From nobody Sun Sep 28 15:27:18 2025
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=quarantine dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1758895514; cv=none;
	d=zohomail.com; s=zohoarc;
	b=bEyzN3KmpWkaJZHWKN19Xkb0AJPRfTtk5TntPOa3jxSBmVZQcT4fKwTeqb8ROjr5CC0upuCp9L2P1qcYDqxpDmXuzopMMJUvZoCh6EsmRb20uwiZ8XHKlcHrVNpX7QwzPdUw2PL8XB/bWLmWXOjrdpqWTYPA6KXRG3w62wiTEj4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1758895514;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To;
	bh=fE5De4SjYRlCpVLxA+SQVwGwECmyEZ+H53iSXNQLIpI=;
	b=SvIh5f5lb0F7161GrEL955rP3luIlt5Dbeo6V3waxTifwEijQQYgW7RX6SHLcPALsKKZYPYZbSwsRuoL4rP75FGLvVKLaZ8Jo5T29eOtcub6/g0pjbWbupHzosNNdIH5KurKjdAnlvLsgUzROfn+AcJHoeUnbBQChQ6osaL1ExA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<berrange@redhat.com> (p=quarantine dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1758895514604740.0946073960259;
 Fri, 26 Sep 2025 07:05:14 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1v293A-0006ge-V0; Fri, 26 Sep 2025 10:03:53 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <berrange@redhat.com>)
 id 1v2935-0006fx-Iw
 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:49 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <berrange@redhat.com>)
 id 1v2932-0004oz-2A
 for qemu-devel@nongnu.org; Fri, 26 Sep 2025 10:03:47 -0400
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-198-_o3dCpmAMIe2fMKNfYDkuA-1; Fri,
 26 Sep 2025 10:03:35 -0400
Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 6498C1800451; Fri, 26 Sep 2025 14:03:34 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.175])
 by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 7B8E81956095; Fri, 26 Sep 2025 14:03:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1758895419;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=fE5De4SjYRlCpVLxA+SQVwGwECmyEZ+H53iSXNQLIpI=;
 b=aWtGQ+UZWlHvDyO4EgSL2onJcB30SO+IqDnJN4ypEP7kBUe3I1kLd3QDFRa7OdVd+xD4MN
 XXbhrbJ8W62MPKUNI74IIv0H4+qQiVRbCzccnTDuE6lDyefK5fLcTmEfEzFWDYQ+ayNTeI
 b3d6FW3q6popkqcyn6b2QxcfMwYEpnE=
X-MC-Unique: _o3dCpmAMIe2fMKNfYDkuA-1
X-Mimecast-MFC-AGG-ID: _o3dCpmAMIe2fMKNfYDkuA_1758895414
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: Thomas Huth <thuth@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 Peter Maydell <peter.maydell@linaro.org>,
 Markus Armbruster <armbru@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>,
 "Michael S. Tsirkin" <mst@redhat.com>,
 =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Subject: [PATCH v2 17/32] accel: mark kvm, xen & hvf as secure;
 tcg & qtest as insecure
Date: Fri, 26 Sep 2025 15:01:28 +0100
Message-ID: <20250926140144.1998694-18-berrange@redhat.com>
In-Reply-To: <20250926140144.1998694-1-berrange@redhat.com>
References: <20250926140144.1998694-1-berrange@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=170.10.133.124;
 envelope-from=berrange@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -24
X-Spam_score: -2.5
X-Spam_bar: --
X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.446,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1758895516918116600

TCG is too complex to be considered to provide a security boundary
for malicious guest workloads. QTest is only used for functional
testing and thus is not relevant to mark secure.

KVM, HVF and Xen, meanwhile are all servicing virtualization use
cases which must provide security.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 accel/accel-common.c      | 1 +
 accel/accel-system.c      | 1 +
 accel/accel-target.c      | 1 +
 accel/hvf/hvf-accel-ops.c | 1 +
 accel/hvf/hvf-all.c       | 1 +
 accel/kvm/kvm-accel-ops.c | 1 +
 accel/kvm/kvm-all.c       | 1 +
 accel/qtest/qtest.c       | 2 ++
 accel/tcg/tcg-accel-ops.c | 1 +
 accel/tcg/tcg-all.c       | 1 +
 accel/xen/xen-all.c       | 2 ++
 11 files changed, 13 insertions(+)

