From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895507; cv=none; d=zohomail.com; s=zohoarc; b=Ntxjiva+JwGCBkxTNJVHFCyF2K0OwpB58djGKYqEwDzjLLZCxMlN3sbhBg+6dO324UJFPR2uKEvk7VUqDpApfYwDBkN+c+d+cLoXgtzZvOx4Unj/3rPnb5vuTfXkhaMEYcRJwyJlMiWmOScaTSwP4t0HX5afE2zuU8r4Yh6S02w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895507; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=GKOEfxYbwSdrTXZEFWiWj/ei+zi84OVrn7iulMS2fTU=; b=iBw8RVQ5TrWjF5P0G+5UdDF1EbfPe5Kts+2jJuqNs3poK8mUQXYozezDMolXuHcNH765yDF+uXqS0hPAqnu0MWvSz7JtpFJN3xU8+/w6FH+2QSAC7Qf88PIyu1uMW+7cn/ATZaySW6rfbmxBuVrS4AVYyT99MxVRm2Sk84zLe7U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895507192609.4897987863646; Fri, 26 Sep 2025 07:05:07 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v291s-00062q-HR; Fri, 26 Sep 2025 10:02:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291a-0005yh-OQ for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:14 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291O-0004YK-PE for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:12 -0400 Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-447-K1zx4fNBOuy_0rYqXQfPKQ-1; Fri, 26 Sep 2025 10:01:54 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A040A195608A; Fri, 26 Sep 2025 14:01:53 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 86CFD19540ED; Fri, 26 Sep 2025 14:01:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895317; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GKOEfxYbwSdrTXZEFWiWj/ei+zi84OVrn7iulMS2fTU=; b=A+jwfi2uaFuLI/fqGff6RgqdtGfPB6SL+FfoIJlly6AqffnXDvV+fvKQ1vySsnuZp+RPz7 EzpJtQ8c8VXXRW9/vb4rOf3WMunLeBq7smcus71P3jIz2te/SBPoBT3A2Gc1/ie4w+v74p BOMRaAenzDJ/vqnjuKEd/jflPNS+nLQ= X-MC-Unique: K1zx4fNBOuy_0rYqXQfPKQ-1 X-Mimecast-MFC-AGG-ID: K1zx4fNBOuy_0rYqXQfPKQ_1758895313 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 01/32] qom: replace 'abstract' with 'flags' Date: Fri, 26 Sep 2025 15:01:12 +0100 Message-ID: <20250926140144.1998694-2-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895508845116600 This will allow extra boolean flags without expending the memory usage of the Type struct. Signed-off-by: Daniel P. Berrang=C3=A9 --- qom/object.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/qom/object.c b/qom/object.c index 1856bb36c7..a654765e0a 100644 --- a/qom/object.c +++ b/qom/object.c @@ -45,6 +45,10 @@ struct InterfaceImpl const char *typename; }; =20 +enum TypeImplFlags { + TYPE_IMPL_FLAG_ABSTRACT =3D (1 << 0), +}; + struct TypeImpl { const char *name; @@ -63,7 +67,7 @@ struct TypeImpl void (*instance_post_init)(Object *obj); void (*instance_finalize)(Object *obj); =20 - bool abstract; + int flags; =20 const char *parent; TypeImpl *parent_type; @@ -127,7 +131,9 @@ static TypeImpl *type_new(const TypeInfo *info) ti->instance_post_init =3D info->instance_post_init; ti->instance_finalize =3D info->instance_finalize; =20 - ti->abstract =3D info->abstract; + if (info->abstract) { + ti->flags |=3D TYPE_IMPL_FLAG_ABSTRACT; + } =20 for (i =3D 0; info->interfaces && info->interfaces[i].type; i++) { ti->interfaces[i].typename =3D g_strdup(info->interfaces[i].type); @@ -348,11 +354,11 @@ static void type_initialize(TypeImpl *ti) * This means interface types are all abstract. */ if (ti->instance_size =3D=3D 0) { - ti->abstract =3D true; + ti->flags |=3D TYPE_IMPL_FLAG_ABSTRACT; } if (type_is_ancestor(ti, type_interface)) { assert(ti->instance_size =3D=3D 0); - assert(ti->abstract); + assert(ti->flags & TYPE_IMPL_FLAG_ABSTRACT); assert(!ti->instance_init); assert(!ti->instance_post_init); assert(!ti->instance_finalize); @@ -558,7 +564,7 @@ static void object_initialize_with_type(Object *obj, si= ze_t size, TypeImpl *type type_initialize(type); =20 g_assert(type->instance_size >=3D sizeof(Object)); - g_assert(type->abstract =3D=3D false); + g_assert(!(type->flags & TYPE_IMPL_FLAG_ABSTRACT)); g_assert(size >=3D type->instance_size); =20 memset(obj, 0, type->instance_size); @@ -1045,7 +1051,7 @@ ObjectClass *object_get_class(Object *obj) =20 bool object_class_is_abstract(ObjectClass *klass) { - return klass->type->abstract; + return klass->type->flags & TYPE_IMPL_FLAG_ABSTRACT; } =20 const char *object_class_get_name(ObjectClass *klass) @@ -1110,7 +1116,8 @@ static void object_class_foreach_tramp(gpointer key, = gpointer value, type_initialize(type); k =3D type->class; =20 - if (!data->include_abstract && type->abstract) { + if (!data->include_abstract && + (type->flags & TYPE_IMPL_FLAG_ABSTRACT)) { return; } =20 --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758896123; cv=none; d=zohomail.com; s=zohoarc; b=FKrsA6IgcaHfdI/yzHvylr5MwWd688k6pVXvDg2b61C9XMgaylChmYK5TRStLqf/BxMsc3CNzM07J+1+h7a8uTkaKmPQHREA0o4lTZByUT69cYFEgjTVkUuULWnwiQ5SVx4Uojr0+zMsGWydzQiB1ezHOEVgBV+y87GI2oawi4Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758896123; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=lLG7MU/xrXHh8WM5PHRcnUsiibJ4DGwlIHHPR2ltAl0=; b=QJVYkzUSTFQ6PkS9x7jn7Lf/F6EFGzuQg2BIY8ZMk4xdcie5sVSOexDnaPoDYxFHOVy9sl8Rh5yDmg6OKqQOnpv5pNPyLSw2Xy6Gz8jtFTK8fqsAlQb06/JcN3fFAqvfkok7GT7f0neB97OkIgMTjbgP5d9vGI7O+jvp/NKTspU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758896123023484.33793440180125; Fri, 26 Sep 2025 07:15:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v291n-00060r-VI; Fri, 26 Sep 2025 10:02:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291W-0005wS-HI for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:10 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291S-0004ZH-Ho for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:09 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-118-Au95-aLwMRiqCNS8FLzukw-1; Fri, 26 Sep 2025 10:01:59 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 7E6CC1944F12; Fri, 26 Sep 2025 14:01:58 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 6DC131956095; Fri, 26 Sep 2025 14:01:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895323; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lLG7MU/xrXHh8WM5PHRcnUsiibJ4DGwlIHHPR2ltAl0=; b=QStwqwbXAwcbztcuwCbO1LjFndovv6UTkpCTWTYKayVmIdN8n2h93O7rnUnMNUtS/FyEYH bxkWm6HNJtGysdv0P3dZUrG/YrfFjtkJhnb+Zc4Lk6RzaMiDnCvsigJ0Ymq9b6GIBsT6mp Zh3brzUehwrQrOjrSgDTysD/W7/wlRI= X-MC-Unique: Au95-aLwMRiqCNS8FLzukw-1 X-Mimecast-MFC-AGG-ID: Au95-aLwMRiqCNS8FLzukw_1758895318 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 02/32] qom: add tracking of security state of object types Date: Fri, 26 Sep 2025 15:01:13 +0100 Message-ID: <20250926140144.1998694-3-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758896124777116600 This introduces a new flag "secure" against the Type/TypeInfo structs, and helpers to check this against the ObjectClass struct. If an object is considered to provide a security boundary to protect against untrusted code, the "secure" flag must be explicitly set to true. If an object is considered to NOT provide protection against untrusted code, the "secure" flag must be explicitly set to false If the security protection of an object has not yet been evaluated and/or decided upon, the "secure" flag must not be initialized. It will be implicitly set to 'false' for the purposes of code querying the status. Signed-off-by: Daniel P. Berrang=C3=A9 --- include/qom/object.h | 13 +++++++++++++ qom/object.c | 9 +++++++++ 2 files changed, 22 insertions(+) diff --git a/include/qom/object.h b/include/qom/object.h index 26df6137b9..9893be9ef8 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -453,6 +453,10 @@ struct Object * function. * @abstract: If this field is true, then the class is considered abstract= and * cannot be directly instantiated. + * @secure: If this field is initialized to true, then the class is consid= ered + * to provide a security boundary. If initialized to false, the class do= es + * not provide a security boundary. If uninitialized (and thus implicitly + * false) its status is not yet defined. * @class_size: The size of the class object (derivative of #ObjectClass) * for this object. If @class_size is 0, then the size of the class wil= l be * assumed to be the size of the parent class. This allows a type to av= oid @@ -485,6 +489,7 @@ struct TypeInfo void (*instance_finalize)(Object *obj); =20 bool abstract; + bool secure; size_t class_size; =20 void (*class_init)(ObjectClass *klass, const void *data); @@ -996,6 +1001,14 @@ const char *object_class_get_name(ObjectClass *klass); */ bool object_class_is_abstract(ObjectClass *klass); =20 +/** + * object_class_is_secure: + * @klass: The class to check security of + * + * Returns: %true if @klass is declared to be secure, %false if not declar= ed + */ +bool object_class_is_secure(ObjectClass *klass); + /** * object_class_by_name: * @typename: The QOM typename to obtain the class for. diff --git a/qom/object.c b/qom/object.c index a654765e0a..7e0921ae20 100644 --- a/qom/object.c +++ b/qom/object.c @@ -47,6 +47,7 @@ struct InterfaceImpl =20 enum TypeImplFlags { TYPE_IMPL_FLAG_ABSTRACT =3D (1 << 0), + TYPE_IMPL_FLAG_SECURE =3D (1 << 1), }; =20 struct TypeImpl @@ -134,6 +135,9 @@ static TypeImpl *type_new(const TypeInfo *info) if (info->abstract) { ti->flags |=3D TYPE_IMPL_FLAG_ABSTRACT; } + if (info->secure) { + ti->flags |=3D TYPE_IMPL_FLAG_SECURE; + } =20 for (i =3D 0; info->interfaces && info->interfaces[i].type; i++) { ti->interfaces[i].typename =3D g_strdup(info->interfaces[i].type); @@ -1054,6 +1058,11 @@ bool object_class_is_abstract(ObjectClass *klass) return klass->type->flags & TYPE_IMPL_FLAG_ABSTRACT; } =20 +bool object_class_is_secure(ObjectClass *klass) +{ + return klass->type->flags & TYPE_IMPL_FLAG_SECURE; +} + const char *object_class_get_name(ObjectClass *klass) { return klass->type->name; --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758896457; cv=none; d=zohomail.com; s=zohoarc; b=e7PB08ByOGHs7raITxybNg2dHN9QnmNYgj542VmGAoccFkkq87fUfje5hXF3g4lRCso5GcWauWL3WlUwCjKTZKBMskKuoO/Qedoy5xTPzEMr14AnDoIwZITRgpeaVuVg3WYA9AapZ+9qMl89MDt0dhgcdbn9naETLEQus3R5r3s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758896457; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=91NIY/+BWmaWYBFQUoENSJBG3eYVje1UDElOofVBcos=; b=Gr3GwhF6Py0cspPEfetYgPJEcc5LWuJxXu/Y3ws8vAaFqypTRYCL/z4QcX+dszzM69rlYq3ENLFESKzEmgbaoQb8iMJh+fqn+eGiEvqdAZ8c9l6E3epwDZDpSDPlYDzxQMfdCeKJl6tQlPacBnytbYN5KCGMzPt32vpKYwQQueo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758896457714685.3623193213008; Fri, 26 Sep 2025 07:20:57 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v291n-00061I-VL; Fri, 26 Sep 2025 10:02:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291e-0005zN-AA for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:18 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291T-0004ZO-Pb for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:17 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-436-M11Detm7NL2nWA17a7_Sow-1; Fri, 26 Sep 2025 10:02:03 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 08D8518002B7; Fri, 26 Sep 2025 14:02:02 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 061EE19540EB; Fri, 26 Sep 2025 14:01:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895324; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=91NIY/+BWmaWYBFQUoENSJBG3eYVje1UDElOofVBcos=; b=GpI8EBtHv9cpD2QxcgA5gOkvMPOtFCA7M8/EDP3TmT1JqClUuHHndQilAA9U/1eX0Ue9+X Uj/LdAXLvzdPw1jTdTIyDzVtjS0xvALIBWpFwyfRU9XHM0wP3i9r29P3/+Z0cS1cVUdZCT 1VsCYDpovNo6nqufRMth7A66zU/wqnA= X-MC-Unique: M11Detm7NL2nWA17a7_Sow-1 X-Mimecast-MFC-AGG-ID: M11Detm7NL2nWA17a7_Sow_1758895322 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 03/32] qapi: add 'insecure-types' option for -compat argument Date: Fri, 26 Sep 2025 15:01:14 +0100 Message-ID: <20250926140144.1998694-4-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758896459652116600 This introduces a new 'insecure-types' option for the 'compat' argument that accepts three values * accept: Allow any usage * reject: Reject with an error reported * warn: Allow any usage, with a warning reported For historical compatibility it defaults to 'accept'. The 'reject' and 'warn' values will take effect for any type that has been explicitly marked insecure, or is lacking an explicit declaration of its security status. Signed-off-by: Daniel P. Berrang=C3=A9 --- include/qapi/compat-policy.h | 5 +++++ qapi/compat.json | 24 +++++++++++++++++++++++- qapi/qapi-util.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 1 deletion(-) diff --git a/include/qapi/compat-policy.h b/include/qapi/compat-policy.h index ea65e10744..b2d0835c36 100644 --- a/include/qapi/compat-policy.h +++ b/include/qapi/compat-policy.h @@ -24,6 +24,11 @@ bool compat_policy_input_ok(uint64_t features, const char *kind, const char *name, Error **errp); =20 +bool compat_policy_check_security(CompatPolicy *policy, + const char *typename, + bool isSecure, + Error **errp); + /* * Create a QObject input visitor for @obj for use with QMP * diff --git a/qapi/compat.json b/qapi/compat.json index 90b8d51cf2..dcef10a3a5 100644 --- a/qapi/compat.json +++ b/qapi/compat.json @@ -37,6 +37,24 @@ { 'enum': 'CompatPolicyOutput', 'data': [ 'accept', 'hide' ] } =20 +## +# @CompatPolicySecurity: +# +# Policy for handling any devices or backends which +# do not provide a security boundary to protect +# against untrusted environments +# +# @accept: Allow any usage +# +# @reject: Reject with an error reported +# +# @warn: Allow any usage, with a warning reported +# +# Since: 10.2 +## +{ 'enum': 'CompatPolicySecurity', + 'data': [ 'accept', 'reject', 'warn' ] } + ## # @CompatPolicy: # @@ -62,10 +80,14 @@ # @unstable-output: how to handle unstable output (default 'accept') # (since 6.2) # +# @insecure-types: how to handle types that are not declared +# secure (default 'accept') (since 10.2) +# # Since: 6.0 ## { 'struct': 'CompatPolicy', 'data': { '*deprecated-input': 'CompatPolicyInput', '*deprecated-output': 'CompatPolicyOutput', '*unstable-input': 'CompatPolicyInput', - '*unstable-output': 'CompatPolicyOutput' } } + '*unstable-output': 'CompatPolicyOutput', + '*insecure-types': 'CompatPolicySecurity' } } diff --git a/qapi/qapi-util.c b/qapi/qapi-util.c index 3d849fe034..ef982d903e 100644 --- a/qapi/qapi-util.c +++ b/qapi/qapi-util.c @@ -14,6 +14,7 @@ #include "qapi/compat-policy.h" #include "qapi/error.h" #include "qemu/ctype.h" +#include "qemu/error-report.h" #include "qapi/qmp/qerror.h" =20 CompatPolicy compat_policy; @@ -58,6 +59,35 @@ bool compat_policy_input_ok(uint64_t features, return true; } =20 +bool compat_policy_check_security(CompatPolicy *policy, + const char *typename, + bool isSecure, + Error **errp) +{ + if (isSecure) { + return true; + } + + switch (policy->insecure_types) { + case COMPAT_POLICY_SECURITY_ACCEPT: + return true; + + case COMPAT_POLICY_SECURITY_REJECT: + error_setg(errp, "Type '%s' does not provide a security boundary " + "to protect against untrusted workloads", typename); + return false; + + case COMPAT_POLICY_SECURITY_WARN: + warn_report("Type '%s' does not provide a security boundary " + "to protect against untrusted workloads", typename); + return true; + + default: + g_assert_not_reached(); + } +} + + const char *qapi_enum_lookup(const QEnumLookup *lookup, int val) { assert(val >=3D 0 && val < lookup->size); --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895420; cv=none; d=zohomail.com; s=zohoarc; b=FQeYMPE4aCt9WpZ+GseYzd5UDNqB98bwc866tCXjtxlWstxa8Kz4/iAea/OBkPFq8+c1uiJyfyk8FShn8wck7nYzLTi+shPKOPfqZFzKTxnshDJhufrzq4Op1cBj5sSzBtx7nD1kPwl17hZJRo152FgZZ+4nYSu8439A4AM7CU0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895420; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=bkjZlEac+MVkgqtYFNeV6qzfD3BV83YEmSYkc/NyeGo=; b=Zt048AGfywJ5ketAJss/bM2G+iAc7OpyNJqpql8kVUVJyH0/e1YU6Qj1BYhswAcyEfeWe5M/kwpLQYAwfaiYSveEQ3N/+fPLaNwJVrwH47GeUFcbIm5Za7qbhUVwiKG9/iO8/lz6KckH0VIh+BPxB1/oaFtMJ+GShs6kcsgCFqs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895420383575.7172041085669; Fri, 26 Sep 2025 07:03:40 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v291v-00063h-Mu; Fri, 26 Sep 2025 10:02:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291s-00062s-It for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:33 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291g-0004bS-Ap for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:32 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-606-diTzCOEYMfW_HrjpD7H9dA-1; Fri, 26 Sep 2025 10:02:08 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 766861800451; Fri, 26 Sep 2025 14:02:07 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7D8811956095; Fri, 26 Sep 2025 14:02:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895334; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bkjZlEac+MVkgqtYFNeV6qzfD3BV83YEmSYkc/NyeGo=; b=PiVvzF2fuFN6pOWQTjrY9uhy28F9SOBDk9i5hcZsnB+SgvjcNGQyPbh+iHAYMmfkElIKNs kBCru7SXyeRAxYO2XfAUphAkBAPNXV2rGK4KI0RYVv1BIooyi5mD9+lBip14bohu5i+Ijo O50PQ68jFj7mrcg1Vc85tlH9ZBwfG6c= X-MC-Unique: diTzCOEYMfW_HrjpD7H9dA-1 X-Mimecast-MFC-AGG-ID: diTzCOEYMfW_HrjpD7H9dA_1758895327 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 04/32] system: check security for accelerator types Date: Fri, 26 Sep 2025 15:01:15 +0100 Message-ID: <20250926140144.1998694-5-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895421654116600 This wires up the accelerator creation code to apply the compat policy security check. When multiple -accel options are given, normal fallback logic applies. IOW, if one is rejected by the security check, it will carry on to try the next accelerator until one passes the security check. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/vl.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/system/vl.c b/system/vl.c index 00f3694725..6f7fdb8663 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2383,12 +2383,21 @@ static int do_configure_accelerator(void *opaque, Q= emuOpts *opts, Error **errp) AccelState *accel; int ret; bool qtest_with_kvm; + Error *local_err =3D NULL; =20 if (!acc) { error_setg(errp, QERR_MISSING_PARAMETER, "accel"); goto bad; } =20 + if (!compat_policy_check_security(&compat_policy, + object_class_get_name(OBJECT_CLASS(a= c)), + object_class_is_secure(OBJECT_CLASS(= ac)), + &local_err)) { + error_report_err(local_err); + goto bad; + } + qtest_with_kvm =3D g_str_equal(acc, "kvm") && qtest_chrdev !=3D NULL; =20 if (!ac) { --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895525; cv=none; d=zohomail.com; s=zohoarc; b=KE+iV9sPYVE+8zjGTimTZ6fSlbF79e7C+yxn3rOTHyM2NEwjJtyTY9sZ1tBEF5Lt/F96TXm82lKwFlDz8Ja1BTfSVE0ZUvZUl8/n130cd0Eiy1z+cwbqWoT1B5Sj88jCP5aL9T9DJwp/LsIXCVlc4PHik9xc8ZJUzB3IeC0Py/g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895525; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=smK9Va/nOZbeJSIJ8ndEc/BOA5aQlQB5o6hfnl+qhSo=; b=UF+jQbZqOFSO17qRTQ2y9DQFsou+5oWlARnNBK4KHzGJKgPg1YLJYwUdCc9+vakUIcgq38zkv7OAnl0MxDJ8NDN6vUtHEoPOY8CDLo/GoaN8aMWhWtEN6h75oQkzdTY7LokbnfkgZ2NaXBGu58ZJHNogw1RN2X3dbZtYkv1raFA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175889552516385.59894844050609; Fri, 26 Sep 2025 07:05:25 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v291x-00064m-KZ; Fri, 26 Sep 2025 10:02:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291s-00062r-OP for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:33 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291f-0004bv-BK for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:32 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-499-JGGiiCFqNUSRQv33mDMBlQ-1; Fri, 26 Sep 2025 10:02:12 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id A8CDC1800285; Fri, 26 Sep 2025 14:02:11 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 66DCF1956095; Fri, 26 Sep 2025 14:02:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895338; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=smK9Va/nOZbeJSIJ8ndEc/BOA5aQlQB5o6hfnl+qhSo=; b=Pqq4zNvHePX8AEbRIKT1wQwpxqyY5b50JShtZir0GaD0ZRkuvl2p97FNANn+IX/h1cG+eG QPT4BzdGlNvp/lIAw71cRhYzY3hsywJ4yg+1ykgtcZ2VKhAugQpVdpqi+1SDkkX1IREgKv N6Xx4HoFo9XKf7sp3bpdkDbazPwHy6Q= X-MC-Unique: JGGiiCFqNUSRQv33mDMBlQ-1 X-Mimecast-MFC-AGG-ID: JGGiiCFqNUSRQv33mDMBlQ_1758895331 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 05/32] system: report acclerator security status in help output Date: Fri, 26 Sep 2025 15:01:16 +0100 Message-ID: <20250926140144.1998694-6-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895526881116600 When '-accel help' is given, report the security status of each accelerator. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/vl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/system/vl.c b/system/vl.c index 6f7fdb8663..38c6caf524 100644 --- a/system/vl.c +++ b/system/vl.c @@ -3433,7 +3433,9 @@ void qemu_init(int argc, char **argv) g_str_has_suffix(typename, ACCEL_CLASS_SUFFIX)= ) { gchar **optname =3D g_strsplit(typename, ACCEL_CLASS_SUFFI= X, 0); - printf("%s\n", optname[0]); + printf("%s%s\n", optname[0], + object_class_is_secure(OBJECT_CLASS(el-= >data)) ? + " (secure)" : ""); g_strfreev(optname); } g_free(typename); --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895475; cv=none; d=zohomail.com; s=zohoarc; b=B3ABFW59W8kVA93hRq31z19WoGuqi0enzeddf5ifYnmsw6oovsDkJS0KM2LsjvfWXj17egpBd+O3ZB9O3WaHWQY0BSQJ05WQ2X8vBWIs9R1Mtteo6Non9vA8i2cfSgB0bManM+py1ombjJ8FNWsm3BGiDE+ir1ReYiKmNrxJysE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895475; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=nKzFFvyHLWYmqldd383NxM2/sd6JX0++BsSoQsWwnYw=; b=CDviHSVG60i7+xFHptcZInwyFp7J0tqlxj5H0JuO4LQqq9RMzxUnu24Soac0+gWiNJfIFV1pybPfJ81e/DKj24VOBtkZmd2Jkrtdal6OnEYn/olKZ0MTKcY4h3tCJrfMtu7AIz/LvPMz6g+YCHmqBBlpzHHhpMKIAgqM6kQrUY4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895475226952.9065746532757; Fri, 26 Sep 2025 07:04:35 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v2925-000677-4Z; Fri, 26 Sep 2025 10:02:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2920-00065p-Ac for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:40 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291r-0004dM-6R for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:38 -0400 Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-518-Y2t4IU_-MGSfdhQajVC_hg-1; Fri, 26 Sep 2025 10:02:19 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8E2CD195608A; Fri, 26 Sep 2025 14:02:18 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 3F78B1956095; Fri, 26 Sep 2025 14:02:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895346; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=nKzFFvyHLWYmqldd383NxM2/sd6JX0++BsSoQsWwnYw=; b=DezQ4A/tUN5EO5Kyx6YKL90pGCkkEmIW7LT0VqoxVYvMpK73Z3uEq6zbummUCtSvuW0xxz nA0Xnz13XsB5+grRTio7nEWO1a2EWfKl/1K17uLRxmJNDRgxhvAJvl/PaVJXJwsQyyfVcX 2BccdMYC3KA3LL1d+V0I6fCamz4K/TM= X-MC-Unique: Y2t4IU_-MGSfdhQajVC_hg-1 X-Mimecast-MFC-AGG-ID: Y2t4IU_-MGSfdhQajVC_hg_1758895338 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 06/32] system: check security for machine types Date: Fri, 26 Sep 2025 15:01:17 +0100 Message-ID: <20250926140144.1998694-7-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895476106116600 This wires up the machine creation code to apply the compat policy security check. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/vl.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/system/vl.c b/system/vl.c index 38c6caf524..716bf6d490 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2182,10 +2182,19 @@ static void qemu_create_machine_containers(Object *= machine) } } =20 -static void qemu_create_machine(QDict *qdict) +static int qemu_create_machine(QDict *qdict) { MachineClass *machine_class =3D select_machine(qdict, &error_fatal); object_set_machine_compat_props(machine_class->compat_props); + Error *local_err; + + if (!compat_policy_check_security(&compat_policy, + object_class_get_name(OBJECT_CLASS(m= achine_class)), + object_class_is_secure(OBJECT_CLASS(= machine_class)), + &local_err)) { + error_report_err(local_err); + return -1; + } =20 current_machine =3D MACHINE(object_new_with_class(OBJECT_CLASS(machine= _class))); object_property_add_child(object_get_root(), "machine", @@ -2222,6 +2231,8 @@ static void qemu_create_machine(QDict *qdict) false, &error_abort); qobject_unref(default_opts); } + + return 0; } =20 static int global_init_func(void *opaque, QemuOpts *opts, Error **errp) @@ -3763,7 +3774,9 @@ void qemu_init(int argc, char **argv) /* Transfer QemuOpts options into machine options */ parse_memory_options(); =20 - qemu_create_machine(machine_opts_dict); + if (qemu_create_machine(machine_opts_dict) < 0) { + exit(1); + } =20 /* * Load incoming CPR state before any devices are created, because it --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895438; cv=none; d=zohomail.com; s=zohoarc; b=PQdOpsWMnKHbjauQZR5rZOm7h6eDAexX7kCrbrDZyD2SV3echuHPZWyXmc+qlFb+Z5md+de/wKVpuHFV3q2gi6CSy9qq245eJvAmQlseKrr7ILINHfqpnDBNxvy7gcnEy4cKSJsf8LCpdIamK1+Is+kI4MuAHULMNy6xWPBumCQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895438; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=XdubGzvsltHSVvychhCOKZzDhWP3myUAUl8KmJMU7bs=; b=b+FreXsjUej5wusc/fJ+hnea4RS63JtOuaACY+dccOrY2M1D771vqK+/LWei4Rzcv2bJGws9Tjh+fPwjlFwJJZsN3hKCccWHKHBvHspXBupVTWEb54zkM5cVXA0UrcK6keVSN2Zn/tzK+p5/GrPzKQi/9KyKQwMnXDUEsnfnrpU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895438563244.63943876936037; Fri, 26 Sep 2025 07:03:58 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v2926-00067R-If; Fri, 26 Sep 2025 10:02:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291z-00065i-BV for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:41 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291w-0004do-4w for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:38 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-608-0_kmqAjpORKi-l_Jl2Q9RA-1; Fri, 26 Sep 2025 10:02:25 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 40222180057D; Fri, 26 Sep 2025 14:02:24 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E8C2E19540EB; Fri, 26 Sep 2025 14:02:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895349; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XdubGzvsltHSVvychhCOKZzDhWP3myUAUl8KmJMU7bs=; b=YKDHwh+/+gZE0GZF9XFMk9o3wZks7tfjQqYKYIjg2LCVA2MkbR0vziRKLFZHgydaEgRd5/ eW7G1EV/btryLeOuEunv+ddmO+csxJTt4PSGFG0QqxBDHd75vGtozG6DsYllu5sxnIYpwJ BzlTwDSUD15/IyOpVx+3G2TFonMGMOU= X-MC-Unique: 0_kmqAjpORKi-l_Jl2Q9RA-1 X-Mimecast-MFC-AGG-ID: 0_kmqAjpORKi-l_Jl2Q9RA_1758895344 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 07/32] system: report machine security status in help output Date: Fri, 26 Sep 2025 15:01:18 +0100 Message-ID: <20250926140144.1998694-8-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895439943116600 When '-machine help' is given, report the security status of each machine. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/vl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/system/vl.c b/system/vl.c index 716bf6d490..fec3a195f6 100644 --- a/system/vl.c +++ b/system/vl.c @@ -1578,9 +1578,10 @@ static void machine_help_func(const QDict *qdict) if (mc->alias) { printf("%-20s %s (alias of %s)\n", mc->alias, mc->desc, mc->na= me); } - printf("%-20s %s%s%s\n", mc->name, mc->desc, + printf("%-20s %s%s%s%s\n", mc->name, mc->desc, mc->is_default ? " (default)" : "", - mc->deprecation_reason ? " (deprecated)" : ""); + mc->deprecation_reason ? " (deprecated)" : "", + object_class_is_secure(OBJECT_CLASS(mc)) ? " (secure)" : ""= ); } } =20 --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895472; cv=none; d=zohomail.com; s=zohoarc; b=KT6EsPSn7Oqgnt7dxmXbRkzXx40JkrWpcCifG0r3/KHcFh4HCJpG+5T68gOGn/BZBuTbX401zbY1DxPpI9BvXPxAclkc77PMyFAOmB+nFDD9cAwwEXtOm0EtTkkzPAgmytnqnt21GLX7qAnTjr/240GIYoR58einz3x8DYvztYE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895472; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=/1fRLQrqxZfLB+FGX2nC7+cCfne6Mu6ri4hCnmmDcFo=; b=mL4t8yFjF0UFdWXu/pK2UPbmTMAREOFcr0qGZJg+/XXO7RMbUv015dkrDtPnA03SO1E0XiHffNebOSPDSo4LIAidm2Hp3iVj1ruhcXEbMs8DGG9JZLNwGqR75/i1nPfQeVDwzCJkfWALgmlDUSFQo4U0W28TUbbLLlhBLYGRhBw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895472634344.0927643700843; Fri, 26 Sep 2025 07:04:32 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v292C-000698-HE; Fri, 26 Sep 2025 10:02:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2924-00066m-14 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:44 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v291w-0004eG-54 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:43 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-554-GtX-qUn-OpixKNw8q339Jw-1; Fri, 26 Sep 2025 10:02:30 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id ADBC71800285; Fri, 26 Sep 2025 14:02:29 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 090A81956095; Fri, 26 Sep 2025 14:02:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895352; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/1fRLQrqxZfLB+FGX2nC7+cCfne6Mu6ri4hCnmmDcFo=; b=WGGynUp1QjXpnoPxzB6NQj3cF0CCIg7shjitBSPMv9yfNscbb+otpjEIFIrB3Ualt2+8Kz UzHXkYTEUSiQl9n+pRf2MIsnpVmW7zcKzrDhHLzEItWdHpevT1o6ElKrtbRla7E7tiMtTz dOw8n6EG4dCkT8mfxYzyZmgc1qEuO+s= X-MC-Unique: GtX-qUn-OpixKNw8q339Jw-1 X-Mimecast-MFC-AGG-ID: GtX-qUn-OpixKNw8q339Jw_1758895349 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 08/32] system: check security of device types Date: Fri, 26 Sep 2025 15:01:19 +0100 Message-ID: <20250926140144.1998694-9-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895474040116600 This wires up the DeviceClass types to have their security checked when devices are created. