1. Patchew
  2. QEMU
  3. [PATCH v2 00/32] Encode object type security status in code
  4. View patch

[PATCH v2 17/32] accel: mark kvm, xen & hvf as secure; tcg & qtest as insecure

Daniel P. Berrangé posted 32 patches 2 days ago
Maintainers: Richard Henderson <richard.henderson@linaro.org>, Paolo Bonzini <pbonzini@redhat.com>, "Philippe Mathieu-Daudé" <philmd@linaro.org>, Cameron Esfahani <dirty@apple.com>, Roman Bolshakov <rbolshakov@ddn.com>, Phil Dennis-Jordan <phil@philjordan.eu>, Mads Ynddal <mads@ynddal.dk>, Fabiano Rosas <farosas@suse.de>, Laurent Vivier <lvivier@redhat.com>, Stefano Stabellini <sstabellini@kernel.org>, Anthony PERARD <anthony@xenproject.org>, Paul Durrant <paul@xen.org>, "Edgar E. Iglesias" <edgar.iglesias@gmail.com>, "Michael S. Tsirkin" <mst@redhat.com>, Christian Schoenebeck <qemu_oss@crudebyte.com>, Greg Kurz <groug@kaod.org>, Peter Maydell <peter.maydell@linaro.org>, Gerd Hoffmann <kraxel@redhat.com>, Manos Pitsidianakis <manos.pitsidianakis@linaro.org>, Stefano Garzarella <sgarzare@redhat.com>, Raphael Norwitz <raphael@enfabrica.net>, Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Amit Shah <amit@kernel.org>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, Eduardo Habkost <eduardo@habkost.net>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, Yanan Wang <wangyanan55@huawei.com>, Zhao Liu <zhao1.liu@intel.com>, Helge Deller <deller@gmx.de>, Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>, Samuel Tardieu <sam@rfc1149.net>, Alistair Francis <alistair@alistair23.me>, Igor Mitsyanko <i.mitsyanko@gmail.com>, "Hervé Poussineau" <hpoussin@reactos.org>, Aleksandar Rikalo <arikalo@gmail.com>, Thomas Huth <huth@tuxfamily.org>, BALATON Zoltan <balaton@eik.bme.hu>, "Alex Bennée" <alex.bennee@linaro.org>, Akihiko Odaki <odaki@rsg.ci.i.u-tokyo.ac.jp>, Dmitry Osipenko <dmitry.osipenko@collabora.com>, Dmitry Fleytman <dmitry.fleytman@gmail.com>, Sergio Lopez <slp@redhat.com>, John Snow <jsnow@redhat.com>, Jiri Slaby <jslaby@suse.cz>, Beniamino Galvani <b.galvani@gmail.com>, Strahinja Jankovic <strahinja.p.jankovic@gmail.com>, Jason Wang <jasowang@redhat.com>, Pavel Pisa <pisa@cmp.felk.cvut.cz>, Francisco Iglesias <francisco.iglesias@amd.com>, Vikram Garhwal <vikram.garhwal@bytedance.com>, Stefan Weil <sw@weilnetz.de>, Bernhard Beschow <shentey@gmail.com>, "Cédric Le Goater" <clg@kaod.org>, Steven Lee <steven_lee@aspeedtech.com>, Troy Lee <leetroy@gmail.com>, Jamin Lin <jamin_lin@aspeedtech.com>, Andrew Jeffery <andrew@codeconstruct.com.au>, Joel Stanley <joel@jms.id.au>, Sriram Yagnaraman <sriram.yagnaraman@ericsson.com>, Subbaraya Sundeep <sundeep.lkml@gmail.com>, Jan Kiszka <jan.kiszka@web.de>, Tyrone Ting <kfting@nuvoton.com>, Hao Wu <wuhaotsh@google.com>, Max Filippov <jcmvbkbc@gmail.com>, Jiri Pirko <jiri@resnulli.us>, Nicholas Piggin <npiggin@gmail.com>, Harsh Prateek Bora <harshpb@linux.ibm.com>, Sven Schnelle <svens@stackframe.org>, Rob Herring <robh@kernel.org>, Huacai Chen <chenhuacai@kernel.org>, Jiaxun Yang <jiaxun.yang@flygoat.com>, Andrey Smirnov <andrew.smirnov@gmail.com>, Aurelien Jarno <aurelien@aurel32.net>, Aditya Gupta <adityag@linux.ibm.com>, Glenn Miles <milesg@linux.ibm.com>, Elena Ufimtseva <elena.ufimtseva@oracle.com>, Jagannathan Raman <jag.raman@oracle.com>, Yoshinori Sato <yoshinori.sato@nifty.com>, Magnus Damm <magnus.damm@gmail.com>, Paul Burton <paulburton@kernel.org>, Halil Pasic <pasic@linux.ibm.com>, Christian Borntraeger <borntraeger@linux.ibm.com>, Eric Farman <farman@linux.ibm.com>, Matthew Rosato <mjrosato@linux.ibm.com>, David Hildenbrand <david@redhat.com>, Ilya Leoshkevich <iii@linux.ibm.com>, Cornelia Huck <cohuck@redhat.com>, Fam Zheng <fam@euphon.net>, Hannes Reinecke <hare@suse.com>, Samuel Thibault <samuel.thibault@ens-lyon.org>, Tony Krowiak <akrowiak@linux.ibm.com>, Jason Herne <jjherne@linux.ibm.com>, Alex Williamson <alex.williamson@redhat.com>, Tomita Moeko <tomitamoeko@gmail.com>, Viresh Kumar <viresh.kumar@linaro.org>, Mathieu Poirier <mathieu.poirier@linaro.org>, "Gonglei (Arei)" <arei.gonglei@huawei.com>, Eric Auger <eric.auger@redhat.com>, Alexander Graf <graf@amazon.com>, Dorjoy Chowdhury <dorjoychy111@gmail.com>, Radoslaw Biernacki <rad@semihalf.com>, Leif Lindholm <leif.lindholm@oss.qualcomm.com>, "Collin L. Walling" <walling@linux.ibm.com>, Jean-Christophe Dubois <jcd@tribudubois.net>, Markus Armbruster <armbru@redhat.com>, Michael Roth <michael.roth@amd.com>, "Daniel P. Berrangé" <berrange@redhat.com>, Eric Blake <eblake@redhat.com>
[PATCH v2 17/32] accel: mark kvm, xen & hvf as secure; tcg & qtest as insecure
Posted by Daniel P. Berrangé 2 days ago 
TCG is too complex to be considered to provide a security boundary
for malicious guest workloads. QTest is only used for functional
testing and thus is not relevant to mark secure.