diff --git a/accel/accel-common.c b/accel/accel-common.c
index 850c5ab4b8..cb44315f27 100644
--- a/accel/accel-common.c
+++ b/accel/accel-common.c
@@ -138,6 +138,7 @@ static const TypeInfo accel_types[] =3D {
         .class_size     =3D sizeof(AccelClass),
         .instance_size  =3D sizeof(AccelState),
         .abstract       =3D true,
+        .secure         =3D true,
     },
 };
=20
diff --git a/accel/accel-system.c b/accel/accel-system.c
index 1e97c64fdc..fbffcccbd6 100644
--- a/accel/accel-system.c
+++ b/accel/accel-system.c
@@ -114,6 +114,7 @@ static const TypeInfo accel_ops_type_info =3D {
     .name =3D TYPE_ACCEL_OPS,
     .parent =3D TYPE_OBJECT,
     .abstract =3D true,
+    .secure =3D true,
     .class_size =3D sizeof(AccelOpsClass),
     .class_init =3D accel_ops_class_init,
 };
diff --git a/accel/accel-target.c b/accel/accel-target.c
index 7fd392fbc4..6ea9386cb8 100644
--- a/accel/accel-target.c
+++ b/accel/accel-target.c
@@ -31,6 +31,7 @@ static const TypeInfo accel_cpu_type =3D {
     .parent =3D TYPE_OBJECT,
     .abstract =3D true,
     .class_size =3D sizeof(AccelCPUClass),
+    .secure =3D true,
 };
=20
 static void register_accel_types(void)
diff --git a/accel/hvf/hvf-accel-ops.c b/accel/hvf/hvf-accel-ops.c
index 8b794c2d41..e807103379 100644
--- a/accel/hvf/hvf-accel-ops.c
+++ b/accel/hvf/hvf-accel-ops.c
@@ -397,6 +397,7 @@ static const TypeInfo hvf_accel_ops_type =3D {
     .parent =3D TYPE_ACCEL_OPS,
     .class_init =3D hvf_accel_ops_class_init,
     .abstract =3D true,
+    .secure =3D true,
 };
=20
 static void hvf_accel_ops_register_types(void)
diff --git a/accel/hvf/hvf-all.c b/accel/hvf/hvf-all.c
index 0a4b498e83..1d49a59053 100644
--- a/accel/hvf/hvf-all.c
+++ b/accel/hvf/hvf-all.c
@@ -304,6 +304,7 @@ static const TypeInfo hvf_accel_type =3D {
     .parent =3D TYPE_ACCEL,
     .instance_size =3D sizeof(HVFState),
     .class_init =3D hvf_accel_class_init,
+    .secure =3D true,
 };
=20
 static void hvf_type_init(void)
diff --git a/accel/kvm/kvm-accel-ops.c b/accel/kvm/kvm-accel-ops.c
index 8ed6945c2f..d4d30c311f 100644
--- a/accel/kvm/kvm-accel-ops.c
+++ b/accel/kvm/kvm-accel-ops.c
@@ -119,6 +119,7 @@ static const TypeInfo kvm_accel_ops_type =3D {
     .parent =3D TYPE_ACCEL_OPS,
     .class_init =3D kvm_accel_ops_class_init,
     .abstract =3D true,
+    .secure =3D true,
 };
=20
 static void kvm_accel_ops_register_types(void)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 9060599cd7..67f2172443 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -4066,6 +4066,7 @@ static const TypeInfo kvm_accel_type =3D {
     .instance_init =3D kvm_accel_instance_init,
     .class_init =3D kvm_accel_class_init,
     .instance_size =3D sizeof(KVMState),
+    .secure =3D true,
 };
=20
 static void kvm_type_init(void)
diff --git a/accel/qtest/qtest.c b/accel/qtest/qtest.c
index 1d4337d698..44649b0ebb 100644
--- a/accel/qtest/qtest.c
+++ b/accel/qtest/qtest.c
@@ -58,6 +58,7 @@ static const TypeInfo qtest_accel_type =3D {
     .name =3D TYPE_QTEST_ACCEL,
     .parent =3D TYPE_ACCEL,
     .class_init =3D qtest_accel_class_init,
+    .secure =3D false,
 };
 module_obj(TYPE_QTEST_ACCEL);
=20
@@ -77,6 +78,7 @@ static const TypeInfo qtest_accel_ops_type =3D {
     .parent =3D TYPE_ACCEL_OPS,
     .class_init =3D qtest_accel_ops_class_init,
     .abstract =3D true,
+    .secure =3D false,
 };
 module_obj(ACCEL_OPS_NAME("qtest"));
=20
diff --git a/accel/tcg/tcg-accel-ops.c b/accel/tcg/tcg-accel-ops.c
index 3bd9800504..125017df29 100644
--- a/accel/tcg/tcg-accel-ops.c
+++ b/accel/tcg/tcg-accel-ops.c
@@ -239,6 +239,7 @@ static const TypeInfo tcg_accel_ops_type =3D {
     .parent =3D TYPE_ACCEL_OPS,
     .class_init =3D tcg_accel_ops_class_init,
     .abstract =3D true,
+    .secure =3D false,
 };
 module_obj(ACCEL_OPS_NAME("tcg"));
=20
diff --git a/accel/tcg/tcg-all.c b/accel/tcg/tcg-all.c
index 18ea0c58b0..3aab82b51b 100644
--- a/accel/tcg/tcg-all.c
+++ b/accel/tcg/tcg-all.c
@@ -296,6 +296,7 @@ static const TypeInfo tcg_accel_type =3D {
     .instance_init =3D tcg_accel_instance_init,
     .class_init =3D tcg_accel_class_init,
     .instance_size =3D sizeof(TCGState),
+    .secure =3D false,
 };
 module_obj(TYPE_TCG_ACCEL);
=20
diff --git a/accel/xen/xen-all.c b/accel/xen/xen-all.c
index 97377d67d1..754a4099a4 100644
--- a/accel/xen/xen-all.c
+++ b/accel/xen/xen-all.c
@@ -147,6 +147,7 @@ static const TypeInfo xen_accel_type =3D {
     .name =3D TYPE_XEN_ACCEL,
     .parent =3D TYPE_ACCEL,
     .class_init =3D xen_accel_class_init,
+    .secure =3D true,
 };
=20
 static void xen_accel_ops_class_init(ObjectClass *oc, const void *data)
@@ -163,6 +164,7 @@ static const TypeInfo xen_accel_ops_type =3D {
     .parent =3D TYPE_ACCEL_OPS,
     .class_init =3D xen_accel_ops_class_init,
     .abstract =3D true,
+    .secure =3D true,
 };
=20
 static void xen_type_init(void)
--=20
2.50.1