pv.c @@ -69,4 +69,4 @@ static void xenpv_machine_init(MachineClass *mc) mc->default_machine_opts =3D "accel=3Dxen"; } =20 -DEFINE_MACHINE("xenpv", xenpv_machine_init) +DEFINE_SECURE_MACHINE("xenpv", xenpv_machine_init) diff --git a/include/hw/boards.h b/include/hw/boards.h index 61f6942016..bef22d917d 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -767,7 +767,7 @@ struct MachineState { } \ } while (0) =20 -#define DEFINE_MACHINE(namestr, machine_initfn) \ +#define DEFINE_MACHINE_IMPL(namestr, machine_initfn, issecure, isinsecure)= \ static void machine_initfn##_class_init(ObjectClass *oc, const void *d= ata) \ { \ MachineClass *mc =3D MACHINE_CLASS(oc); \ @@ -777,6 +777,8 @@ struct MachineState { .name =3D MACHINE_TYPE_NAME(namestr), \ .parent =3D TYPE_MACHINE, \ .class_init =3D machine_initfn##_class_init, \ + .secure =3D issecure, \ + .insecure =3D isinsecure, \ }; \ static void machine_initfn##_register_types(void) \ { \ @@ -784,6 +786,15 @@ struct MachineState { } \ type_init(machine_initfn##_register_types) =20 +#define DEFINE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, false, false) + +#define DEFINE_SECURE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, true, false) + +#define DEFINE_INSECURE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, false, true) + extern GlobalProperty hw_compat_10_1[]; extern const size_t hw_compat_10_1_len; =20 diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 7c31bf1444..8b76d21825 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -301,7 +301,7 @@ extern const size_t pc_compat_2_7_len; extern GlobalProperty pc_compat_2_6[]; extern const size_t pc_compat_2_6_len; =20 -#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ +#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn, issecure) \ static void pc_machine_##suffix##_class_init(ObjectClass *oc, \ const void *data) \ { \ @@ -313,6 +313,8 @@ extern const size_t pc_compat_2_6_len; .name =3D namestr TYPE_MACHINE_SUFFIX, \ .parent =3D TYPE_PC_MACHINE, \ .class_init =3D pc_machine_##suffix##_class_init, \ + .secure =3D issecure, \ + .insecure =3D !issecure, \ }; \ static void pc_machine_init_##suffix(void) \ { \ --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437303; cv=none; d=zohomail.com; s=zohoarc; b=OMbUfFhSxdkgVSi/pFddnZBZWMKKkErR1ktfrzcL6quWFDCQ2jAYCpbhwhn5QgwmGNVjGcrkc85D42e3NiSMU3NBK+IvalWu4dmD4nFdmrpuBt+JWCvaS+ZpM9Ytp0bKgulzY4WMQl/+9k4LkOLWdmroLHAnVNGNDv8iQ9IH6yU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437303; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=gkMiuZpXdGm6JqHEuzQJ0/yF+FoEKuKid1vFL99+OB4=; b=EIBYiMo0Fk2HjqGPm19Kc0p2aERIZI0gr+v9BFvQUbq/yQV3NxvbsedtL0zdWPG0q8aw6Fy/3am/Yweg/uj3fgdMO9yinD4NGAcc5cMLmidgiO3FTAHQQXyFtHKpI05/sf862MDcoVeau5wkRkd6RHjuqTNChObXHWeeoYNNL1E= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17574373033101013.2120021022475; Tue, 9 Sep 2025 10:01:43 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1fs-0006jW-RT; Tue, 09 Sep 2025 12:58:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fg-0006PS-Fc for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:22 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fa-0007f5-N9 for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:20 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-288-ZzQ6L2qBPvC37xCSAL8_nQ-1; Tue, 09 Sep 2025 12:58:09 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B7471180057B; Tue, 9 Sep 2025 16:58:08 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id D220F1800446; Tue, 9 Sep 2025 16:58:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437093; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gkMiuZpXdGm6JqHEuzQJ0/yF+FoEKuKid1vFL99+OB4=; b=IFn7ggdkDdjM3jOazclZMhui98L/20lkw073NUhHOpKLvZImvC4rLlB2DrSzJLFlUql+Sk ZfHGPf3A1yENboSzXwlEL15JJ7ZaUZsH7dZTQEs0BhiiclNkhr9yej/dX+DuRhnkhM+LvJ BIrAJbwTmcNiaiyNkfIMd6AVaX+PjLY= X-MC-Unique: ZzQ6L2qBPvC37xCSAL8_nQ-1 X-Mimecast-MFC-AGG-ID: ZzQ6L2qBPvC37xCSAL8_nQ_1757437088 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 13/15] hw/core: declare 'none' machine to be insecure Date: Tue, 9 Sep 2025 17:57:24 +0100 Message-ID: <20250909165726.3814465-14-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437306269124101 This machine is only used for probing capabilities and thus will not run any guest workloads & has no reason to be considered secure at this time. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/core/null-machine.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/core/null-machine.c b/hw/core/null-machine.c index a6e477a2d8..c2ff8b1b5b 100644 --- a/hw/core/null-machine.c +++ b/hw/core/null-machine.c @@ -55,4 +55,4 @@ static void machine_none_machine_init(MachineClass *mc) mc->no_cdrom =3D 1; } =20 -DEFINE_MACHINE("none", machine_none_machine_init) +DEFINE_INSECURE_MACHINE("none", machine_none_machine_init) --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437255; cv=none; d=zohomail.com; s=zohoarc; b=dtU8Wkt40Mk0Cc77bLr4Ey7gzbh4SODXKOWC+QcrNdxXN1N48pRpRedV5PHba2yV61Vy0yITl3Zo8sAMS1/xaR7v3Yw7F3eoxs0tc5jSA0n9oAzJeZd3bQMrVMuv2RI7M6lWkFoJgsIvrxwp5e1C5e4Da2UG78iD8TCZMrjV3fE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437255; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=cKWmvwbl3Ykqw62VPAK0MxfC1m5cPJWLJRvuPtRLz5Q=; b=XGe7cYRzcU5XEWjNMC/dBHN+/ln9iyq9scz215a6P7hE/ET0CTllIKCZELAAiHZhFay1EDc1d0G/zhyCwDSm7Up5RtX0/RGkXzTcvqwDJW3G+J0z4QG3cs0rJP66W3cx2DU3l08Fr+2Xve4a5TZMU8y6Mh3c2of22ExtfUPrCx8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1757437255714310.8595173894108; Tue, 9 Sep 2025 10:00:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1g4-00072o-KD; Tue, 09 Sep 2025 12:58:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fg-0006PR-AP for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:22 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fc-0007fL-3d for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:19 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-66-9NVuwgytMzWtYUYjkAlydg-1; Tue, 09 Sep 2025 12:58:12 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B0E991800451; Tue, 9 Sep 2025 16:58:11 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 214711800446; Tue, 9 Sep 2025 16:58:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437094; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cKWmvwbl3Ykqw62VPAK0MxfC1m5cPJWLJRvuPtRLz5Q=; b=heo0OcjHIW3GsGLr+owQ9acS8o1xBx/RfVJ24QBzlgVFv0yfbL7e7EboDfkIw6CqMKNM2M 3GsF4ICAqylZcvmvqVWXMyOyAydAVmzwjQI/rgK0+TSFL40x5V1IkwNlg0DN0cvG5RPr/l CRyTvZXMPvp/sBoaakSWZ+hVa++fSjc= X-MC-Unique: 9NVuwgytMzWtYUYjkAlydg-1 X-Mimecast-MFC-AGG-ID: 9NVuwgytMzWtYUYjkAlydg_1757437091 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 14/15] hw/net: mark all NICs as insecure except e1000, e1000e & xen Date: Tue, 9 Sep 2025 17:57:25 +0100 Message-ID: <20250909165726.3814465-15-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437257908124100 Historically most NICs are only interesting for non-virtualization use cases and have not been written with malicious guests in mind. The exception is a handful of NICs from the x86 world. These days virtio-net or xen-net should be used in all virtualized guests. An exception is made, however, for the e1000/e1000e NICs since they are a common fallback NIC option for scenarios where virtio is not available. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/net/allwinner-sun8i-emac.c | 1 + hw/net/allwinner_emac.c | 3 ++- hw/net/cadence_gem.c | 1 + hw/net/can/can_kvaser_pci.c | 1 + hw/net/can/can_mioe3680_pci.c | 1 + hw/net/can/can_pcm3680_pci.c | 1 + hw/net/can/ctucan_pci.c | 1 + hw/net/can/xlnx-versal-canfd.c | 1 + hw/net/can/xlnx-zynqmp-can.c | 1 + hw/net/dp8393x.c | 1 + hw/net/e1000.c | 1 + hw/net/e1000e.c | 1 + hw/net/eepro100.c | 1 + hw/net/fsl_etsec/etsec.c | 1 + hw/net/ftgmac100.c | 1 + hw/net/igb.c | 1 + hw/net/igbvf.c | 1 + hw/net/imx_fec.c | 2 ++ hw/net/lan9118.c | 1 + hw/net/lan9118_phy.c | 1 + hw/net/lance.c | 1 + hw/net/lasi_i82596.c | 1 + hw/net/mcf_fec.c | 1 + hw/net/msf2-emac.c | 1 + hw/net/mv88w8618_eth.c | 1 + hw/net/ne2000-isa.c | 1 + hw/net/ne2000-pci.c | 1 + hw/net/npcm7xx_emc.c | 1 + hw/net/npcm_gmac.c | 1 + hw/net/npcm_pcs.c | 1 + hw/net/opencores_eth.c | 1 + hw/net/pcnet-pci.c | 1 + hw/net/rocker/rocker.c | 1 + hw/net/rtl8139.c | 1 + hw/net/smc91c111.c | 1 + hw/net/spapr_llan.c | 1 + hw/net/stellaris_enet.c | 1 + hw/net/sungem.c | 1 + hw/net/sunhme.c | 1 + hw/net/tulip.c | 1 + hw/net/virtio-net.c | 1 + hw/net/vmxnet3.c | 1 + hw/net/xen_nic.c | 1 + hw/net/xgmac.c | 1 + hw/net/xilinx_axienet.c | 1 + hw/net/xilinx_ethlite.c | 1 + 46 files changed, 48 insertions(+), 1 deletion(-) diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c index 30a81576b4..9239be7a2b 100644 --- a/hw/net/allwinner-sun8i-emac.c +++ b/hw/net/allwinner-sun8i-emac.c @@ -892,6 +892,7 @@ static const TypeInfo allwinner_sun8i_emac_info =3D { .instance_size =3D sizeof(AwSun8iEmacState), .instance_init =3D allwinner_sun8i_emac_init, .class_init =3D allwinner_sun8i_emac_class_init, + .insecure =3D true, }; =20 static void allwinner_sun8i_emac_register_types(void) diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c index 77d089d988..2c2cd68aae 100644 --- a/hw/net/allwinner_emac.c +++ b/hw/net/allwinner_emac.c @@ -528,8 +528,9 @@ static const TypeInfo aw_emac_info =3D { .name =3D TYPE_AW_EMAC, .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(AwEmacState), - .instance_init =3D aw_emac_init, + .instance_init =3D aw_emac_init, .class_init =3D aw_emac_class_init, + .insecure =3D true, }; =20 static void aw_emac_register_types(void) diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c index 44446666de..0d9894a95a 100644 --- a/hw/net/cadence_gem.c +++ b/hw/net/cadence_gem.c @@ -1833,6 +1833,7 @@ static const TypeInfo gem_info =3D { .instance_size =3D sizeof(CadenceGEMState), .instance_init =3D gem_init, .class_init =3D gem_class_init, + .insecure =3D true, }; =20 static void gem_register_types(void) diff --git a/hw/net/can/can_kvaser_pci.c b/hw/net/can/can_kvaser_pci.c index be16769de2..d22d8af9d0 100644 --- a/hw/net/can/can_kvaser_pci.c +++ b/hw/net/can/can_kvaser_pci.c @@ -305,6 +305,7 @@ static const TypeInfo kvaser_pci_info =3D { .instance_size =3D sizeof(KvaserPCIState), .class_init =3D kvaser_pci_class_init, .instance_init =3D kvaser_pci_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/can_mioe3680_pci.c b/hw/net/can/can_mioe3680_pci.c index 44f3ba370d..9d73b3da8f 100644 --- a/hw/net/can/can_mioe3680_pci.c +++ b/hw/net/can/can_mioe3680_pci.c @@ -248,6 +248,7 @@ static const TypeInfo mioe3680_pci_info =3D { .instance_size =3D sizeof(Mioe3680PCIState), .class_init =3D mioe3680_pci_class_init, .instance_init =3D mioe3680_pci_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/can_pcm3680_pci.c b/hw/net/can/can_pcm3680_pci.c index 7296d63be7..dd17f184e9 100644 --- a/hw/net/can/can_pcm3680_pci.c +++ b/hw/net/can/can_pcm3680_pci.c @@ -249,6 +249,7 @@ static const TypeInfo pcm3680i_pci_info =3D { .instance_size =3D sizeof(Pcm3680iPCIState), .class_init =3D pcm3680i_pci_class_init, .instance_init =3D pcm3680i_pci_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/ctucan_pci.c b/hw/net/can/ctucan_pci.c index bed6785433..24dbd2b7c5 100644 --- a/hw/net/can/ctucan_pci.c +++ b/hw/net/can/ctucan_pci.c @@ -262,6 +262,7 @@ static const TypeInfo ctucan_pci_info =3D { .instance_size =3D sizeof(CtuCanPCIState), .class_init =3D ctucan_pci_class_init, .instance_init =3D ctucan_pci_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/xlnx-versal-canfd.c