KVM, HVF and Xen, meanwhile are all servicing virtualization use
cases which must provide security.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 accel/accel-common.c      | 1 +
 accel/accel-system.c      | 1 +
 accel/accel-target.c      | 1 +
 accel/hvf/hvf-accel-ops.c | 1 +
 accel/hvf/hvf-all.c       | 1 +
 accel/kvm/kvm-accel-ops.c | 1 +
 accel/kvm/kvm-all.c       | 1 +
 accel/qtest/qtest.c       | 2 ++
 accel/tcg/tcg-accel-ops.c | 1 +
 accel/tcg/tcg-all.c       | 1 +
 accel/xen/xen-all.c       | 2 ++
 11 files changed, 13 insertions(+)

diff --git a/accel/accel-common.c b/accel/accel-common.c
index 850c5ab4b8..cb44315f27 100644
--- a/accel/accel-common.c
+++ b/accel/accel-common.c
@@ -138,6 +138,7 @@ static const TypeInfo accel_types[] = {
         .class_size     = sizeof(AccelClass),
         .instance_size  = sizeof(AccelState),
         .abstract       = true,
+        .secure         = true,
     },
 };
 
diff --git a/accel/accel-system.c b/accel/accel-system.c
index 1e97c64fdc..fbffcccbd6 100644
--- a/accel/accel-system.c
+++ b/accel/accel-system.c
@@ -114,6 +114,7 @@ static const TypeInfo accel_ops_type_info = {
     .name = TYPE_ACCEL_OPS,
     .parent = TYPE_OBJECT,
     .abstract = true,
+    .secure = true,
     .class_size = sizeof(AccelOpsClass),
     .class_init = accel_ops_class_init,
 };
diff --git a/accel/accel-target.c b/accel/accel-target.c
index 7fd392fbc4..6ea9386cb8 100644
--- a/accel/accel-target.c
+++ b/accel/accel-target.c
@@ -31,6 +31,7 @@ static const TypeInfo accel_cpu_type = {
     .parent = TYPE_OBJECT,
     .abstract = true,
     .class_size = sizeof(AccelCPUClass),
+    .secure = true,
 };
 