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/qdev-monitor.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c index 2ac92d0a07..520fe5c495 100644 --- a/system/qdev-monitor.c +++ b/system/qdev-monitor.c @@ -43,6 +43,8 @@ #include "hw/qdev-properties.h" #include "hw/clock.h" #include "hw/boards.h" +#include "qapi/compat-policy.h" + =20 /* * Aliases were a bad idea from the start. Let's keep them @@ -644,6 +646,13 @@ DeviceState *qdev_device_add_from_qdict(const QDict *o= pts, return NULL; } =20 + if (!compat_policy_check_security(&compat_policy, + object_class_get_name(OBJECT_CLASS(d= c)), + object_class_is_secure(OBJECT_CLASS(= dc)), + errp)) { + return NULL; + } + /* find bus */ path =3D qdict_get_try_str(opts, "bus"); if (path !=3D NULL) { --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895763; cv=none; d=zohomail.com; s=zohoarc; b=NxTdLacHUP0+HPYS47YMrCi2v/gCL+lozgTLA/2hCuLF5ZUTEJmB9KM0st/q136G14MnQXVRqyh7y7aOXauu0sg693HuCu29+Q9TNyJRsKinYaP6pT4hcTmyu3uyLCWDnzJCz6nQeGznHPXoLdkmiNQHKk37J+W+6DEg/+uiiYw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895763; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=sM77iEysHbiNJthEoc/xRlrkImLkvEX9TNe+qgWYCsU=; b=YslSgNxJrdLP1lo0WYOInGcmNy4RZJSu4DC5h22rrhaSWroK5O5tITov0o3fItXQiRRV97zF6/Rao01AybOUqSWdDQfbvJ/BRoayDdnCpnxvBRMobojK5ogkCeZtUGPX1z8+UDvByUvNiZE720KF/edtgwWiWK0SMjFMHAbG6/8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895763859836.3239520780239; Fri, 26 Sep 2025 07:09:23 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v292K-0006GO-Dv; Fri, 26 Sep 2025 10:03:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292H-0006Ej-Mz for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:57 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292A-0004g6-Kq for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:02:56 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-115-b2WPf-NRMJSsnCKVO1kPOw-1; Fri, 26 Sep 2025 10:02:38 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 96E5A18004D4; Fri, 26 Sep 2025 14:02:34 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 66C541956095; Fri, 26 Sep 2025 14:02:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895362; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sM77iEysHbiNJthEoc/xRlrkImLkvEX9TNe+qgWYCsU=; b=BmFSqZCoeCftA7jQ84NyultB9KteVWzcV3P62LtsGdKVC1MQbp118insNxrl1tcsmHb7Cs +XiwDCGbqUV7RCjXioAPjpLVFhGiabXnYxL4S4od4T5gSo5IGHA9Bb1LvQbyebv58wrmYV hvxzzrkXr2CB01kz43hh10oSosok0b0= X-MC-Unique: b2WPf-NRMJSsnCKVO1kPOw-1 X-Mimecast-MFC-AGG-ID: b2WPf-NRMJSsnCKVO1kPOw_1758895354 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 09/32] system: report device security status in help output Date: Fri, 26 Sep 2025 15:01:20 +0100 Message-ID: <20250926140144.1998694-10-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895764656116600 When '-device help' is given, report the security status of each device. Signed-off-by: Daniel P. Berrang=C3=A9 --- system/qdev-monitor.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c index 520fe5c495..86ae64dccd 100644 --- a/system/qdev-monitor.c +++ b/system/qdev-monitor.c @@ -166,6 +166,9 @@ static void qdev_print_devinfo(DeviceClass *dc) if (!dc->user_creatable) { qemu_printf(", no-user"); } + if (object_class_is_secure(OBJECT_CLASS(dc))) { + qemu_printf(", secure"); + } qemu_printf("\n"); } =20 --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895546; cv=none; d=zohomail.com; s=zohoarc; b=Wqow2ay+TSDtmsm+C2/ADUsVNSrAHGCDj7zMlMVvecY4VTjWU73GO7GGwR7kt1UFO9rj/ldJJFtqYztPU4TpZk1SXEmisG/DHINnmw+NIXObfArTIVWFQTGZOOK9QBSanjnXfvX4MiahZJuanwSqcDp1BWBorOW4D9WJQPN2iDA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895546; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=KMHWRKFJ6zmbhfubCkVeb8qUpp4lSkS0Mu0MDS+kspM=; b=aa006BMXmAxvAEyofJJcJAhvw0ZvP09oUn2U88KFp9AT11LU8N9xncZsa/xq+aZcsC8JA3/kFaCp8iu1KDHen+WSWrlCHO2jTxCoN21dM/g7sYlE+2LpBsmaPsO3V/TIf1Cd9yVtI/+IIl9UzlJ/P+QzB8GYQEEkLQ4atNdQUsw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895546353371.06254741256816; Fri, 26 Sep 2025 07:05:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v292R-0006KX-5n; Fri, 26 Sep 2025 10:03:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292O-0006J9-Ij for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:04 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292F-0004hF-71 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:04 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-508-k5YBVxpBNRuUng6Uawxs4Q-1; Fri, 26 Sep 2025 10:02:44 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 098C6180066F; Fri, 26 Sep 2025 14:02:41 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 476C119540EB; Fri, 26 Sep 2025 14:02:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895371; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KMHWRKFJ6zmbhfubCkVeb8qUpp4lSkS0Mu0MDS+kspM=; b=aITfaZJCDok1Oj2L8g4mkivKkakWNcp54V4/pgQf4PfPduzkbgwVpZq+x/JVvy/hl64/Qu T10UmF5KXlml4CG7DK1+sufTDpisIIHxZC4CvbdZo4A9Rlvf4ES4DclkEsFkFtdXlHfL2E FpaqUsTcGCX7VodNs3YYxEdtSvt2Eis= X-MC-Unique: k5YBVxpBNRuUng6Uawxs4Q-1 X-Mimecast-MFC-AGG-ID: k5YBVxpBNRuUng6Uawxs4Q_1758895363 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 10/32] hw/core: report security status in query-machines Date: Fri, 26 Sep 2025 15:01:21 +0100 Message-ID: <20250926140144.1998694-11-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895547347116600 Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/core/machine-qmp-cmds.c | 1 + qapi/machine.json | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/hw/core/machine-qmp-cmds.c b/hw/core/machine-qmp-cmds.c index 6aca1a626e..4d9906f64a 100644 --- a/hw/core/machine-qmp-cmds.c +++ b/hw/core/machine-qmp-cmds.c @@ -100,6 +100,7 @@ MachineInfoList *qmp_query_machines(bool has_compat_pro= ps, bool compat_props, if (mc->default_ram_id) { info->default_ram_id =3D g_strdup(mc->default_ram_id); } + info->secure =3D object_class_is_secure(OBJECT_CLASS(mc)); =20 if (compat_props && mc->compat_props) { int i; diff --git a/qapi/machine.json b/qapi/machine.json index 038eab281c..bb2b308ccd 100644 --- a/qapi/machine.json +++ b/qapi/machine.json @@ -194,6 +194,11 @@ # present when `query-machines` argument @compat-props is true. # (since 9.1) # +# @secure: If true, the machine is declared to provide a security +# boundary from the guest; if false the machine is either +# not providing a security boundary, or its status is undefined. +# (since 10.2) +# # Features: # # @unstable: Member @compat-props is experimental. @@ -207,7 +212,8 @@ 'deprecated': 'bool', '*default-cpu-type': 'str', '*default-ram-id': 'str', 'acpi': 'bool', '*compat-props': { 'type': ['CompatProperty'], - 'features': ['unstable'] } } } + 'features': ['unstable'] }, + 'secure': 'bool' } } =20 ## # @query-machines: --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895799; cv=none; d=zohomail.com; s=zohoarc; b=TvkGOSt5I5VxH7vZA2ZQJQVkpFWYGbqsuVSYtwX6kunQsQrkyY8D88aAFEm2TM59CxnhR65Enj7E2/x4iSXpkEPzplee/tnDP0okoGKpxLsVYN8k5F8wktyku3oBaUq1ex2/8BZfqw2fhtmB1b2CQFmmHbgNGGi/KNqNXx8wqq4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895799; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=7X4SWOuaRnjqI3c2+gQUnYmt1B06XZVz+IyxcK6V2i0=; b=J4s8wNqQIu4AndMCO/d3i/bCbTuuP2GoYokZTVo6kyj0aNcMXiIKtTmmMPBMtU2CHn05fBOXmJrOr9ZzAoiV0nIpTSpxjejw7OGB8G2N6YQmUiENJ4lHDG9nvydkzKULEaJQTQrOvpvB9f+G2/QpUbmcrCMmYvs09QV/EKz/Zdc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895799588375.6197817815755; Fri, 26 Sep 2025 07:09:59 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v292Y-0006Op-G3; Fri, 26 Sep 2025 10:03:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292W-0006Oc-Vc for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:13 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292P-0004j9-CP for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:12 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-261-Ynb7ThTtPBGkJZLqQxTOcw-1; Fri, 26 Sep 2025 10:02:58 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 311D718005B0; Fri, 26 Sep 2025 14:02:50 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id C8D0E1953957; Fri, 26 Sep 2025 14:02:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895382; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7X4SWOuaRnjqI3c2+gQUnYmt1B06XZVz+IyxcK6V2i0=; b=GtE1sVNbkRAa/+MuC0MXkLb+S1XXOgCz0zwoJc0kvVGeA0bplgFumrxZgLWGBEOXIvmCFV vfcn/NIlgutyGIWQumeapYj0H1YEjUrTcIpY/x9SCC7LQxlzLbfPExHBu3/Hz5zjxCvT5/ 17Cgex+XzyhjIhrkGiKsLfODZo8NzIY= X-MC-Unique: Ynb7ThTtPBGkJZLqQxTOcw-1 X-Mimecast-MFC-AGG-ID: Ynb7ThTtPBGkJZLqQxTOcw_1758895377 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 11/32] qom: report & filter on security status in qom-list-types Date: Fri, 26 Sep 2025 15:01:22 +0100 Message-ID: <20250926140144.1998694-12-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895801222116600 This adds: * a new boolean 'secure' field to the type info returned by qom-list-types, which will be set if the type provides a security boundary * a new boolean 'secure' parameter to the arguments of qom-list-types, which can be used to filter types based on their security status Signed-off-by: Daniel P. Berrang=C3=A9 --- qapi/qom.json | 10 ++++++++-- qom/qom-qmp-cmds.c | 30 ++++++++++++++++++++++++------ 2 files changed, 32 insertions(+), 8 deletions(-) diff --git a/qapi/qom.json b/qapi/qom.json index 830cb2ffe7..3e5e7e6f6f 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -210,12 +210,15 @@ # @abstract: the type is abstract and can't be directly instantiated. # Omitted if false. (since 2.10) # +# @secure: the type provides a security boundary. +# Omitted if false. (since 10.2) +# # @parent: Name of parent type, if any (since 2.10) # # Since: 1.1 ## { 'struct': 'ObjectTypeInfo', - 'data': { 'name': 'str', '*abstract': 'bool', '*parent': 'str' } } + 'data': { 'name': 'str', '*abstract': 'bool', '*parent': 'str', '*secure= ': 'bool' } } =20 ## # @qom-list-types: @@ -227,12 +230,15 @@ # # @abstract: if true, include abstract types in the results # +# @secure: if set, filter to only include types with matching security sta= tus +# (since 10.2) +# # Returns: a list of types, or an empty list if no results are found # # Since: 1.1 ## { 'command': 'qom-list-types', - 'data': { '*implements': 'str', '*abstract': 'bool' }, + 'data': { '*implements': 'str', '*abstract': 'bool', '*secure': 'bool' }, 'returns': [ 'ObjectTypeInfo' ], 'allow-preconfig': true } =20 diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c index 57f1898cf6..9e221bb332 100644 --- a/qom/qom-qmp-cmds.c +++ b/qom/qom-qmp-cmds.c @@ -151,33 +151,51 @@ QObject *qmp_qom_get(const char *path, const char *pr= operty, Error **errp) return object_property_get_qobject(obj, property, errp); } =20 -static void qom_list_types_tramp(ObjectClass *klass, void *data) +typedef struct { + ObjectTypeInfoList *list; + bool has_secure; + bool secure; +} ObjectTypeInfoData; + +static void qom_list_types_tramp(ObjectClass *klass, void *opaque) { - ObjectTypeInfoList **pret =3D data; + ObjectTypeInfoData *data =3D opaque; ObjectTypeInfo *info; ObjectClass *parent =3D object_class_get_parent(klass); =20 + if (data->has_secure && + data->secure !=3D object_class_is_secure(klass)) { + return; + } + info =3D g_malloc0(sizeof(*info)); info->name =3D g_strdup(object_class_get_name(klass)); info->has_abstract =3D info->abstract =3D object_class_is_abstract(kla= ss); + info->has_secure =3D info->secure =3D object_class_is_secure(klass); if (parent) { info->parent =3D g_strdup(object_class_get_name(parent)); } =20 - QAPI_LIST_PREPEND(*pret, info); + QAPI_LIST_PREPEND(data->list, info); } =20 ObjectTypeInfoList *qmp_qom_list_types(const char *implements, bool has_abstract, bool abstract, + bool has_secure, + bool secure, Error **errp) { - ObjectTypeInfoList *ret =3D NULL; + ObjectTypeInfoData data =3D { + .list =3D NULL, + .has_secure =3D has_secure, + .secure =3D secure, + }; =20 module_load_qom_all(); - object_class_foreach(qom_list_types_tramp, implements, abstract, &ret); + object_class_foreach(qom_list_types_tramp, implements, abstract, &data= ); =20 - return ret; + return data.list; } =20 ObjectPropertyInfoList *qmp_device_list_properties(const char *typename, --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895591; cv=none; d=zohomail.com; s=zohoarc; b=cG/B6snsByFNVmQVB/1CvGXTvS6kItir3OIlEBxXtw5vXcoywKUbqrINJjtkS43VgCLknb9ACR5/3SBbxGu2+hrbQ3y2XE6lw+BwvwW7rr81+vgVTEGiHJTn0MN6KSH8drgwrW9UyUzPB90NcFo14gV9pWrTonPLbCMG+q7COaE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895591; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=5k008Bl84c113iX9fUzuJAHFMGIOYAiB2ad/D2iyokU=; b=SJwtAtsE1fhtXkTrALGCmOPVjh+4OI5cZ8xl2elg02lDH0HMKsQP7ineBAnzLH9CTUPrPv52nLWQgtKACP1BBKcYBn2hzEhyjJXSRCyhm4DuhIeDMClV1/PRL/zvxV8bw4UDKqumg5SJoL3sftCh3X9IKjHPKq19Q5SMxewkVKM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895591510454.6531409549233; Fri, 26 Sep 2025 07:06:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v292U-0006NC-Oj; Fri, 26 Sep 2025 10:03:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292S-0006MD-0m for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:08 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292L-0004ip-UG for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:07 -0400 Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-427-ULFrEky9OgWVmEbFcQA3JA-1; Fri, 26 Sep 2025 10:02:56 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 514DE1955D69; Fri, 26 Sep 2025 14:02:55 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 24CB51956095; Fri, 26 Sep 2025 14:02:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895380; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5k008Bl84c113iX9fUzuJAHFMGIOYAiB2ad/D2iyokU=; b=DJs80cI5gAVFILM85sKY/R4X4cqOKYKoURNfTVAEcH2g16qYeu8j7VUWEypk/bQtjsV6SJ SpuTKGO2DVgXE4q23e5LkCamrk6mdYiJgmu4Emo0wt6md3QOuXmtanWR1i42TngvecID+8 I3AaMTTIL1uIRsdvuDPGh6U2JeeDNYI= X-MC-Unique: ULFrEky9OgWVmEbFcQA3JA-1 X-Mimecast-MFC-AGG-ID: ULFrEky9OgWVmEbFcQA3JA_1758895375 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 12/32] docs: expand security docs with info about security status Date: Fri, 26 Sep 2025 15:01:23 +0100 Message-ID: <20250926140144.1998694-13-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895594206116600 The description of virtualization vs non-virtualization use cases is a crude approximation of the security characteristics of QEMU devices. Document how QEMU can be probed to obtain information on the security status of type classes, and how policies can be set to inform or control their usage. Signed-off-by: Daniel P. Berrang=C3=A9 --- docs/system/security.rst | 43 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docs/system/security.rst b/docs/system/security.rst index f2092c8768..cda4bae6db 100644 --- a/docs/system/security.rst +++ b/docs/system/security.rst @@ -49,6 +49,49 @@ Bugs affecting the non-virtualization use case are not c= onsidered security bugs at this time. Users with non-virtualization use cases must not rely = on QEMU to provide guest isolation or any security guarantees. =20 +Security status reporting +''''''''''''''''''''''''' + +QEMU is progressively working to annotate object types to explicitly state +whether they are considered to provide a security boundary or not. + +It is possible to control or identify the usage of types that do not offer +an explicit security boundary using the ``insecure-types`` parameter to the +``-compat`` argument, which accepts three values: + + * accept: usage of any type will be permitted. This is the current + and historical default behaviour + * warn: usage of types not explicitly declared secure will result + in a warning message, but still be permitted. + * reject: usage of types not explicitly declared secure will result + in an error message, and will not be permitted. + +The compatibility policy will be honoured both at initial startup of +QEMU and during any runtime alterations made with monitor commands. + +The status of any type class can be queried at runtime using the +``qom-list-types`` command, whose returned information will flag any +types declared as secure. The ``query-machines`` command will also +reflect this same information for machine types. + +Machine type, accelerator and device security status can be queried +using ``-machine help``, ``-accel help`` and ``-device help`` command +line options respectively. + +The setting of the ``.secure`` field at the time a type class is +declared in the code will determine whether bugs are eligible to +be considered as security bugs: + + * Explicitly declared ``.secure =3D true``: security bug process + applies, eligible for CVE assignment + * Explicitly declared ``.secure =3D false``: security bug process + does not apply, ineligible for CVE assignment + * No declaration of ``.secure`` property: follow the security + bug process initially. The virtualization vs non-virtualization + use case classification will be evaluated during bug triage + to determine whether to continue the security bug process, + or switch to the regular bug process. + Architecture ------------ =20 --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895890; cv=none; d=zohomail.com; s=zohoarc; b=ChRAqy9BqcrRfZjOP9jZKcvMtdZaq7kFeDLsFIsYor1YpFWnAxdxbj6NYUY0+6imijVDZ4NU6acrVtQFK374GjGcf9ha3KqanoimjqyoL3OMOfWSawHtxTbKuNBZOn6SPTtPD+JoSAcXr9UF+RWm7hcTCfE0tOX3ZaWvlauBem4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895890; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=XVrAynmvaUFzruaGCEo1jmveHQiY6eBskywHu4uSLF4=; b=cLlq6KQgZeTq8W0t0AV8Q9IRkO5oUTGqTakt9W+StGlj0rA3SmhcKT8GsPAkuBRB1A54aICvaD1EtyepoB1GVZLv0nwkH2odAStDtS4sgxVvpf6Mt4Gt44c8oiQsXg49C8e6rpae82Ba3Dq64flU9o7Ei04rXZW1/+BnXG8lD3U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895890789774.3980896808735; Fri, 26 Sep 2025 07:11:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v292y-0006a5-MD; Fri, 26 Sep 2025 10:03:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292t-0006Tb-Ng for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292e-0004ln-7h for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:33 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-386-NQZhS5cDPkuLPkhdrZ_sFQ-1; Fri, 26 Sep 2025 10:03:10 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D9D1A180AB1D; Fri, 26 Sep 2025 14:03:00 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0AF8F1956095; Fri, 26 Sep 2025 14:02:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XVrAynmvaUFzruaGCEo1jmveHQiY6eBskywHu4uSLF4=; b=Yv1pQsuAjXWsbSskNMZNWGu4AS+0AYpWihc9cs5cj+NSNv/W4bcWVQoH2eZ4XLOFn6z3ru 1I5HRwXC3CTvYLD5zCJnWzflueQ+vFYdV/An9Pg1k2vW/8QTDAyw9pxCqmfPInKQSlxrZm sVhzuqrnJfcAqo6hneOVktdIghukAuY= X-MC-Unique: NQZhS5cDPkuLPkhdrZ_sFQ-1 X-Mimecast-MFC-AGG-ID: NQZhS5cDPkuLPkhdrZ_sFQ_1758895389 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 13/32] machine: add helpers for declaring secure/insecure machine types Date: Fri, 26 Sep 2025 15:01:24 +0100 Message-ID: <20250926140144.1998694-14-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895892439116601 The current DEFINE_MACHINE macro will declare machine type without any explicit statement about the security status. As such the machine type will be treated as implicitly insecure at runtime. Introduce new DEFINE_SECURE_MACHINE and DEFINE_INSECURE_MACHINE macros that allow code to make an explicit statement about security status of the machine. All machine declarations should transition to the new macros allowing the implicit macro to eventually be removed. The same is done for the specialized i386 PC related macros. Signed-off-by: Daniel P. Berrang=C3=A9 --- include/hw/boards.h | 12 +++++++++++- include/hw/i386/pc.h | 13 ++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/include/hw/boards.h b/include/hw/boards.h index 665b620121..8105c54a90 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -762,7 +762,7 @@ struct MachineState { } \ } while (0) =20 -#define DEFINE_MACHINE(namestr, machine_initfn) \ +#define DEFINE_MACHINE_IMPL(namestr, machine_initfn, issecure) \ static void machine_initfn##_class_init(ObjectClass *oc, const void *d= ata) \ { \ MachineClass *mc =3D MACHINE_CLASS(oc); \ @@ -772,6 +772,7 @@ struct MachineState { .name =3D MACHINE_TYPE_NAME(namestr), \ .parent =3D TYPE_MACHINE, \ .class_init =3D machine_initfn##_class_init, \ + .secure =3D issecure, \ }; \ static void machine_initfn##_register_types(void) \ { \ @@ -779,6 +780,15 @@ struct MachineState { } \ type_init(machine_initfn##_register_types) =20 +/* Implicitly insecure, prefer explicitly declaring security status */ +#define DEFINE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, false) + +#define DEFINE_SECURE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, true) +#define DEFINE_INSECURE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, false) + extern GlobalProperty hw_compat_10_1[]; extern const size_t hw_compat_10_1_len; =20 diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index e83157ab35..1ccb6ed9fc 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -301,7 +301,7 @@ extern const size_t pc_compat_2_7_len; extern GlobalProperty pc_compat_2_6[]; extern const size_t pc_compat_2_6_len; =20 -#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ +#define DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, issecure) \ static void pc_machine_##suffix##_class_init(ObjectClass *oc, \ const void *data) \ { \ @@ -313,6 +313,7 @@ extern const size_t pc_compat_2_6_len; .name =3D namestr TYPE_MACHINE_SUFFIX, \ .parent =3D TYPE_PC_MACHINE, \ .class_init =3D pc_machine_##suffix##_class_init, \ + .secure =3D issecure, \ }; \ static void pc_machine_init_##suffix(void) \ { \ @@ -320,6 +321,16 @@ extern const size_t pc_compat_2_6_len; } \ type_init(pc_machine_init_##suffix) =20 +/* Implicitly insecure, prefer explicitly declaring security status */ +#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ + DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, false) + +#define DEFINE_SECURE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ + DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, true) +#define DEFINE_INSECURE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ + DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, false) + + #define DEFINE_PC_VER_MACHINE(namesym, namestr, initfn, isdefault, malias,= ...) \ static void MACHINE_VER_SYM(init, namesym, __VA_ARGS__)( \ MachineState *machine) \ --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895698; cv=none; d=zohomail.com; s=zohoarc; b=MU+Vqa5auFMUEI3kMfK+u8VjSG9BURradGDhcI+TNxhGBWSDOGDcqVJXxeRgDYhdS4Thp2sBNj0bekiglecKIxUxxNXLmuwKmmvnu6xRZU0pUdXGhtazVhwI5MGIJjt4lh3SQidCOGDkinb5T2W8tbC6CXBlYoEvw53QJ2HFJlo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895698; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=4IWeST0K4wA1sxKfivRbQ89bYlDWZwGSw/0nanXkI7k=; b=lCZ1pVCj0g3YkX35MV45Nb3ZksImhMapHQi29shqDsNppKH326qnfpWvC98dPZ8AeXdllKFJWabO4B5PnSJltSEbRBgGtzc1R9XMIOayP5Bx/U27P8zqMXDTNCv90LgVzBblvHQgsn+6vBwxgNeL8qfJIBdRQMJQ42Kkte5wabY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895698157500.43668151069016; Fri, 26 Sep 2025 07:08:18 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v2931-0006eC-7e; Fri, 26 Sep 2025 10:03:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292v-0006Wt-P1 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:39 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292l-0004mW-LL for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:31 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-549-Y6eL0tnQMAK_RSoqs_Ttgw-1; Fri, 26 Sep 2025 10:03:16 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C074D1800621; Fri, 26 Sep 2025 14:03:07 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 9CE82195419F; Fri, 26 Sep 2025 14:03:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895399; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4IWeST0K4wA1sxKfivRbQ89bYlDWZwGSw/0nanXkI7k=; b=R/0sRYtnlv/l+Z5rAe5x9LcZZr9EpYTpZ/CTsBhwzgZ6DfHKvVG0oTb2m6ITsuvSKkdq9Y LX3fPa4kU+Slhdk5GHKukHdQBYFGNDdydDv9ZiTKIW1bfJxr03hwP8AgxndwkSY6TRuFx+ mN9zOOS68/ZMzGIb9rFjTboF41CYnYU= X-MC-Unique: Y6eL0tnQMAK_RSoqs_Ttgw-1 X-Mimecast-MFC-AGG-ID: Y6eL0tnQMAK_RSoqs_Ttgw_1758895394 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 14/32] hw: mark x86, s390, ppc, arm versioned machine types as secure Date: Fri, 26 Sep 2025 15:01:25 +0100 Message-ID: <20250926140144.1998694-15-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895699518116600 The versioned machine types are typically present for use in virtualization use cases and can be expected to provide a security barrier. The only exceptions are the m68k versioned machine types which are only used with TCG. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/arm/virt.c | 1 + hw/ppc/spapr.c | 1 + hw/s390x/s390-virtio-ccw.c | 1 + include/hw/i386/pc.h | 1 + 4 files changed, 4 insertions(+) diff --git a/hw/arm/virt.c b/hw/arm/virt.c index 02209fadcf..c25ef1c306 100644 --- a/hw/arm/virt.c +++ b/hw/arm/virt.c @@ -127,6 +127,7 @@ static void arm_virt_compat_set(MachineClass *mc) .name =3D MACHINE_VER_TYPE_NAME("virt", __VA_ARGS__), \ .parent =3D TYPE_VIRT_MACHINE, \ .class_init =3D MACHINE_VER_SYM(class_init, virt, __VA_ARGS__), \ + .secure =3D true, \ }; \ static void MACHINE_VER_SYM(register, virt, __VA_ARGS__)(void) \ { \ diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index eb22333404..3581f581a4 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -4748,6 +4748,7 @@ static void spapr_machine_latest_class_options(Machin= eClass *mc) .name =3D MACHINE_VER_TYPE_NAME("pseries", __VA_ARGS__), \ .parent =3D TYPE_SPAPR_MACHINE, \ .class_init =3D MACHINE_VER_SYM(class_init, spapr, __VA_ARGS__), \ + .secure =3D true, \ }; \ static void MACHINE_VER_SYM(register, spapr, __VA_ARGS__)(void) \ { \ diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c index d0c6e80cb0..54bc4e1b74 100644 --- a/hw/s390x/s390-virtio-ccw.c +++ b/hw/s390x/s390-virtio-ccw.c @@ -896,6 +896,7 @@ static const TypeInfo ccw_machine_info =3D { .name =3D MACHINE_VER_TYPE_NAME("s390-ccw-virtio", __VA_ARGS__), = \ .parent =3D TYPE_S390_CCW_MACHINE, = \ .class_init =3D MACHINE_VER_SYM(class_init, ccw, __VA_ARGS__), = \ + .secure =3D true, = \ }; = \ static void MACHINE_VER_SYM(register, ccw, __VA_ARGS__)(void) = \ { = \ diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index 1ccb6ed9fc..f576b3892e 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -353,6 +353,7 @@ extern const size_t pc_compat_2_6_len; .name =3D MACHINE_VER_TYPE_NAME(namestr, __VA_ARGS__), \ .parent =3D TYPE_PC_MACHINE, \ .class_init =3D MACHINE_VER_SYM(class_init, namesym, __VA_ARGS__),= \ + .secure =3D true, \ }; \ static void MACHINE_VER_SYM(register, namesym, __VA_ARGS__)(void) \ { \ --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895516; cv=none; d=zohomail.com; s=zohoarc; b=WIETMkxKZf6BW/DSESEzrZabGYtK0WgmXcaDVEkSS2HnKdS/3Vo9ehqRWXv12fZ0L7D7vwjx8gRBnOLIobETzd1Azz2eIxW5VpIvJaF6ZyWcekcPodLPNLr1lHyF9qpo9lsvq2lIE7yI2iOLEQbQ8rxbLkO2Bocy+GdX7dboOto= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895516; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ON1oCROzXKOqVCyq7lvjKP0qQnRGrVbdScAqq/11Wc0=; b=OIKW0wC9AfPHXa+Klb/EHF8cfWIc0UKndjF98bhZ2PIWbdD9+KLIEonhHz6yCpYgKoRdKt8ZadtckRn/G7gwznUVKm/jm8MTYrXCuuPXoP4vkJUdji1OC5MqoYvOW5whl3fWQ1mHafJkRCbMxWpcJXBJ1w1nskit/72q8g0h5jc= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895516838288.0108833779965; Fri, 26 Sep 2025 07:05:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v2931-0006cd-Qn; Fri, 26 Sep 2025 10:03:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292t-0006Tc-PT for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292j-0004mf-6K for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:33 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-319-3GRB-QJHN9mwOeraGj6qqw-1; Fri, 26 Sep 2025 10:03:17 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 07EA7180048E; Fri, 26 Sep 2025 14:03:16 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0E06F1956095; Fri, 26 Sep 2025 14:03:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895400; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ON1oCROzXKOqVCyq7lvjKP0qQnRGrVbdScAqq/11Wc0=; b=SsiN7j0Be2EMnor7UQoiG6sSjUWFryZ/R6ODBWZEloXTKyYCDFcOu4UgYDgFzteyqqQqbL dTFOReV6oKWFNjk8IDJBkeV0FcWSJGXKBv+Vs87IIw5AfRwJ0j73e8uyE24Aj0CBw0A2MA fU4xfnlH4MJ+DYPioIk9ZTvkYKYPWbo= X-MC-Unique: 3GRB-QJHN9mwOeraGj6qqw-1 X-Mimecast-MFC-AGG-ID: 3GRB-QJHN9mwOeraGj6qqw_1758895396 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 15/32] hw: declare Xen & microvm machines as secure, isapc as insecure Date: Fri, 26 Sep 2025 15:01:26 +0100 Message-ID: <20250926140144.1998694-16-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895519008116600 The Xen and microvm machines are used in virtualization use cases, while isapc is only for emulation. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/arm/xen-pvh.c | 1 + hw/i386/isapc.c | 4 ++-- hw/i386/microvm.c | 1 + hw/i386/pc_piix.c | 8 ++++---- hw/i386/xen/xen-pvh.c | 1 + hw/i386/xen/xen_pvdevice.c | 1 + hw/xen/xen-pvh-common.c | 1 + hw/xenpv/xen_machine_pv.c | 2 +- 8 files changed, 12 insertions(+), 7 deletions(-) diff --git a/hw/arm/xen-pvh.c b/hw/arm/xen-pvh.c index 1a9eeb01c8..d6b777cb20 100644 --- a/hw/arm/xen-pvh.c +++ b/hw/arm/xen-pvh.c @@ -95,6 +95,7 @@ static const TypeInfo xen_arm_machine_type =3D { .class_init =3D xen_arm_machine_class_init, .instance_size =3D sizeof(XenPVHMachineState), .instance_init =3D xen_arm_instance_init, + .secure =3D true, }; =20 static void xen_arm_machine_register_types(void) diff --git a/hw/i386/isapc.c b/hw/i386/isapc.c index 44f4a44672..2da7a255f9 100644 --- a/hw/i386/isapc.c +++ b/hw/i386/isapc.c @@ -185,5 +185,5 @@ static void isapc_machine_options(MachineClass *m) m->no_parallel =3D !module_object_class_by_name(TYPE_ISA_PARALLEL); } =20 -DEFINE_PC_MACHINE(isapc, "isapc", pc_init_isa, - isapc_machine_options); +DEFINE_INSECURE_PC_MACHINE(isapc, "isapc", pc_init_isa, + isapc_machine_options); diff --git a/hw/i386/microvm.c b/hw/i386/microvm.c index 94d22a232a..c9ff29da0e 100644 --- a/hw/i386/microvm.c +++ b/hw/i386/microvm.c @@ -729,6 +729,7 @@ static const TypeInfo microvm_machine_info =3D { .instance_init =3D microvm_machine_initfn, .class_size =3D sizeof(MicrovmMachineClass), .class_init =3D microvm_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { } diff --git a/hw/i386/pc_piix.c b/hw/i386/pc_piix.c index caf8bab68e..1d75b7c89e 100644 --- a/hw/i386/pc_piix.c +++ b/hw/i386/pc_piix.c @@ -755,8 +755,8 @@ static void xenfv_machine_4_2_options(MachineClass *m) m->default_machine_opts =3D "accel=3Dxen,suppress-vmdesc=3Don"; } =20 -DEFINE_PC_MACHINE(xenfv_4_2, "xenfv-4.2", pc_xen_hvm_init, - xenfv_machine_4_2_options); +DEFINE_SECURE_PC_MACHINE(xenfv_4_2, "xenfv-4.2", pc_xen_hvm_init, + xenfv_machine_4_2_options); =20 static void xenfv_machine_3_1_options(MachineClass *m) { @@ -767,6 +767,6 @@ static void xenfv_machine_3_1_options(MachineClass *m) m->default_machine_opts =3D "accel=3Dxen,suppress-vmdesc=3Don"; } =20 -DEFINE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init, - xenfv_machine_3_1_options); +DEFINE_SECURE_PC_MACHINE(xenfv, "xenfv-3.1", pc_xen_hvm_init, + xenfv_machine_3_1_options); #endif diff --git a/hw/i386/xen/xen-pvh.c b/hw/i386/xen/xen-pvh.c index 067f73e977..f30cb82962 100644 --- a/hw/i386/xen/xen-pvh.c +++ b/hw/i386/xen/xen-pvh.c @@ -115,6 +115,7 @@ static const TypeInfo xen_pvh_x86_machine_type =3D { .class_init =3D xen_pvh_machine_class_init, .instance_init =3D xen_pvh_instance_init, .instance_size =3D sizeof(XenPVHx86State), + .secure =3D true, }; =20 static void xen_pvh_machine_register_types(void) diff --git a/hw/i386/xen/xen_pvdevice.c b/hw/i386/xen/xen_pvdevice.c index 87a974ae5a..adf4948b9a 100644 --- a/hw/i386/xen/xen_pvdevice.c +++ b/hw/i386/xen/xen_pvdevice.c @@ -139,6 +139,7 @@ static const TypeInfo xen_pv_type_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(XenPVDevice), .class_init =3D xen_pv_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/xen/xen-pvh-common.c b/hw/xen/xen-pvh-common.c index b93ff80c85..5b1572f531 100644 --- a/hw/xen/xen-pvh-common.c +++ b/hw/xen/xen-pvh-common.c @@ -389,6 +389,7 @@ static const TypeInfo xen_pvh_info =3D { .instance_size =3D sizeof(XenPVHMachineState), .class_size =3D sizeof(XenPVHMachineClass), .class_init =3D xen_pvh_class_init, + .secure =3D true, }; =20 static void xen_pvh_register_types(void) diff --git a/hw/xenpv/xen_machine_pv.c b/hw/xenpv/xen_machine_pv.c index 99c02492ef..26a77ef007 100644 --- a/hw/xenpv/xen_machine_pv.c +++ b/hw/xenpv/xen_machine_pv.c @@ -69,4 +69,4 @@ static void xenpv_machine_init(MachineClass *mc) mc->default_machine_opts =3D "accel=3Dxen"; } =20 -DEFINE_MACHINE("xenpv", xenpv_machine_init) +DEFINE_SECURE_MACHINE("xenpv", xenpv_machine_init) --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895779; cv=none; d=zohomail.com; s=zohoarc; b=YIbQwVeNrR2MYcPyoGUnffh+Ffc6bOSw4CPM6QjlRqsmoh1ToP0AQ7CzmcbUnCouWZt9XAOJy6AAbMEToxsVPsrXnL2SS4sV88DNnM5FVoCAg+yuef9zjt4eJoTesig+h29GXmuAwe61SEaSxaJBEPtbeRv12iqRDhag23lNLkU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895779; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=IksbqDunM7GUnuKIwq4zv78Cl6Mo+yVwGg6DkmWCOXI=; b=B14wuXXlmi3/t6bulMYd0Kb18aaeUQNDWlaRm//C2GfzFblYCxVfplA6NjhhQZm0ak6OUsdwUzgVkl2un6C/D2bJfhMuDUpWhGXL4gyMdU982e03bjjmggDqtZkO8n/7EVFP6r9Dwe6xR7534cueeVwCPoEzQL9aPWDuWyd/2pI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17588957794711007.4842062091114; Fri, 26 Sep 2025 07:09:39 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v2931-0006eX-LW; Fri, 26 Sep 2025 10:03:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2930-0006ay-3E for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:42 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292q-0004nP-Ax for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:40 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-590-aHkI6jcyMoysqx-eTE2fNA-1; Fri, 26 Sep 2025 10:03:24 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 217E718004D8; Fri, 26 Sep 2025 14:03:23 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id A79911956095; Fri, 26 Sep 2025 14:03:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IksbqDunM7GUnuKIwq4zv78Cl6Mo+yVwGg6DkmWCOXI=; b=KO2LPKRqqfBJNuEqQE4EOMCnIXbMbJC4qNtcRN++cfSAa1/7cCLvFU8fri491TReCyEex1 EDMa2kfPF/dK7a0x/mjE3oiM+2VtHxMolZSehnzNkAgacpkpGu2BvLVeRiE9i4OHyVvIbJ q2tMzDBG9Ekd1gluCcKzg5pkvkUzE6E= X-MC-Unique: aHkI6jcyMoysqx-eTE2fNA-1 X-Mimecast-MFC-AGG-ID: aHkI6jcyMoysqx-eTE2fNA_1758895403 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 16/32] hw/core: declare 'none' machine to be insecure Date: Fri, 26 Sep 2025 15:01:27 +0100 Message-ID: <20250926140144.1998694-17-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895780863116600 This machine is currently intended for probing capabilities and thus is not expected to run guest workloads. In the future it might be possible to use it as a generic base from which to dynamically construct new machines, but today it has no need to be declared to be a secure machine. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/core/null-machine.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/core/null-machine.c b/hw/core/null-machine.c index a6e477a2d8..c2ff8b1b5b 100644 --- a/hw/core/null-machine.c +++ b/hw/core/null-machine.c @@ -55,4 +55,4 @@ static void machine_none_machine_init(MachineClass *mc) mc->no_cdrom =3D 1; } =20 -DEFINE_MACHINE("none", machine_none_machine_init) +DEFINE_INSECURE_MACHINE("none", machine_none_machine_init) --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895514; cv=none; d=zohomail.com; s=zohoarc; b=bEyzN3KmpWkaJZHWKN19Xkb0AJPRfTtk5TntPOa3jxSBmVZQcT4fKwTeqb8ROjr5CC0upuCp9L2P1qcYDqxpDmXuzopMMJUvZoCh6EsmRb20uwiZ8XHKlcHrVNpX7QwzPdUw2PL8XB/bWLmWXOjrdpqWTYPA6KXRG3w62wiTEj4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895514; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=fE5De4SjYRlCpVLxA+SQVwGwECmyEZ+H53iSXNQLIpI=; b=SvIh5f5lb0F7161GrEL955rP3luIlt5Dbeo6V3waxTifwEijQQYgW7RX6SHLcPALsKKZYPYZbSwsRuoL4rP75FGLvVKLaZ8Jo5T29eOtcub6/g0pjbWbupHzosNNdIH5KurKjdAnlvLsgUzROfn+AcJHoeUnbBQChQ6osaL1ExA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895514604740.0946073960259; Fri, 26 Sep 2025 07:05:14 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293A-0006ge-V0; Fri, 26 Sep 2025 10:03:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2935-0006fx-Iw for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:49 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2932-0004oz-2A for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:47 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-198-_o3dCpmAMIe2fMKNfYDkuA-1; Fri, 26 Sep 2025 10:03:35 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 6498C1800451; Fri, 26 Sep 2025 14:03:34 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7B8E81956095; Fri, 26 Sep 2025 14:03:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895419; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fE5De4SjYRlCpVLxA+SQVwGwECmyEZ+H53iSXNQLIpI=; b=aWtGQ+UZWlHvDyO4EgSL2onJcB30SO+IqDnJN4ypEP7kBUe3I1kLd3QDFRa7OdVd+xD4MN XXbhrbJ8W62MPKUNI74IIv0H4+qQiVRbCzccnTDuE6lDyefK5fLcTmEfEzFWDYQ+ayNTeI b3d6FW3q6popkqcyn6b2QxcfMwYEpnE= X-MC-Unique: _o3dCpmAMIe2fMKNfYDkuA-1 X-Mimecast-MFC-AGG-ID: _o3dCpmAMIe2fMKNfYDkuA_1758895414 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 17/32] accel: mark kvm, xen & hvf as secure; tcg & qtest as insecure Date: Fri, 26 Sep 2025 15:01:28 +0100 Message-ID: <20250926140144.1998694-18-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895516918116600 TCG is too complex to be considered to provide a security boundary for malicious guest workloads. QTest is only used for functional testing and thus is not relevant to mark secure. KVM, HVF and Xen, meanwhile are all servicing virtualization use cases which must provide security. Signed-off-by: Daniel P. Berrang=C3=A9 --- accel/accel-common.c | 1 + accel/accel-system.c | 1 + accel/accel-target.c | 1 + accel/hvf/hvf-accel-ops.c | 1 + accel/hvf/hvf-all.c | 1 + accel/kvm/kvm-accel-ops.c | 1 + accel/kvm/kvm-all.c | 1 + accel/qtest/qtest.c | 2 ++ accel/tcg/tcg-accel-ops.c | 1 + accel/tcg/tcg-all.c | 1 + accel/xen/xen-all.c | 2 ++ 11 files changed, 13 insertions(+) diff --git a/accel/accel-common.c b/accel/accel-common.c index 850c5ab4b8..cb44315f27 100644 --- a/accel/accel-common.c +++ b/accel/accel-common.c @@ -138,6 +138,7 @@ static const TypeInfo accel_types[] =3D { .class_size =3D sizeof(AccelClass), .instance_size =3D sizeof(AccelState), .abstract =3D true, + .secure =3D true, }, }; =20 diff --git a/accel/accel-system.c b/accel/accel-system.c index 1e97c64fdc..fbffcccbd6 100644 --- a/accel/accel-system.c +++ b/accel/accel-system.c @@ -114,6 +114,7 @@ static const TypeInfo accel_ops_type_info =3D { .name =3D TYPE_ACCEL_OPS, .parent =3D TYPE_OBJECT, .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(AccelOpsClass), .class_init =3D accel_ops_class_init, }; diff --git a/accel/accel-target.c b/accel/accel-target.c index 7fd392fbc4..6ea9386cb8 100644 --- a/accel/accel-target.c +++ b/accel/accel-target.c @@ -31,6 +31,7 @@ static const TypeInfo accel_cpu_type =3D { .parent =3D TYPE_OBJECT, .abstract =3D true, .class_size =3D sizeof(AccelCPUClass), + .secure =3D true, }; =20 static void register_accel_types(void) diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c index 8b794c2d41..e807103379 100644 --- a/accel/hvf/hvf-accel-ops.c +++ b/accel/hvf/hvf-accel-ops.c @@ -397,6 +397,7 @@ static const TypeInfo hvf_accel_ops_type =3D { .parent =3D TYPE_ACCEL_OPS, .class_init =3D hvf_accel_ops_class_init, .abstract =3D true, + .secure =3D true, }; =20 static void hvf_accel_ops_register_types(void) diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c index 0a4b498e83..1d49a59053 100644 --- a/accel/hvf/hvf-all.c +++ b/accel/hvf/hvf-all.c @@ -304,6 +304,7 @@ static const TypeInfo hvf_accel_type =3D { .parent =3D TYPE_ACCEL, .instance_size =3D sizeof(HVFState), .class_init =3D hvf_accel_class_init, + .secure =3D true, }; =20 static void hvf_type_init(void) diff --git a/accel/kvm/kvm-accel-ops.c b/accel/kvm/kvm-accel-ops.c index 8ed6945c2f..d4d30c311f 100644 --- a/accel/kvm/kvm-accel-ops.c +++ b/accel/kvm/kvm-accel-ops.c @@ -119,6 +119,7 @@ static const TypeInfo kvm_accel_ops_type =3D { .parent =3D TYPE_ACCEL_OPS, .class_init =3D kvm_accel_ops_class_init, .abstract =3D true, + .secure =3D true, }; =20 static void kvm_accel_ops_register_types(void) diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 9060599cd7..67f2172443 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -4066,6 +4066,7 @@ static const TypeInfo kvm_accel_type =3D { .instance_init =3D kvm_accel_instance_init, .class_init =3D kvm_accel_class_init, .instance_size =3D sizeof(KVMState), + .secure =3D true, }; =20 static void kvm_type_init(void) diff --git a/accel/qtest/qtest.c b/accel/qtest/qtest.c index 1d4337d698..44649b0ebb 100644 --- a/accel/qtest/qtest.c +++ b/accel/qtest/qtest.c @@ -58,6 +58,7 @@ static const TypeInfo qtest_accel_type =3D { .name =3D TYPE_QTEST_ACCEL, .parent =3D TYPE_ACCEL, .class_init =3D qtest_accel_class_init, + .secure =3D false, }; module_obj(TYPE_QTEST_ACCEL); =20 @@ -77,6 +78,7 @@ static const TypeInfo qtest_accel_ops_type =3D { .parent =3D TYPE_ACCEL_OPS, .class_init =3D qtest_accel_ops_class_init, .abstract =3D true, + .secure =3D false, }; module_obj(ACCEL_OPS_NAME("qtest")); =20 diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c index 3bd9800504..125017df29 100644 --- a/accel/tcg/tcg-accel-ops.c +++ b/accel/tcg/tcg-accel-ops.c @@ -239,6 +239,7 @@ static const TypeInfo tcg_accel_ops_type =3D { .parent =3D TYPE_ACCEL_OPS, .class_init =3D tcg_accel_ops_class_init, .abstract =3D true, + .secure =3D false, }; module_obj(ACCEL_OPS_NAME("tcg")); =20 diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c index 18ea0c58b0..3aab82b51b 100644 --- a/accel/tcg/tcg-all.c +++ b/accel/tcg/tcg-all.c @@ -296,6 +296,7 @@ static const TypeInfo tcg_accel_type =3D { .instance_init =3D tcg_accel_instance_init, .class_init =3D tcg_accel_class_init, .instance_size =3D sizeof(TCGState), + .secure =3D false, }; module_obj(TYPE_TCG_ACCEL); =20 diff --git a/accel/xen/xen-all.c b/accel/xen/xen-all.c index 97377d67d1..754a4099a4 100644 --- a/accel/xen/xen-all.c +++ b/accel/xen/xen-all.c @@ -147,6 +147,7 @@ static const TypeInfo xen_accel_type =3D { .name =3D TYPE_XEN_ACCEL, .parent =3D TYPE_ACCEL, .class_init =3D xen_accel_class_init, + .secure =3D true, }; =20 static void xen_accel_ops_class_init(ObjectClass *oc, const void *data) @@ -163,6 +164,7 @@ static const TypeInfo xen_accel_ops_type =3D { .parent =3D TYPE_ACCEL_OPS, .class_init =3D xen_accel_ops_class_init, .abstract =3D true, + .secure =3D true, }; =20 static void xen_type_init(void) --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895758; cv=none; d=zohomail.com; s=zohoarc; b=kjqWBBPvbqI+nL/S63UWxKYPiFgE/zpav0IEHiZ6Pn86bPqgkuYjf0vIQShtY2EBOOpvLHL4JHNBXqOoKzza0PrNO8gfzRe/OzGJDKF2i99MmEHnDj6tu4qCxms8n4dqRzoxFc8xcX8cpMKd0tRxXOU3ms8f8chsGppTBrtNmWw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895758; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=WzvJdoRpKjbbnlvFY+3uY75z5RpH1paQjQOZjP0sbEY=; b=XMitssxmuEvqPfzQ0TZOJJo4QmAvoFdecfpuBJGNfjUbkeOtREgADj5i2M09I9E87ogQcrMIJy4IsPe7ZsWIglAAEfwMiQ3w1P6rl3gqnZyeHRSll5/S+ml+Um738rdyEDkQUkJ11Vd6Lno9FQmVyrLO3pLFQdfHc/gROZPnet4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895758380354.6090095769331; Fri, 26 Sep 2025 07:09:18 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293M-0006n2-D7; Fri, 26 Sep 2025 10:04:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293I-0006ke-S8 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:00 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2936-0004pY-Ui for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:58 -0400 Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-368-FelZ0o6_OLCclBMHzXTQwg-1; Fri, 26 Sep 2025 10:03:41 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 303C119560AD; Fri, 26 Sep 2025 14:03:40 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 2DC5A19540EB; Fri, 26 Sep 2025 14:03:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895423; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WzvJdoRpKjbbnlvFY+3uY75z5RpH1paQjQOZjP0sbEY=; b=c64WU1zeo/3OK2xmx+Gv3v1yoPgqObr/7ywiMbJ89SkFQFByr4tv67fPHItnUbVuY5mnj3 GoBd11iGzoYM5z+dq5UeDm8Zgj4Fl9GH1x52Xg/FCZjXGEM6Y400lXPLHbeJcI9ud1TbgI RQzvyMNqiINCJ3rhZZWEeJt86rGmiF8= X-MC-Unique: FelZ0o6_OLCclBMHzXTQwg-1 X-Mimecast-MFC-AGG-ID: FelZ0o6_OLCclBMHzXTQwg_1758895420 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 18/32] hw: mark all virtio PCI devices as secure Date: Fri, 26 Sep 2025 15:01:29 +0100 Message-ID: <20250926140144.1998694-19-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895760661116601 These are all intended for use in a virtualization scenario and must provide a security boundary. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/display/virtio-gpu-pci-rutabaga.c | 1 + hw/display/virtio-gpu-pci.c | 3 ++- hw/virtio/virtio-pci.c | 3 +++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/hw/display/virtio-gpu-pci-rutabaga.c b/hw/display/virtio-gpu-p= ci-rutabaga.c index 5fdff37f2c..56e32e9f5b 100644 --- a/hw/display/virtio-gpu-pci-rutabaga.c +++ b/hw/display/virtio-gpu-pci-rutabaga.c @@ -34,6 +34,7 @@ static const TypeInfo virtio_gpu_rutabaga_pci_info[] =3D { .parent =3D TYPE_VIRTIO_GPU_PCI_BASE, .instance_size =3D sizeof(VirtIOGPURutabagaPCI), .instance_init =3D virtio_gpu_rutabaga_initfn, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/display/virtio-gpu-pci.c b/hw/display/virtio-gpu-pci.c index c0d71b6254..6c7cac7a25 100644 --- a/hw/display/virtio-gpu-pci.c +++ b/hw/display/virtio-gpu-pci.c @@ -75,7 +75,8 @@ static const TypeInfo virtio_gpu_pci_base_info =3D { .parent =3D TYPE_VIRTIO_PCI, .instance_size =3D sizeof(VirtIOGPUPCIBase), .class_init =3D virtio_gpu_pci_base_class_init, - .abstract =3D true + .abstract =3D true, + .secure =3D true, }; module_obj(TYPE_VIRTIO_GPU_PCI_BASE); module_kconfig(VIRTIO_PCI); diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c index 767216d795..f2f720792a 100644 --- a/hw/virtio/virtio-pci.c +++ b/hw/virtio/virtio-pci.c @@ -2494,6 +2494,7 @@ void virtio_pci_types_register(const VirtioPCIDeviceT= ypeInfo *t) .name =3D t->generic_name, .parent =3D base_type_info.name, .class_init =3D virtio_pci_generic_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -2529,6 +2530,7 @@ void virtio_pci_types_register(const VirtioPCIDeviceT= ypeInfo *t) .name =3D t->non_transitional_name, .parent =3D base_type_info.name, .instance_init =3D virtio_pci_non_transitional_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -2543,6 +2545,7 @@ void virtio_pci_types_register(const VirtioPCIDeviceT= ypeInfo *t) .name =3D t->transitional_name, .parent =3D base_type_info.name, .instance_init =3D virtio_pci_transitional_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { /* * Transitional virtio devices work only as Conventional P= CI --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895609; cv=none; d=zohomail.com; s=zohoarc; b=hQKFyxUM/sh5kiKfS3r/ow2zr9mKdgD1E9zcMICQTLEgALlPoZCBUS2fGdXEo9orkfCk01thNUvjd8kQBRjhpTcwiCWTGP4qbzyUA3jjrwzCacCUQn300BOoNgxjMfxtUjKFu/DRxt9BegpLVMB1iQpjRKSRncFx6Ba4WZR7crI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895609; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ea+0MhEY9iX2+yYiaaMVa1DUQB95GkrV93+grZ+Cioc=; b=GvimTWi37a6xbMGF9vfE2/XdcHRJcsY0DIulr7mewBQoj/monQRyBP5IDp1TRROY/r01Ywi9DKHSoJrMn1b3HMr8EbT9uAN/uK1xxZPpb3p6ibAmo9KhFH94rowqtszeJDOdNsm31vYy38Ox0dtBQHfs1YsA9SLHZ2b85O8++M0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895609339780.6023821668329; Fri, 26 Sep 2025 07:06:49 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293T-0006p1-Ve; Fri, 26 Sep 2025 10:04:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293N-0006nd-J0 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:05 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293A-0004qi-C3 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:04 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-214-MEJXisDkOzC7Cj_FeY2XMA-1; Fri, 26 Sep 2025 10:03:46 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id E8DB01800597; Fri, 26 Sep 2025 14:03:44 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 96F9A1956095; Fri, 26 Sep 2025 14:03:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895429; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ea+0MhEY9iX2+yYiaaMVa1DUQB95GkrV93+grZ+Cioc=; b=dw5x/81C76NeWjM7FrEulybCu+iKYySNRDQOj2/Pkto9nOo+yp2XCQekZksqKYbDeLAHou SWeNl6n717AJ/iK3r0kqR4omJvNBGK6FuKZt9NJ1BsZjoHFf6RvoZzQ+QjwJ5ssi9Hx2Wx 3MtgR8KBsZ6bWT8TjYSuyFGk6NPwBYo= X-MC-Unique: MEJXisDkOzC7Cj_FeY2XMA-1 X-Mimecast-MFC-AGG-ID: MEJXisDkOzC7Cj_FeY2XMA_1758895425 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 19/32] hw: mark all virtio CCW devices as secure Date: Fri, 26 Sep 2025 15:01:30 +0100 Message-ID: <20250926140144.1998694-20-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895610594116600 These are all intended for use in a virtualization scenario and must provide a security boundary. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/s390x/vhost-scsi-ccw.c | 1 + hw/s390x/vhost-user-fs-ccw.c | 1 + hw/s390x/vhost-vsock-ccw.c | 1 + hw/s390x/virtio-ccw-9p.c | 1 + hw/s390x/virtio-ccw-balloon.c | 1 + hw/s390x/virtio-ccw-blk.c | 1 + hw/s390x/virtio-ccw-crypto.c | 1 + hw/s390x/virtio-ccw-gpu.c | 1 + hw/s390x/virtio-ccw-input.c | 5 +++++ hw/s390x/virtio-ccw-md.c | 1 + hw/s390x/virtio-ccw-mem.c | 1 + hw/s390x/virtio-ccw-net.c | 1 + hw/s390x/virtio-ccw-rng.c | 1 + hw/s390x/virtio-ccw-scsi.c | 1 + hw/s390x/virtio-ccw-serial.c | 1 + hw/s390x/virtio-ccw.c | 1 + 16 files changed, 20 insertions(+) diff --git a/hw/s390x/vhost-scsi-ccw.c b/hw/s390x/vhost-scsi-ccw.c index 8341b23a95..2a16f8d06e 100644 --- a/hw/s390x/vhost-scsi-ccw.c +++ b/hw/s390x/vhost-scsi-ccw.c @@ -62,6 +62,7 @@ static const TypeInfo vhost_ccw_scsi =3D { .instance_size =3D sizeof(VHostSCSICcw), .instance_init =3D vhost_ccw_scsi_instance_init, .class_init =3D vhost_ccw_scsi_class_init, + .secure =3D true, }; =20 static void virtio_ccw_scsi_register(void) diff --git a/hw/s390x/vhost-user-fs-ccw.c b/hw/s390x/vhost-user-fs-ccw.c index cc1b8227fc..74c2ac288b 100644 --- a/hw/s390x/vhost-user-fs-ccw.c +++ b/hw/s390x/vhost-user-fs-ccw.c @@ -64,6 +64,7 @@ static const TypeInfo vhost_user_fs_ccw =3D { .instance_size =3D sizeof(VHostUserFSCcw), .instance_init =3D vhost_user_fs_ccw_instance_init, .class_init =3D vhost_user_fs_ccw_class_init, + .secure =3D true, }; =20 static void vhost_user_fs_ccw_register(void) diff --git a/hw/s390x/vhost-vsock-ccw.c b/hw/s390x/vhost-vsock-ccw.c index 552e9e86a4..60a286f6d5 100644 --- a/hw/s390x/vhost-vsock-ccw.c +++ b/hw/s390x/vhost-vsock-ccw.c @@ -71,6 +71,7 @@ static const TypeInfo vhost_vsock_ccw_info =3D { .instance_size =3D sizeof(VHostVSockCCWState), .instance_init =3D vhost_vsock_ccw_instance_init, .class_init =3D vhost_vsock_ccw_class_init, + .secure =3D true, }; =20 static void vhost_vsock_ccw_register(void) diff --git a/hw/s390x/virtio-ccw-9p.c b/hw/s390x/virtio-ccw-9p.c index 72bf6ec80c..72430b9897 100644 --- a/hw/s390x/virtio-ccw-9p.c +++ b/hw/s390x/virtio-ccw-9p.c @@ -64,6 +64,7 @@ static const TypeInfo virtio_ccw_9p_info =3D { .instance_size =3D sizeof(V9fsCCWState), .instance_init =3D virtio_ccw_9p_instance_init, .class_init =3D virtio_ccw_9p_class_init, + .secure =3D true, }; =20 static void virtio_ccw_9p_register(void) diff --git a/hw/s390x/virtio-ccw-balloon.c b/hw/s390x/virtio-ccw-balloon.c index 399b40f366..40425a5995 100644 --- a/hw/s390x/virtio-ccw-balloon.c +++ b/hw/s390x/virtio-ccw-balloon.c @@ -69,6 +69,7 @@ static const TypeInfo virtio_ccw_balloon =3D { .instance_size =3D sizeof(VirtIOBalloonCcw), .instance_init =3D virtio_ccw_balloon_instance_init, .class_init =3D virtio_ccw_balloon_class_init, + .secure =3D true, }; =20 static void virtio_ccw_balloon_register(void) diff --git a/hw/s390x/virtio-ccw-blk.c b/hw/s390x/virtio-ccw-blk.c index 7d8c4a75ce..a61da0f6d6 100644 --- a/hw/s390x/virtio-ccw-blk.c +++ b/hw/s390x/virtio-ccw-blk.c @@ -67,6 +67,7 @@ static const TypeInfo virtio_ccw_blk =3D { .instance_size =3D sizeof(VirtIOBlkCcw), .instance_init =3D virtio_ccw_blk_instance_init, .class_init =3D virtio_ccw_blk_class_init, + .secure =3D true, }; =20 static void virtio_ccw_blk_register(void) diff --git a/hw/s390x/virtio-ccw-crypto.c b/hw/s390x/virtio-ccw-crypto.c index 75e714603b..0903cc0c97 100644 --- a/hw/s390x/virtio-ccw-crypto.c +++ b/hw/s390x/virtio-ccw-crypto.c @@ -67,6 +67,7 @@ static const TypeInfo virtio_ccw_crypto =3D { .instance_size =3D sizeof(VirtIOCryptoCcw), .instance_init =3D virtio_ccw_crypto_instance_init, .class_init =3D virtio_ccw_crypto_class_init, + .secure =3D true, }; =20 static void virtio_ccw_crypto_register(void) diff --git a/hw/s390x/virtio-ccw-gpu.c b/hw/s390x/virtio-ccw-gpu.c index edb6a47d37..9f6170bcd4 100644 --- a/hw/s390x/virtio-ccw-gpu.c +++ b/hw/s390x/virtio-ccw-gpu.c @@ -66,6 +66,7 @@ static const TypeInfo virtio_ccw_gpu =3D { .instance_size =3D sizeof(VirtIOGPUCcw), .instance_init =3D virtio_ccw_gpu_instance_init, .class_init =3D virtio_ccw_gpu_class_init, + .secure =3D true, }; module_obj(TYPE_VIRTIO_GPU_CCW); module_kconfig(VIRTIO_CCW); diff --git a/hw/s390x/virtio-ccw-input.c b/hw/s390x/virtio-ccw-input.c index 2250d8cf98..f5e1a209d1 100644 --- a/hw/s390x/virtio-ccw-input.c +++ b/hw/s390x/virtio-ccw-input.c @@ -96,6 +96,7 @@ static const TypeInfo virtio_ccw_input =3D { .instance_size =3D sizeof(VirtIOInputCcw), .class_init =3D virtio_ccw_input_class_init, .abstract =3D true, + .secure =3D true, }; =20 static const TypeInfo virtio_ccw_input_hid =3D { @@ -103,6 +104,7 @@ static const TypeInfo virtio_ccw_input_hid =3D { .parent =3D TYPE_VIRTIO_INPUT_CCW, .instance_size =3D sizeof(VirtIOInputHIDCcw), .abstract =3D true, + .secure =3D true, }; =20 static const TypeInfo virtio_ccw_keyboard =3D { @@ -110,6 +112,7 @@ static const TypeInfo virtio_ccw_keyboard =3D { .parent =3D TYPE_VIRTIO_INPUT_HID_CCW, .instance_size =3D sizeof(VirtIOInputHIDCcw), .instance_init =3D virtio_ccw_keyboard_instance_init, + .secure =3D true, }; =20 static const TypeInfo virtio_ccw_mouse =3D { @@ -117,6 +120,7 @@ static const TypeInfo virtio_ccw_mouse =3D { .parent =3D TYPE_VIRTIO_INPUT_HID_CCW, .instance_size =3D sizeof(VirtIOInputHIDCcw), .instance_init =3D virtio_ccw_mouse_instance_init, + .secure =3D true, }; =20 static const TypeInfo virtio_ccw_tablet =3D { @@ -124,6 +128,7 @@ static const TypeInfo virtio_ccw_tablet =3D { .parent =3D TYPE_VIRTIO_INPUT_HID_CCW, .instance_size =3D sizeof(VirtIOInputHIDCcw), .instance_init =3D virtio_ccw_tablet_instance_init, + .secure =3D true, }; =20 static void virtio_ccw_input_register(void) diff --git a/hw/s390x/virtio-ccw-md.c b/hw/s390x/virtio-ccw-md.c index 0370f58450..9a0264efda 100644 --- a/hw/s390x/virtio-ccw-md.c +++ b/hw/s390x/virtio-ccw-md.c @@ -140,6 +140,7 @@ static const TypeInfo virtio_ccw_md_info =3D { .instance_size =3D sizeof(VirtIOMDCcw), .class_size =3D sizeof(VirtIOMDCcwClass), .abstract =3D true, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_MEMORY_DEVICE }, { } diff --git a/hw/s390x/virtio-ccw-mem.c b/hw/s390x/virtio-ccw-mem.c index daa485d189..719386cfa7 100644 --- a/hw/s390x/virtio-ccw-mem.c +++ b/hw/s390x/virtio-ccw-mem.c @@ -216,6 +216,7 @@ static const TypeInfo virtio_ccw_mem =3D { .instance_size =3D sizeof(VirtIOMEMCcw), .instance_init =3D virtio_ccw_mem_instance_init, .class_init =3D virtio_ccw_mem_class_init, + .secure =3D true, }; =20 static void virtio_ccw_mem_register_types(void) diff --git a/hw/s390x/virtio-ccw-net.c b/hw/s390x/virtio-ccw-net.c index a7d4afbeb9..b2ebc76000 100644 --- a/hw/s390x/virtio-ccw-net.c +++ b/hw/s390x/virtio-ccw-net.c @@ -70,6 +70,7 @@ static const TypeInfo virtio_ccw_net =3D { .instance_size =3D sizeof(VirtIONetCcw), .instance_init =3D virtio_ccw_net_instance_init, .class_init =3D virtio_ccw_net_class_init, + .secure =3D true, }; =20 static void virtio_ccw_net_register(void) diff --git a/hw/s390x/virtio-ccw-rng.c b/hw/s390x/virtio-ccw-rng.c index 3263287d45..6216cc76dc 100644 --- a/hw/s390x/virtio-ccw-rng.c +++ b/hw/s390x/virtio-ccw-rng.c @@ -66,6 +66,7 @@ static const TypeInfo virtio_ccw_rng =3D { .instance_size =3D sizeof(VirtIORNGCcw), .instance_init =3D virtio_ccw_rng_instance_init, .class_init =3D virtio_ccw_rng_class_init, + .secure =3D true, }; =20 static void virtio_ccw_rng_register(void) diff --git a/hw/s390x/virtio-ccw-scsi.c b/hw/s390x/virtio-ccw-scsi.c index 06b4c6c4a5..a9e99b5af1 100644 --- a/hw/s390x/virtio-ccw-scsi.c +++ b/hw/s390x/virtio-ccw-scsi.c @@ -76,6 +76,7 @@ static const TypeInfo virtio_ccw_scsi =3D { .instance_size =3D sizeof(VirtIOSCSICcw), .instance_init =3D virtio_ccw_scsi_instance_init, .class_init =3D virtio_ccw_scsi_class_init, + .secure =3D true, }; =20 static void virtio_ccw_scsi_register(void) diff --git a/hw/s390x/virtio-ccw-serial.c b/hw/s390x/virtio-ccw-serial.c index 0dac590c08..5ae7bb2f30 100644 --- a/hw/s390x/virtio-ccw-serial.c +++ b/hw/s390x/virtio-ccw-serial.c @@ -76,6 +76,7 @@ static const TypeInfo virtio_ccw_serial =3D { .instance_size =3D sizeof(VirtioSerialCcw), .instance_init =3D virtio_ccw_serial_instance_init, .class_init =3D virtio_ccw_serial_class_init, + .secure =3D true, }; =20 static void virtio_ccw_serial_register(void) diff --git a/hw/s390x/virtio-ccw.c b/hw/s390x/virtio-ccw.c index d2f85b39f3..5977357aa9 100644 --- a/hw/s390x/virtio-ccw.c +++ b/hw/s390x/virtio-ccw.c @@ -1249,6 +1249,7 @@ static const TypeInfo virtio_ccw_device_info =3D { .class_init =3D virtio_ccw_device_class_init, .class_size =3D sizeof(VirtIOCCWDeviceClass), .abstract =3D true, + .secure =3D true, }; =20 /* virtio-ccw-bus */ --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895922; cv=none; d=zohomail.com; s=zohoarc; b=RzWNcAdQRwMEnojqFrh7Z9kEZVnkuDnp3MKXdjytc26rVY07R0KsJ7uqJt4Qyx8htAz/7Olc0huoF2ohfV+gZci+DDwmhhJpLPDZ1LiI9W374UJOinW/Y8bdQmhPsmgkHIJhpQQWXZueOkZS5t5AvTV8cTqZY/p8Rg8zEPy5+HQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895922; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=0EG0UHxXlT7ifLJrFLKM9KqjYitx4zh2UVX0jlUVOoU=; b=eZAxmNCJgrB52Nob4budnrtE/qYD/R+Qyw04k1KGrARDDXqvsaydJDfxDlzzBbjDMG1Sf5ouD7Vih/fMnVVxtL5LOZgyS43KerR5MQkRrSb+8xdpilt/0Q/VA4XCrbwckh8RSj0UEblVtoUZs15ar03g2gCpOqXZFLaChtQRtVI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175889592228920.828694172367705; Fri, 26 Sep 2025 07:12:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293R-0006no-4Q; Fri, 26 Sep 2025 10:04:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293L-0006n4-JZ for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:03 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293E-0004rV-Fg for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:02 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-377-q_O02v1WPRuAbEuEFU9wcA-1; Fri, 26 Sep 2025 10:03:51 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 5ED49180057B; Fri, 26 Sep 2025 14:03:50 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 7BF8F1956095; Fri, 26 Sep 2025 14:03:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895433; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=0EG0UHxXlT7ifLJrFLKM9KqjYitx4zh2UVX0jlUVOoU=; b=G+Qc0flPW7ntgKpQz9GSFrFWUuvlOz/8mPH+vWzlKgI2CJeblu4WyRkNSC4HjOB4okmP/b ZdQuhVNV9kEzPBxxcePIJvdpMfBJqtBCXNnaq+PZhYSyt4v5SUL182ewCYhq0qXOSGu3wZ KOVJYeZv664j3QTaT2uwwM2m1AJ1xeM= X-MC-Unique: q_O02v1WPRuAbEuEFU9wcA-1 X-Mimecast-MFC-AGG-ID: q_O02v1WPRuAbEuEFU9wcA_1758895430 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 20/32] hw: mark all vhost devices a secure Date: Fri, 26 Sep 2025 15:01:31 +0100 Message-ID: <20250926140144.1998694-21-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895925042116600 These are all intended for use in a virtualization scenario and must provide a security boundary. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/block/vhost-user-blk.c | 1 + hw/display/vhost-user-gpu.c | 1 + hw/scsi/vhost-scsi.c | 1 + hw/scsi/vhost-user-scsi.c | 1 + hw/virtio/vhost-user-base.c | 3 ++- hw/virtio/vhost-user-device.c | 1 + hw/virtio/vhost-user-fs.c | 1 + hw/virtio/vhost-user-gpio.c | 1 + hw/virtio/vhost-user-i2c.c | 1 + hw/virtio/vhost-user-input.c | 1 + hw/virtio/vhost-user-rng.c | 1 + hw/virtio/vhost-user-scmi.c | 1 + hw/virtio/vhost-user-snd.c | 1 + hw/virtio/vhost-user-vsock.c | 1 + hw/virtio/vhost-vsock-common.c | 1 + hw/virtio/vhost-vsock.c | 1 + 16 files changed, 17 insertions(+), 1 deletion(-) diff --git a/hw/block/vhost-user-blk.c b/hw/block/vhost-user-blk.c index c0cc5f6942..dbe672c5c4 100644 --- a/hw/block/vhost-user-blk.c +++ b/hw/block/vhost-user-blk.c @@ -618,6 +618,7 @@ static const TypeInfo vhost_user_blk_info =3D { .instance_size =3D sizeof(VHostUserBlk), .instance_init =3D vhost_user_blk_instance_init, .class_init =3D vhost_user_blk_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/display/vhost-user-gpu.c b/hw/display/vhost-user-gpu.c index 9fc6bbcd2c..3fc6267c4f 100644 --- a/hw/display/vhost-user-gpu.c +++ b/hw/display/vhost-user-gpu.c @@ -694,6 +694,7 @@ static const TypeInfo vhost_user_gpu_info =3D { .instance_init =3D vhost_user_gpu_instance_init, .instance_finalize =3D vhost_user_gpu_instance_finalize, .class_init =3D vhost_user_gpu_class_init, + .secure =3D true, }; module_obj(TYPE_VHOST_USER_GPU); module_kconfig(VHOST_USER_GPU); diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c index cdf405b0f8..7b8aec50e6 100644 --- a/hw/scsi/vhost-scsi.c +++ b/hw/scsi/vhost-scsi.c @@ -401,6 +401,7 @@ static const TypeInfo vhost_scsi_info =3D { .instance_size =3D sizeof(VHostSCSI), .class_init =3D vhost_scsi_class_init, .instance_init =3D vhost_scsi_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_FW_PATH_PROVIDER }, { } diff --git a/hw/scsi/vhost-user-scsi.c b/hw/scsi/vhost-user-scsi.c index 25f2d894e7..0ce5436090 100644 --- a/hw/scsi/vhost-user-scsi.c +++ b/hw/scsi/vhost-user-scsi.c @@ -426,6 +426,7 @@ static const TypeInfo vhost_user_scsi_info =3D { .instance_size =3D sizeof(VHostUserSCSI), .class_init =3D vhost_user_scsi_class_init, .instance_init =3D vhost_user_scsi_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_FW_PATH_PROVIDER }, { } diff --git a/hw/virtio/vhost-user-base.c b/hw/virtio/vhost-user-base.c index ff67a020b4..626657ced3 100644 --- a/hw/virtio/vhost-user-base.c +++ b/hw/virtio/vhost-user-base.c @@ -372,7 +372,8 @@ static const TypeInfo vub_types[] =3D { .instance_size =3D sizeof(VHostUserBase), .class_init =3D vub_class_init, .class_size =3D sizeof(VHostUserBaseClass), - .abstract =3D true + .abstract =3D true, + .secure =3D true, } }; =20 diff --git a/hw/virtio/vhost-user-device.c b/hw/virtio/vhost-user-device.c index 3939bdf755..d2e80c9f09 100644 --- a/hw/virtio/vhost-user-device.c +++ b/hw/virtio/vhost-user-device.c @@ -53,6 +53,7 @@ static const TypeInfo vud_info =3D { .name =3D TYPE_VHOST_USER_DEVICE, .parent =3D TYPE_VHOST_USER_BASE, .class_init =3D vud_class_init, + .secure =3D true, }; =20 static void vu_register_types(void) diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c index e77c69eb12..6861e4ff33 100644 --- a/hw/virtio/vhost-user-fs.c +++ b/hw/virtio/vhost-user-fs.c @@ -447,6 +447,7 @@ static const TypeInfo vuf_info =3D { .instance_size =3D sizeof(VHostUserFS), .instance_init =3D vuf_instance_init, .class_init =3D vuf_class_init, + .secure =3D true, }; =20 static void vuf_register_types(void) diff --git a/hw/virtio/vhost-user-gpio.c b/hw/virtio/vhost-user-gpio.c index a7fd49b10a..47b9d685a2 100644 --- a/hw/virtio/vhost-user-gpio.c +++ b/hw/virtio/vhost-user-gpio.c @@ -53,6 +53,7 @@ static const TypeInfo vu_gpio_info =3D { .parent =3D TYPE_VHOST_USER_BASE, .instance_size =3D sizeof(VHostUserGPIO), .class_init =3D vu_gpio_class_init, + .secure =3D true, }; =20 static void vu_gpio_register_types(void) diff --git a/hw/virtio/vhost-user-i2c.c b/hw/virtio/vhost-user-i2c.c index ae007fe97d..6e7558bc85 100644 --- a/hw/virtio/vhost-user-i2c.c +++ b/hw/virtio/vhost-user-i2c.c @@ -53,6 +53,7 @@ static const TypeInfo vu_i2c_info =3D { .parent =3D TYPE_VHOST_USER_BASE, .instance_size =3D sizeof(VHostUserI2C), .class_init =3D vu_i2c_class_init, + .secure =3D true, }; =20 static void vu_i2c_register_types(void) diff --git a/hw/virtio/vhost-user-input.c b/hw/virtio/vhost-user-input.c index 5cfc5bbb56..a850e3770e 100644 --- a/hw/virtio/vhost-user-input.c +++ b/hw/virtio/vhost-user-input.c @@ -47,6 +47,7 @@ static const TypeInfo vhost_input_info =3D { .parent =3D TYPE_VHOST_USER_BASE, .instance_size =3D sizeof(VHostUserInput), .class_init =3D vhost_input_class_init, + .secure =3D true, }; =20 static void vhost_input_register_types(void) diff --git a/hw/virtio/vhost-user-rng.c b/hw/virtio/vhost-user-rng.c index 61dadcda05..5ebae80635 100644 --- a/hw/virtio/vhost-user-rng.c +++ b/hw/virtio/vhost-user-rng.c @@ -55,6 +55,7 @@ static const TypeInfo vu_rng_info =3D { .parent =3D TYPE_VHOST_USER_BASE, .instance_size =3D sizeof(VHostUserRNG), .class_init =3D vu_rng_class_init, + .secure =3D true, }; =20 static void vu_rng_register_types(void) diff --git a/hw/virtio/vhost-user-scmi.c b/hw/virtio/vhost-user-scmi.c index f9264c4374..565618d7aa 100644 --- a/hw/virtio/vhost-user-scmi.c +++ b/hw/virtio/vhost-user-scmi.c @@ -305,6 +305,7 @@ static const TypeInfo vu_scmi_info =3D { .parent =3D TYPE_VIRTIO_DEVICE, .instance_size =3D sizeof(VHostUserSCMI), .class_init =3D vu_scmi_class_init, + .secure =3D true, }; =20 static void vu_scmi_register_types(void) diff --git a/hw/virtio/vhost-user-snd.c b/hw/virtio/vhost-user-snd.c index 732411c655..d79e7d037c 100644 --- a/hw/virtio/vhost-user-snd.c +++ b/hw/virtio/vhost-user-snd.c @@ -72,6 +72,7 @@ static const TypeInfo vu_snd_info =3D { .parent =3D TYPE_VHOST_USER_BASE, .instance_size =3D sizeof(VHostUserSound), .class_init =3D vu_snd_class_init, + .secure =3D true, }; =20 static void vu_snd_register_types(void) diff --git a/hw/virtio/vhost-user-vsock.c b/hw/virtio/vhost-user-vsock.c index 993c287348..a430d07a55 100644 --- a/hw/virtio/vhost-user-vsock.c +++ b/hw/virtio/vhost-user-vsock.c @@ -175,6 +175,7 @@ static const TypeInfo vuv_info =3D { .parent =3D TYPE_VHOST_VSOCK_COMMON, .instance_size =3D sizeof(VHostUserVSock), .class_init =3D vuv_class_init, + .secure =3D true, }; =20 static void vuv_register_types(void) diff --git a/hw/virtio/vhost-vsock-common.c b/hw/virtio/vhost-vsock-common.c index c6c44d8989..d06d2342d9 100644 --- a/hw/virtio/vhost-vsock-common.c +++ b/hw/virtio/vhost-vsock-common.c @@ -308,6 +308,7 @@ static const TypeInfo vhost_vsock_common_info =3D { .instance_size =3D sizeof(VHostVSockCommon), .class_init =3D vhost_vsock_common_class_init, .abstract =3D true, + .secure =3D true, }; =20 static void vhost_vsock_common_register_types(void) diff --git a/hw/virtio/vhost-vsock.c b/hw/virtio/vhost-vsock.c index 107d88babe..0fefe94b52 100644 --- a/hw/virtio/vhost-vsock.c +++ b/hw/virtio/vhost-vsock.c @@ -226,6 +226,7 @@ static const TypeInfo vhost_vsock_info =3D { .parent =3D TYPE_VHOST_VSOCK_COMMON, .instance_size =3D sizeof(VHostVSock), .class_init =3D vhost_vsock_class_init, + .secure =3D true, }; =20 static void vhost_vsock_register_types(void) --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895553; cv=none; d=zohomail.com; s=zohoarc; b=ilO/KmOmciLZRHW4lBTLYC2MjAZTX+EnDaGVxYnl/NS3b7hncxxGyt6C9H9UFBgg0eyzdOc/gl68Qzk4SpOWIX2vDIgBDubovgx5CHvfSuAPvaWMOO/LmGaXX2y5tRWdC6fPlz+AJxZ1wxKzd2NbDheVp2HBY8aTVi5wdkVwrEk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895553; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=rj/VuFsAHHTHPZ2krXAd5tToKOZEOM+84xihKMK/wAo=; b=gzAwfun/svkerFPZ65TvnE000DtaRL3l3hm6lDunbq3E0ELgmrFmR9YLKgHGKN0+zbslaMMmwYgsuYyWvBukYu8s/134OGPw/XJiplidHLtSHq+yQs/HZJRW0DsSEPubuO6jyNtKGi3POnnCqKd6lYvjDasDKA5ZfTKn4urYmMA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175889555378489.17481244379007; Fri, 26 Sep 2025 07:05:53 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293c-0006su-C5; Fri, 26 Sep 2025 10:04:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293a-0006r6-69 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:18 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293L-0004sZ-ES for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:16 -0400 Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-441-7k9jwbjhNASmTTrtGWfNVA-1; Fri, 26 Sep 2025 10:03:55 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0E6601955D6E; Fri, 26 Sep 2025 14:03:54 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E86861956095; Fri, 26 Sep 2025 14:03:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895439; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=rj/VuFsAHHTHPZ2krXAd5tToKOZEOM+84xihKMK/wAo=; b=Ezw0XCTCG9ScoHAikNl6hEcnIQnMyEXDnjKiuWMdjxrskg+kOjvLCTezc4LB1XlVtpMYHe agydHnlYbzGO2LBa0Fvyvj1I3EqXsR5Ie63l920m1aFWk6doiTQVtuXfKE/F4FDIPCjgaD APNyR+PfFOpkVpdZTrdrWL/LBr0tAwg= X-MC-Unique: 7k9jwbjhNASmTTrtGWfNVA-1 X-Mimecast-MFC-AGG-ID: 7k9jwbjhNASmTTrtGWfNVA_1758895434 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 21/32] hw: mark all remaining virtio object types as secure Date: Fri, 26 Sep 2025 15:01:32 +0100 Message-ID: <20250926140144.1998694-22-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895555833116600 These are all intended for use in a virtualization scenario and must provide a security boundary. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/9pfs/virtio-9p-device.c | 1 + hw/audio/virtio-snd.c | 1 + hw/block/virtio-blk.c | 1 + hw/char/virtio-console.c | 2 ++ hw/char/virtio-serial-bus.c | 3 +++ hw/display/virtio-gpu-base.c | 3 ++- hw/display/virtio-gpu-gl.c | 1 + hw/display/virtio-gpu-rutabaga.c | 1 + hw/display/virtio-gpu.c | 1 + hw/input/virtio-input-hid.c | 5 +++++ hw/input/virtio-input-host.c | 1 + hw/input/virtio-input.c | 1 + hw/scsi/virtio-scsi.c | 2 ++ hw/virtio/vdpa-dev.c | 1 + hw/virtio/virtio-balloon.c | 1 + hw/virtio/virtio-bus.c | 1 + hw/virtio/virtio-crypto.c | 1 + hw/virtio/virtio-input-pci.c | 2 ++ hw/virtio/virtio-iommu.c | 2 ++ hw/virtio/virtio-md-pci.c | 1 + hw/virtio/virtio-mem.c | 1 + hw/virtio/virtio-mmio.c | 2 ++ hw/virtio/virtio-nsm.c | 1 + hw/virtio/virtio-pmem.c | 1 + hw/virtio/virtio-rng.c | 1 + 25 files changed, 37 insertions(+), 1 deletion(-) diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c index 81b91e47c6..f5d7017d2e 100644 --- a/hw/9pfs/virtio-9p-device.c +++ b/hw/9pfs/virtio-9p-device.c @@ -268,6 +268,7 @@ static const TypeInfo virtio_device_info =3D { .parent =3D TYPE_VIRTIO_DEVICE, .instance_size =3D sizeof(V9fsVirtioState), .class_init =3D virtio_9p_class_init, + .secure =3D true, }; =20 static void virtio_9p_register_types(void) diff --git a/hw/audio/virtio-snd.c b/hw/audio/virtio-snd.c index eca3319e59..166f82f78f 100644 --- a/hw/audio/virtio-snd.c +++ b/hw/audio/virtio-snd.c @@ -1386,6 +1386,7 @@ static const TypeInfo virtio_snd_types[] =3D { .parent =3D TYPE_VIRTIO_DEVICE, .instance_size =3D sizeof(VirtIOSound), .class_init =3D virtio_snd_class_init, + .secure =3D true, } }; =20 diff --git a/hw/block/virtio-blk.c b/hw/block/virtio-blk.c index 9bab2716c1..e560d021a7 100644 --- a/hw/block/virtio-blk.c +++ b/hw/block/virtio-blk.c @@ -1915,6 +1915,7 @@ static const TypeInfo virtio_blk_info =3D { .instance_init =3D virtio_blk_instance_init, .class_init =3D virtio_blk_class_init, .class_size =3D sizeof(VirtIOBlkClass), + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/char/virtio-console.c b/hw/char/virtio-console.c index 0932a3572b..3732b441e8 100644 --- a/hw/char/virtio-console.c +++ b/hw/char/virtio-console.c @@ -272,6 +272,7 @@ static const TypeInfo virtconsole_info =3D { .name =3D "virtconsole", .parent =3D TYPE_VIRTIO_CONSOLE_SERIAL_PORT, .class_init =3D virtconsole_class_init, + .secure =3D true, }; =20 static const Property virtserialport_properties[] =3D { @@ -297,6 +298,7 @@ static const TypeInfo virtserialport_info =3D { .parent =3D TYPE_VIRTIO_SERIAL_PORT, .instance_size =3D sizeof(VirtConsole), .class_init =3D virtserialport_class_init, + .secure =3D true, }; =20 static void virtconsole_register_types(void) diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c index 673c50f0be..56577f91df 100644 --- a/hw/char/virtio-serial-bus.c +++ b/hw/char/virtio-serial-bus.c @@ -852,6 +852,7 @@ static const TypeInfo virtser_bus_info =3D { .parent =3D TYPE_BUS, .instance_size =3D sizeof(VirtIOSerialBus), .class_init =3D virtser_bus_class_init, + .secure =3D true, }; =20 static void virtser_bus_dev_print(Monitor *mon, DeviceState *qdev, int ind= ent) @@ -1109,6 +1110,7 @@ static const TypeInfo virtio_serial_port_type_info = =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(VirtIOSerialPort), .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(VirtIOSerialPortClass), .class_init =3D virtio_serial_port_class_init, }; @@ -1189,6 +1191,7 @@ static const TypeInfo virtio_device_info =3D { .parent =3D TYPE_VIRTIO_DEVICE, .instance_size =3D sizeof(VirtIOSerial), .class_init =3D virtio_serial_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { } diff --git a/hw/display/virtio-gpu-base.c b/hw/display/virtio-gpu-base.c index 7269477a1c..c593ab146c 100644 --- a/hw/display/virtio-gpu-base.c +++ b/hw/display/virtio-gpu-base.c @@ -308,7 +308,8 @@ static const TypeInfo virtio_gpu_base_info =3D { .instance_size =3D sizeof(VirtIOGPUBase), .class_size =3D sizeof(VirtIOGPUBaseClass), .class_init =3D virtio_gpu_base_class_init, - .abstract =3D true + .abstract =3D true, + .secure =3D true, }; module_obj(TYPE_VIRTIO_GPU_BASE); module_kconfig(VIRTIO_GPU); diff --git a/hw/display/virtio-gpu-gl.c b/hw/display/virtio-gpu-gl.c index c06a078fb3..38a27e5459 100644 --- a/hw/display/virtio-gpu-gl.c +++ b/hw/display/virtio-gpu-gl.c @@ -205,6 +205,7 @@ static const TypeInfo virtio_gpu_gl_info =3D { .parent =3D TYPE_VIRTIO_GPU, .instance_size =3D sizeof(VirtIOGPUGL), .class_init =3D virtio_gpu_gl_class_init, + .secure =3D true, }; module_obj(TYPE_VIRTIO_GPU_GL); module_kconfig(VIRTIO_GPU); diff --git a/hw/display/virtio-gpu-rutabaga.c b/hw/display/virtio-gpu-rutab= aga.c index ed5ae52acb..d0b86f49c1 100644 --- a/hw/display/virtio-gpu-rutabaga.c +++ b/hw/display/virtio-gpu-rutabaga.c @@ -1132,6 +1132,7 @@ static const TypeInfo virtio_gpu_rutabaga_info[] =3D { .parent =3D TYPE_VIRTIO_GPU, .instance_size =3D sizeof(VirtIOGPURutabaga), .class_init =3D virtio_gpu_rutabaga_class_init, + .secure =3D true, }, }; =20 diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 0a1a625b0e..0fcefa1f0b 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -1713,6 +1713,7 @@ static const TypeInfo virtio_gpu_info =3D { .instance_size =3D sizeof(VirtIOGPU), .class_size =3D sizeof(VirtIOGPUClass), .class_init =3D virtio_gpu_class_init, + .secure =3D true, }; module_obj(TYPE_VIRTIO_GPU); module_kconfig(VIRTIO_GPU); diff --git a/hw/input/virtio-input-hid.c b/hw/input/virtio-input-hid.c index d986c3c16e..aa475641f6 100644 --- a/hw/input/virtio-input-hid.c +++ b/hw/input/virtio-input-hid.c @@ -260,6 +260,7 @@ static const TypeInfo virtio_input_hid_info =3D { .instance_size =3D sizeof(VirtIOInputHID), .class_init =3D virtio_input_hid_class_init, .abstract =3D true, + .secure =3D true, }; =20 /* ----------------------------------------------------------------- */ @@ -317,6 +318,7 @@ static const TypeInfo virtio_keyboard_info =3D { .parent =3D TYPE_VIRTIO_INPUT_HID, .instance_size =3D sizeof(VirtIOInputHID), .instance_init =3D virtio_keyboard_init, + .secure =3D true, }; =20 /* ----------------------------------------------------------------- */ @@ -410,6 +412,7 @@ static const TypeInfo virtio_mouse_info =3D { .instance_size =3D sizeof(VirtIOInputHID), .instance_init =3D virtio_mouse_init, .class_init =3D virtio_mouse_class_init, + .secure =3D true, }; =20 /* ----------------------------------------------------------------- */ @@ -534,6 +537,7 @@ static const TypeInfo virtio_tablet_info =3D { .instance_size =3D sizeof(VirtIOInputHID), .instance_init =3D virtio_tablet_init, .class_init =3D virtio_tablet_class_init, + .secure =3D true, }; =20 /* ----------------------------------------------------------------- */ @@ -619,6 +623,7 @@ static const TypeInfo virtio_multitouch_info =3D { .parent =3D TYPE_VIRTIO_INPUT_HID, .instance_size =3D sizeof(VirtIOInputHID), .instance_init =3D virtio_multitouch_init, + .secure =3D true, }; =20 /* ----------------------------------------------------------------- */ diff --git a/hw/input/virtio-input-host.c b/hw/input/virtio-input-host.c index 9f62532559..46db99eeb7 100644 --- a/hw/input/virtio-input-host.c +++ b/hw/input/virtio-input-host.c @@ -248,6 +248,7 @@ static const TypeInfo virtio_input_host_info =3D { .instance_size =3D sizeof(VirtIOInputHost), .instance_init =3D virtio_input_host_init, .class_init =3D virtio_input_host_class_init, + .secure =3D true, }; =20 /* ----------------------------------------------------------------- */ diff --git a/hw/input/virtio-input.c b/hw/input/virtio-input.c index a3f554f211..3bddcfc168 100644 --- a/hw/input/virtio-input.c +++ b/hw/input/virtio-input.c @@ -329,6 +329,7 @@ static const TypeInfo virtio_input_info =3D { .class_size =3D sizeof(VirtIOInputClass), .class_init =3D virtio_input_class_init, .abstract =3D true, + .secure =3D true, .instance_finalize =3D virtio_input_finalize, }; =20 diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c index 34ae14f7bf..7b91663a40 100644 --- a/hw/scsi/virtio-scsi.c +++ b/hw/scsi/virtio-scsi.c @@ -1430,6 +1430,7 @@ static const TypeInfo virtio_scsi_common_info =3D { .parent =3D TYPE_VIRTIO_DEVICE, .instance_size =3D sizeof(VirtIOSCSICommon), .abstract =3D true, + .secure =3D true, .class_init =3D virtio_scsi_common_class_init, }; =20 @@ -1438,6 +1439,7 @@ static const TypeInfo virtio_scsi_info =3D { .parent =3D TYPE_VIRTIO_SCSI_COMMON, .instance_size =3D sizeof(VirtIOSCSI), .class_init =3D virtio_scsi_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { } diff --git a/hw/virtio/vdpa-dev.c b/hw/virtio/vdpa-dev.c index d1da40afc8..a8c5375f5d 100644 --- a/hw/virtio/vdpa-dev.c +++ b/hw/virtio/vdpa-dev.c @@ -385,6 +385,7 @@ static const TypeInfo vhost_vdpa_device_info =3D { .instance_size =3D sizeof(VhostVdpaDevice), .class_init =3D vhost_vdpa_device_class_init, .instance_init =3D vhost_vdpa_device_instance_init, + .secure =3D true, }; =20 static void register_vhost_vdpa_device_type(void) diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c index db787d00b3..51f261dd32 100644 --- a/hw/virtio/virtio-balloon.c +++ b/hw/virtio/virtio-balloon.c @@ -1087,6 +1087,7 @@ static const TypeInfo virtio_balloon_info =3D { .instance_size =3D sizeof(VirtIOBalloon), .instance_init =3D virtio_balloon_instance_init, .class_init =3D virtio_balloon_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/virtio/virtio-bus.c b/hw/virtio/virtio-bus.c index 11adfbf3ab..2efc0e306f 100644 --- a/hw/virtio/virtio-bus.c +++ b/hw/virtio/virtio-bus.c @@ -360,6 +360,7 @@ static const TypeInfo virtio_bus_info =3D { .parent =3D TYPE_BUS, .instance_size =3D sizeof(VirtioBusState), .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(VirtioBusClass), .class_init =3D virtio_bus_class_init }; diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c index 517f2089c5..e0bec9d6ee 100644 --- a/hw/virtio/virtio-crypto.c +++ b/hw/virtio/virtio-crypto.c @@ -1301,6 +1301,7 @@ static const TypeInfo virtio_crypto_info =3D { .instance_size =3D sizeof(VirtIOCrypto), .instance_init =3D virtio_crypto_instance_init, .class_init =3D virtio_crypto_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/virtio/virtio-input-pci.c b/hw/virtio/virtio-input-pci.c index 3be5358b4c..1ce9b28d8b 100644 --- a/hw/virtio/virtio-input-pci.c +++ b/hw/virtio/virtio-input-pci.c @@ -117,6 +117,7 @@ static const TypeInfo virtio_input_pci_info =3D { .instance_size =3D sizeof(VirtIOInputPCI), .class_init =3D virtio_input_pci_class_init, .abstract =3D true, + .secure =3D true, }; =20 static const TypeInfo virtio_input_hid_pci_info =3D { @@ -124,6 +125,7 @@ static const TypeInfo virtio_input_hid_pci_info =3D { .parent =3D TYPE_VIRTIO_INPUT_PCI, .instance_size =3D sizeof(VirtIOInputHIDPCI), .abstract =3D true, + .secure =3D true, }; =20 static const VirtioPCIDeviceTypeInfo virtio_keyboard_pci_info =3D { diff --git a/hw/virtio/virtio-iommu.c b/hw/virtio/virtio-iommu.c index 3500f1b082..fa46f4129f 100644 --- a/hw/virtio/virtio-iommu.c +++ b/hw/virtio/virtio-iommu.c @@ -1706,12 +1706,14 @@ static const TypeInfo virtio_iommu_info =3D { .instance_size =3D sizeof(VirtIOIOMMU), .instance_init =3D virtio_iommu_instance_init, .class_init =3D virtio_iommu_class_init, + .secure =3D true, }; =20 static const TypeInfo virtio_iommu_memory_region_info =3D { .parent =3D TYPE_IOMMU_MEMORY_REGION, .name =3D TYPE_VIRTIO_IOMMU_MEMORY_REGION, .class_init =3D virtio_iommu_memory_region_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/virtio/virtio-md-pci.c b/hw/virtio/virtio-md-pci.c index 9278b32cf8..9eefb84daa 100644 --- a/hw/virtio/virtio-md-pci.c +++ b/hw/virtio/virtio-md-pci.c @@ -138,6 +138,7 @@ static const TypeInfo virtio_md_pci_info =3D { .instance_size =3D sizeof(VirtIOMDPCI), .class_size =3D sizeof(VirtIOMDPCIClass), .abstract =3D true, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_MEMORY_DEVICE }, { } diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c index c46f6f9c3e..a444b9dfff 100644 --- a/hw/virtio/virtio-mem.c +++ b/hw/virtio/virtio-mem.c @@ -1888,6 +1888,7 @@ static const TypeInfo virtio_mem_info =3D { .instance_finalize =3D virtio_mem_instance_finalize, .class_init =3D virtio_mem_class_init, .class_size =3D sizeof(VirtIOMEMClass), + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_RAM_DISCARD_MANAGER }, { } diff --git a/hw/virtio/virtio-mmio.c b/hw/virtio/virtio-mmio.c index 532c67107b..1e3d949304 100644 --- a/hw/virtio/virtio-mmio.c +++ b/hw/virtio/virtio-mmio.c @@ -799,6 +799,7 @@ static const TypeInfo virtio_mmio_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(VirtIOMMIOProxy), .class_init =3D virtio_mmio_class_init, + .secure =3D true, }; =20 /* virtio-mmio-bus. */ @@ -881,6 +882,7 @@ static const TypeInfo virtio_mmio_bus_info =3D { .parent =3D TYPE_VIRTIO_BUS, .instance_size =3D sizeof(VirtioBusState), .class_init =3D virtio_mmio_bus_class_init, + .secure =3D true, }; =20 static void virtio_mmio_register_types(void) diff --git a/hw/virtio/virtio-nsm.c b/hw/virtio/virtio-nsm.c index 3bf5e7009a..099342f379 100644 --- a/hw/virtio/virtio-nsm.c +++ b/hw/virtio/virtio-nsm.c @@ -1727,6 +1727,7 @@ static const TypeInfo virtio_nsm_info =3D { .parent =3D TYPE_VIRTIO_DEVICE, .instance_size =3D sizeof(VirtIONSM), .class_init =3D virtio_nsm_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/virtio/virtio-pmem.c b/hw/virtio/virtio-pmem.c index 3416ea1827..6e62efadf0 100644 --- a/hw/virtio/virtio-pmem.c +++ b/hw/virtio/virtio-pmem.c @@ -185,6 +185,7 @@ static const TypeInfo virtio_pmem_info =3D { .class_size =3D sizeof(VirtIOPMEMClass), .class_init =3D virtio_pmem_class_init, .instance_size =3D sizeof(VirtIOPMEM), + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/virtio/virtio-rng.c b/hw/virtio/virtio-rng.c index 3df5d2576e..dec7bade7f 100644 --- a/hw/virtio/virtio-rng.c +++ b/hw/virtio/virtio-rng.c @@ -280,6 +280,7 @@ static const TypeInfo virtio_rng_info =3D { .parent =3D TYPE_VIRTIO_DEVICE, .instance_size =3D sizeof(VirtIORNG), .class_init =3D virtio_rng_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758896621; cv=none; d=zohomail.com; s=zohoarc; b=ORtjyPDzoxW6NUYfNubEnjyncxo9K3Sk02NGQZ4A5b47TkmRW5nGmAG73tfV2qJoGmCqu/on78IRc5b0nDrZ9oOBSEYTrPk1bR5h63qKS/87dcMbJuDGgQsDrXH1eJfD4Ko2iIZKJejCFVMNcw6FTMoyoL3/aXGQKraCLO9U7YQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758896621; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=IaduB1l9EVSWfjwC3wQO3lTWrvM0XkEeEU8nymRvCOk=; b=RxwIqtXz/FAhk2Yy6mfIHHKiThZUMZyG+D8Z8k+DFarewYextd0uSS2Y9WR5fWgaZA6y9nyZkBkfirr+AF5kVmKoJb00gv1x0+OWO8+q8qNntNTMfJXFK/zOowYjGmbvG3JfhIg7jf6gFHYMHYFrrwyewdb0e4XWF1rIkSEVClo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175889662101027.720022656163906; Fri, 26 Sep 2025 07:23:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293g-0006vi-Dq; Fri, 26 Sep 2025 10:04:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293c-0006sz-TX for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:20 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293P-0004sv-AZ for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:20 -0400 Received: from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-295-ZWl2oFHiO1abbyBF9vcApg-1; Fri, 26 Sep 2025 10:03:58 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 99220195E916; Fri, 26 Sep 2025 14:03:57 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 8228D195419F; Fri, 26 Sep 2025 14:03:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895442; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IaduB1l9EVSWfjwC3wQO3lTWrvM0XkEeEU8nymRvCOk=; b=HMZDEFxcIPnPY8J3LUHSdq16BIogTZFN+dqBXbGRFa38P5AexQsi561xGZQqgahQVh8GY8 qRf1wGJ3Wa4i6ut5Rbs/QyAq5miQtc83uG8dIXenhSS31lwmH3sOetDhu6qmC9DxdpNGSy vKEoMOexJrP5Ka/qfjvT6FOcWAzdFCs= X-MC-Unique: ZWl2oFHiO1abbyBF9vcApg-1 X-Mimecast-MFC-AGG-ID: ZWl2oFHiO1abbyBF9vcApg_1758895437 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 22/32] hw/vfio: mark all VFIO object classes as secure Date: Fri, 26 Sep 2025 15:01:33 +0100 Message-ID: <20250926140144.1998694-23-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758896621681116600 The VFIO subsystem is about securely passing host PCI devices to a guest, so all the classes should be presumed to be offering a security boundary. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/vfio/ap.c | 1 + hw/vfio/ccw.c | 1 + hw/vfio/container.c | 2 ++ hw/vfio/igd.c | 1 + hw/vfio/iommufd.c | 2 ++ hw/vfio/pci.c | 3 +++ hw/vfio/spapr.c | 1 + 7 files changed, 11 insertions(+) diff --git a/hw/vfio/ap.c b/hw/vfio/ap.c index 7719f24579..811866876c 100644 --- a/hw/vfio/ap.c +++ b/hw/vfio/ap.c @@ -361,6 +361,7 @@ static const TypeInfo vfio_ap_info =3D { .instance_size =3D sizeof(VFIOAPDevice), .instance_init =3D vfio_ap_instance_init, .class_init =3D vfio_ap_class_init, + .secure =3D true, }; =20 static void vfio_ap_type_init(void) diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c index 9560b8d851..bddeb5dffd 100644 --- a/hw/vfio/ccw.c +++ b/hw/vfio/ccw.c @@ -729,6 +729,7 @@ static const TypeInfo vfio_ccw_info =3D { .instance_size =3D sizeof(VFIOCCWDevice), .instance_init =3D vfio_ccw_instance_init, .class_init =3D vfio_ccw_class_init, + .secure =3D true, }; =20 static void register_vfio_ccw_type(void) diff --git a/hw/vfio/container.c b/hw/vfio/container.c index 030c6d3f89..a4d89cadcc 100644 --- a/hw/vfio/container.c +++ b/hw/vfio/container.c @@ -1265,10 +1265,12 @@ static const TypeInfo types[] =3D { .instance_init =3D vfio_iommu_legacy_instance_init, .instance_size =3D sizeof(VFIOContainer), .class_init =3D vfio_iommu_legacy_class_init, + .secure =3D true, }, { .name =3D TYPE_HOST_IOMMU_DEVICE_LEGACY_VFIO, .parent =3D TYPE_HOST_IOMMU_DEVICE, .class_init =3D hiod_legacy_vfio_class_init, + .secure =3D true, } }; =20 diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c index 4bfa2e0fcd..53d7dea87e 100644 --- a/hw/vfio/igd.c +++ b/hw/vfio/igd.c @@ -312,6 +312,7 @@ static const TypeInfo vfio_pci_igd_lpc_bridge_info =3D { .name =3D "vfio-pci-igd-lpc-bridge", .parent =3D TYPE_PCI_DEVICE, .class_init =3D vfio_pci_igd_lpc_bridge_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c index 8c27222f75..2d6168a90e 100644 --- a/hw/vfio/iommufd.c +++ b/hw/vfio/iommufd.c @@ -958,10 +958,12 @@ static const TypeInfo types[] =3D { .parent =3D TYPE_VFIO_IOMMU, .instance_size =3D sizeof(VFIOIOMMUFDContainer), .class_init =3D vfio_iommu_iommufd_class_init, + .secure =3D true, }, { .name =3D TYPE_HOST_IOMMU_DEVICE_IOMMUFD_VFIO, .parent =3D TYPE_HOST_IOMMU_DEVICE_IOMMUFD, .class_init =3D hiod_iommufd_vfio_class_init, + .secure =3D true, } }; =20 diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index bc0b4c4d56..f98384da93 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -3673,6 +3673,7 @@ static const TypeInfo vfio_pci_base_dev_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(VFIOPCIDevice), .abstract =3D true, + .secure =3D true, .class_init =3D vfio_pci_base_dev_class_init, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, @@ -3918,6 +3919,7 @@ static const TypeInfo vfio_pci_dev_info =3D { .class_init =3D vfio_pci_dev_class_init, .instance_init =3D vfio_instance_init, .instance_finalize =3D vfio_instance_finalize, + .secure =3D true, }; =20 static const Property vfio_pci_dev_nohotplug_properties[] =3D { @@ -3954,6 +3956,7 @@ static const TypeInfo vfio_pci_nohotplug_dev_info =3D= { .parent =3D TYPE_VFIO_PCI, .instance_size =3D sizeof(VFIOPCIDevice), .class_init =3D vfio_pci_nohotplug_dev_class_init, + .secure =3D true, }; =20 static void register_vfio_pci_dev_type(void) diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c index c41e4588d6..a926faa0aa 100644 --- a/hw/vfio/spapr.c +++ b/hw/vfio/spapr.c @@ -571,6 +571,7 @@ static const TypeInfo types[] =3D { .parent =3D TYPE_VFIO_IOMMU_LEGACY, .instance_size =3D sizeof(VFIOSpaprContainer), .class_init =3D vfio_iommu_spapr_class_init, + .secure =3D true, }, }; =20 --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758896267; cv=none; d=zohomail.com; s=zohoarc; b=NIT26bcZo5VpP0LvIf7/BSG4IbYoPkYqC+9qR9DrR0qf68BA1wcEZYLQbSEvoyXbaplRXcF6o2y4HeZ1Pv+qOf+0GGR7o5NEELR7FmH9j5HQ7lSL6xLz+uW3eT045LgsLQpBWkNMCbREhSJtXi0Fnc56hvwaw5gMsAxweWdYQbM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758896267; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Lg/hoDvOgBupiHUWGYJ7xqCBjjHA430ydslXyLpv5JA=; b=XHTcQ7ZQ2NKKBg6Y3A0PA4Rq/WvtjPu2z2XGcdBfe+VdLzv6NyMbxHUBYd1733lB8S1hduCtD/Bo/G6SDzaAEtfI+uDoqwwr2pVlEgvKrXVmNbUxjVdsgiM+b8WKzLk4t0h1sZIYJeOPcPFV67pJ0f/h+6LG+BCMzpEcTk8kafE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758896266943900.0513894647409; Fri, 26 Sep 2025 07:17:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293o-00077v-3A; Fri, 26 Sep 2025 10:04:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293k-0006xF-MS for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:30 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293c-0004uk-Bw for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:27 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-321-gjg6ipFTMDK9UZ1MNlJ0fw-1; Fri, 26 Sep 2025 10:04:01 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id B81FA1800370; Fri, 26 Sep 2025 14:04:00 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 1CBF81956095; Fri, 26 Sep 2025 14:03:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895452; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Lg/hoDvOgBupiHUWGYJ7xqCBjjHA430ydslXyLpv5JA=; b=G6EbyskiDj6Rqsd/B0lazhB9nwMiCpFNWMVnxjw6VYPjD3HtmTJ3/Jvrrpdu36+WDIkwhI CwdqlMjduQvN3UgtlkLpPfq/e8qkCFXMCrJ3KFcMBi5tIBOYMp3ogJLHFWCwW7odXFbTOP ImaNjVOR/WhHAehAAcc5tsoUrp+zq/I= X-MC-Unique: gjg6ipFTMDK9UZ1MNlJ0fw-1 X-Mimecast-MFC-AGG-ID: gjg6ipFTMDK9UZ1MNlJ0fw_1758895440 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 23/32] hw/xen: mark all Xen related object types as being secure Date: Fri, 26 Sep 2025 15:01:34 +0100 Message-ID: <20250926140144.1998694-24-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758896269038116601 All Xen paravirtualized devices are intended to provide a host / guest security barrier, so mark all Xen object types as scure. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/block/xen-block.c | 3 +++ hw/char/xen_console.c | 1 + hw/i386/xen/xen_platform.c | 1 + hw/net/xen_nic.c | 1 + hw/xen/xen-bus.c | 3 +++ hw/xen/xen-legacy-backend.c | 3 +++ hw/xen/xen_pt.c | 1 + 7 files changed, 13 insertions(+) diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c index 74de897c79..5112d8bdb3 100644 --- a/hw/block/xen-block.c +++ b/hw/block/xen-block.c @@ -699,6 +699,7 @@ static const TypeInfo xen_block_type_info =3D { .parent =3D TYPE_XEN_DEVICE, .instance_size =3D sizeof(XenBlockDevice), .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(XenBlockDeviceClass), .class_init =3D xen_block_class_init, }; @@ -740,6 +741,7 @@ static const TypeInfo xen_disk_type_info =3D { .parent =3D TYPE_XEN_BLOCK_DEVICE, .instance_size =3D sizeof(XenDiskDevice), .class_init =3D xen_disk_class_init, + .secure =3D true, }; =20 static void xen_cdrom_unrealize(XenBlockDevice *blockdev) @@ -787,6 +789,7 @@ static const TypeInfo xen_cdrom_type_info =3D { .parent =3D TYPE_XEN_BLOCK_DEVICE, .instance_size =3D sizeof(XenCDRomDevice), .class_init =3D xen_cdrom_class_init, + .secure =3D true, }; =20 static void xen_block_register_types(void) diff --git a/hw/char/xen_console.c b/hw/char/xen_console.c index 9c34a554bf..7ba2d82c0f 100644 --- a/hw/char/xen_console.c +++ b/hw/char/xen_console.c @@ -513,6 +513,7 @@ static const TypeInfo xen_console_type_info =3D { .parent =3D TYPE_XEN_DEVICE, .instance_size =3D sizeof(XenConsole), .class_init =3D xen_console_class_init, + .secure =3D true, }; =20 static void xen_console_register_types(void) diff --git a/hw/i386/xen/xen_platform.c b/hw/i386/xen/xen_platform.c index c8b852be0c..ec0084d6fb 100644 --- a/hw/i386/xen/xen_platform.c +++ b/hw/i386/xen/xen_platform.c @@ -604,6 +604,7 @@ static const TypeInfo xen_platform_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIXenPlatformState), .class_init =3D xen_platform_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c index 34c6a1d0b0..eae29b4407 100644 --- a/hw/net/xen_nic.c +++ b/hw/net/xen_nic.c @@ -581,6 +581,7 @@ static const TypeInfo xen_net_type_info =3D { .parent =3D TYPE_XEN_DEVICE, .instance_size =3D sizeof(XenNetDev), .class_init =3D xen_netdev_class_init, + .secure =3D true, }; =20 static void xen_net_register_types(void) diff --git a/hw/xen/xen-bus.c b/hw/xen/xen-bus.c index 6bd2e546f6..1098156209 100644 --- a/hw/xen/xen-bus.c +++ b/hw/xen/xen-bus.c @@ -399,6 +399,7 @@ static const TypeInfo xen_bus_type_info =3D { .instance_size =3D sizeof(XenBus), .class_size =3D sizeof(XenBusClass), .class_init =3D xen_bus_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { } @@ -1122,6 +1123,7 @@ static const TypeInfo xen_device_type_info =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(XenDevice), .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(XenDeviceClass), .class_init =3D xen_device_class_init, }; @@ -1136,6 +1138,7 @@ static const TypeInfo xen_bridge_type_info =3D { .name =3D TYPE_XEN_BRIDGE, .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(XenBridge), + .secure =3D true, }; =20 static void xen_register_types(void) diff --git a/hw/xen/xen-legacy-backend.c b/hw/xen/xen-legacy-backend.c index 5ed53f8943..bc6c662678 100644 --- a/hw/xen/xen-legacy-backend.c +++ b/hw/xen/xen-legacy-backend.c @@ -648,6 +648,7 @@ static const TypeInfo xendev_type_info =3D { .parent =3D TYPE_DYNAMIC_SYS_BUS_DEVICE, .class_init =3D xendev_class_init, .instance_size =3D sizeof(XenLegacyDevice), + .secure =3D true, }; =20 static void xen_sysbus_class_init(ObjectClass *klass, const void *data) @@ -661,6 +662,7 @@ static const TypeInfo xensysbus_info =3D { .name =3D TYPE_XENSYSBUS, .parent =3D TYPE_BUS, .class_init =3D xen_sysbus_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { } @@ -670,6 +672,7 @@ static const TypeInfo xensysbus_info =3D { static const TypeInfo xensysdev_info =3D { .name =3D TYPE_XENSYSDEV, .parent =3D TYPE_SYS_BUS_DEVICE, + .secure =3D true, }; =20 static void xenbe_register_types(void) diff --git a/hw/xen/xen_pt.c b/hw/xen/xen_pt.c index 006b5b55f2..c3ffb95b2d 100644 --- a/hw/xen/xen_pt.c +++ b/hw/xen/xen_pt.c @@ -1079,6 +1079,7 @@ static const TypeInfo xen_pci_passthrough_info =3D { .instance_finalize =3D xen_pci_passthrough_finalize, .class_init =3D xen_pci_passthrough_class_init, .class_size =3D sizeof(XenPTDeviceClass), + .secure =3D true, .instance_init =3D xen_pci_passthrough_instance_init, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895762; cv=none; d=zohomail.com; s=zohoarc; b=KSqk9iaA0I1B1f63c0e6oQS/rL8Shh2RGVv7/oNuLTaQ/8BZPBnNartkrgxI3AFH3PR+5bzp6IpXCoxOcJK709o2IZVEvPJXuuykxB4yUCo1z4O74IlNamnaM97T3IEHSYa0VuKuM0I0aZFKXGZCwf8NryZd30AWdHswagPWf1o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895762; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=4GpLmzNQcy+8p/pY6cW+syPpqcjBb4Ee4uSNVN4CvDM=; b=KsPmQn4MohfSecQNtC/YhHDttM6oAQQY0S0s+xQlw3120YoirtG71gC7cFYSCfjvHmkCfBuY5D0d4AuWyrVF3DTFWpfpKmayQhaz4s7G3xuUHJfeu/tEQY6oOQtaGGwfjP1fdUg5dg9Tl5a36akM79tmaTOdml2v64p05H5Lboo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895762792936.9154313340655; Fri, 26 Sep 2025 07:09:22 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293e-0006uQ-6V; Fri, 26 Sep 2025 10:04:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293c-0006sx-I9 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:20 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293U-0004tz-Th for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:20 -0400 Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-65-TlQEFdHWM12y73ilDEPYdw-1; Fri, 26 Sep 2025 10:04:05 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 46A9F1955D56; Fri, 26 Sep 2025 14:04:04 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 2E5511956095; Fri, 26 Sep 2025 14:04:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895449; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4GpLmzNQcy+8p/pY6cW+syPpqcjBb4Ee4uSNVN4CvDM=; b=WMXgYCaARy3bZNjgn72NZuXpaqEloPO6s9EiXq1VwHeu73+o4hR6ovAp44gQNY05CQOw+W IbBDLniyhY3d0CVuGkPf01X3ku0lEkp3R7BPvNiupLR3acVPnlACCzC5WIIQDqQw2LYinE cia5CCP60uQQROy+oTku7pflG0NarHI= X-MC-Unique: TlQEFdHWM12y73ilDEPYdw-1 X-Mimecast-MFC-AGG-ID: TlQEFdHWM12y73ilDEPYdw_1758895444 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 24/32] hw/net: mark most non-virtio NICs as insecure Date: Fri, 26 Sep 2025 15:01:35 +0100 Message-ID: <20250926140144.1998694-25-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895764991116600 Historically most NICs are only interesting for non-virtualization use cases and have not been written with malicious guests in mind. As a general rule either virtio-net or xen-net should be used in all virtualized guests requiring a security boundary. There are a handful of exceptions resulting from historical usage in the x86 world, to support virtualized guests lacking virtio support. Thus the rtl8139, e1000 & e1000e NICs are declared to provide a security boundary. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/net/allwinner-sun8i-emac.c | 1 + hw/net/allwinner_emac.c | 3 ++- hw/net/cadence_gem.c | 1 + hw/net/can/can_kvaser_pci.c | 1 + hw/net/can/can_mioe3680_pci.c | 1 + hw/net/can/can_pcm3680_pci.c | 1 + hw/net/can/ctucan_pci.c | 1 + hw/net/can/xlnx-versal-canfd.c | 1 + hw/net/can/xlnx-zynqmp-can.c | 1 + hw/net/dp8393x.c | 1 + hw/net/e1000.c | 1 + hw/net/e1000e.c | 1 + hw/net/eepro100.c | 1 + hw/net/fsl_etsec/etsec.c | 1 + hw/net/ftgmac100.c | 1 + hw/net/igb.c | 1 + hw/net/igbvf.c | 1 + hw/net/imx_fec.c | 2 ++ hw/net/lan9118.c | 1 + hw/net/lan9118_phy.c | 1 + hw/net/lance.c | 1 + hw/net/lasi_i82596.c | 1 + hw/net/mcf_fec.c | 1 + hw/net/msf2-emac.c | 1 + hw/net/mv88w8618_eth.c | 1 + hw/net/ne2000-isa.c | 1 + hw/net/ne2000-pci.c | 1 + hw/net/npcm7xx_emc.c | 1 + hw/net/npcm_gmac.c | 1 + hw/net/npcm_pcs.c | 1 + hw/net/opencores_eth.c | 1 + hw/net/pcnet-pci.c | 1 + hw/net/rocker/rocker.c | 1 + hw/net/rtl8139.c | 1 + hw/net/smc91c111.c | 1 + hw/net/spapr_llan.c | 1 + hw/net/stellaris_enet.c | 1 + hw/net/sungem.c | 1 + hw/net/sunhme.c | 1 + hw/net/tulip.c | 1 + hw/net/virtio-net.c | 1 + hw/net/vmxnet3.c | 1 + hw/net/xgmac.c | 1 + hw/net/xilinx_axienet.c | 1 + hw/net/xilinx_ethlite.c | 1 + 45 files changed, 47 insertions(+), 1 deletion(-) diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c index 30a81576b4..b03a917aa3 100644 --- a/hw/net/allwinner-sun8i-emac.c +++ b/hw/net/allwinner-sun8i-emac.c @@ -892,6 +892,7 @@ static const TypeInfo allwinner_sun8i_emac_info =3D { .instance_size =3D sizeof(AwSun8iEmacState), .instance_init =3D allwinner_sun8i_emac_init, .class_init =3D allwinner_sun8i_emac_class_init, + .secure =3D false, }; =20 static void allwinner_sun8i_emac_register_types(void) diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c index 77d089d988..836138bba3 100644 --- a/hw/net/allwinner_emac.c +++ b/hw/net/allwinner_emac.c @@ -528,8 +528,9 @@ static const TypeInfo aw_emac_info =3D { .name =3D TYPE_AW_EMAC, .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(AwEmacState), - .instance_init =3D aw_emac_init, + .instance_init =3D aw_emac_init, .class_init =3D aw_emac_class_init, + .secure =3D false, }; =20 static void aw_emac_register_types(void) diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c index 44446666de..760e0d5e99 100644 --- a/hw/net/cadence_gem.c +++ b/hw/net/cadence_gem.c @@ -1833,6 +1833,7 @@ static const TypeInfo gem_info =3D { .instance_size =3D sizeof(CadenceGEMState), .instance_init =3D gem_init, .class_init =3D gem_class_init, + .secure =3D false, }; =20 static void gem_register_types(void) diff --git a/hw/net/can/can_kvaser_pci.c b/hw/net/can/can_kvaser_pci.c index be16769de2..7764c29ced 100644 --- a/hw/net/can/can_kvaser_pci.c +++ b/hw/net/can/can_kvaser_pci.c @@ -305,6 +305,7 @@ static const TypeInfo kvaser_pci_info =3D { .instance_size =3D sizeof(KvaserPCIState), .class_init =3D kvaser_pci_class_init, .instance_init =3D kvaser_pci_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/can_mioe3680_pci.c b/hw/net/can/can_mioe3680_pci.c index 44f3ba370d..3e1c5eda19 100644 --- a/hw/net/can/can_mioe3680_pci.c +++ b/hw/net/can/can_mioe3680_pci.c @@ -248,6 +248,7 @@ static const TypeInfo mioe3680_pci_info =3D { .instance_size =3D sizeof(Mioe3680PCIState), .class_init =3D mioe3680_pci_class_init, .instance_init =3D mioe3680_pci_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/can_pcm3680_pci.c b/hw/net/can/can_pcm3680_pci.c index 7296d63be7..964e074a36 100644 --- a/hw/net/can/can_pcm3680_pci.c +++ b/hw/net/can/can_pcm3680_pci.c @@ -249,6 +249,7 @@ static const TypeInfo pcm3680i_pci_info =3D { .instance_size =3D sizeof(Pcm3680iPCIState), .class_init =3D pcm3680i_pci_class_init, .instance_init =3D pcm3680i_pci_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/ctucan_pci.c b/hw/net/can/ctucan_pci.c index bed6785433..1530959ea8 100644 --- a/hw/net/can/ctucan_pci.c +++ b/hw/net/can/ctucan_pci.c @@ -262,6 +262,7 @@ static const TypeInfo ctucan_pci_info =3D { .instance_size =3D sizeof(CtuCanPCIState), .class_init =3D ctucan_pci_class_init, .instance_init =3D ctucan_pci_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/can/xlnx-versal-canfd.c b/hw/net/can/xlnx-versal-canfd.c index 3eb111949f..0073812e3c 100644 --- a/hw/net/can/xlnx-versal-canfd.c +++ b/hw/net/can/xlnx-versal-canfd.c @@ -2068,6 +2068,7 @@ static const TypeInfo canfd_info =3D { .instance_size =3D sizeof(XlnxVersalCANFDState), .class_init =3D canfd_class_init, .instance_init =3D canfd_init, + .secure =3D false, }; =20 static void canfd_register_types(void) diff --git a/hw/net/can/xlnx-zynqmp-can.c b/hw/net/can/xlnx-zynqmp-can.c index ca9edd4a5b..e859e447af 100644 --- a/hw/net/can/xlnx-zynqmp-can.c +++ b/hw/net/can/xlnx-zynqmp-can.c @@ -1194,6 +1194,7 @@ static const TypeInfo can_info =3D { .instance_size =3D sizeof(XlnxZynqMPCANState), .class_init =3D xlnx_zynqmp_can_class_init, .instance_init =3D xlnx_zynqmp_can_init, + .secure =3D false, }; =20 static void can_register_types(void) diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c index d49032059b..b508b6f779 100644 --- a/hw/net/dp8393x.c +++ b/hw/net/dp8393x.c @@ -956,6 +956,7 @@ static const TypeInfo dp8393x_info =3D { .instance_size =3D sizeof(dp8393xState), .instance_init =3D dp8393x_instance_init, .class_init =3D dp8393x_class_init, + .secure =3D false, }; =20 static void dp8393x_register_types(void) diff --git a/hw/net/e1000.c b/hw/net/e1000.c index a80a7b0cdb..684350557f 100644 --- a/hw/net/e1000.c +++ b/hw/net/e1000.c @@ -1759,6 +1759,7 @@ static void e1000_register_types(void) type_info.parent =3D TYPE_E1000_BASE; type_info.class_data =3D info; type_info.class_init =3D e1000_class_init; + type_info.secure =3D true, =20 type_register_static(&type_info); } diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c index 89e6d52ba0..83cf3cf643 100644 --- a/hw/net/e1000e.c +++ b/hw/net/e1000e.c @@ -721,6 +721,7 @@ static const TypeInfo e1000e_info =3D { .instance_size =3D sizeof(E1000EState), .class_init =3D e1000e_class_init, .instance_init =3D e1000e_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c index d47df5a97f..3bc232d3c2 100644 --- a/hw/net/eepro100.c +++ b/hw/net/eepro100.c @@ -2094,6 +2094,7 @@ static void eepro100_register_types(void) type_info.class_init =3D eepro100_class_init; type_info.instance_size =3D sizeof(EEPRO100State); type_info.instance_init =3D eepro100_instance_init; + type_info.secure =3D false, type_info.interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c index 846f6cbc5d..4f82678941 100644 --- a/hw/net/fsl_etsec/etsec.c +++ b/hw/net/fsl_etsec/etsec.c @@ -437,6 +437,7 @@ static const TypeInfo etsec_types[] =3D { .instance_size =3D sizeof(eTSEC), .class_init =3D etsec_class_init, .instance_init =3D etsec_instance_init, + .secure =3D false, }, }; =20 diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c index c41ce889cf..936a38a4f8 100644 --- a/hw/net/ftgmac100.c +++ b/hw/net/ftgmac100.c @@ -1277,6 +1277,7 @@ static const TypeInfo ftgmac100_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(FTGMAC100State), .class_init =3D ftgmac100_class_init, + .secure =3D false, }; =20 /* diff --git a/hw/net/igb.c b/hw/net/igb.c index e4c02365d6..6ab7af33d5 100644 --- a/hw/net/igb.c +++ b/hw/net/igb.c @@ -635,6 +635,7 @@ static const TypeInfo igb_info =3D { .instance_size =3D sizeof(IGBState), .class_init =3D igb_class_init, .instance_init =3D igb_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/net/igbvf.c b/hw/net/igbvf.c index 31d72c4977..8a193db414 100644 --- a/hw/net/igbvf.c +++ b/hw/net/igbvf.c @@ -325,6 +325,7 @@ static const TypeInfo igbvf_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(IgbVfState), .class_init =3D igbvf_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c index e5e34dd1a4..d288ba0e2d 100644 --- a/hw/net/imx_fec.c +++ b/hw/net/imx_fec.c @@ -1261,12 +1261,14 @@ static const TypeInfo imx_fec_info =3D { .instance_size =3D sizeof(IMXFECState), .instance_init =3D imx_fec_init, .class_init =3D imx_eth_class_init, + .secure =3D false, }; =20 static const TypeInfo imx_enet_info =3D { .name =3D TYPE_IMX_ENET, .parent =3D TYPE_IMX_FEC, .instance_init =3D imx_enet_init, + .secure =3D false, }; =20 static void imx_eth_register_types(void) diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c index 3017e12971..a190cf8a34 100644 --- a/hw/net/lan9118.c +++ b/hw/net/lan9118.c @@ -1325,6 +1325,7 @@ static const TypeInfo lan9118_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(lan9118_state), .class_init =3D lan9118_class_init, + .secure =3D false, }; =20 static void lan9118_register_types(void) diff --git a/hw/net/lan9118_phy.c b/hw/net/lan9118_phy.c index 4c4e03df11..a32eb3374f 100644 --- a/hw/net/lan9118_phy.c +++ b/hw/net/lan9118_phy.c @@ -216,6 +216,7 @@ static const TypeInfo types[] =3D { .instance_size =3D sizeof(Lan9118PhyState), .instance_init =3D lan9118_phy_init, .class_init =3D lan9118_phy_class_init, + .secure =3D false, } }; =20 diff --git a/hw/net/lance.c b/hw/net/lance.c index dfb855c23a..366869a004 100644 --- a/hw/net/lance.c +++ b/hw/net/lance.c @@ -161,6 +161,7 @@ static const TypeInfo lance_info =3D { .instance_size =3D sizeof(SysBusPCNetState), .class_init =3D lance_class_init, .instance_init =3D lance_instance_init, + .secure =3D false, }; =20 static void lance_register_types(void) diff --git a/hw/net/lasi_i82596.c b/hw/net/lasi_i82596.c index 9e1dd21546..323cbcef96 100644 --- a/hw/net/lasi_i82596.c +++ b/hw/net/lasi_i82596.c @@ -181,6 +181,7 @@ static const TypeInfo lasi_82596_info =3D { .instance_size =3D sizeof(SysBusI82596State), .class_init =3D lasi_82596_class_init, .instance_init =3D lasi_82596_instance_init, + .secure =3D false, }; =20 static void lasi_82596_register_types(void) diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c index ae128fa311..3a061139d0 100644 --- a/hw/net/mcf_fec.c +++ b/hw/net/mcf_fec.c @@ -681,6 +681,7 @@ static const TypeInfo mcf_fec_info =3D { .instance_size =3D sizeof(mcf_fec_state), .instance_init =3D mcf_fec_instance_init, .class_init =3D mcf_fec_class_init, + .secure =3D false, }; =20 static void mcf_fec_register_types(void) diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c index 59045973ab..3a72b96fac 100644 --- a/hw/net/msf2-emac.c +++ b/hw/net/msf2-emac.c @@ -581,6 +581,7 @@ static const TypeInfo msf2_emac_info =3D { .instance_size =3D sizeof(MSF2EmacState), .instance_init =3D msf2_emac_init, .class_init =3D msf2_emac_class_init, + .secure =3D false, }; =20 static void msf2_emac_register_types(void) diff --git a/hw/net/mv88w8618_eth.c b/hw/net/mv88w8618_eth.c index 6f08846c81..77a748104d 100644 --- a/hw/net/mv88w8618_eth.c +++ b/hw/net/mv88w8618_eth.c @@ -392,6 +392,7 @@ static const TypeInfo mv88w8618_eth_info =3D { .instance_size =3D sizeof(mv88w8618_eth_state), .instance_init =3D mv88w8618_eth_init, .class_init =3D mv88w8618_eth_class_init, + .secure =3D false, }; =20 static void musicpal_register_types(void) diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c index 673c785abc..433a348f4d 100644 --- a/hw/net/ne2000-isa.c +++ b/hw/net/ne2000-isa.c @@ -142,6 +142,7 @@ static const TypeInfo ne2000_isa_info =3D { .instance_size =3D sizeof(ISANE2000State), .class_init =3D isa_ne2000_class_initfn, .instance_init =3D isa_ne2000_instance_init, + .secure =3D false, }; =20 static void ne2000_isa_register_types(void) diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c index ce937e1b61..23c663de10 100644 --- a/hw/net/ne2000-pci.c +++ b/hw/net/ne2000-pci.c @@ -122,6 +122,7 @@ static const TypeInfo ne2000_info =3D { .instance_size =3D sizeof(PCINE2000State), .class_init =3D ne2000_class_init, .instance_init =3D ne2000_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c index 9ba35e2c81..6e148b4fdd 100644 --- a/hw/net/npcm7xx_emc.c +++ b/hw/net/npcm7xx_emc.c @@ -867,6 +867,7 @@ static const TypeInfo npcm7xx_emc_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(NPCM7xxEMCState), .class_init =3D npcm7xx_emc_class_init, + .secure =3D false, }; =20 static void npcm7xx_emc_register_type(void) diff --git a/hw/net/npcm_gmac.c b/hw/net/npcm_gmac.c index 5e32cd3edf..f8cd4e5f12 100644 --- a/hw/net/npcm_gmac.c +++ b/hw/net/npcm_gmac.c @@ -933,6 +933,7 @@ static const TypeInfo npcm_gmac_types[] =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(NPCMGMACState), .class_init =3D npcm_gmac_class_init, + .secure =3D false, }, }; DEFINE_TYPES(npcm_gmac_types) diff --git a/hw/net/npcm_pcs.c b/hw/net/npcm_pcs.c index 6aec105271..82bc1f16c3 100644 --- a/hw/net/npcm_pcs.c +++ b/hw/net/npcm_pcs.c @@ -405,6 +405,7 @@ static const TypeInfo npcm_pcs_types[] =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(NPCMPCSState), .class_init =3D npcm_pcs_class_init, + .secure =3D false, }, }; DEFINE_TYPES(npcm_pcs_types) diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c index 7e955c0132..8d1c4523dc 100644 --- a/hw/net/opencores_eth.c +++ b/hw/net/opencores_eth.c @@ -763,6 +763,7 @@ static const TypeInfo open_eth_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(OpenEthState), .class_init =3D open_eth_class_init, + .secure =3D false, }; =20 static void open_eth_register_types(void) diff --git a/hw/net/pcnet-pci.c b/hw/net/pcnet-pci.c index 0ca5bc2193..90a27cdab5 100644 --- a/hw/net/pcnet-pci.c +++ b/hw/net/pcnet-pci.c @@ -280,6 +280,7 @@ static const TypeInfo pcnet_info =3D { .instance_size =3D sizeof(PCIPCNetState), .class_init =3D pcnet_class_init, .instance_init =3D pcnet_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/rocker/rocker.c b/hw/net/rocker/rocker.c index cc49701dd3..8923ec6473 100644 --- a/hw/net/rocker/rocker.c +++ b/hw/net/rocker/rocker.c @@ -1498,6 +1498,7 @@ static const TypeInfo rocker_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(Rocker), .class_init =3D rocker_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c index 324fb932aa..f8cc0b728d 100644 --- a/hw/net/rtl8139.c +++ b/hw/net/rtl8139.c @@ -3439,6 +3439,7 @@ static const TypeInfo rtl8139_info =3D { .instance_size =3D sizeof(RTL8139State), .class_init =3D rtl8139_class_init, .instance_init =3D rtl8139_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c index 5cd78e334b..59ebebdf19 100644 --- a/hw/net/smc91c111.c +++ b/hw/net/smc91c111.c @@ -928,6 +928,7 @@ static const TypeInfo smc91c111_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(smc91c111_state), .class_init =3D smc91c111_class_init, + .secure =3D false, }; =20 static void smc91c111_register_types(void) diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c index f6f217d632..85b2c9809a 100644 --- a/hw/net/spapr_llan.c +++ b/hw/net/spapr_llan.c @@ -873,6 +873,7 @@ static const TypeInfo spapr_vlan_info =3D { .class_init =3D spapr_vlan_class_init, .instance_init =3D spapr_vlan_instance_init, .instance_finalize =3D spapr_vlan_instance_finalize, + .secure =3D false, }; =20 static void spapr_vlan_register_types(void) diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c index 2fc51e1e16..bebd1d04cc 100644 --- a/hw/net/stellaris_enet.c +++ b/hw/net/stellaris_enet.c @@ -516,6 +516,7 @@ static const TypeInfo stellaris_enet_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(stellaris_enet_state), .class_init =3D stellaris_enet_class_init, + .secure =3D false, }; =20 static void stellaris_enet_register_types(void) diff --git a/hw/net/sungem.c b/hw/net/sungem.c index b405eb89fa..1de709d274 100644 --- a/hw/net/sungem.c +++ b/hw/net/sungem.c @@ -1477,6 +1477,7 @@ static const TypeInfo sungem_info =3D { .instance_size =3D sizeof(SunGEMState), .class_init =3D sungem_class_init, .instance_init =3D sungem_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { } diff --git a/hw/net/sunhme.c b/hw/net/sunhme.c index c2f7a8483d..59639afaac 100644 --- a/hw/net/sunhme.c +++ b/hw/net/sunhme.c @@ -958,6 +958,7 @@ static const TypeInfo sunhme_info =3D { .class_init =3D sunhme_class_init, .instance_size =3D sizeof(SunHMEState), .instance_init =3D sunhme_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { } diff --git a/hw/net/tulip.c b/hw/net/tulip.c index 319af906c8..32e7839a83 100644 --- a/hw/net/tulip.c +++ b/hw/net/tulip.c @@ -1035,6 +1035,7 @@ static const TypeInfo tulip_info =3D { .instance_size =3D sizeof(TULIPState), .class_init =3D tulip_class_init, .instance_init =3D tulip_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 6b5b5dace3..b34c0f3afc 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -4259,6 +4259,7 @@ static const TypeInfo virtio_net_info =3D { .instance_size =3D sizeof(VirtIONet), .instance_init =3D virtio_net_instance_init, .class_init =3D virtio_net_class_init, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c index af73aa8ef2..25e28e5467 100644 --- a/hw/net/vmxnet3.c +++ b/hw/net/vmxnet3.c @@ -2491,6 +2491,7 @@ static const TypeInfo vmxnet3_info =3D { .instance_size =3D sizeof(VMXNET3State), .class_init =3D vmxnet3_class_init, .instance_init =3D vmxnet3_instance_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c index d45f872467..fc71bc1e00 100644 --- a/hw/net/xgmac.c +++ b/hw/net/xgmac.c @@ -432,6 +432,7 @@ static const TypeInfo xgmac_enet_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(XgmacState), .class_init =3D xgmac_enet_class_init, + .secure =3D false, }; =20 static void xgmac_enet_register_types(void) diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c index 1f5c748047..9b3618facb 100644 --- a/hw/net/xilinx_axienet.c +++ b/hw/net/xilinx_axienet.c @@ -1038,6 +1038,7 @@ static const TypeInfo xilinx_enet_info =3D { .instance_size =3D sizeof(XilinxAXIEnet), .class_init =3D xilinx_enet_class_init, .instance_init =3D xilinx_enet_init, + .secure =3D false, }; =20 static const TypeInfo xilinx_enet_data_stream_info =3D { diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c index 42b19d07c7..5ea2c1e692 100644 --- a/hw/net/xilinx_ethlite.c +++ b/hw/net/xilinx_ethlite.c @@ -401,6 +401,7 @@ static const TypeInfo xilinx_ethlite_types[] =3D { .instance_size =3D sizeof(XlnxXpsEthLite), .instance_init =3D xilinx_ethlite_init, .class_init =3D xilinx_ethlite_class_init, + .secure =3D false, }, }; =20 --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758896651; cv=none; d=zohomail.com; s=zohoarc; b=UQK8BivGpDt7AgOWmNp77Il1VOJ0V7g2G1LhXHcmElhak+pvRzoTX5gZoZZ1Ajt3ZljMd3KN18uKRh2orDBtq3xWylcoQD7epTI8As5+4hVA+h5AgLA1Pz+3igKWUs7L83vmuKXJBesCd23NK/zjTsZgM28Xe6f8bcWtTmC4U6k= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758896651; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=xHYuilp4oPhNWzNcKosL8QrjGiebh/fmn4/Oiz8qpng=; b=PZykPIuy0JKBFiOiVGNTPClWtbAkltB2h5PMA6DMmnFSbDJNKek6Rawck6iXLFPwNhGne7KiGxyDF3oT4/li8KiYgZCGa2/vWLJb2O05fxoSludsABBhoJSYLqtMq58kobIZF/3oN9amskupf/QOdzGRbA4hxTUuZXPGI8OkdwM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758896651733246.46090253621094; Fri, 26 Sep 2025 07:24:11 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293p-0007Bp-84; Fri, 26 Sep 2025 10:04:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293k-0006y4-Tn for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:31 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293e-0004v1-1X for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:27 