b/hw/net/can/xlnx-versal-canfd.c index 3eb111949f..3bd3e92c29 100644 --- a/hw/net/can/xlnx-versal-canfd.c +++ b/hw/net/can/xlnx-versal-canfd.c @@ -2068,6 +2068,7 @@ static const TypeInfo canfd_info =3D { .instance_size =3D sizeof(XlnxVersalCANFDState), .class_init =3D canfd_class_init, .instance_init =3D canfd_init, + .insecure =3D true, }; =20 static void canfd_register_types(void) diff --git a/hw/net/can/xlnx-zynqmp-can.c b/hw/net/can/xlnx-zynqmp-can.c index ca9edd4a5b..c9a21e0fe5 100644 --- a/hw/net/can/xlnx-zynqmp-can.c +++ b/hw/net/can/xlnx-zynqmp-can.c @@ -1194,6 +1194,7 @@ static const TypeInfo can_info =3D { .instance_size =3D sizeof(XlnxZynqMPCANState), .class_init =3D xlnx_zynqmp_can_class_init, .instance_init =3D xlnx_zynqmp_can_init, + .insecure =3D true, }; =20 static void can_register_types(void) diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c index d49032059b..06e0da8052 100644 --- a/hw/net/dp8393x.c +++ b/hw/net/dp8393x.c @@ -956,6 +956,7 @@ static const TypeInfo dp8393x_info =3D { .instance_size =3D sizeof(dp8393xState), .instance_init =3D dp8393x_instance_init, .class_init =3D dp8393x_class_init, + .insecure =3D true, }; =20 static void dp8393x_register_types(void) diff --git a/hw/net/e1000.c b/hw/net/e1000.c index a80a7b0cdb..684350557f 100644 --- a/hw/net/e1000.c +++ b/hw/net/e1000.c @@ -1759,6 +1759,7 @@ static void e1000_register_types(void) type_info.parent =3D TYPE_E1000_BASE; type_info.class_data =3D info; type_info.class_init =3D e1000_class_init; + type_info.secure =3D true, =20 type_register_static(&type_info); } diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c index 89e6d52ba0..83cf3cf643 100644 --- a/hw/net/e1000e.c +++ b/hw/net/e1000e.c @@ -721,6 +721,7 @@ static const TypeInfo e1000e_info =3D { .instance_size =3D sizeof(E1000EState), .class_init =3D e1000e_class_init, .instance_init =3D e1000e_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c index d47df5a97f..78c7bb1a12 100644 --- a/hw/net/eepro100.c +++ b/hw/net/eepro100.c @@ -2094,6 +2094,7 @@ static void eepro100_register_types(void) type_info.class_init =3D eepro100_class_init; type_info.instance_size =3D sizeof(EEPRO100State); type_info.instance_init =3D eepro100_instance_init; + type_info.insecure =3D true, type_info.interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c index 846f6cbc5d..474b941ba5 100644 --- a/hw/net/fsl_etsec/etsec.c +++ b/hw/net/fsl_etsec/etsec.c @@ -437,6 +437,7 @@ static const TypeInfo etsec_types[] =3D { .instance_size =3D sizeof(eTSEC), .class_init =3D etsec_class_init, .instance_init =3D etsec_instance_init, + .insecure =3D true, }, }; =20 diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c index c41ce889cf..7243ad8a02 100644 --- a/hw/net/ftgmac100.c +++ b/hw/net/ftgmac100.c @@ -1277,6 +1277,7 @@ static const TypeInfo ftgmac100_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(FTGMAC100State), .class_init =3D ftgmac100_class_init, + .insecure =3D true, }; =20 /* diff --git a/hw/net/igb.c b/hw/net/igb.c index e4c02365d6..2ce8582e76 100644 --- a/hw/net/igb.c +++ b/hw/net/igb.c @@ -635,6 +635,7 @@ static const TypeInfo igb_info =3D { .instance_size =3D sizeof(IGBState), .class_init =3D igb_class_init, .instance_init =3D igb_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/net/igbvf.c b/hw/net/igbvf.c index 31d72c4977..2072b7a169 100644 --- a/hw/net/igbvf.c +++ b/hw/net/igbvf.c @@ -325,6 +325,7 @@ static const TypeInfo igbvf_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(IgbVfState), .class_init =3D igbvf_class_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c index e5e34dd1a4..22f20dc048 100644 --- a/hw/net/imx_fec.c +++ b/hw/net/imx_fec.c @@ -1261,12 +1261,14 @@ static const TypeInfo imx_fec_info =3D { .instance_size =3D sizeof(IMXFECState), .instance_init =3D