 static void register_accel_types(void)
diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index 8b794c2d41..e807103379 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -397,6 +397,7 @@ static const TypeInfo hvf_accel_ops_type = {
     .parent = TYPE_ACCEL_OPS,
     .class_init = hvf_accel_ops_class_init,
     .abstract = true,
+    .secure = true,
 };
 
 static void hvf_accel_ops_register_types(void)
diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c
index 0a4b498e83..1d49a59053 100644
--- a/accel/hvf/hvf-all.c
+++ b/accel/hvf/hvf-all.c
@@ -304,6 +304,7 @@ static const TypeInfo hvf_accel_type = {
     .parent = TYPE_ACCEL,
     .instance_size = sizeof(HVFState),
     .class_init = hvf_accel_class_init,
+    .secure = true,
 };
 
 static void hvf_type_init(void)
diff --git a/accel/kvm/kvm-accel-ops.c b/accel/kvm/kvm-accel-ops.c
index 8ed6945c2f..d4d30c311f 100644
--- a/accel/kvm/kvm-accel-ops.c
+++ b/accel/kvm/kvm-accel-ops.c
@@ -119,6 +119,7 @@ static const TypeInfo kvm_accel_ops_type = {
     .parent = TYPE_ACCEL_OPS,
     .class_init = kvm_accel_ops_class_init,
     .abstract = true,
+    .secure = true,
 };
 
 static void kvm_accel_ops_register_types(void)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 9060599cd7..67f2172443 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -4066,6 +4066,7 @@ static const TypeInfo kvm_accel_type = {
     .instance_init = kvm_accel_instance_init,
     .class_init = kvm_accel_class_init,
     .instance_size = sizeof(KVMState),
+    .secure = true,
 };
 
 static void kvm_type_init(void)
diff --git a/accel/qtest/qtest.c b/accel/qtest/qtest.c
index 1d4337d698..44649b0ebb 100644
--- a/accel/qtest/qtest.c
+++ b/accel/qtest/qtest.c
@@ -58,6 +58,7 @@ static const TypeInfo qtest_accel_type = {
     .name = TYPE_QTEST_ACCEL,
     .parent = TYPE_ACCEL,
     .class_init = qtest_accel_class_init,
+    .secure = false,
 };
 module_obj(TYPE_QTEST_ACCEL);
 
@@ -77,6 +78,7 @@ static const TypeInfo qtest_accel_ops_type = {
     .parent = TYPE_ACCEL_OPS,
     .class_init = qtest_accel_ops_class_init,
     .abstract = true,
+    .secure = false,
 };
 module_obj(ACCEL_OPS_NAME("qtest"));
 
diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index 3bd9800504..125017df29 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -239,6 +239,7 @@ static const TypeInfo tcg_accel_ops_type = {
     .parent = TYPE_ACCEL_OPS,
     .class_init = tcg_accel_ops_class_init,
     .abstract = true,
+    .secure = false,
 };
 module_obj(ACCEL_OPS_NAME("tcg"));
 
diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
index 18ea0c58b0..3aab82b51b 100644
--- a/accel/tcg/tcg-all.c
+++ b/accel/tcg/tcg-all.c
@@ -296,6 +296,7 @@ static const TypeInfo tcg_accel_type = {
     .instance_init = tcg_accel_instance_init,
     .class_init = tcg_accel_class_init,
     .instance_size = sizeof(TCGState),
+    .secure = false,
 };
 module_obj(TYPE_TCG_ACCEL);
 
diff --git a/accel/xen/xen-all.c b/accel/xen/xen-all.c
index 97377d67d1..754a4099a4 100644
--- a/accel/xen/xen-all.c
+++ b/accel/xen/xen-all.c
@@ -147,6 +147,7 @@ static const TypeInfo xen_accel_type = {
     .name = TYPE_XEN_ACCEL,
     .parent = TYPE_ACCEL,
     .class_init = xen_accel_class_init,
+    .secure = true,
 };
 
 static void xen_accel_ops_class_init(ObjectClass *oc, const void *data)
@@ -163,6 +164,7 @@ static const TypeInfo xen_accel_ops_type = {
     .parent = TYPE_ACCEL_OPS,
     .class_init = xen_accel_ops_class_init,
     .abstract = true,
+    .secure = true,
 };
 
 static void xen_type_init(void)
-- 
2.50.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.