From nobody Sun Sep 28 15:27:18 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1758895890; cv=none; d=zohomail.com; s=zohoarc; b=ChRAqy9BqcrRfZjOP9jZKcvMtdZaq7kFeDLsFIsYor1YpFWnAxdxbj6NYUY0+6imijVDZ4NU6acrVtQFK374GjGcf9ha3KqanoimjqyoL3OMOfWSawHtxTbKuNBZOn6SPTtPD+JoSAcXr9UF+RWm7hcTCfE0tOX3ZaWvlauBem4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1758895890; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=XVrAynmvaUFzruaGCEo1jmveHQiY6eBskywHu4uSLF4=; b=cLlq6KQgZeTq8W0t0AV8Q9IRkO5oUTGqTakt9W+StGlj0rA3SmhcKT8GsPAkuBRB1A54aICvaD1EtyepoB1GVZLv0nwkH2odAStDtS4sgxVvpf6Mt4Gt44c8oiQsXg49C8e6rpae82Ba3Dq64flU9o7Ei04rXZW1/+BnXG8lD3U= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1758895890789774.3980896808735; Fri, 26 Sep 2025 07:11:30 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v292y-0006a5-MD; Fri, 26 Sep 2025 10:03:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292t-0006Tb-Ng for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v292e-0004ln-7h for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:33 -0400 Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-386-NQZhS5cDPkuLPkhdrZ_sFQ-1; Fri, 26 Sep 2025 10:03:10 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D9D1A180AB1D; Fri, 26 Sep 2025 14:03:00 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.175]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 0AF8F1956095; Fri, 26 Sep 2025 14:02:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758895395; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XVrAynmvaUFzruaGCEo1jmveHQiY6eBskywHu4uSLF4=; b=Yv1pQsuAjXWsbSskNMZNWGu4AS+0AYpWihc9cs5cj+NSNv/W4bcWVQoH2eZ4XLOFn6z3ru 1I5HRwXC3CTvYLD5zCJnWzflueQ+vFYdV/An9Pg1k2vW/8QTDAyw9pxCqmfPInKQSlxrZm sVhzuqrnJfcAqo6hneOVktdIghukAuY= X-MC-Unique: NQZhS5cDPkuLPkhdrZ_sFQ-1 X-Mimecast-MFC-AGG-ID: NQZhS5cDPkuLPkhdrZ_sFQ_1758895389 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: qemu-devel@nongnu.org Cc: Thomas Huth , Stefan Hajnoczi , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Peter Maydell , Markus Armbruster , Paolo Bonzini , "Michael S. Tsirkin" , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 13/32] machine: add helpers for declaring secure/insecure machine types Date: Fri, 26 Sep 2025 15:01:24 +0100 Message-ID: <20250926140144.1998694-14-berrange@redhat.com> In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com> References: <20250926140144.1998694-1-berrange@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001, T_SPF_HELO_TEMPERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1758895892439116601 The current DEFINE_MACHINE macro will declare machine type without any explicit statement about the security status. As such the machine type will be treated as implicitly insecure at runtime. Introduce new DEFINE_SECURE_MACHINE and DEFINE_INSECURE_MACHINE macros that allow code to make an explicit statement about security status of the machine. All machine declarations should transition to the new macros allowing the implicit macro to eventually be removed. The same is done for the specialized i386 PC related macros. Signed-off-by: Daniel P. Berrang=C3=A9 --- include/hw/boards.h | 12 +++++++++++- include/hw/i386/pc.h | 13 ++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/include/hw/boards.h b/include/hw/boards.h index 665b620121..8105c54a90 100644 --- a/include/hw/boards.h +++ b/include/hw/boards.h @@ -762,7 +762,7 @@ struct MachineState { } \ } while (0) =20 -#define DEFINE_MACHINE(namestr, machine_initfn) \ +#define DEFINE_MACHINE_IMPL(namestr, machine_initfn, issecure) \ static void machine_initfn##_class_init(ObjectClass *oc, const void *d= ata) \ { \ MachineClass *mc =3D MACHINE_CLASS(oc); \ @@ -772,6 +772,7 @@ struct MachineState { .name =3D MACHINE_TYPE_NAME(namestr), \ .parent =3D TYPE_MACHINE, \ .class_init =3D machine_initfn##_class_init, \ + .secure =3D issecure, \ }; \ static void machine_initfn##_register_types(void) \ { \ @@ -779,6 +780,15 @@ struct MachineState { } \ type_init(machine_initfn##_register_types) =20 +/* Implicitly insecure, prefer explicitly declaring security status */ +#define DEFINE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, false) + +#define DEFINE_SECURE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, true) +#define DEFINE_INSECURE_MACHINE(namestr, machine_initfn) \ + DEFINE_MACHINE_IMPL(namestr, machine_initfn, false) + extern GlobalProperty hw_compat_10_1[]; extern const size_t hw_compat_10_1_len; =20 diff --git a/include/hw/i386/pc.h b/include/hw/i386/pc.h index e83157ab35..1ccb6ed9fc 100644 --- a/include/hw/i386/pc.h +++ b/include/hw/i386/pc.h @@ -301,7 +301,7 @@ extern const size_t pc_compat_2_7_len; extern GlobalProperty pc_compat_2_6[]; extern const size_t pc_compat_2_6_len; =20 -#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ +#define DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, issecure) \ static void pc_machine_##suffix##_class_init(ObjectClass *oc, \ const void *data) \ { \ @@ -313,6 +313,7 @@ extern const size_t pc_compat_2_6_len; .name =3D namestr TYPE_MACHINE_SUFFIX, \ .parent =3D TYPE_PC_MACHINE, \ .class_init =3D pc_machine_##suffix##_class_init, \ + .secure =3D issecure, \ }; \ static void pc_machine_init_##suffix(void) \ { \ @@ -320,6 +321,16 @@ extern const size_t pc_compat_2_6_len; } \ type_init(pc_machine_init_##suffix) =20 +/* Implicitly insecure, prefer explicitly declaring security status */ +#define DEFINE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ + DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, false) + +#define DEFINE_SECURE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ + DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, true) +#define DEFINE_INSECURE_PC_MACHINE(suffix, namestr, initfn, optsfn) \ + DEFINE_PC_MACHINE_IMPL(suffix, namestr, initfn, optsfn, false) + + #define DEFINE_PC_VER_MACHINE(namesym, namestr, initfn, isdefault, malias,= ...) \ static void MACHINE_VER_SYM(init, namesym, __VA_ARGS__)( \ MachineState *machine) \ --=20 2.50.1