imx_fec_init, .class_init =3D imx_eth_class_init, + .insecure =3D true, }; =20 static const TypeInfo imx_enet_info =3D { .name =3D TYPE_IMX_ENET, .parent =3D TYPE_IMX_FEC, .instance_init =3D imx_enet_init, + .insecure =3D true, }; =20 static void imx_eth_register_types(void) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index 3017e12971..f59468aa34 100644 --- a/hw/net/lan9118.c +++ b/hw/net/lan9118.c @@ -1325,6 +1325,7 @@ static const TypeInfo lan9118_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(lan9118_state), .class_init =3D lan9118_class_init, + .insecure =3D true, }; =20 static void lan9118_register_types(void) diff --git a/hw/net/lan9118_phy.c b/hw/net/lan9118_phy.c index 4c4e03df11..305c019a68 100644 --- a/hw/net/lan9118_phy.c +++ b/hw/net/lan9118_phy.c @@ -216,6 +216,7 @@ static const TypeInfo types[] =3D { .instance_size =3D sizeof(Lan9118PhyState), .instance_init =3D lan9118_phy_init, .class_init =3D lan9118_phy_class_init, + .insecure =3D true, } }; =20 diff --git a/hw/net/lance.c b/hw/net/lance.c index dfb855c23a..314d1eeae3 100644 --- a/hw/net/lance.c +++ b/hw/net/lance.c @@ -161,6 +161,7 @@ static const TypeInfo lance_info =3D { .instance_size =3D sizeof(SysBusPCNetState), .class_init =3D lance_class_init, .instance_init =3D lance_instance_init, + .insecure =3D true, }; =20 static void lance_register_types(void) diff --git a/hw/net/lasi_i82596.c b/hw/net/lasi_i82596.c index 9e1dd21546..56ee1688d1 100644 --- a/hw/net/lasi_i82596.c +++ b/hw/net/lasi_i82596.c @@ -181,6 +181,7 @@ static const TypeInfo lasi_82596_info =3D { .instance_size =3D sizeof(SysBusI82596State), .class_init =3D lasi_82596_class_init, .instance_init =3D lasi_82596_instance_init, + .insecure =3D true, }; =20 static void lasi_82596_register_types(void) diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c index ae128fa311..20d2bc3fd3 100644 --- a/hw/net/mcf_fec.c +++ b/hw/net/mcf_fec.c @@ -681,6 +681,7 @@ static const TypeInfo mcf_fec_info =3D { .instance_size =3D sizeof(mcf_fec_state), .instance_init =3D mcf_fec_instance_init, .class_init =3D mcf_fec_class_init, + .insecure =3D true, }; =20 static void mcf_fec_register_types(void) diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c index 59045973ab..d92e0bee09 100644 --- a/hw/net/msf2-emac.c +++ b/hw/net/msf2-emac.c @@ -581,6 +581,7 @@ static const TypeInfo msf2_emac_info =3D { .instance_size =3D sizeof(MSF2EmacState), .instance_init =3D msf2_emac_init, .class_init =3D msf2_emac_class_init, + .insecure =3D true, }; =20 static void msf2_emac_register_types(void) diff --git a/hw/net/mv88w8618_eth.c b/hw/net/mv88w8618_eth.c index 6f08846c81..56a1e9dff3 100644 --- a/hw/net/mv88w8618_eth.c +++ b/hw/net/mv88w8618_eth.c @@ -392,6 +392,7 @@ static const TypeInfo mv88w8618_eth_info =3D { .instance_size =3D sizeof(mv88w8618_eth_state), .instance_init =3D mv88w8618_eth_init, .class_init =3D mv88w8618_eth_class_init, + .insecure =3D true, }; =20 static void musicpal_register_types(void) diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c index 673c785abc..cb3ffc7668 100644 --- a/hw/net/ne2000-isa.c +++ b/hw/net/ne2000-isa.c @@ -142,6 +142,7 @@ static const TypeInfo ne2000_isa_info =3D { .instance_size =3D sizeof(ISANE2000State), .class_init =3D isa_ne2000_class_initfn, .instance_init =3D isa_ne2000_instance_init, + .insecure =3D true, }; =20 static void ne2000_isa_register_types(void) diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c index ce937e1b61..b1381efb89 100644 --- a/hw/net/ne2000-pci.c +++ b/hw/net/ne2000-pci.c @@ -122,6 +122,7 @@ static const TypeInfo ne2000_info =3D { .instance_size =3D sizeof(PCINE2000State), .class_init =3D ne2000_class_init, .instance_init =3D ne2000_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c index 9ba35e2c81..b8f7cb9135 100644 --- a/hw/net/npcm7xx_emc.c +++ b/hw/net/npcm7xx_emc.c @@ -867,6 +867,7 @@ static const TypeInfo npcm7xx_emc_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(NPCM7xxEMCState), .class_init =3D npcm7xx_emc_class_init, + .insecure =3D true, }; =20 static void npcm7xx_emc_register_type(void) diff --git a/hw/net/npcm_gmac.c b/hw/net/npcm_gmac.c index 5e32cd3edf..bafbee028f 100644 --- a/hw/net/npcm_gmac.c +++ b/hw/net/npcm_gmac.c @@ -933,6 +933,7 @@ static const TypeInfo npcm_gmac_types[] =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(NPCMGMACState), .class_init =3D npcm_gmac_class_init, + .insecure =3D true, }, }; DEFINE_TYPES(npcm_gmac_types) diff --git a/hw/net/npcm_pcs.c b/hw/net/npcm_pcs.c index 6aec105271..42ee30382c 100644 --- a/hw/net/npcm_pcs.c +++ b/hw/net/npcm_pcs.c @@ -405,6 +405,7 @@ static const TypeInfo npcm_pcs_types[] =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(NPCMPCSState), .class_init =3D npcm_pcs_class_init, + .insecure =3D true, }, }; DEFINE_TYPES(npcm_pcs_types) diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c index 7e955c0132..3d03f8fd73 100644 --- a/hw/net/opencores_eth.c +++ b/hw/net/opencores_eth.c @@ -763,6 +763,7 @@ static const TypeInfo open_eth_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(OpenEthState), .class_init =3D open_eth_class_init, + .insecure =3D true, }; =20 static void open_eth_register_types(void) diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c index 0ca5bc2193..2ad441e78a 100644 --- a/hw/net/pcnet-pci.c +++ b/hw/net/pcnet-pci.c @@ -280,6 +280,7 @@ static const TypeInfo pcnet_info =3D { .instance_size =3D sizeof(PCIPCNetState), .class_init =3D pcnet_class_init, .instance_init =3D pcnet_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c index cc49701dd3..5e8ecf1c02 100644 --- a/hw/net/rocker/rocker.c +++ b/hw/net/rocker/rocker.c @@ -1498,6 +1498,7 @@ static const TypeInfo rocker_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(Rocker), .class_init =3D rocker_class_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c index 324fb932aa..a6147099f3 100644 --- a/hw/net/rtl8139.c +++ b/hw/net/rtl8139.c @@ -3439,6 +3439,7 @@ static const TypeInfo rtl8139_info =3D { .instance_size =3D sizeof(RTL8139State), .class_init =3D rtl8139_class_init, .instance_init =3D rtl8139_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c index 5cd78e334b..89c959234e 100644 --- a/hw/net/smc91c111.c +++ b/hw/net/smc91c111.c @@ -928,6 +928,7 @@ static const TypeInfo smc91c111_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(smc91c111_state), .class_init =3D smc91c111_class_init, + .insecure =3D true, }; =20 static void smc91c111_register_types(void) diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c index f6f217d632..07b8d125e5 100644 --- a/hw/net/spapr_llan.c +++ b/hw/net/spapr_llan.c @@ -873,6 +873,7 @@ static const TypeInfo spapr_vlan_info =3D { .class_init =3D spapr_vlan_class_init, .instance_init =3D spapr_vlan_instance_init, .instance_finalize =3D spapr_vlan_instance_finalize, + .insecure =3D true, }; =20 static void spapr_vlan_register_types(void) diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index 2fc51e1e16..cb29ba6e02 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -516,6 +516,7 @@ static const TypeInfo stellaris_enet_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(stellaris_enet_state), .class_init =3D stellaris_enet_class_init, + .insecure =3D true, }; =20 static void stellaris_enet_register_types(void) diff --git a/hw/net/sungem.c b/hw/net/sungem.c index b405eb89fa..7ca0ab8d46 100644 --- a/hw/net/sungem.c +++ b/hw/net/sungem.c @@ -1477,6 +1477,7 @@ static const TypeInfo sungem_info =3D { .instance_size =3D sizeof(SunGEMState), .class_init =3D sungem_class_init, .instance_init =3D sungem_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { } diff --git a/hw/net/sunhme.c b/hw/net/sunhme.c index