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-675-6pXjO7_1NV6Ogmln5OqqIg-1; Fri, 26 Sep 2025 10:04:09 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 4E4EC1956056; Fri, 26 Sep 2025 14:04:08 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id BCEE31956095; Fri, 26 Sep 2025 14:04:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895455; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xHYuilp4oPhNWzNcKosL8QrjGiebh/fmn4/Oiz8qpng=; b=Vi+aZoPoEvE/8hQ3wgSetMcwfveTOj+vhQjZM0QOJ9vSABUuvphdSELfLB0pE46DM6HfxJ krs0pf/Ge7T13ZM6/wB80dPhPBIjvMYkK4NdFLia++gPpCgy78yz5oyYR76MA1i/5rwI0F iKtF+h8jynGcOn1KA2yzVFj/h0AaT/I= X-MC-Unique: 6pXjO7_1NV6Ogmln5OqqIg-1 X-Mimecast-MFC-AGG-ID: 6pXjO7_1NV6Ogmln5OqqIg_1758895448 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 25/32] hw/usb: mark most USB devices/hosts as secure Date: Fri, 26 Sep 2025 15:01:36 +0100 Message-ID: <20250926140144.1998694-26-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758896654075116600 Most of the USB devices / host controllers are relevant for virtualization use cases, so should be declared secure. The exceptions are * dwc2/dwc3 - emulating Raspberry Pi hardware. * mtp - a complex file sharing device, unclear if it has been used/proven sufficiently to consider it secure * braille - a variant of USB serial, using the chardev baum backend, unclear that is written with a hostile guest in mind Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/usb/dev-audio.c | 1 + hw/usb/dev-hid.c | 4 ++++ hw/usb/dev-hub.c | 1 + hw/usb/dev-mtp.c | 1 + hw/usb/dev-network.c | 1 + hw/usb/dev-serial.c | 3 +++ hw/usb/dev-smartcard-reader.c | 3 +++ hw/usb/dev-storage-bot.c | 1 + hw/usb/dev-storage-classic.c | 1 + hw/usb/dev-storage.c | 1 + hw/usb/dev-uas.c | 1 + hw/usb/dev-wacom.c | 1 + hw/usb/hcd-dwc2.c | 1 + hw/usb/hcd-dwc3.c | 1 + hw/usb/hcd-ehci-pci.c | 2 ++ hw/usb/hcd-ehci-sysbus.c | 8 ++++++++ hw/usb/hcd-ohci-pci.c | 1 + hw/usb/hcd-ohci-sysbus.c | 1 + hw/usb/hcd-uhci.c | 2 ++ hw/usb/hcd-xhci-nec.c | 1 + hw/usb/hcd-xhci-pci.c | 2 ++ hw/usb/hcd-xhci-sysbus.c | 3 ++- hw/usb/hcd-xhci.c | 1 + hw/usb/host-libusb.c | 1 + hw/usb/redirect.c | 1 + 25 files changed, 43 insertions(+), 1 deletion(-) diff --git a/hw/usb/dev-audio.c b/hw/usb/dev-audio.c index 26af709f31..8be35a1cdf 100644 --- a/hw/usb/dev-audio.c +++ b/hw/usb/dev-audio.c @@ -1019,6 +1019,7 @@ static const TypeInfo usb_audio_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(USBAudioState), .class_init =3D usb_audio_class_init, + .secure =3D true, }; =20 static void usb_audio_register_types(void) diff --git a/hw/usb/dev-hid.c b/hw/usb/dev-hid.c index 96623aa322..79a3c0387f 100644 --- a/hw/usb/dev-hid.c +++ b/hw/usb/dev-hid.c @@ -790,6 +790,7 @@ static const TypeInfo usb_hid_type_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(USBHIDState), .abstract =3D true, + .secure =3D true, .class_init =3D usb_hid_class_initfn, }; =20 @@ -815,6 +816,7 @@ static const TypeInfo usb_tablet_info =3D { .name =3D "usb-tablet", .parent =3D TYPE_USB_HID, .class_init =3D usb_tablet_class_initfn, + .secure =3D true, }; =20 static const Property usb_mouse_properties[] =3D { @@ -837,6 +839,7 @@ static const TypeInfo usb_mouse_info =3D { .name =3D "usb-mouse", .parent =3D TYPE_USB_HID, .class_init =3D usb_mouse_class_initfn, + .secure =3D true, }; =20 static const Property usb_keyboard_properties[] =3D { @@ -860,6 +863,7 @@ static const TypeInfo usb_keyboard_info =3D { .name =3D "usb-kbd", .parent =3D TYPE_USB_HID, .class_init =3D usb_keyboard_class_initfn, + .secure =3D true, }; =20 static void usb_hid_register_types(void) diff --git a/hw/usb/dev-hub.c b/hw/usb/dev-hub.c index a19350d9c4..66d6b76973 100644 --- a/hw/usb/dev-hub.c +++ b/hw/usb/dev-hub.c @@ -694,6 +694,7 @@ static const TypeInfo hub_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(USBHubState), .class_init =3D usb_hub_class_initfn, + .secure =3D true, }; =20 static void usb_hub_register_types(void) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index ce45c9cd06..11b0f284c7 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -2107,6 +2107,7 @@ static const TypeInfo mtp_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(MTPState), .class_init =3D usb_mtp_class_initfn, + .secure =3D false, }; =20 static void usb_mtp_register_types(void) diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c index 1df2454181..cb539d8dd3 100644 --- a/hw/usb/dev-network.c +++ b/hw/usb/dev-network.c @@ -1435,6 +1435,7 @@ static const TypeInfo net_info =3D { .instance_size =3D sizeof(USBNetState), .class_init =3D usb_net_class_initfn, .instance_init =3D usb_net_instance_init, + .secure =3D true, }; =20 static void usb_net_register_types(void) diff --git a/hw/usb/dev-serial.c b/hw/usb/dev-serial.c index 1c116d8b0f..51d11ba4d0 100644 --- a/hw/usb/dev-serial.c +++ b/hw/usb/dev-serial.c @@ -655,6 +655,7 @@ static const TypeInfo usb_serial_dev_type_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(USBSerialState), .abstract =3D true, + .secure =3D true, .class_init =3D usb_serial_dev_class_init, }; =20 @@ -672,6 +673,7 @@ static const TypeInfo serial_info =3D { .name =3D "usb-serial", .parent =3D TYPE_USB_SERIAL, .class_init =3D usb_serial_class_initfn, + .secure =3D true, }; =20 static const Property braille_properties[] =3D { @@ -692,6 +694,7 @@ static const TypeInfo braille_info =3D { .name =3D "usb-braille", .parent =3D TYPE_USB_SERIAL, .class_init =3D usb_braille_class_initfn, + .secure =3D false, }; =20 static void usb_serial_register_types(void) diff --git a/hw/usb/dev-smartcard-reader.c b/hw/usb/dev-smartcard-reader.c index 6ce7154fee..ebde3365f8 100644 --- a/hw/usb/dev-smartcard-reader.c +++ b/hw/usb/dev-smartcard-reader.c @@ -1178,6 +1178,7 @@ static const TypeInfo ccid_bus_info =3D { .name =3D TYPE_CCID_BUS, .parent =3D TYPE_BUS, .instance_size =3D sizeof(CCIDBus), + .secure =3D true, }; =20 void ccid_card_send_apdu_to_guest(CCIDCardState *card, @@ -1458,6 +1459,7 @@ static const TypeInfo ccid_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(USBCCIDState), .class_init =3D ccid_class_initfn, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { } @@ -1478,6 +1480,7 @@ static const TypeInfo ccid_card_type_info =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(CCIDCardState), .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(CCIDCardClass), .class_init =3D ccid_card_class_init, }; diff --git a/hw/usb/dev-storage-bot.c b/hw/usb/dev-storage-bot.c index df6ab7f656..d9b0277856 100644 --- a/hw/usb/dev-storage-bot.c +++ b/hw/usb/dev-storage-bot.c @@ -52,6 +52,7 @@ static const TypeInfo bot_info =3D { .name =3D "usb-bot", .parent =3D TYPE_USB_STORAGE, .class_init =3D usb_msd_class_bot_initfn, + .secure =3D true, }; =20 static void register_types(void) diff --git a/hw/usb/dev-storage-classic.c b/hw/usb/dev-storage-classic.c index dabe156359..e3e7d79ecf 100644 --- a/hw/usb/dev-storage-classic.c +++ b/hw/usb/dev-storage-classic.c @@ -133,6 +133,7 @@ static const TypeInfo msd_info =3D { .parent =3D TYPE_USB_STORAGE, .class_init =3D usb_msd_class_storage_initfn, .instance_init =3D usb_msd_instance_init, + .secure =3D true, }; =20 static void register_types(void) diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index b13fe345c4..374312e57a 100644 --- a/hw/usb/dev-storage.c +++ b/hw/usb/dev-storage.c @@ -607,6 +607,7 @@ static const TypeInfo usb_storage_dev_type_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(MSDState), .abstract =3D true, + .secure =3D true, .class_init =3D usb_msd_class_initfn_common, }; =20 diff --git a/hw/usb/dev-uas.c b/hw/usb/dev-uas.c index 21cc2835c6..6fde2bdf71 100644 --- a/hw/usb/dev-uas.c +++ b/hw/usb/dev-uas.c @@ -982,6 +982,7 @@ static const TypeInfo uas_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(UASDevice), .class_init =3D usb_uas_class_initfn, + .secure =3D true, }; =20 static void usb_uas_register_types(void) diff --git a/hw/usb/dev-wacom.c b/hw/usb/dev-wacom.c index f4b71a2147..6c2a37a53e 100644 --- a/hw/usb/dev-wacom.c +++ b/hw/usb/dev-wacom.c @@ -442,6 +442,7 @@ static const TypeInfo wacom_info =3D { .parent =3D TYPE_USB_DEVICE, .instance_size =3D sizeof(USBWacomState), .class_init =3D usb_wacom_class_init, + .secure =3D true, }; =20 static void usb_wacom_register_types(void) diff --git a/hw/usb/hcd-dwc2.c b/hw/usb/hcd-dwc2.c index 83864505bb..10a996cc4a 100644 --- a/hw/usb/hcd-dwc2.c +++ b/hw/usb/hcd-dwc2.c @@ -1473,6 +1473,7 @@ static const TypeInfo dwc2_usb_type_info =3D { .instance_init =3D dwc2_init, .class_size =3D sizeof(DWC2Class), .class_init =3D dwc2_class_init, + .secure =3D false, }; =20 static void dwc2_usb_register_types(void) diff --git a/hw/usb/hcd-dwc3.c b/hw/usb/hcd-dwc3.c index 98a342b8b8..54fa3a7922 100644 --- a/hw/usb/hcd-dwc3.c +++ b/hw/usb/hcd-dwc3.c @@ -682,6 +682,7 @@ static const TypeInfo usb_dwc3_info =3D { .instance_size =3D sizeof(USBDWC3), .class_init =3D usb_dwc3_class_init, .instance_init =3D usb_dwc3_init, + .secure =3D false, }; =20 static void usb_dwc3_register_types(void) diff --git a/hw/usb/hcd-ehci-pci.c b/hw/usb/hcd-ehci-pci.c index 38ad3406b3..d80792422d 100644 --- a/hw/usb/hcd-ehci-pci.c +++ b/hw/usb/hcd-ehci-pci.c @@ -171,6 +171,7 @@ static const TypeInfo ehci_pci_type_info =3D { .instance_init =3D usb_ehci_pci_init, .instance_finalize =3D usb_ehci_pci_finalize, .abstract =3D true, + .secure =3D true, .class_init =3D ehci_class_init, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -219,6 +220,7 @@ static void ehci_pci_register_types(void) TypeInfo ehci_type_info =3D { .parent =3D TYPE_PCI_EHCI, .class_init =3D ehci_data_class_init, + .secure =3D true, }; int i; =20 diff --git a/hw/usb/hcd-ehci-sysbus.c b/hw/usb/hcd-ehci-sysbus.c index 0449f5fa6d..24b8a72af3 100644 --- a/hw/usb/hcd-ehci-sysbus.c +++ b/hw/usb/hcd-ehci-sysbus.c @@ -240,6 +240,7 @@ static const TypeInfo ehci_sysbus_types[] =3D { .instance_init =3D ehci_sysbus_init, .instance_finalize =3D ehci_sysbus_finalize, .abstract =3D true, + .secure =3D true, .class_init =3D ehci_sysbus_class_init, .class_size =3D sizeof(SysBusEHCIClass), }, @@ -247,32 +248,38 @@ static const TypeInfo ehci_sysbus_types[] =3D { .name =3D TYPE_PLATFORM_EHCI, .parent =3D TYPE_SYS_BUS_EHCI, .class_init =3D ehci_platform_class_init, + .secure =3D true, }, { .name =3D TYPE_EXYNOS4210_EHCI, .parent =3D TYPE_SYS_BUS_EHCI, .class_init =3D ehci_exynos4210_class_init, + .secure =3D true, }, { .name =3D TYPE_AW_H3_EHCI, .parent =3D TYPE_SYS_BUS_EHCI, .class_init =3D ehci_aw_h3_class_init, + .secure =3D true, }, { .name =3D TYPE_NPCM7XX_EHCI, .parent =3D TYPE_SYS_BUS_EHCI, .class_init =3D ehci_npcm7xx_class_init, + .secure =3D true, }, { .name =3D TYPE_TEGRA2_EHCI, .parent =3D TYPE_SYS_BUS_EHCI, .class_init =3D ehci_tegra2_class_init, + .secure =3D true, }, { .name =3D TYPE_PPC4xx_EHCI, .parent =3D TYPE_SYS_BUS_EHCI, .class_init =3D ehci_ppc4xx_class_init, .instance_init =3D ehci_ppc4xx_init, + .secure =3D true, }, { .name =3D TYPE_FUSBH200_EHCI, @@ -280,6 +287,7 @@ static const TypeInfo ehci_sysbus_types[] =3D { .instance_size =3D sizeof(FUSBH200EHCIState), .instance_init =3D fusbh200_ehci_init, .class_init =3D fusbh200_ehci_class_init, + .secure =3D true, }, }; =20 diff --git a/hw/usb/hcd-ohci-pci.c b/hw/usb/hcd-ohci-pci.c index 94d1077eb9..9adfe564db 100644 --- a/hw/usb/hcd-ohci-pci.c +++ b/hw/usb/hcd-ohci-pci.c @@ -149,6 +149,7 @@ static const TypeInfo ohci_pci_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(OHCIPCIState), .class_init =3D ohci_pci_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/usb/hcd-ohci-sysbus.c b/hw/usb/hcd-ohci-sysbus.c index 3fc6cce44b..b57bbd4173 100644 --- a/hw/usb/hcd-ohci-sysbus.c +++ b/hw/usb/hcd-ohci-sysbus.c @@ -81,6 +81,7 @@ static const TypeInfo ohci_sysbus_types[] =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(OHCISysBusState), .class_init =3D ohci_sysbus_class_init, + .secure =3D true, }, }; =20 diff --git a/hw/usb/hcd-uhci.c b/hw/usb/hcd-uhci.c index 4822c704f6..f3ab8dd978 100644 --- a/hw/usb/hcd-uhci.c +++ b/hw/usb/hcd-uhci.c @@ -1277,6 +1277,7 @@ static const TypeInfo uhci_pci_type_info =3D { .instance_size =3D sizeof(UHCIState), .class_size =3D sizeof(UHCIPCIDeviceClass), .abstract =3D true, + .secure =3D true, .class_init =3D uhci_class_init, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -1374,6 +1375,7 @@ static void uhci_register_types(void) TypeInfo uhci_type_info =3D { .parent =3D TYPE_UHCI, .class_init =3D uhci_data_class_init, + .secure =3D true, }; int i; =20 diff --git a/hw/usb/hcd-xhci-nec.c b/hw/usb/hcd-xhci-nec.c index 9e0fea26f4..74815af265 100644 --- a/hw/usb/hcd-xhci-nec.c +++ b/hw/usb/hcd-xhci-nec.c @@ -67,6 +67,7 @@ static const TypeInfo nec_xhci_info =3D { .instance_size =3D sizeof(XHCINecState), .instance_init =3D nec_xhci_instance_init, .class_init =3D nec_xhci_class_init, + .secure =3D true, }; =20 static void nec_xhci_register_types(void) diff --git a/hw/usb/hcd-xhci-pci.c b/hw/usb/hcd-xhci-pci.c index b93c80b09d..fedc5b7cc2 100644 --- a/hw/usb/hcd-xhci-pci.c +++ b/hw/usb/hcd-xhci-pci.c @@ -248,6 +248,7 @@ static const TypeInfo xhci_pci_info =3D { .class_init =3D xhci_class_init, .instance_init =3D xhci_instance_init, .abstract =3D true, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -280,6 +281,7 @@ static const TypeInfo qemu_xhci_info =3D { .parent =3D TYPE_XHCI_PCI, .class_init =3D qemu_xhci_class_init, .instance_init =3D qemu_xhci_instance_init, + .secure =3D true, }; =20 static void xhci_register_types(void) diff --git a/hw/usb/hcd-xhci-sysbus.c b/hw/usb/hcd-xhci-sysbus.c index 244698e5f2..f801290284 100644 --- a/hw/usb/hcd-xhci-sysbus.c +++ b/hw/usb/hcd-xhci-sysbus.c @@ -111,7 +111,8 @@ static const TypeInfo xhci_sysbus_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(XHCISysbusState), .class_init =3D xhci_sysbus_class_init, - .instance_init =3D xhci_sysbus_instance_init + .instance_init =3D xhci_sysbus_instance_init, + .secure =3D true, }; =20 static void xhci_sysbus_register_types(void) diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c index 292c378bfc..2218899d5c 100644 --- a/hw/usb/hcd-xhci.c +++ b/hw/usb/hcd-xhci.c @@ -3655,6 +3655,7 @@ static const TypeInfo xhci_info =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(XHCIState), .class_init =3D xhci_class_init, + .secure =3D true, }; =20 static void xhci_register_types(void) diff --git a/hw/usb/host-libusb.c b/hw/usb/host-libusb.c index b74670ae25..d42f9cdd70 100644 --- a/hw/usb/host-libusb.c +++ b/hw/usb/host-libusb.c @@ -1807,6 +1807,7 @@ static const TypeInfo usb_host_dev_info =3D { .instance_size =3D sizeof(USBHostDevice), .class_init =3D usb_host_class_initfn, .instance_init =3D usb_host_instance_init, + .secure =3D true, }; module_obj(TYPE_USB_HOST_DEVICE); module_kconfig(USB); diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c index f516ff42a1..038507ce0b 100644 --- a/hw/usb/redirect.c +++ b/hw/usb/redirect.c @@ -2619,6 +2619,7 @@ static const TypeInfo usbredir_dev_info =3D { .instance_size =3D sizeof(USBRedirDevice), .class_init =3D usbredir_class_initfn, .instance_init =3D usbredir_instance_init, + .secure =3D true, }; module_obj(TYPE_USB_REDIR); module_kconfig(USB); --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758896173; cv=none; d=zohomail.com; s=zohoarc; b=iTKP82o2CpyoTK2zbDhUrhb9EUNvlXqodVuBqfr4O8bRWCYYW4pJRNpFPbQ+Xjg3ROkVV4cBZmn74gZRoB3T2fFcLaveNw6tZyPXymK3lTh2HiufDwAAZcGkEZunsRnvzUnNbvO+0lpdGRNAi1ZGOSTzK2O9SuQxLjqYOm/KKzw= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758896173; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=pN5Hq/3s/aeMb+TGMhmoDkcR4DT+9NwqjpCU9eY7lhM=; b=M6GndbcoxvBN+1yICaErEH2LNS27jmJG+lf3qNrBaHUaxVSzizIDgDS1Iz/TUK8RWKBvILO+8JF9nQzO8lw046znfcH227NlHa5J0ohR8zdk4Gb9TU32kNwxf5Eho4/sEMm8/JDjDDGUP9iXrtvS/UZqAVV38/rAvKSu/AuOI5k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175889617311277.74569048882745; Fri, 26 Sep 2025 07:16:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293v-0007GY-RT; Fri, 26 Sep 2025 10:04:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293o-00077t-0e for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:33 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293i-0004w0-B3 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:30 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-307-_4crnoFeP56zFJzCFpURAQ-1; Fri, 26 Sep 2025 10:04:14 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 66386180029B; Fri, 26 Sep 2025 14:04:12 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id E738B195419F; Fri, 26 Sep 2025 14:04:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895460; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=pN5Hq/3s/aeMb+TGMhmoDkcR4DT+9NwqjpCU9eY7lhM=; b=E9/g+MLZNdw9N8P1cFa0O73OPOvoKnT6YaBEYMCMOTD/tvJPmRyELc2COwbA7ItBg5NNLB 6qdTRbySXZSJgbjkx07zJ5CU0++T6MoyXSnpjel8TTpGdgKDsyLtxVftR7YOA1A9uTdsvn MRF+MmwNLZ6io6d25znvECMWFEJLsDw= X-MC-Unique: _4crnoFeP56zFJzCFpURAQ-1 X-Mimecast-MFC-AGG-ID: _4crnoFeP56zFJzCFpURAQ_1758895452 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 26/32] hw/watchdog: mark some watchdog devices as secure Date: Fri, 26 Sep 2025 15:01:37 +0100 Message-ID: <20250926140144.1998694-27-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758896175661116600 The ib700, i6300esb and spapr watchdog devices are marked as secure since they have traditionally been used in virtualization use cases. Other watchdogs are primarily for emulation. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/watchdog/allwinner-wdt.c | 3 +++ hw/watchdog/cmsdk-apb-watchdog.c | 1 + hw/watchdog/sbsa_gwdt.c | 1 + hw/watchdog/spapr_watchdog.c | 1 + hw/watchdog/wdt_aspeed.c | 6 ++++++ hw/watchdog/wdt_diag288.c | 1 + hw/watchdog/wdt_i6300esb.c | 1 + hw/watchdog/wdt_ib700.c | 1 + hw/watchdog/wdt_imx2.c | 1 + 9 files changed, 16 insertions(+) diff --git a/hw/watchdog/allwinner-wdt.c b/hw/watchdog/allwinner-wdt.c index 8fcd776675..2e4aa710ca 100644 --- a/hw/watchdog/allwinner-wdt.c +++ b/hw/watchdog/allwinner-wdt.c @@ -392,18 +392,21 @@ static const TypeInfo allwinner_wdt_info =3D { .class_init =3D allwinner_wdt_class_init, .class_size =3D sizeof(AwWdtClass), .abstract =3D true, + .secure =3D false, }; =20 static const TypeInfo allwinner_wdt_sun4i_info =3D { .name =3D TYPE_AW_WDT_SUN4I, .parent =3D TYPE_AW_WDT, .class_init =3D allwinner_wdt_sun4i_class_init, + .secure =3D false, }; =20 static const TypeInfo allwinner_wdt_sun6i_info =3D { .name =3D TYPE_AW_WDT_SUN6I, .parent =3D TYPE_AW_WDT, .class_init =3D allwinner_wdt_sun6i_class_init, + .secure =3D false, }; =20 static void allwinner_wdt_register(void) diff --git a/hw/watchdog/cmsdk-apb-watchdog.c b/hw/watchdog/cmsdk-apb-watch= dog.c index 6a8d07ca56..7f993903c2 100644 --- a/hw/watchdog/cmsdk-apb-watchdog.c +++ b/hw/watchdog/cmsdk-apb-watchdog.c @@ -409,6 +409,7 @@ static const TypeInfo cmsdk_apb_watchdog_info =3D { .instance_size =3D sizeof(CMSDKAPBWatchdog), .instance_init =3D cmsdk_apb_watchdog_init, .class_init =3D cmsdk_apb_watchdog_class_init, + .secure =3D false, }; =20 static void luminary_watchdog_init(Object *obj) diff --git a/hw/watchdog/sbsa_gwdt.c b/hw/watchdog/sbsa_gwdt.c index ce84849df0..1113f93a7b 100644 --- a/hw/watchdog/sbsa_gwdt.c +++ b/hw/watchdog/sbsa_gwdt.c @@ -289,6 +289,7 @@ static const TypeInfo wdt_sbsa_gwdt_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .name =3D TYPE_WDT_SBSA, .instance_size =3D sizeof(SBSA_GWDTState), + .secure =3D false, }; =20 static void wdt_sbsa_gwdt_register_types(void) diff --git a/hw/watchdog/spapr_watchdog.c b/hw/watchdog/spapr_watchdog.c index 5b3f50de3a..2c3fa54c55 100644 --- a/hw/watchdog/spapr_watchdog.c +++ b/hw/watchdog/spapr_watchdog.c @@ -263,6 +263,7 @@ static const TypeInfo spapr_wdt_info =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(SpaprWatchdog), .class_init =3D spapr_wdt_class_init, + .secure =3D true, }; =20 static void spapr_watchdog_register_types(void) diff --git a/hw/watchdog/wdt_aspeed.c b/hw/watchdog/wdt_aspeed.c index 30226435ef..58545e1560 100644 --- a/hw/watchdog/wdt_aspeed.c +++ b/hw/watchdog/wdt_aspeed.c @@ -327,6 +327,7 @@ static const TypeInfo aspeed_wdt_info =3D { .class_init =3D aspeed_wdt_class_init, .class_size =3D sizeof(AspeedWDTClass), .abstract =3D true, + .secure =3D false, }; =20 static void aspeed_2400_wdt_class_init(ObjectClass *klass, const void *dat= a) @@ -349,6 +350,7 @@ static const TypeInfo aspeed_2400_wdt_info =3D { .parent =3D TYPE_ASPEED_WDT, .instance_size =3D sizeof(AspeedWDTState), .class_init =3D aspeed_2400_wdt_class_init, + .secure =3D false, }; =20 static void aspeed_2500_wdt_reset_pulse(AspeedWDTState *s, uint32_t proper= ty) @@ -387,6 +389,7 @@ static const TypeInfo aspeed_2500_wdt_info =3D { .parent =3D TYPE_ASPEED_WDT, .instance_size =3D sizeof(AspeedWDTState), .class_init =3D aspeed_2500_wdt_class_init, + .secure =3D false, }; =20 static void aspeed_2600_wdt_class_init(ObjectClass *klass, const void *dat= a) @@ -410,6 +413,7 @@ static const TypeInfo aspeed_2600_wdt_info =3D { .parent =3D TYPE_ASPEED_WDT, .instance_size =3D sizeof(AspeedWDTState), .class_init =3D aspeed_2600_wdt_class_init, + .secure =3D false, }; =20 static void aspeed_1030_wdt_class_init(ObjectClass *klass, const void *dat= a) @@ -433,6 +437,7 @@ static const TypeInfo aspeed_1030_wdt_info =3D { .parent =3D TYPE_ASPEED_WDT, .instance_size =3D sizeof(AspeedWDTState), .class_init =3D aspeed_1030_wdt_class_init, + .secure =3D false, }; =20 static void aspeed_2700_wdt_class_init(ObjectClass *klass, const void *dat= a) @@ -456,6 +461,7 @@ static const TypeInfo aspeed_2700_wdt_info =3D { .parent =3D TYPE_ASPEED_WDT, .instance_size =3D sizeof(AspeedWDTState), .class_init =3D aspeed_2700_wdt_class_init, + .secure =3D false, }; =20 static void wdt_aspeed_register_types(void) diff --git a/hw/watchdog/wdt_diag288.c b/hw/watchdog/wdt_diag288.c index 1275353e8e..ec41a92337 100644 --- a/hw/watchdog/wdt_diag288.c +++ b/hw/watchdog/wdt_diag288.c @@ -129,6 +129,7 @@ static const TypeInfo wdt_diag288_info =3D { .name =3D TYPE_WDT_DIAG288, .instance_size =3D sizeof(DIAG288State), .class_size =3D sizeof(DIAG288Class), + .secure =3D false, }; =20 static void wdt_diag288_register_types(void) diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c index bb8a2766b6..363c36a9b5 100644 --- a/hw/watchdog/wdt_i6300esb.c +++ b/hw/watchdog/wdt_i6300esb.c @@ -480,6 +480,7 @@ static const TypeInfo i6300esb_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(I6300State), .class_init =3D i6300esb_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/watchdog/wdt_ib700.c b/hw/watchdog/wdt_ib700.c index 51a26a4cbb..8bf2b2fbf9 100644 --- a/hw/watchdog/wdt_ib700.c +++ b/hw/watchdog/wdt_ib700.c @@ -144,6 +144,7 @@ static const TypeInfo wdt_ib700_info =3D { .parent =3D TYPE_ISA_DEVICE, .instance_size =3D sizeof(IB700State), .class_init =3D wdt_ib700_class_init, + .secure =3D true, }; =20 static void wdt_ib700_register_types(void) diff --git a/hw/watchdog/wdt_imx2.c b/hw/watchdog/wdt_imx2.c index 10151a15d0..9ecb69f38b 100644 --- a/hw/watchdog/wdt_imx2.c +++ b/hw/watchdog/wdt_imx2.c @@ -303,6 +303,7 @@ static const TypeInfo imx2_wdt_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(IMX2WdtState), .class_init =3D imx2_wdt_class_init, + .secure =3D false, }; =20 static void imx2_wdt_register_type(void) --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895546; cv=none; d=zohomail.com; s=zohoarc; b=NK0e3FSnyfz/6E39xtExFMu/YMU1LZ8iqkXWxppXWLulV7IfPuMN55UA1Kf81OwOuoWWeNhZxvEBPpfuz2GxqwW4rWKS6IZiI2x7i/aGjUrr/wywJcnE4gBy86geahUiRaAi7Bh2xCquPONz0edOkRnMsEnKvvGj4TLlrZ5F+ek= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895546; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=okvnAzNjwQR5hgm//DrI3IoAMik3uXuFNRrwbadnKH4=; b=mcCGoBC1woa2IedA0Bym1ha0UsIcsOvAENwLz6ZlX+xscErB1/dY4rjLL/31zWs/TnRqKi3JGN99J6YKwqbMJ+iWvy4QE4Hq+KWf3WI8ge7zrLB3uDU+OsbfJSABle5UrtHuf7j1nKsgBxsDF1w2TYeOGGWKkdGvtRLWBwXwdoE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895546553540.8562482503191; Fri, 26 Sep 2025 07:05:46 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v293z-0007Pz-MH; Fri, 26 Sep 2025 10:04:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293q-0007HU-QO for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:34 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293g-0004vp-MR for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:33 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-115-NjgFToZYOii6K-I5bG0-Qg-1; Fri, 26 Sep 2025 10:04:18 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3011A180057A; Fri, 26 Sep 2025 14:04:17 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 4428C195419F; Fri, 26 Sep 2025 14:04:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895459; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=okvnAzNjwQR5hgm//DrI3IoAMik3uXuFNRrwbadnKH4=; b=d9qXPIfrcnGxeAT1ZgtNFtjmKURFpROGgQ2qpLDWexoPv/O0+8lu1iExB6wqTCgSCPBYw0 nR0YlXPncSwUz5qJxISbS17HgyWXJkPKCtRLuXxzpeDmoEl3gQ7c8DuPcnkldg7EnOwZkq S6by+vnh7xpagad0bAlPFho9D+Dx1wM= X-MC-Unique: NjgFToZYOii6K-I5bG0-Qg-1 X-Mimecast-MFC-AGG-ID: NjgFToZYOii6K-I5bG0-Qg_1758895457 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 27/32] hw/scsi: mark most SCSI controllers as insecure / devices as secure Date: Fri, 26 Sep 2025 15:01:38 +0100 Message-ID: <20250926140144.1998694-28-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895547538116600 The scsi-block, scsi-hd, scsi-cd & scsi-generic devices can be used with any controller including virtio-scsi, so must be considered secure for virtualization. All the non-virtio SCSI controllers, however, are serving emulation use cases and are complex enough to not consider them secure. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/scsi/esp-pci.c | 2 ++ hw/scsi/esp.c | 2 ++ hw/scsi/lsi53c895a.c | 2 ++ hw/scsi/megasas.c | 2 ++ hw/scsi/mptsas.c | 1 + hw/scsi/scsi-disk.c | 4 ++++ hw/scsi/scsi-generic.c | 1 + hw/scsi/spapr_vscsi.c | 1 + hw/scsi/vhost-scsi-common.c | 1 + hw/scsi/vmw_pvscsi.c | 1 + 10 files changed, 17 insertions(+) diff --git a/hw/scsi/esp-pci.c b/hw/scsi/esp-pci.c index 12c86eb7aa..966524e3d7 100644 --- a/hw/scsi/esp-pci.c +++ b/hw/scsi/esp-pci.c @@ -450,6 +450,7 @@ static const TypeInfo esp_pci_info =3D { .instance_init =3D esp_pci_init, .instance_size =3D sizeof(PCIESPState), .class_init =3D esp_pci_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -574,6 +575,7 @@ static const TypeInfo dc390_info =3D { .parent =3D TYPE_AM53C974_DEVICE, .instance_size =3D sizeof(DC390State), .class_init =3D dc390_class_init, + .secure =3D false, }; =20 static void esp_pci_register_types(void) diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c index 1d264c40e5..ba9bf6ec45 100644 --- a/hw/scsi/esp.c +++ b/hw/scsi/esp.c @@ -1678,6 +1678,7 @@ static const TypeInfo esp_info_types[] =3D { .instance_init =3D sysbus_esp_init, .instance_size =3D sizeof(SysBusESPState), .class_init =3D sysbus_esp_class_init, + .secure =3D false, }, { .name =3D TYPE_ESP, @@ -1686,6 +1687,7 @@ static const TypeInfo esp_info_types[] =3D { .instance_finalize =3D esp_finalize, .instance_size =3D sizeof(ESPState), .class_init =3D esp_class_init, + .secure =3D false, }, }; =20 diff --git a/hw/scsi/lsi53c895a.c b/hw/scsi/lsi53c895a.c index 9ea4aa0a85..afdd9f0b47 100644 --- a/hw/scsi/lsi53c895a.c +++ b/hw/scsi/lsi53c895a.c @@ -2396,6 +2396,7 @@ static const TypeInfo lsi_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(LSIState), .class_init =3D lsi_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -2413,6 +2414,7 @@ static const TypeInfo lsi53c810_info =3D { .name =3D TYPE_LSI53C810, .parent =3D TYPE_LSI53C895A, .class_init =3D lsi53c810_class_init, + .secure =3D false, }; =20 static void lsi53c895a_register_types(void) diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c index 844643d916..6e5d9b71be 100644 --- a/hw/scsi/megasas.c +++ b/hw/scsi/megasas.c @@ -2556,6 +2556,7 @@ static const TypeInfo megasas_info =3D { .instance_size =3D sizeof(MegasasState), .class_size =3D sizeof(MegasasBaseClass), .abstract =3D true, + .secure =3D false, }; =20 static void megasas_register_types(void) @@ -2572,6 +2573,7 @@ static void megasas_register_types(void) type_info.class_data =3D info; type_info.class_init =3D megasas_class_init; type_info.interfaces =3D info->interfaces; + type_info.secure =3D false; =20 type_register_static(&type_info); } diff --git a/hw/scsi/mptsas.c b/hw/scsi/mptsas.c index 4ada35b7ec..58388b4480 100644 --- a/hw/scsi/mptsas.c +++ b/hw/scsi/mptsas.c @@ -1441,6 +1441,7 @@ static const TypeInfo mptsas_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(MPTSASState), .class_init =3D mptsas1068_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index b4782c6248..dd3a24da4f 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -3173,6 +3173,7 @@ static const TypeInfo scsi_disk_base_info =3D { .instance_size =3D sizeof(SCSIDiskState), .class_size =3D sizeof(SCSIDiskClass), .abstract =3D true, + .secure =3D true, }; =20 #define DEFINE_SCSI_DISK_PROPERTIES() \ @@ -3244,6 +3245,7 @@ static const TypeInfo scsi_hd_info =3D { .name =3D "scsi-hd", .parent =3D TYPE_SCSI_DISK_BASE, .class_init =3D scsi_hd_class_initfn, + .secure =3D true, }; =20 static const Property scsi_cd_properties[] =3D { @@ -3285,6 +3287,7 @@ static const TypeInfo scsi_cd_info =3D { .name =3D "scsi-cd", .parent =3D TYPE_SCSI_DISK_BASE, .class_init =3D scsi_cd_class_initfn, + .secure =3D true, }; =20 #ifdef __linux__ @@ -3325,6 +3328,7 @@ static const TypeInfo scsi_block_info =3D { .name =3D "scsi-block", .parent =3D TYPE_SCSI_DISK_BASE, .class_init =3D scsi_block_class_initfn, + .secure =3D true, }; #endif =20 diff --git a/hw/scsi/scsi-generic.c b/hw/scsi/scsi-generic.c index 9e380a2109..380e3184c1 100644 --- a/hw/scsi/scsi-generic.c +++ b/hw/scsi/scsi-generic.c @@ -806,6 +806,7 @@ static const TypeInfo scsi_generic_info =3D { .parent =3D TYPE_SCSI_DEVICE, .instance_size =3D sizeof(SCSIDevice), .class_init =3D scsi_generic_class_initfn, + .secure =3D true, }; =20 static void scsi_generic_register_types(void) diff --git a/hw/scsi/spapr_vscsi.c b/hw/scsi/spapr_vscsi.c index 20f70fb272..5560249863 100644 --- a/hw/scsi/spapr_vscsi.c +++ b/hw/scsi/spapr_vscsi.c @@ -1290,6 +1290,7 @@ static const TypeInfo spapr_vscsi_info =3D { .parent =3D TYPE_VIO_SPAPR_DEVICE, .instance_size =3D sizeof(VSCSIState), .class_init =3D spapr_vscsi_class_init, + .secure =3D true, }; =20 static void spapr_vscsi_register_types(void) diff --git a/hw/scsi/vhost-scsi-common.c b/hw/scsi/vhost-scsi-common.c index 43525ba46d..3db2191f33 100644 --- a/hw/scsi/vhost-scsi-common.c +++ b/hw/scsi/vhost-scsi-common.c @@ -164,6 +164,7 @@ static const TypeInfo vhost_scsi_common_info =3D { .parent =3D TYPE_VIRTIO_SCSI_COMMON, .instance_size =3D sizeof(VHostSCSICommon), .abstract =3D true, + .secure =3D true, }; =20 static void virtio_register_types(void) diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c index 7c98b1b8ea..073e0e8b7b 100644 --- a/hw/scsi/vmw_pvscsi.c +++ b/hw/scsi/vmw_pvscsi.c @@ -1299,6 +1299,7 @@ static const TypeInfo pvscsi_info =3D { .instance_size =3D sizeof(PVSCSIState), .class_init =3D pvscsi_class_init, .instance_init =3D pvscsi_instance_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { INTERFACE_PCIE_DEVICE }, --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895672; cv=none; d=zohomail.com; s=zohoarc; b=FBYgTiP1wSZWsYZ+qyd1utY3veWUeYaElkB918xDUHmmDsjeq5S36hDOKQcOQmHizmIHWajQu0SCXcQBXUZmglEufLjbm0Jmx7gQLHNVFlp0QImZdYKUD/VC3pt7fwv8aDq/YA9r9rU7GL+YL+QVuYKjdkxwQOqhQa02uR1MhAo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895672; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=2MA67hwgmOVSUjbcZ6+Q25GN6MEzWgtJgiJNA+1UWhc=; b=fjPwoAsR1ReAqVcHOxN7J9qjeiT348GZHJw56TKIxKCH7lp+UetWRHBWYN1hW79h5hn8gNVLSWCQoIX/5LMXOtkUSheDZGcEbXDO6qHmHX6uZ1D05YqPP1+T4E7q5kRG6pYRGDTlrSFwK1cKWt8+X6UZw9ZTACswR6gSV4kLU2U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895672877690.152518480065; Fri, 26 Sep 2025 07:07:52 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v2943-0007Xi-LG; Fri, 26 Sep 2025 10:04:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293u-0007MN-Mu for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:39 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293l-0004wl-Lj for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:37 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-693-vPG8kEPgMGeSOpgJFq4N8Q-1; Fri, 26 Sep 2025 10:04:22 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 2E1AF1800294; Fri, 26 Sep 2025 14:04:21 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id AA59C1956095; Fri, 26 Sep 2025 14:04:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895465; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2MA67hwgmOVSUjbcZ6+Q25GN6MEzWgtJgiJNA+1UWhc=; b=LOL1I4Jctp6UHlyoGw+LoZ4NuFAKMI+FqNt05SAreLPXoooa0Y0oyxDXphQ2+a0aBKP5fq axu3AyodO/mJHj9UXJOH3Cq3CSrsz4fJYqt6RZt/h5IJi9+tdgWE/SlkOCFPDTeSF2vmgy KiZKCvSWsvg4MT2Wpd0S+muAAYn7vOA= X-MC-Unique: vPG8kEPgMGeSOpgJFq4N8Q-1 X-Mimecast-MFC-AGG-ID: vPG8kEPgMGeSOpgJFq4N8Q_1758895461 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 28/32] hw/ide: mark ICH9 and ide-hd/ide-cd as secure Date: Fri, 26 Sep 2025 15:01:39 +0100 Message-ID: <20250926140144.1998694-29-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895675089116600 These have a long history of usage in virtualization scenarios on x86, for OS which lack modern virtio drivers for storage, and thus must be considered secure. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/ide/ich.c | 1 + hw/ide/ide-dev.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/hw/ide/ich.c b/hw/ide/ich.c index b00987f08d..c7d50a15c1 100644 --- a/hw/ide/ich.c +++ b/hw/ide/ich.c @@ -198,6 +198,7 @@ static const TypeInfo ich_ahci_info =3D { .instance_size =3D sizeof(AHCIPCIState), .instance_init =3D pci_ich9_ahci_init, .class_init =3D ich_ahci_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/ide/ide-dev.c b/hw/ide/ide-dev.c index 5d478588c6..f555d0fb04 100644 --- a/hw/ide/ide-dev.c +++ b/hw/ide/ide-dev.c @@ -214,6 +214,7 @@ static const TypeInfo ide_hd_info =3D { .parent =3D TYPE_IDE_DEVICE, .instance_size =3D sizeof(IDEDrive), .class_init =3D ide_hd_class_init, + .secure =3D true, }; =20 static const Property ide_cd_properties[] =3D { @@ -236,6 +237,7 @@ static const TypeInfo ide_cd_info =3D { .parent =3D TYPE_IDE_DEVICE, .instance_size =3D sizeof(IDEDrive), .class_init =3D ide_cd_class_init, + .secure =3D true, }; =20 static void ide_device_class_init(ObjectClass *klass, const void *data) @@ -252,6 +254,7 @@ static const TypeInfo ide_device_type_info =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(IDEDevice), .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(IDEDeviceClass), .class_init =3D ide_device_class_init, .instance_init =3D ide_dev_instance_init, --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895841; cv=none; d=zohomail.com; s=zohoarc; b=aKkB0/iykASFRIBkvwCvVNhaB3xmSxaRs/2LBiZvbm/v4N+q0e3WM4okOVT6S6p3mUavVnLz+BiUFdYhxc6d0xOeIt5d6wj1JSufc+YDoiFkNWG7BFiH0AKNb3BAB8HN3+vS9vW7sK+8xjxjP0tqbirs8o+W2PfO2ofhlxqFgy0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895841; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=FSI4koEj6hTiFW4jnJoIN1bQ8wVMLP2Vge1rchVPfvU=; b=Mguk4Eb7TccpHbjvXJYOHU1uHdILOnXLeQlDOIlYhWFPPvy6dfvfkDaZR4OegGB9T/jzjYv5kp7vUu9L/z80pnxEFc0gfLiYjGqoPaGt5igEGC9ghO0ACluEJa113ohmAQB+K+jbeJ+DQUGetolKKk6o5o9x73UEFpnu0x32DIg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895841607414.0223297247559; Fri, 26 Sep 2025 07:10:41 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v2948-0007kW-1S; Fri, 26 Sep 2025 10:04:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293y-0007Qc-6d for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:43 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293m-0004xN-NK for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:41 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-551-2b71tKyLOYi4bilypwR__A-1; Fri, 26 Sep 2025 10:04:26 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C377119560B5; Fri, 26 Sep 2025 14:04:25 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id DF84B1956095; Fri, 26 Sep 2025 14:04:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895468; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FSI4koEj6hTiFW4jnJoIN1bQ8wVMLP2Vge1rchVPfvU=; b=AytI5zL3ZC1nwhg3I8NaRGXLD7HcpOH+TlkmQq4yNPhPSK99ZMUokRCSyBifm5FrbPe4Q9 UtjhNvx7QLKrPD+C9LvS9iKJzzp8LLRkOKbQUyJO12PeFab/7thg+4nOQ1KCZnMa3ccAOo iZC8JVHn92uf4VrzfDSmemtN14pys+Y= X-MC-Unique: 2b71tKyLOYi4bilypwR__A-1 X-Mimecast-MFC-AGG-ID: 2b71tKyLOYi4bilypwR__A_1758895465 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 29/32] hw: mark test/demo devices as insecure Date: Fri, 26 Sep 2025 15:01:40 +0100 Message-ID: <20250926140144.1998694-30-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895843872116600 These devices are either intended for use by the test suite, or as a demonstration for how to write devices. None of them should be used for real guest workload deployments. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/hyperv/hyperv_testdev.c | 1 + hw/misc/edu.c | 1 + hw/misc/pc-testdev.c | 1 + hw/misc/pci-testdev.c | 1 + 4 files changed, 4 insertions(+) diff --git a/hw/hyperv/hyperv_testdev.c b/hw/hyperv/hyperv_testdev.c index 2d4a63693b..e31df31207 100644 --- a/hw/hyperv/hyperv_testdev.c +++ b/hw/hyperv/hyperv_testdev.c @@ -316,6 +316,7 @@ static const TypeInfo hv_test_dev_info =3D { .parent =3D TYPE_ISA_DEVICE, .instance_size =3D sizeof(HypervTestDev), .class_init =3D hv_test_dev_class_init, + .secure =3D false, }; =20 static void hv_test_dev_register_types(void) diff --git a/hw/misc/edu.c b/hw/misc/edu.c index cece633e11..8b7c8b9467 100644 --- a/hw/misc/edu.c +++ b/hw/misc/edu.c @@ -436,6 +436,7 @@ static const TypeInfo edu_types[] =3D { .instance_size =3D sizeof(EduState), .instance_init =3D edu_instance_init, .class_init =3D edu_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/misc/pc-testdev.c b/hw/misc/pc-testdev.c index 67c486f347..bae405b687 100644 --- a/hw/misc/pc-testdev.c +++ b/hw/misc/pc-testdev.c @@ -206,6 +206,7 @@ static const TypeInfo testdev_info =3D { .parent =3D TYPE_ISA_DEVICE, .instance_size =3D sizeof(PCTestdev), .class_init =3D testdev_class_init, + .secure =3D false, }; =20 static void testdev_register_types(void) diff --git a/hw/misc/pci-testdev.c b/hw/misc/pci-testdev.c index ba71c5069f..22ca87722f 100644 --- a/hw/misc/pci-testdev.c +++ b/hw/misc/pci-testdev.c @@ -353,6 +353,7 @@ static const TypeInfo pci_testdev_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCITestDevState), .class_init =3D pci_testdev_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758896109; cv=none; d=zohomail.com; s=zohoarc; b=cEn9/HfymcPeuwyUbCK5QvIIqWysHDjZD/LcD6ishK6bICf8BS4CaEgE7+Na0fabYD/1H1hXH+jQ+g729wJMr82lHqrT3/jy4h6A4409aVW926FZKaL3fgyg1GbM6ixM098Y1jd+ETvw2M20aa18ooXcNmSWAhw2g0/M4r2oHwY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758896109; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=AdEZfBJzVpy7Ad5MzBbnijgJmMQ8cW6ZTpvVSOCIqvU=; b=bqUoHhv1PJqtITgLtbw384uvdU9y3dM3cgnGOtY69wod262XvgZ3eXaE8oGv7kFoWSG7d9Q49b2OhVBw0amvooXllWfHo5HBEbOA7csCSqTcmv5bDR5GoIkKCFoLcQLkbXXTyWfOEGqBbM0L6hFY6vQcaIiRrfcb34eeF/1Xh24= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758896109955837.4778807356907; Fri, 26 Sep 2025 07:15:09 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v294D-000880-7v; Fri, 26 Sep 2025 10:04:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2946-0007g7-44 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:52 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293x-0004y6-9N for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:48 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-82-ezbyWXSDPZez-YOS7vp0aA-1; Fri, 26 Sep 2025 10:04:30 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8BE621800577; Fri, 26 Sep 2025 14:04:29 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 5A1C51956095; Fri, 26 Sep 2025 14:04:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895472; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AdEZfBJzVpy7Ad5MzBbnijgJmMQ8cW6ZTpvVSOCIqvU=; b=FkaZA8o0moqqc5idqD/EQut27kpuVrfE3vVZE2WvlwSyEw6aQAPSL8eH9edSaDC7ApKLmy oHryeAWFRoRPYjlqPcCbjPZAbZbtNHJeIDEAw10DU9LmtGySdZrKqJ2J0IVVPp6vMs1tWN lfQ9Ssp9mJg6WvbaPUfEqe/YXeb400s= X-MC-Unique: ezbyWXSDPZez-YOS7vp0aA-1 X-Mimecast-MFC-AGG-ID: ezbyWXSDPZez-YOS7vp0aA_1758895469 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 30/32] hw: define most common PCI types as secure Date: Fri, 26 Sep 2025 15:01:41 +0100 Message-ID: <20250926140144.1998694-31-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758896110814116600 Everything except for the simba pci-bridge is relevant to use in a virtualization use case, so must be considered secure. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/pci-bridge/cxl_downstream.c | 1 + hw/pci-bridge/cxl_root_port.c | 1 + hw/pci-bridge/cxl_upstream.c | 1 + hw/pci-bridge/gen_pcie_root_port.c | 1 + hw/pci-bridge/i82801b11.c | 1 + hw/pci-bridge/ioh3420.c | 1 + hw/pci-bridge/pci_bridge_dev.c | 2 ++ hw/pci-bridge/pci_expander_bridge.c | 8 ++++++++ hw/pci-bridge/pcie_pci_bridge.c | 1 + hw/pci-bridge/pcie_root_port.c | 1 + hw/pci-bridge/simba.c | 1 + hw/pci-bridge/xio3130_downstream.c | 1 + hw/pci-bridge/xio3130_upstream.c | 1 + hw/pci/pci.c | 7 +++++++ hw/pci/pci_bridge.c | 1 + hw/pci/pci_host.c | 1 + hw/pci/pcie_host.c | 1 + hw/pci/pcie_port.c | 1 + 18 files changed, 32 insertions(+) diff --git a/hw/pci-bridge/cxl_downstream.c b/hw/pci-bridge/cxl_downstream.c index 1065245a8b..23f6ece002 100644 --- a/hw/pci-bridge/cxl_downstream.c +++ b/hw/pci-bridge/cxl_downstream.c @@ -241,6 +241,7 @@ static const TypeInfo cxl_dsp_info =3D { .instance_size =3D sizeof(CXLDownstreamPort), .parent =3D TYPE_PCIE_SLOT, .class_init =3D cxl_dsp_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CXL_DEVICE }, diff --git a/hw/pci-bridge/cxl_root_port.c b/hw/pci-bridge/cxl_root_port.c index e6a4035d26..83b34330bc 100644 --- a/hw/pci-bridge/cxl_root_port.c +++ b/hw/pci-bridge/cxl_root_port.c @@ -294,6 +294,7 @@ static const TypeInfo cxl_root_port_info =3D { .parent =3D TYPE_PCIE_ROOT_PORT, .instance_size =3D sizeof(CXLRootPort), .class_init =3D cxl_root_port_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CXL_DEVICE }, { } diff --git a/hw/pci-bridge/cxl_upstream.c b/hw/pci-bridge/cxl_upstream.c index 208e0c6172..eba6fe2482 100644 --- a/hw/pci-bridge/cxl_upstream.c +++ b/hw/pci-bridge/cxl_upstream.c @@ -394,6 +394,7 @@ static const TypeInfo cxl_usp_info =3D { .parent =3D TYPE_PCIE_PORT, .instance_size =3D sizeof(CXLUpstreamPort), .class_init =3D cxl_upstream_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CXL_DEVICE }, diff --git a/hw/pci-bridge/gen_pcie_root_port.c b/hw/pci-bridge/gen_pcie_ro= ot_port.c index d9078e783b..d9e1ce8d90 100644 --- a/hw/pci-bridge/gen_pcie_root_port.c +++ b/hw/pci-bridge/gen_pcie_root_port.c @@ -173,6 +173,7 @@ static const TypeInfo gen_rp_dev_info =3D { .parent =3D TYPE_PCIE_ROOT_PORT, .instance_size =3D sizeof(GenPCIERootPort), .class_init =3D gen_rp_dev_class_init, + .secure =3D true, }; =20 static void gen_rp_register_types(void) diff --git a/hw/pci-bridge/i82801b11.c b/hw/pci-bridge/i82801b11.c index 1d73c14c1f..f702b20bcd 100644 --- a/hw/pci-bridge/i82801b11.c +++ b/hw/pci-bridge/i82801b11.c @@ -107,6 +107,7 @@ static const TypeInfo i82801b11_bridge_info =3D { .parent =3D TYPE_PCI_BRIDGE, .instance_size =3D sizeof(I82801b11Bridge), .class_init =3D i82801b11_bridge_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-bridge/ioh3420.c b/hw/pci-bridge/ioh3420.c index bba640f495..2c4882c4cf 100644 --- a/hw/pci-bridge/ioh3420.c +++ b/hw/pci-bridge/ioh3420.c @@ -120,6 +120,7 @@ static const TypeInfo ioh3420_info =3D { .name =3D "ioh3420", .parent =3D TYPE_PCIE_ROOT_PORT, .class_init =3D ioh3420_class_init, + .secure =3D true, }; =20 static void ioh3420_register_types(void) diff --git a/hw/pci-bridge/pci_bridge_dev.c b/hw/pci-bridge/pci_bridge_dev.c index b328e50ab3..04af66cc35 100644 --- a/hw/pci-bridge/pci_bridge_dev.c +++ b/hw/pci-bridge/pci_bridge_dev.c @@ -268,6 +268,7 @@ static const TypeInfo pci_bridge_dev_info =3D { .instance_size =3D sizeof(PCIBridgeDev), .class_init =3D pci_bridge_dev_class_init, .instance_finalize =3D pci_bridge_dev_instance_finalize, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -294,6 +295,7 @@ static const TypeInfo pci_bridge_dev_seat_info =3D { .parent =3D TYPE_PCI_BRIDGE_DEV, .instance_size =3D sizeof(PCIBridgeDev), .class_init =3D pci_bridge_dev_seat_class_init, + .secure =3D true, }; =20 static void pci_bridge_dev_register(void) diff --git a/hw/pci-bridge/pci_expander_bridge.c b/hw/pci-bridge/pci_expand= er_bridge.c index 1bcceddbc4..4a85f62be0 100644 --- a/hw/pci-bridge/pci_expander_bridge.c +++ b/hw/pci-bridge/pci_expander_bridge.c @@ -109,6 +109,7 @@ static const TypeInfo pxb_bus_info =3D { .parent =3D TYPE_PCI_BUS, .instance_size =3D sizeof(PXBBus), .class_init =3D pxb_bus_class_init, + .secure =3D true, }; =20 static const TypeInfo pxb_pcie_bus_info =3D { @@ -116,6 +117,7 @@ static const TypeInfo pxb_pcie_bus_info =3D { .parent =3D TYPE_PCIE_BUS, .instance_size =3D sizeof(PXBBus), .class_init =3D pxb_bus_class_init, + .secure =3D true, }; =20 static const TypeInfo pxb_cxl_bus_info =3D { @@ -123,6 +125,7 @@ static const TypeInfo pxb_cxl_bus_info =3D { .parent =3D TYPE_CXL_BUS, .instance_size =3D sizeof(PXBBus), .class_init =3D pxb_bus_class_init, + .secure =3D true, }; =20 static const char *pxb_host_root_bus_path(PCIHostState *host_bridge, @@ -185,6 +188,7 @@ static const TypeInfo pxb_host_info =3D { .name =3D TYPE_PXB_HOST, .parent =3D TYPE_PCI_HOST_BRIDGE, .class_init =3D pxb_host_class_init, + .secure =3D true, }; =20 static void pxb_cxl_realize(DeviceState *dev, Error **errp) @@ -244,6 +248,7 @@ static const TypeInfo cxl_host_info =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(CXLHost), .class_init =3D pxb_cxl_host_class_init, + .secure =3D true, }; =20 /* @@ -448,6 +453,7 @@ static const TypeInfo pxb_dev_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PXBDev), .class_init =3D pxb_dev_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -485,6 +491,7 @@ static const TypeInfo pxb_pcie_dev_info =3D { .parent =3D TYPE_PXB_DEV, .instance_size =3D sizeof(PXBPCIEDev), .class_init =3D pxb_pcie_dev_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -535,6 +542,7 @@ static const TypeInfo pxb_cxl_dev_info =3D { .parent =3D TYPE_PXB_PCIE_DEV, .instance_size =3D sizeof(PXBCXLDev), .class_init =3D pxb_cxl_dev_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]){ { INTERFACE_CONVENTIONAL_PCI_DEVICE }, diff --git a/hw/pci-bridge/pcie_pci_bridge.c b/hw/pci-bridge/pcie_pci_bridg= e.c index fce292a519..620eb12a64 100644 --- a/hw/pci-bridge/pcie_pci_bridge.c +++ b/hw/pci-bridge/pcie_pci_bridge.c @@ -162,6 +162,7 @@ static const TypeInfo pcie_pci_bridge_info =3D { .parent =3D TYPE_PCI_BRIDGE, .instance_size =3D sizeof(PCIEPCIBridge), .class_init =3D pcie_pci_bridge_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_HOTPLUG_HANDLER }, { INTERFACE_PCIE_DEVICE }, diff --git a/hw/pci-bridge/pcie_root_port.c b/hw/pci-bridge/pcie_root_port.c index 22c2fdb71e..c87fb91e5c 100644 --- a/hw/pci-bridge/pcie_root_port.c +++ b/hw/pci-bridge/pcie_root_port.c @@ -187,6 +187,7 @@ static const TypeInfo rp_info =3D { .instance_post_init =3D rp_instance_post_init, .class_init =3D rp_class_init, .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(PCIERootPortClass), .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, diff --git a/hw/pci-bridge/simba.c b/hw/pci-bridge/simba.c index bbae594e11..3dbb5bd9c9 100644 --- a/hw/pci-bridge/simba.c +++ b/hw/pci-bridge/simba.c @@ -87,6 +87,7 @@ static const TypeInfo simba_pci_bridge_info =3D { .parent =3D TYPE_PCI_BRIDGE, .class_init =3D simba_pci_bridge_class_init, .instance_size =3D sizeof(SimbaPCIBridge), + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-bridge/xio3130_downstream.c b/hw/pci-bridge/xio3130_dow= nstream.c index dc7d1aa7d7..eb217dc7d9 100644 --- a/hw/pci-bridge/xio3130_downstream.c +++ b/hw/pci-bridge/xio3130_downstream.c @@ -175,6 +175,7 @@ static const TypeInfo xio3130_downstream_info =3D { .name =3D TYPE_XIO3130_DOWNSTREAM, .parent =3D TYPE_PCIE_SLOT, .class_init =3D xio3130_downstream_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/pci-bridge/xio3130_upstream.c b/hw/pci-bridge/xio3130_upstr= eam.c index 40057b749b..9d58105f8b 100644 --- a/hw/pci-bridge/xio3130_upstream.c +++ b/hw/pci-bridge/xio3130_upstream.c @@ -144,6 +144,7 @@ static const TypeInfo xio3130_upstream_info =3D { .name =3D "x3130-upstream", .parent =3D TYPE_PCIE_PORT, .class_init =3D xio3130_upstream_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/pci/pci.c b/hw/pci/pci.c index c3df9d6656..6ab03074b9 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -289,6 +289,7 @@ static const TypeInfo pci_bus_info =3D { .instance_size =3D sizeof(PCIBus), .class_size =3D sizeof(PCIBusClass), .class_init =3D pci_bus_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_FW_CFG_DATA_GENERATOR_INTERFACE }, { } @@ -298,16 +299,19 @@ static const TypeInfo pci_bus_info =3D { static const TypeInfo cxl_interface_info =3D { .name =3D INTERFACE_CXL_DEVICE, .parent =3D TYPE_INTERFACE, + .secure =3D true, }; =20 static const TypeInfo pcie_interface_info =3D { .name =3D INTERFACE_PCIE_DEVICE, .parent =3D TYPE_INTERFACE, + .secure =3D true, }; =20 static const TypeInfo conventional_pci_interface_info =3D { .name =3D INTERFACE_CONVENTIONAL_PCI_DEVICE, .parent =3D TYPE_INTERFACE, + .secure =3D true, }; =20 static void pcie_bus_class_init(ObjectClass *klass, const void *data) @@ -321,12 +325,14 @@ static const TypeInfo pcie_bus_info =3D { .name =3D TYPE_PCIE_BUS, .parent =3D TYPE_PCI_BUS, .class_init =3D pcie_bus_class_init, + .secure =3D true, }; =20 static const TypeInfo cxl_bus_info =3D { .name =3D TYPE_CXL_BUS, .parent =3D TYPE_PCIE_BUS, .class_init =3D pcie_bus_class_init, + .secure =3D true, }; =20 static void pci_update_mappings(PCIDevice *d); @@ -3336,6 +3342,7 @@ static const TypeInfo pci_device_type_info =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(PCIDevice), .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(PCIDeviceClass), .class_init =3D pci_device_class_init, .class_base_init =3D pci_device_class_base_init, diff --git a/hw/pci/pci_bridge.c b/hw/pci/pci_bridge.c index 76255c4cd8..703160a338 100644 --- a/hw/pci/pci_bridge.c +++ b/hw/pci/pci_bridge.c @@ -497,6 +497,7 @@ static const TypeInfo pci_bridge_type_info =3D { .instance_size =3D sizeof(PCIBridge), .class_init =3D pci_bridge_class_init, .abstract =3D true, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_ACPI_DEV_AML_IF }, { }, diff --git a/hw/pci/pci_host.c b/hw/pci/pci_host.c index 7179d99178..b3bbba3799 100644 --- a/hw/pci/pci_host.c +++ b/hw/pci/pci_host.c @@ -251,6 +251,7 @@ static const TypeInfo pci_host_type_info =3D { .name =3D TYPE_PCI_HOST_BRIDGE, .parent =3D TYPE_SYS_BUS_DEVICE, .abstract =3D true, + .secure =3D true, .class_size =3D sizeof(PCIHostBridgeClass), .instance_size =3D sizeof(PCIHostState), .class_init =3D pci_host_class_init, diff --git a/hw/pci/pcie_host.c b/hw/pci/pcie_host.c index 3717e1a086..3cf0769d2a 100644 --- a/hw/pci/pcie_host.c +++ b/hw/pci/pcie_host.c @@ -124,6 +124,7 @@ static const TypeInfo pcie_host_type_info =3D { .name =3D TYPE_PCIE_HOST_BRIDGE, .parent =3D TYPE_PCI_HOST_BRIDGE, .abstract =3D true, + .secure =3D true, .instance_size =3D sizeof(PCIExpressHost), .instance_init =3D pcie_host_init, }; diff --git a/hw/pci/pcie_port.c b/hw/pci/pcie_port.c index f3841a2656..abc1dbd470 100644 --- a/hw/pci/pcie_port.c +++ b/hw/pci/pcie_port.c @@ -200,6 +200,7 @@ static const TypeInfo pcie_port_type_info =3D { .parent =3D TYPE_PCI_BRIDGE, .instance_size =3D sizeof(PCIEPort), .abstract =3D true, + .secure =3D true, .class_init =3D pcie_port_class_init, }; =20 --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895985; cv=none; d=zohomail.com; s=zohoarc; b=GZXGvCN1UMq8U0sF4Da2otMSXtwyad2q2GeKf92hB0pyaq6KMUdHE28JpNJI59asOGfcsSWpN2n0QeI0Ika8mPb0eb/Snf0+AVL69pW7oyt7Vhp5V5W0ROUYVNoHyjsiMJB2UUCKje95ockQA5eHahsdqld23bM2RE/a+1yht/w= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895985; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=Q62g/KbcRe7YtIuem0CVKfC0XTeagqktRbCs4xq3Gr8=; b=WOrAK4hpOwCMRvZEmvmD17LHWHS7JuqvoLc8Bp0t4wg+q4e7tFtQCZqdZq7IYbMNyC/9QoZEEUda0xThAuekQ1BQ94aBc0OhIZ9r77OH7n3KnpjEaCr+dX3gzb5TF+LHNynzB4DR6aBmUCUad0SdDbJs6pseb5jh1WUcFaXKTHQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895985335809.9146353186827; Fri, 26 Sep 2025 07:13:05 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v294H-0008DP-2L; Fri, 26 Sep 2025 10:05:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2947-0007hy-08 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:52 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v293y-0004yc-JB for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:04:47 -0400 Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-270-rVkdYpPENbaIT8gMhwU54g-1; Fri, 26 Sep 2025 10:04:34 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id F392C18004D4; Fri, 26 Sep 2025 14:04:32 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0D87B1956095; Fri, 26 Sep 2025 14:04:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895478; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q62g/KbcRe7YtIuem0CVKfC0XTeagqktRbCs4xq3Gr8=; b=OxjRMSiC5pxlGPpV5GNfIBf7fzWlOr6qj2wWY0gUTgE9UnkX0l99cV9Fd4cEUSDRqzJGJw u7hpgojZ/0WNhROVviQTOUaR6vVkiP3DakGDT9NOx4hd54GbR12R95pufvAGhYcAqlduRf 23afVaFXsOYzeNNQijk0CTbC0HlrZeA= X-MC-Unique: rVkdYpPENbaIT8gMhwU54g-1 X-Mimecast-MFC-AGG-ID: rVkdYpPENbaIT8gMhwU54g_1758895473 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 31/32] hw/pci-host: define some PCI hosts as secure Date: Fri, 26 Sep 2025 15:01:42 +0100 Message-ID: <20250926140144.1998694-32-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895988082116600 Most of the PCI host implementations are targetting emulation use cases. The exceptions to this are i440fx & q35 which are used commonly on x86, the pnv* which are used on ppc, and gpex which is used on arm. There is also a special case for the 'remote' type and the Xen passthrough type. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/pci-host/articia.c | 3 +++ hw/pci-host/astro.c | 3 +++ hw/pci-host/bonito.c | 2 ++ hw/pci-host/designware.c | 3 +++ hw/pci-host/dino.c | 1 + hw/pci-host/fsl_imx8m_phy.c | 1 + hw/pci-host/gpex.c | 2 ++ hw/pci-host/grackle.c | 2 ++ hw/pci-host/gt64120.c | 2 ++ hw/pci-host/i440fx.c | 2 ++ hw/pci-host/mv64361.c | 1 + hw/pci-host/pnv_phb.c | 2 ++ hw/pci-host/pnv_phb3.c | 3 +++ hw/pci-host/pnv_phb3_msi.c | 1 + hw/pci-host/pnv_phb3_pbcq.c | 1 + hw/pci-host/pnv_phb4.c | 4 ++++ hw/pci-host/pnv_phb4_pec.c | 2 ++ hw/pci-host/ppc440_pcix.c | 1 + hw/pci-host/ppc4xx_pci.c | 2 ++ hw/pci-host/ppce500.c | 2 ++ hw/pci-host/q35.c | 2 ++ hw/pci-host/raven.c | 2 ++ hw/pci-host/remote.c | 1 + hw/pci-host/sabre.c | 2 ++ hw/pci-host/sh_pci.c | 2 ++ hw/pci-host/uninorth.c | 2 ++ hw/pci-host/versatile.c | 3 +++ hw/pci-host/xen_igd_pt.c | 1 + hw/pci-host/xilinx-pcie.c | 1 + 29 files changed, 56 insertions(+) diff --git a/hw/pci-host/articia.c b/hw/pci-host/articia.c index cc65aac2a8..b29fa98d19 100644 --- a/hw/pci-host/articia.c +++ b/hw/pci-host/articia.c @@ -267,12 +267,14 @@ static const TypeInfo articia_types[] =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(ArticiaState), .class_init =3D articia_class_init, + .secure =3D false, }, { .name =3D TYPE_ARTICIA_PCI_HOST, .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(ArticiaHostState), .class_init =3D articia_pci_host_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -283,6 +285,7 @@ static const TypeInfo articia_types[] =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D articia_pci_bridge_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-host/astro.c b/hw/pci-host/astro.c index 1024ede7b6..0685615ecd 100644 --- a/hw/pci-host/astro.c +++ b/hw/pci-host/astro.c @@ -498,6 +498,7 @@ static const TypeInfo elroy_pcihost_info =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(ElroyState), .class_init =3D elroy_pcihost_class_init, + .secure =3D false, }; =20 static void elroy_register_types(void) @@ -930,6 +931,7 @@ static const TypeInfo astro_chip_info =3D { .instance_init =3D astro_init, .instance_size =3D sizeof(AstroState), .class_init =3D astro_class_init, + .secure =3D false, }; =20 static void astro_iommu_memory_region_class_init(ObjectClass *klass, @@ -944,6 +946,7 @@ static const TypeInfo astro_iommu_memory_region_info = =3D { .parent =3D TYPE_IOMMU_MEMORY_REGION, .name =3D TYPE_ASTRO_IOMMU_MEMORY_REGION, .class_init =3D astro_iommu_memory_region_class_init, + .secure =3D false, }; =20 =20 diff --git a/hw/pci-host/bonito.c b/hw/pci-host/bonito.c index 7d6251a78d..6d02bde4ee 100644 --- a/hw/pci-host/bonito.c +++ b/hw/pci-host/bonito.c @@ -783,6 +783,7 @@ static const TypeInfo bonito_pci_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIBonitoState), .class_init =3D bonito_pci_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -801,6 +802,7 @@ static const TypeInfo bonito_host_info =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(BonitoState), .class_init =3D bonito_host_class_init, + .secure =3D false, }; =20 static void bonito_register_types(void) diff --git a/hw/pci-host/designware.c b/hw/pci-host/designware.c index f6e49ce9b8..ee1205977e 100644 --- a/hw/pci-host/designware.c +++ b/hw/pci-host/designware.c @@ -757,17 +757,20 @@ static const TypeInfo designware_pcie_types[] =3D { .parent =3D TYPE_PCIE_BUS, .instance_size =3D sizeof(DesignwarePCIERootBus), .class_init =3D designware_pcie_root_bus_class_init, + .secure =3D false, }, { .name =3D TYPE_DESIGNWARE_PCIE_HOST, .