c2f7a8483d..5d601395f3 100644 --- a/hw/net/sunhme.c +++ b/hw/net/sunhme.c @@ -958,6 +958,7 @@ static const TypeInfo sunhme_info =3D { .class_init =3D sunhme_class_init, .instance_size =3D sizeof(SunHMEState), .instance_init =3D sunhme_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { } diff --git a/hw/net/tulip.c b/hw/net/tulip.c index 319af906c8..4b1645bd27 100644 --- a/hw/net/tulip.c +++ b/hw/net/tulip.c @@ -1035,6 +1035,7 @@ static const TypeInfo tulip_info =3D { .instance_size =3D sizeof(TULIPState), .class_init =3D tulip_class_init, .instance_init =3D tulip_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 6b5b5dace3..b34c0f3afc 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -4259,6 +4259,7 @@ static const TypeInfo virtio_net_info =3D { .instance_size =3D sizeof(VirtIONet), .instance_init =3D virtio_net_instance_init, .class_init =3D virtio_net_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index af73aa8ef2..29b0efc1db 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -2491,6 +2491,7 @@ static const TypeInfo vmxnet3_info =3D { .instance_size =3D sizeof(VMXNET3State), .class_init =3D vmxnet3_class_init, .instance_init =3D vmxnet3_instance_init, + .insecure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c index 34c6a1d0b0..eae29b4407 100644 --- a/hw/net/xen_nic.c +++ b/hw/net/xen_nic.c @@ -581,6 +581,7 @@ static const TypeInfo xen_net_type_info =3D { .parent =3D TYPE_XEN_DEVICE, .instance_size =3D sizeof(XenNetDev), .class_init =3D xen_netdev_class_init, + .secure =3D true, }; =20 static void xen_net_register_types(void) diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c index d45f872467..1fa2361404 100644 --- a/hw/net/xgmac.c +++ b/hw/net/xgmac.c @@ -432,6 +432,7 @@ static const TypeInfo xgmac_enet_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(XgmacState), .class_init =3D xgmac_enet_class_init, + .insecure =3D true, }; =20 static void xgmac_enet_register_types(void) diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c index 1f5c748047..1e27bfff3d 100644 --- a/hw/net/xilinx_axienet.c +++ b/hw/net/xilinx_axienet.c @@ -1038,6 +1038,7 @@ static const TypeInfo xilinx_enet_info =3D { .instance_size =3D sizeof(XilinxAXIEnet), .class_init =3D xilinx_enet_class_init, .instance_init =3D xilinx_enet_init, + .insecure =3D true, }; =20 static const TypeInfo xilinx_enet_data_stream_info =3D { diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c index 42b19d07c7..81ed721ad8 100644 --- a/hw/net/xilinx_ethlite.c +++ b/hw/net/xilinx_ethlite.c @@ -401,6 +401,7 @@ static const TypeInfo xilinx_ethlite_types[] =3D { .instance_size =3D sizeof(XlnxXpsEthLite), .instance_init =3D xilinx_ethlite_init, .class_init =3D xilinx_ethlite_class_init, + .insecure =3D true, }, }; =20 --=20 2.50.1 From nobody Sun Sep 28 17:03:44 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1757437187; cv=none; d=zohomail.com; s=zohoarc; b=AKE+tU1bTq8xg52SBZk2uEvfoLw8V02kPuq1FPNGneZIJ2j0sCY39lPHLi3BfJ6Xr3OzN6v28qDXY5I1fIx2zQ39QNlOcu1i8A2CvaWMSu9t+S1KwfusdvDjHN7oW1sQVadvFk5CIvNakSTtu7UtmJ9eFVwgtWlZV2oFetVzaY8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1757437187; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=6SarWNkkPipfzaVswdxaKtk5JouDS/oxPAKWbBzRnR0=; b=gWRqgNtYfjW084L05prpoLc8vifEEm2knpO4aCmUMb6IKDkLz8E6slFN5FqH6wJYpL1xX9E8EQwzO2On58fsCryUIg17KZImk61qxltwDEHInGqgKrye7cI+R1LUtQIOJp5x+T3o7vPjKGsriZSgHo/eB1iDPeicDhTVH5s9jt0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175743718722436.72372772832716; Tue, 9 Sep 2025 09:59:47 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uw1gO-0007DR-6Q; Tue, 09 Sep 2025 12:59:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fp-0006bm-Kt for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:29 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uw1fh-0007gv-A4 for qemu-devel@nongnu.org; Tue, 