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(DesignwarePCIEHost), .instance_init =3D designware_pcie_host_init, .class_init =3D designware_pcie_host_class_init, + .secure =3D false, }, { .name =3D TYPE_DESIGNWARE_PCIE_ROOT, .parent =3D TYPE_PCI_BRIDGE, .instance_size =3D sizeof(DesignwarePCIERoot), .class_init =3D designware_pcie_root_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { } diff --git a/hw/pci-host/dino.c b/hw/pci-host/dino.c index 924053499c..9b6375661d 100644 --- a/hw/pci-host/dino.c +++ b/hw/pci-host/dino.c @@ -506,6 +506,7 @@ static const TypeInfo dino_pcihost_info =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(DinoState), .class_init =3D dino_pcihost_class_init, + .secure =3D false, }; =20 static void dino_register_types(void) diff --git a/hw/pci-host/fsl_imx8m_phy.c b/hw/pci-host/fsl_imx8m_phy.c index 04da3f99a0..0a0ed10619 100644 --- a/hw/pci-host/fsl_imx8m_phy.c +++ b/hw/pci-host/fsl_imx8m_phy.c @@ -92,6 +92,7 @@ static const TypeInfo fsl_imx8m_pcie_phy_types[] =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(FslImx8mPciePhyState), .class_init =3D fsl_imx8m_pcie_phy_class_init, + .secure =3D false, } }; =20 diff --git a/hw/pci-host/gpex.c b/hw/pci-host/gpex.c index b806a2286f..d9486c773d 100644 --- a/hw/pci-host/gpex.c +++ b/hw/pci-host/gpex.c @@ -221,6 +221,7 @@ static const TypeInfo gpex_host_info =3D { .instance_size =3D sizeof(GPEXHost), .instance_init =3D gpex_host_initfn, .class_init =3D gpex_host_class_init, + .secure =3D true, }; =20 /*************************************************************************= *** @@ -261,6 +262,7 @@ static const TypeInfo gpex_root_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(GPEXRootState), .class_init =3D gpex_root_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-host/grackle.c b/hw/pci-host/grackle.c index f9da5a908c..eb23af9f22 100644 --- a/hw/pci-host/grackle.c +++ b/hw/pci-host/grackle.c @@ -116,6 +116,7 @@ static const TypeInfo grackle_pci_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D grackle_pci_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -151,6 +152,7 @@ static const TypeInfo grackle_host_info =3D { .instance_size =3D sizeof(GrackleState), .instance_init =3D grackle_init, .class_init =3D grackle_class_init, + .secure =3D false, }; =20 static void grackle_register_types(void) diff --git a/hw/pci-host/gt64120.c b/hw/pci-host/gt64120.c index b1d96f62fe..fbc763e4ef 100644 --- a/hw/pci-host/gt64120.c +++ b/hw/pci-host/gt64120.c @@ -1283,6 +1283,7 @@ static const TypeInfo gt64120_pci_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D gt64120_pci_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -1310,6 +1311,7 @@ static const TypeInfo gt64120_info =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(GT64120State), .class_init =3D gt64120_class_init, + .secure =3D false, }; =20 static void gt64120_pci_register_types(void) diff --git a/hw/pci-host/i440fx.c b/hw/pci-host/i440fx.c index e13bb1b53e..163d4b3ec0 100644 --- a/hw/pci-host/i440fx.c +++ b/hw/pci-host/i440fx.c @@ -341,6 +341,7 @@ static const TypeInfo i440fx_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCII440FXState), .class_init =3D i440fx_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -399,6 +400,7 @@ static const TypeInfo i440fx_pcihost_info =3D { .instance_size =3D sizeof(I440FXState), .instance_init =3D i440fx_pcihost_initfn, .class_init =3D i440fx_pcihost_class_init, + .secure =3D true, }; =20 static void i440fx_register_types(void) diff --git a/hw/pci-host/mv64361.c b/hw/pci-host/mv64361.c index e05b677010..5ac0f29ff2 100644 --- a/hw/pci-host/mv64361.c +++ b/hw/pci-host/mv64361.c @@ -46,6 +46,7 @@ static const TypeInfo mv64361_pcibridge_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D mv64361_pcibridge_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-host/pnv_phb.c b/hw/pci-host/pnv_phb.c index 4b0ced79b0..bd7d116720 100644 --- a/hw/pci-host/pnv_phb.c +++ b/hw/pci-host/pnv_phb.c @@ -334,6 +334,7 @@ static const TypeInfo pnv_phb_type_info =3D { .parent =3D TYPE_PCIE_HOST_BRIDGE, .instance_size =3D sizeof(PnvPHB), .class_init =3D pnv_phb_class_init, + .secure =3D true, }; =20 static const TypeInfo pnv_phb_root_port_info =3D { @@ -341,6 +342,7 @@ static const TypeInfo pnv_phb_root_port_info =3D { .parent =3D TYPE_PCIE_ROOT_PORT, .instance_size =3D sizeof(PnvPHBRootPort), .class_init =3D pnv_phb_root_port_class_init, + .secure =3D true, }; =20 static void pnv_phb_register_types(void) diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c index 5d8383fac3..ff0ee5be4d 100644 --- a/hw/pci-host/pnv_phb3.c +++ b/hw/pci-host/pnv_phb3.c @@ -900,6 +900,7 @@ static const TypeInfo pnv_phb3_iommu_memory_region_info= =3D { .parent =3D TYPE_IOMMU_MEMORY_REGION, .name =3D TYPE_PNV_PHB3_IOMMU_MEMORY_REGION, .class_init =3D pnv_phb3_iommu_memory_region_class_init, + .secure =3D true, }; =20 /* @@ -1113,6 +1114,7 @@ static const TypeInfo pnv_phb3_type_info =3D { .instance_size =3D sizeof(PnvPHB3), .class_init =3D pnv_phb3_class_init, .instance_init =3D pnv_phb3_instance_init, + .secure =3D true, }; =20 static void pnv_phb3_root_bus_get_prop(Object *obj, Visitor *v, @@ -1176,6 +1178,7 @@ static const TypeInfo pnv_phb3_root_bus_info =3D { .parent =3D TYPE_PCIE_BUS, .instance_size =3D sizeof(PnvPHB3RootBus), .class_init =3D pnv_phb3_root_bus_class_init, + .secure =3D true, }; =20 static void pnv_phb3_register_types(void) diff --git a/hw/pci-host/pnv_phb3_msi.c b/hw/pci-host/pnv_phb3_msi.c index 3a83311faf..265b6d155e 100644 --- a/hw/pci-host/pnv_phb3_msi.c +++ b/hw/pci-host/pnv_phb3_msi.c @@ -306,6 +306,7 @@ static const TypeInfo phb3_msi_info =3D { .class_init =3D phb3_msi_class_init, .class_size =3D sizeof(ICSStateClass), .instance_init =3D phb3_msi_instance_init, + .secure =3D true, }; =20 static void pnv_phb3_msi_register_types(void) diff --git a/hw/pci-host/pnv_phb3_pbcq.c b/hw/pci-host/pnv_phb3_pbcq.c index 1f7a149580..687c832515 100644 --- a/hw/pci-host/pnv_phb3_pbcq.c +++ b/hw/pci-host/pnv_phb3_pbcq.c @@ -354,6 +354,7 @@ static const TypeInfo pnv_pbcq_type_info =3D { .instance_size =3D sizeof(PnvPBCQState), .instance_init =3D phb3_pbcq_instance_init, .class_init =3D pnv_pbcq_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_PNV_XSCOM_INTERFACE }, { } diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c index 18992054e8..4dc9730740 100644 --- a/hw/pci-host/pnv_phb4.c +++ b/hw/pci-host/pnv_phb4.c @@ -1374,6 +1374,7 @@ static const TypeInfo pnv_phb4_iommu_memory_region_in= fo =3D { .parent =3D TYPE_IOMMU_MEMORY_REGION, .name =3D TYPE_PNV_PHB4_IOMMU_MEMORY_REGION, .class_init =3D pnv_phb4_iommu_memory_region_class_init, + .secure =3D true, }; =20 /* @@ -1715,6 +1716,7 @@ static const TypeInfo pnv_phb4_type_info =3D { .instance_init =3D pnv_phb4_instance_init, .instance_size =3D sizeof(PnvPHB4), .class_init =3D pnv_phb4_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_XIVE_NOTIFIER }, { }, @@ -1725,6 +1727,7 @@ static const TypeInfo pnv_phb5_type_info =3D { .name =3D TYPE_PNV_PHB5, .parent =3D TYPE_PNV_PHB4, .instance_size =3D sizeof(PnvPHB4), + .secure =3D true, }; =20 static void pnv_phb4_root_bus_get_prop(Object *obj, Visitor *v, @@ -1788,6 +1791,7 @@ static const TypeInfo pnv_phb4_root_bus_info =3D { .parent =3D TYPE_PCIE_BUS, .instance_size =3D sizeof(PnvPHB4RootBus), .class_init =3D pnv_phb4_root_bus_class_init, + .secure =3D true, }; =20 static void pnv_phb4_register_types(void) diff --git a/hw/pci-host/pnv_phb4_pec.c b/hw/pci-host/pnv_phb4_pec.c index 5bac1c42ed..5f437af7a6 100644 --- a/hw/pci-host/pnv_phb4_pec.c +++ b/hw/pci-host/pnv_phb4_pec.c @@ -388,6 +388,7 @@ static const TypeInfo pnv_pec_type_info =3D { .instance_size =3D sizeof(PnvPhb4PecState), .class_init =3D pnv_pec_class_init, .class_size =3D sizeof(PnvPhb4PecClass), + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_PNV_XSCOM_INTERFACE }, { } @@ -445,6 +446,7 @@ static const TypeInfo pnv_phb5_pec_type_info =3D { .instance_size =3D sizeof(PnvPhb4PecState), .class_init =3D pnv_phb5_pec_class_init, .class_size =3D sizeof(PnvPhb4PecClass), + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { TYPE_PNV_XSCOM_INTERFACE }, { } diff --git a/hw/pci-host/ppc440_pcix.c b/hw/pci-host/ppc440_pcix.c index 744b85e49c..189b375bfa 100644 --- a/hw/pci-host/ppc440_pcix.c +++ b/hw/pci-host/ppc440_pcix.c @@ -532,6 +532,7 @@ static const TypeInfo ppc440_pcix_info =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(PPC440PCIXState), .class_init =3D ppc440_pcix_class_init, + .secure =3D false, }; =20 static void ppc440_pcix_register_types(void) diff --git a/hw/pci-host/ppc4xx_pci.c b/hw/pci-host/ppc4xx_pci.c index 2547817688..51fa5cbe74 100644 --- a/hw/pci-host/ppc4xx_pci.c +++ b/hw/pci-host/ppc4xx_pci.c @@ -370,6 +370,7 @@ static const TypeInfo ppc4xx_host_bridge_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D ppc4xx_host_bridge_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -389,6 +390,7 @@ static const TypeInfo ppc4xx_pcihost_info =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(PPC4xxPCIState), .class_init =3D ppc4xx_pcihost_class_init, + .secure =3D false, }; =20 static void ppc4xx_pci_register_types(void) diff --git a/hw/pci-host/ppce500.c b/hw/pci-host/ppce500.c index 975d191ccb..40b89af66d 100644 --- a/hw/pci-host/ppce500.c +++ b/hw/pci-host/ppce500.c @@ -527,6 +527,7 @@ static const TypeInfo e500_pci_types[] =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PPCE500PCIBridgeState), .class_init =3D e500_host_bridge_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -537,6 +538,7 @@ static const TypeInfo e500_pci_types[] =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(PPCE500PCIState), .class_init =3D e500_pcihost_class_init, + .secure =3D false, }, }; =20 diff --git a/hw/pci-host/q35.c b/hw/pci-host/q35.c index 1951ae440c..a5e9f2f59e 100644 --- a/hw/pci-host/q35.c +++ b/hw/pci-host/q35.c @@ -258,6 +258,7 @@ static const TypeInfo q35_host_info =3D { .instance_size =3D sizeof(Q35PCIHost), .instance_init =3D q35_host_initfn, .class_init =3D q35_host_class_init, + .secure =3D true, }; =20 /*************************************************************************= *** @@ -703,6 +704,7 @@ static const TypeInfo mch_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(MCHPCIState), .class_init =3D mch_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-host/raven.c b/hw/pci-host/raven.c index f8c0be5d21..6fd4f4f6df 100644 --- a/hw/pci-host/raven.c +++ b/hw/pci-host/raven.c @@ -363,6 +363,7 @@ static const TypeInfo raven_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(RavenPCIState), .class_init =3D raven_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -384,6 +385,7 @@ static const TypeInfo raven_pcihost_info =3D { .instance_size =3D sizeof(PREPPCIState), .instance_init =3D raven_pcihost_initfn, .class_init =3D raven_pcihost_class_init, + .secure =3D false, }; =20 static void raven_register_types(void) diff --git a/hw/pci-host/remote.c b/hw/pci-host/remote.c index e6d2af4502..b17a4da6fe 100644 --- a/hw/pci-host/remote.c +++ b/hw/pci-host/remote.c @@ -64,6 +64,7 @@ static const TypeInfo remote_pcihost_info =3D { .parent =3D TYPE_PCIE_HOST_BRIDGE, .instance_size =3D sizeof(RemotePCIHost), .class_init =3D remote_pcihost_class_init, + .secure =3D true, }; =20 static void remote_pcihost_register(void) diff --git a/hw/pci-host/sabre.c b/hw/pci-host/sabre.c index 538624c507..d2ae46695c 100644 --- a/hw/pci-host/sabre.c +++ b/hw/pci-host/sabre.c @@ -477,6 +477,7 @@ static const TypeInfo sabre_pci_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(SabrePCIState), .class_init =3D sabre_pci_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -516,6 +517,7 @@ static const TypeInfo sabre_info =3D { .instance_size =3D sizeof(SabreState), .instance_init =3D sabre_init, .class_init =3D sabre_class_init, + .secure =3D false, }; =20 static void sabre_register_types(void) diff --git a/hw/pci-host/sh_pci.c b/hw/pci-host/sh_pci.c index 62fb945075..d18832ac98 100644 --- a/hw/pci-host/sh_pci.c +++ b/hw/pci-host/sh_pci.c @@ -180,11 +180,13 @@ static const TypeInfo sh_pcic_types[] =3D { .parent =3D TYPE_PCI_HOST_BRIDGE, .instance_size =3D sizeof(SHPCIState), .class_init =3D sh_pcic_host_class_init, + .secure =3D false, }, { .name =3D "sh_pci_host", .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D sh_pcic_pci_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-host/uninorth.c b/hw/pci-host/uninorth.c index 194037d6e7..1aeb008845 100644 --- a/hw/pci-host/uninorth.c +++ b/hw/pci-host/uninorth.c @@ -333,6 +333,7 @@ static const TypeInfo unin_main_pci_host_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D unin_main_pci_host_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -361,6 +362,7 @@ static const TypeInfo u3_agp_pci_host_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D u3_agp_pci_host_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/pci-host/versatile.c b/hw/pci-host/versatile.c index 8ea26e3ff0..a991c21a19 100644 --- a/hw/pci-host/versatile.c +++ b/hw/pci-host/versatile.c @@ -492,6 +492,7 @@ static const TypeInfo versatile_pci_host_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIDevice), .class_init =3D versatile_pci_host_class_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -519,6 +520,7 @@ static const TypeInfo pci_vpb_info =3D { .instance_size =3D sizeof(PCIVPBState), .instance_init =3D pci_vpb_init, .class_init =3D pci_vpb_class_init, + .secure =3D false, }; =20 static void pci_realview_init(Object *obj) @@ -536,6 +538,7 @@ static const TypeInfo pci_realview_info =3D { .name =3D "realview_pci", .parent =3D TYPE_VERSATILE_PCI, .instance_init =3D pci_realview_init, + .secure =3D false, }; =20 static void versatile_pci_register_types(void) diff --git a/hw/pci-host/xen_igd_pt.c b/hw/pci-host/xen_igd_pt.c index 5dd17ef236..892e27e32f 100644 --- a/hw/pci-host/xen_igd_pt.c +++ b/hw/pci-host/xen_igd_pt.c @@ -110,6 +110,7 @@ static const TypeInfo igd_passthrough_i440fx_info =3D { .parent =3D TYPE_I440FX_PCI_DEVICE, .instance_size =3D sizeof(PCII440FXState), .class_init =3D igd_passthrough_i440fx_class_init, + .secure =3D true, }; =20 static void igd_pt_i440fx_register_types(void) diff --git a/hw/pci-host/xilinx-pcie.c b/hw/pci-host/xilinx-pcie.c index c71492de9e..4e88c51ff9 100644 --- a/hw/pci-host/xilinx-pcie.c +++ b/hw/pci-host/xilinx-pcie.c @@ -183,6 +183,7 @@ static const TypeInfo xilinx_pcie_host_info =3D { .instance_size =3D sizeof(XilinxPCIEHost), .instance_init =3D xilinx_pcie_host_init, .class_init =3D xilinx_pcie_host_class_init, + .secure =3D false, }; =20 static uint32_t xilinx_pcie_root_config_read(PCIDevice *d, --=20 2.50.1 From nobody Sun Sep 28 14:52:10 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895891; cv=none; d=zohomail.com; s=zohoarc; b=m/tTjpdrIXfHlDfTcYaihj5F0QpZ3C6/Ow6cwU3b0p0T1gf6WH8PVNtvRZo+UEoLaNB+RiJj2ZJFsSlPaYoIGJQ+sdUMbcRJyJx6nR9Lv/FtSzDbYaoCscOaRBZiRK+6jB2HvYCuni7lRMhouNTqsxuBz26lZYbC11oyy9H0sSc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895891; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=EvhVVuj+5rYph1gX9Yow5UTEaohDQnvCpXPfzyRrpsM=; b=mptJJGZPTxUzoHQmNAS4WoQBYxARMM1xoJyq8bYxADkJBGH8nX0U7IYH92njgjv0fIqWKWyHW0FsuuCoh30BD84qDWfGDWMfZtkIWZ8J6rzvM9a3EPMWXD0Kbm2E6oenWe1mUF64H3/cGPymMRF8plGadHSLWixtA7SKILfGxe8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895891541318.80631435435987; Fri, 26 Sep 2025 07:11:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v294L-0000R3-3F; Fri, 26 Sep 2025 10:05:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v294I-00005M-Rm for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:05:02 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v2944-0004zC-E2 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:05:00 -0400 Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-237-quB5zPXBOuy6kG41xDrBOg-1; Fri, 26 Sep 2025 10:04:37 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id C911B195605E; Fri, 26 Sep 2025 14:04:36 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 85D49195419F; Fri, 26 Sep 2025 14:04:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895481; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=EvhVVuj+5rYph1gX9Yow5UTEaohDQnvCpXPfzyRrpsM=; b=hUzPHX39BqzEG8CoAkSyOSKIkJB0sHoqctjxadY7hvVx+nzGTUBBONuCXnvGR2PVw7ooUl QzL/p/APwwcV5R1e3ZwzORYf5LhSVFwV2XCEKn38d5piqq1YNw3+0eM8z7XPFKGT8Tfi2W 7FTrd7Qf0dv3N6I39Cnh3isLgyYobdk= X-MC-Unique: quB5zPXBOuy6kG41xDrBOg-1 X-Mimecast-MFC-AGG-ID: quB5zPXBOuy6kG41xDrBOg_1758895477 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 32/32] hw/display: mark most display adapters as insecure Date: Fri, 26 Sep 2025 15:01:43 +0100 Message-ID: <20250926140144.1998694-33-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.129.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895892603116600 Most of thte display adapters are emulating old hardware which is not relevant to virtualization use cases. The exceptions that should be considered secure are Cirrus (PCI, not ISA), Bochs, QXL, RAMFB, VGA (PCI, MMIO, not ISA) and VMWare VGA. The Cirrus PCI decision is borderline. It has been heavily used with virtualization in the past, but these days VGA / RAMFB are strongly recommended instead. Due to its historical usage though, we can consider the code fairly mature, even if no longer hugely relevant to virtualization use cases. Signed-off-by: Daniel P. Berrang=C3=A9 --- hw/display/artist.c | 1 + hw/display/ati.c | 1 + hw/display/bcm2835_fb.c | 1 + hw/display/bochs-display.c | 1 + hw/display/cg3.c | 1 + hw/display/cirrus_vga.c | 1 + hw/display/cirrus_vga_isa.c | 1 + hw/display/dm163.c | 1 + hw/display/dpcd.c | 1 + hw/display/exynos4210_fimd.c | 1 + hw/display/g364fb.c | 1 + hw/display/i2c-ddc.c | 3 ++- hw/display/jazz_led.c | 1 + hw/display/macfb.c | 2 ++ hw/display/next-fb.c | 1 + hw/display/pl110.c | 3 +++ hw/display/qxl.c | 4 ++++ hw/display/ramfb-standalone.c | 1 + hw/display/sii9022.c | 1 + hw/display/sm501.c | 1 + hw/display/ssd0303.c | 1 + hw/display/ssd0323.c | 1 + hw/display/tcx.c | 1 + hw/display/vga-isa.c | 1 + hw/display/vga-mmio.c | 1 + hw/display/vga-pci.c | 3 +++ hw/display/vmware_vga.c | 1 + hw/display/xlnx_dp.c | 1 + 28 files changed, 37 insertions(+), 1 deletion(-) diff --git a/hw/display/artist.c b/hw/display/artist.c index 3c884c9243..caab4d1d4c 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -1504,6 +1504,7 @@ static const TypeInfo artist_info =3D { .instance_size =3D sizeof(ARTISTState), .instance_init =3D artist_initfn, .class_init =3D artist_class_init, + .secure =3D false, }; =20 static void artist_register_types(void) diff --git a/hw/display/ati.c b/hw/display/ati.c index f7c0006a87..6e332e02d2 100644 --- a/hw/display/ati.c +++ b/hw/display/ati.c @@ -1080,6 +1080,7 @@ static const TypeInfo ati_vga_info =3D { .instance_size =3D sizeof(ATIVGAState), .class_init =3D ati_vga_class_init, .instance_init =3D ati_vga_init, + .secure =3D false, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/display/bcm2835_fb.c b/hw/display/bcm2835_fb.c index 1bb2ee45a0..bb6c986fb8 100644 --- a/hw/display/bcm2835_fb.c +++ b/hw/display/bcm2835_fb.c @@ -459,6 +459,7 @@ static const TypeInfo bcm2835_fb_info =3D { .instance_size =3D sizeof(BCM2835FBState), .class_init =3D bcm2835_fb_class_init, .instance_init =3D bcm2835_fb_init, + .secure =3D false, }; =20 static void bcm2835_fb_register_types(void) diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c index ad2821c974..0495d900f6 100644 --- a/hw/display/bochs-display.c +++ b/hw/display/bochs-display.c @@ -374,6 +374,7 @@ static const TypeInfo bochs_display_type_info =3D { .instance_size =3D sizeof(BochsDisplayState), .instance_init =3D bochs_display_init, .class_init =3D bochs_display_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, { INTERFACE_CONVENTIONAL_PCI_DEVICE }, diff --git a/hw/display/cg3.c b/hw/display/cg3.c index daeef15217..f437921a7e 100644 --- a/hw/display/cg3.c +++ b/hw/display/cg3.c @@ -384,6 +384,7 @@ static const TypeInfo cg3_info =3D { .instance_size =3D sizeof(CG3State), .instance_init =3D cg3_initfn, .class_init =3D cg3_class_init, + .secure =3D false, }; =20 static void cg3_register_types(void) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index ef08694626..d9403ccb57 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -3013,6 +3013,7 @@ static const TypeInfo cirrus_vga_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCICirrusVGAState), .class_init =3D cirrus_vga_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/display/cirrus_vga_isa.c b/hw/display/cirrus_vga_isa.c index 4b55c48eff..7b38e6c33a 100644 --- a/hw/display/cirrus_vga_isa.c +++ b/hw/display/cirrus_vga_isa.c @@ -91,6 +91,7 @@ static const TypeInfo isa_cirrus_vga_info =3D { .parent =3D TYPE_ISA_DEVICE, .instance_size =3D sizeof(ISACirrusVGAState), .class_init =3D isa_cirrus_vga_class_init, + .secure =3D false, }; =20 static void cirrus_vga_isa_register_types(void) diff --git a/hw/display/dm163.c b/hw/display/dm163.c index f8340d8275..f043786775 100644 --- a/hw/display/dm163.c +++ b/hw/display/dm163.c @@ -343,6 +343,7 @@ static const TypeInfo dm163_types[] =3D { .parent =3D TYPE_DEVICE, .instance_size =3D sizeof(DM163State), .class_init =3D dm163_class_init + .secure =3D false, } }; =20 diff --git a/hw/display/dpcd.c b/hw/display/dpcd.c index a157dc64e7..733f643375 100644 --- a/hw/display/dpcd.c +++ b/hw/display/dpcd.c @@ -155,6 +155,7 @@ static const TypeInfo dpcd_info =3D { .instance_size =3D sizeof(DPCDState), .class_init =3D dpcd_class_init, .instance_init =3D dpcd_init, + .secure =3D false, }; =20 static void dpcd_register_types(void) diff --git a/hw/display/exynos4210_fimd.c b/hw/display/exynos4210_fimd.c index c61e0280a7..85e32e8700 100644 --- a/hw/display/exynos4210_fimd.c +++ b/hw/display/exynos4210_fimd.c @@ -1974,6 +1974,7 @@ static const TypeInfo exynos4210_fimd_info =3D { .instance_size =3D sizeof(Exynos4210fimdState), .instance_init =3D exynos4210_fimd_init, .class_init =3D exynos4210_fimd_class_init, + .secure =3D false, }; =20 static void exynos4210_fimd_register_types(void) diff --git a/hw/display/g364fb.c b/hw/display/g364fb.c index a6ddc21d3e..c23d584684 100644 --- a/hw/display/g364fb.c +++ b/hw/display/g364fb.c @@ -543,6 +543,7 @@ static const TypeInfo g364fb_sysbus_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(G364SysBusState), .class_init =3D g364fb_sysbus_class_init, + .secure =3D false, }; =20 static void g364fb_register_types(void) diff --git a/hw/display/i2c-ddc.c b/hw/display/i2c-ddc.c index 2adfc1a147..525479aa49 100644 --- a/hw/display/i2c-ddc.c +++ b/hw/display/i2c-ddc.c @@ -117,7 +117,8 @@ static const TypeInfo i2c_ddc_info =3D { .parent =3D TYPE_I2C_SLAVE, .instance_size =3D sizeof(I2CDDCState), .instance_init =3D i2c_ddc_init, - .class_init =3D i2c_ddc_class_init + .class_init =3D i2c_ddc_class_init, + .secure =3D false, }; =20 static void ddc_register_devices(void) diff --git a/hw/display/jazz_led.c b/hw/display/jazz_led.c index 90e82b58be..946f78306e 100644 --- a/hw/display/jazz_led.c +++ b/hw/display/jazz_led.c @@ -310,6 +310,7 @@ static const TypeInfo jazz_led_info =3D { .instance_size =3D sizeof(LedState), .instance_init =3D jazz_led_init, .class_init =3D jazz_led_class_init, + .secure =3D false, }; =20 static void jazz_led_register(void) diff --git a/hw/display/macfb.c b/hw/display/macfb.c index 574d667173..b80ce26d9b 100644 --- a/hw/display/macfb.c +++ b/hw/display/macfb.c @@ -825,6 +825,7 @@ static const TypeInfo macfb_sysbus_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(MacfbSysBusState), .class_init =3D macfb_sysbus_class_init, + .secure =3D false, }; =20 static const TypeInfo macfb_nubus_info =3D { @@ -833,6 +834,7 @@ static const TypeInfo macfb_nubus_info =3D { .instance_size =3D sizeof(MacfbNubusState), .class_init =3D macfb_nubus_class_init, .class_size =3D sizeof(MacfbNubusDeviceClass), + .secure =3D false, }; =20 static void macfb_register_types(void) diff --git a/hw/display/next-fb.c b/hw/display/next-fb.c index ec81b766a7..9ddbd13ba3 100644 --- a/hw/display/next-fb.c +++ b/hw/display/next-fb.c @@ -134,6 +134,7 @@ static const TypeInfo nextfb_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(NeXTFbState), .class_init =3D nextfb_class_init, + .secure =3D false, }; =20 static void nextfb_register_types(void) diff --git a/hw/display/pl110.c b/hw/display/pl110.c index 09c3c59e0e..ce33d4c68c 100644 --- a/hw/display/pl110.c +++ b/hw/display/pl110.c @@ -596,18 +596,21 @@ static const TypeInfo pl110_info =3D { .instance_size =3D sizeof(PL110State), .instance_init =3D pl110_init, .class_init =3D pl110_class_init, + .secure =3D false, }; =20 static const TypeInfo pl110_versatile_info =3D { .name =3D "pl110_versatile", .parent =3D TYPE_PL110, .instance_init =3D pl110_versatile_init, + .secure =3D false, }; =20 static const TypeInfo pl111_info =3D { .name =3D "pl111", .parent =3D TYPE_PL110, .instance_init =3D pl111_init, + .secure =3D false, }; =20 static void pl110_register_types(void) diff --git a/hw/display/qxl.c b/hw/display/qxl.c index 18f482ca7f..8f876c872a 100644 --- a/hw/display/qxl.c +++ b/hw/display/qxl.c @@ -2516,7 +2516,9 @@ static const TypeInfo qxl_pci_type_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIQXLDevice), .abstract =3D true, + .secure =3D true, .class_init =3D qxl_pci_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, @@ -2539,6 +2541,7 @@ static const TypeInfo qxl_primary_info =3D { .name =3D "qxl-vga", .parent =3D TYPE_PCI_QXL, .class_init =3D qxl_primary_class_init, + .secure =3D true, }; module_obj("qxl-vga"); module_kconfig(QXL); @@ -2557,6 +2560,7 @@ static const TypeInfo qxl_secondary_info =3D { .name =3D "qxl", .parent =3D TYPE_PCI_QXL, .class_init =3D qxl_secondary_class_init, + .secure =3D true, }; module_obj("qxl"); =20 diff --git a/hw/display/ramfb-standalone.c b/hw/display/ramfb-standalone.c index 72b2071aed..6fbb90d74c 100644 --- a/hw/display/ramfb-standalone.c +++ b/hw/display/ramfb-standalone.c @@ -83,6 +83,7 @@ static const TypeInfo ramfb_info =3D { .parent =3D TYPE_DYNAMIC_SYS_BUS_DEVICE, .instance_size =3D sizeof(RAMFBStandaloneState), .class_init =3D ramfb_class_initfn, + .secure =3D true, }; =20 static void ramfb_register_types(void) diff --git a/hw/display/sii9022.c b/hw/display/sii9022.c index d00d3e9fc5..06d7863a9e 100644 --- a/hw/display/sii9022.c +++ b/hw/display/sii9022.c @@ -185,6 +185,7 @@ static const TypeInfo sii9022_info =3D { .parent =3D TYPE_I2C_SLAVE, .instance_size =3D sizeof(sii9022_state), .class_init =3D sii9022_class_init, + .secure =3D false, }; =20 static void sii9022_register_types(void) diff --git a/hw/display/sm501.c b/hw/display/sm501.c index bc091b3c9f..abbb78ea3e 100644 --- a/hw/display/sm501.c +++ b/hw/display/sm501.c @@ -2114,6 +2114,7 @@ static const TypeInfo sm501_sysbus_info =3D { .instance_size =3D sizeof(SM501SysBusState), .class_init =3D sm501_sysbus_class_init, .instance_init =3D sm501_sysbus_init, + .secure =3D false, }; =20 #define TYPE_PCI_SM501 "sm501" diff --git a/hw/display/ssd0303.c b/hw/display/ssd0303.c index 87781438cd..4be9d3bcc5 100644 --- a/hw/display/ssd0303.c +++ b/hw/display/ssd0303.c @@ -328,6 +328,7 @@ static const TypeInfo ssd0303_info =3D { .parent =3D TYPE_I2C_SLAVE, .instance_size =3D sizeof(ssd0303_state), .class_init =3D ssd0303_class_init, + .secure =3D false, }; =20 static void ssd0303_register_types(void) diff --git a/hw/display/ssd0323.c b/hw/display/ssd0323.c index af5ff4fecd..8deddf2f47 100644 --- a/hw/display/ssd0323.c +++ b/hw/display/ssd0323.c @@ -378,6 +378,7 @@ static const TypeInfo ssd0323_info =3D { .parent =3D TYPE_SSI_PERIPHERAL, .instance_size =3D sizeof(ssd0323_state), .class_init =3D ssd0323_class_init, + .secure =3D false, }; =20 static void ssd03232_register_types(void) diff --git a/hw/display/tcx.c b/hw/display/tcx.c index 4853c5e142..1bbbc670dd 100644 --- a/hw/display/tcx.c +++ b/hw/display/tcx.c @@ -901,6 +901,7 @@ static const TypeInfo tcx_info =3D { .instance_size =3D sizeof(TCXState), .instance_init =3D tcx_initfn, .class_init =3D tcx_class_init, + .secure =3D false, }; =20 static void tcx_register_types(void) diff --git a/hw/display/vga-isa.c b/hw/display/vga-isa.c index 3618913b3b..d01d73ddb0 100644 --- a/hw/display/vga-isa.c +++ b/hw/display/vga-isa.c @@ -108,6 +108,7 @@ static const TypeInfo vga_isa_info =3D { .parent =3D TYPE_ISA_DEVICE, .instance_size =3D sizeof(ISAVGAState), .class_init =3D vga_isa_class_initfn, + .secure =3D false, }; =20 static void vga_isa_register_types(void) diff --git a/hw/display/vga-mmio.c b/hw/display/vga-mmio.c index 33263856b7..1c53422b59 100644 --- a/hw/display/vga-mmio.c +++ b/hw/display/vga-mmio.c @@ -132,6 +132,7 @@ static const TypeInfo vga_mmio_info =3D { .parent =3D TYPE_SYS_BUS_DEVICE, .instance_size =3D sizeof(VGAMmioState), .class_init =3D vga_mmio_class_initfn, + .secure =3D true, }; =20 static void vga_mmio_register_types(void) diff --git a/hw/display/vga-pci.c b/hw/display/vga-pci.c index b81f7fd2d0..acd59865d3 100644 --- a/hw/display/vga-pci.c +++ b/hw/display/vga-pci.c @@ -368,6 +368,7 @@ static const TypeInfo vga_pci_type_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(PCIVGAState), .abstract =3D true, + .secure =3D true, .class_init =3D vga_pci_class_init, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, @@ -408,6 +409,7 @@ static const TypeInfo vga_info =3D { .name =3D "VGA", .parent =3D TYPE_PCI_VGA, .class_init =3D vga_class_init, + .secure =3D true, }; =20 static const TypeInfo secondary_info =3D { @@ -415,6 +417,7 @@ static const TypeInfo secondary_info =3D { .parent =3D TYPE_PCI_VGA, .instance_init =3D pci_secondary_vga_init, .class_init =3D secondary_class_init, + .secure =3D true, }; =20 static void vga_register_types(void) diff --git a/hw/display/vmware_vga.c b/hw/display/vmware_vga.c index bc1a8ed466..8734da1175 100644 --- a/hw/display/vmware_vga.c +++ b/hw/display/vmware_vga.c @@ -1363,6 +1363,7 @@ static const TypeInfo vmsvga_info =3D { .parent =3D TYPE_PCI_DEVICE, .instance_size =3D sizeof(struct pci_vmsvga_state_s), .class_init =3D vmsvga_class_init, + .secure =3D true, .interfaces =3D (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/display/xlnx_dp.c b/hw/display/xlnx_dp.c index ef73e1815f..dc239537a9 100644 --- a/hw/display/xlnx_dp.c +++ b/hw/display/xlnx_dp.c @@ -1412,6 +1412,7 @@ static const TypeInfo xlnx_dp_info =3D { .instance_init =3D xlnx_dp_init, .instance_finalize =3D xlnx_dp_finalize, .class_init =3D xlnx_dp_class_init, + .secure =3D false, }; =20 static void xlnx_dp_register_types(void) --=20 2.50.1