09 Sep 2025 12:58:29 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-217-ChUqEFRSPUiZLeigq4nuJw-1; Tue, 09 Sep 2025 12:58:15 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 69458180028C; Tue, 9 Sep 2025 16:58:14 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.45]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 328311800447; Tue, 9 Sep 2025 16:58:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1757437098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=6SarWNkkPipfzaVswdxaKtk5JouDS/oxPAKWbBzRnR0=; b=eyhWqfJAKWhKqxnMAjrpPPZQBUS7FnSju9gdh7/TcmndElExyXsudBp04FK/kKFYsYPzzD 8jwrky6ys5FhSbNbF5jd1bEi8WWIyIfrMUjVuqJKlinLezQytKPPUawrXmjZOcUhfP8h5M oveEwS28CVE8WxgbKDXskKMIDfx5OFo= X-MC-Unique: ChUqEFRSPUiZLeigq4nuJw-1 X-Mimecast-MFC-AGG-ID: ChUqEFRSPUiZLeigq4nuJw_1757437094 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Paolo Bonzini , Peter Maydell , Stefan Hajnoczi , Markus Armbruster , Thomas Huth , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH 15/15] docs: expand security docs with info about secure/insecure markers Date: Tue, 9 Sep 2025 17:57:26 +0100 Message-ID: <20250909165726.3814465-16-berrange@redhat.com> In-Reply-To: <20250909165726.3814465-1-berrange@redhat.com> References: <20250909165726.3814465-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1757437214684124100 The explicit 'secure' or 'insecure' markers will take priority over the general "virtualization" vs "non-virtualization" use case classfication. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/system/security.rst | 41 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/docs/system/security.rst b/docs/system/security.rst index f2092c8768..15cffc2685 100644 --- a/docs/system/security.rst +++ b/docs/system/security.rst @@ -49,6 +49,47 @@ Bugs affecting the non-virtualization use case are not c= onsidered security bugs at this time. Users with non-virtualization use cases must not rely = on QEMU to provide guest isolation or any security guarantees. =20 +Security status reporting +''''''''''''''''''''''''' + +QEMU is progressively working to annotate object types to explicitly state +whether they are considered to provide a security boundary or not. + +When the `require-secure=3Dyes` parameter is given to the `-machine` argum= ent +attempts to use any type which is not explicitly considered secure will +result in an error. + +When the `prohibit-insecure=3Dyes` parameter is given to the `-machine` ar= gument +attempts to use any type which is explicitly considered insecure will resu= lt +in an error. + +This gives three effective levels of control over the security + + * default: any type can be used + * `prohibit-insecure=3Dyes`: only exclude explicitly insecure types, allow + those which have no security statement, or which are explicitly secure + * `require-secure=3Dyes`: only allow explicitly secure types, exclude tho= se + which have no security statement, or which are explicitly insecure + +Violations of the requested policy will result in QEMU preventing the laun= ch +of the VM, or preventing hot-add of the device in the monitor. + +When considering whether to treat a flaw as a security issue, the following +criteria will be used + + * Type marked 'secure': eligible for security process with embargo where + applicable + * Type marked 'insecure': ineligible for security process, will be triaged + on the public mailing list / bug trackers + * Type with no security statement: "Virtualization" vs "Non-Virtualizatio= n" + use case will be used as a guide to decide on handling process, evaluat= ed + upon bug report + +Machine type security status can be queried using '-machine help' or the +QMP 'query-machines' command. + +Device type security status can be queried using '-device help'. + Architecture ------------ =20 --=20 2.50.1