From patchwork Wed Sep 8 23:20:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526042 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=YOy/EIFl; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dRz0jmDz9s5R for ; Thu, 9 Sep 2021 09:21:17 +1000 (AEST) Received: from localhost ([::1]:47438 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6sT-0006Lx-RM for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:21:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36082) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6rt-0006JV-6p for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:37 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:49403) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6rr-0002bN-Fd for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143233; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=24r6QApw3vBXmuZyf+4hmvAM+x9sjvcUeNKNebXV07M=; b=YOy/EIFlO+uj5rMwhhVn/Ebt55DcxcKrYDJ6SRUVk6YNFJGbBUGwZPsoQxtDz85TIP0L9b Nn4kpSUOof6K0GTvg/Bz1GPDMg9tfNk8Mh7Rw/n3oLvQhBb7vTXYqJEKh7tmItH3/RbISP j7SfmJW1NBZo2Mc7sJKzOmccLMuo8Qg= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-586-__LQsZ7jPESpPDJW6YTypA-1; Wed, 08 Sep 2021 19:20:32 -0400 X-MC-Unique: __LQsZ7jPESpPDJW6YTypA-1 Received: by mail-wm1-f72.google.com with SMTP id v21-20020a05600c215500b002fa7eb53754so32280wml.4 for ; Wed, 08 Sep 2021 16:20:32 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=24r6QApw3vBXmuZyf+4hmvAM+x9sjvcUeNKNebXV07M=; b=hWZrAB+qBS4ZuzUaX2D4uqjEkMHPR9NYUNdKSUIydtEf6D8bEnoSurHTJ+no5Elifm cV4N6FFziFXwr1ynN7RlJ3Ht0U2//etHOVN8uBWXih06Ug9LfNOvFtOtjKuULwAItVyR W43foJQy0d7g/x/U/Ce810esiPr2e5FLwQARyY83k8cHp1Gw29YDUE8lT0/2aQtJVcDd USVazOJYpPJxKdCWHginlLOmjQrZvgyH99N3faI0175IdvrBu7eQAnelNBjgI7dW/hct yfRrQRCt3x9m1x09DA1DxJwabwkaGYGagO4xAxH6pCZ41gQRQYm/2TMzt5Uh0grh9VsQ zyzw== X-Gm-Message-State: AOAM531/YyQpsI+3vNkFfkCMkTqFbL7swzPfaBfz7ReY0dwbKaTRtuBk 5/rGBs/ctYPi2jhkPUc03n18ZvDpWkDpq/HpeBGxz8u1ZfmtXB82BfJlmHi6nQItmV7wMm16D6E Fl/AQ0nMFpbQ1yV7BiYoq+X+xW+V4yWRsfQfBkZCCl4oAcZyEfcCVL64ebiAEzu6I X-Received: by 2002:a1c:a505:: with SMTP id o5mr581218wme.32.1631143231229; Wed, 08 Sep 2021 16:20:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxASJCusoNVcbOBdnL042tIJLhajKX+g6Wmf6M6mn99T6nfkEBgAxNrSyEjSzJ0g2TtZ/mq2Q== X-Received: by 2002:a1c:a505:: with SMTP id o5mr581183wme.32.1631143230848; Wed, 08 Sep 2021 16:20:30 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id d24sm351621wmb.35.2021.09.08.16.20.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:30 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 01/10] sysemu: Introduce qemu_security_policy_taint() API Date: Thu, 9 Sep 2021 01:20:15 +0200 Message-Id: <20210908232024.2399215-2-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Introduce qemu_security_policy_taint() which allows unsafe (read "not very maintained") code to 'taint' QEMU security policy. The "security policy" is the @SecurityPolicy QAPI enum, composed of: - "none" (no policy, current behavior) - "warn" (display a warning when the policy is tainted, keep going) - "strict" (once tainted, exit QEMU before starting the VM) The qemu_security_policy_is_strict() helper is also provided, which will be proved useful once a VM is started (example we do not want to kill a running VM if an unsafe device is hot-added). Signed-off-by: Philippe Mathieu-Daudé --- qapi/run-state.json | 16 +++++++++++ include/qemu-common.h | 19 ++++++++++++ softmmu/vl.c | 67 +++++++++++++++++++++++++++++++++++++++++++ qemu-options.hx | 17 +++++++++++ 4 files changed, 119 insertions(+) diff --git a/qapi/run-state.json b/qapi/run-state.json index 43d66d700fc..b15a107fa01 100644 --- a/qapi/run-state.json +++ b/qapi/run-state.json @@ -638,3 +638,19 @@ { 'struct': 'MemoryFailureFlags', 'data': { 'action-required': 'bool', 'recursive': 'bool'} } + +## +# @SecurityPolicy: +# +# An enumeration of the actions taken when the security policy is tainted. +# +# @none: do nothing. +# +# @warn: display a warning. +# +# @strict: prohibit QEMU to start a VM. +# +# Since: 6.2 +## +{ 'enum': 'SecurityPolicy', + 'data': [ 'none', 'warn', 'strict' ] } diff --git a/include/qemu-common.h b/include/qemu-common.h index 73bcf763ed8..bf0b054bb66 100644 --- a/include/qemu-common.h +++ b/include/qemu-common.h @@ -139,4 +139,23 @@ void page_size_init(void); * returned. */ bool dump_in_progress(void); +/** + * qemu_security_policy_taint: + * @tainting whether any security policy is tainted (compromised). + * @fmt: taint reason format string + * ...: list of arguments to interpolate into @fmt, like printf(). + * + * Allow unsafe code path to taint the global security policy. + * See #SecurityPolicy. + */ +void qemu_security_policy_taint(bool tainting, const char *fmt, ...) + GCC_FMT_ATTR(2, 3); + +/** + * qemu_security_policy_is_strict: + * + * Return %true if the global security policy is 'strict', %false otherwise. + */ +bool qemu_security_policy_is_strict(void); + #endif diff --git a/softmmu/vl.c b/softmmu/vl.c index 55ab70eb97f..92c05ac97ee 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -489,6 +489,20 @@ static QemuOptsList qemu_action_opts = { }, }; +static QemuOptsList qemu_security_policy_opts = { + .name = "security-policy", + .implied_opt_name = "policy", + .merge_lists = true, + .head = QTAILQ_HEAD_INITIALIZER(qemu_security_policy_opts.head), + .desc = { + { + .name = "policy", + .type = QEMU_OPT_STRING, + }, + { /* end of list */ } + }, +}; + const char *qemu_get_vm_name(void) { return qemu_name; @@ -600,6 +614,52 @@ static int cleanup_add_fd(void *opaque, QemuOpts *opts, Error **errp) } #endif +static SecurityPolicy security_policy = SECURITY_POLICY_NONE; + +bool qemu_security_policy_is_strict(void) +{ + return security_policy == SECURITY_POLICY_STRICT; +} + +static int select_security_policy(const char *p) +{ + int policy; + char *qapi_value; + + qapi_value = g_ascii_strdown(p, -1); + policy = qapi_enum_parse(&SecurityPolicy_lookup, qapi_value, -1, NULL); + g_free(qapi_value); + if (policy < 0) { + return -1; + } + security_policy = policy; + + return 0; +} + +void qemu_security_policy_taint(bool tainting, const char *fmt, ...) +{ + va_list ap; + g_autofree char *efmt = NULL; + + if (security_policy == SECURITY_POLICY_NONE || !tainting) { + return; + } + + va_start(ap, fmt); + if (security_policy == SECURITY_POLICY_STRICT) { + efmt = g_strdup_printf("%s taints QEMU security policy, exiting.", fmt); + error_vreport(efmt, ap); + exit(EXIT_FAILURE); + } else if (security_policy == SECURITY_POLICY_WARN) { + efmt = g_strdup_printf("%s taints QEMU security policy.", fmt); + warn_vreport(efmt, ap); + } else { + g_assert_not_reached(); + } + va_end(ap); +} + /***********************************************************/ /* QEMU Block devices */ @@ -2764,6 +2824,7 @@ void qemu_init(int argc, char **argv, char **envp) qemu_add_opts(&qemu_semihosting_config_opts); qemu_add_opts(&qemu_fw_cfg_opts); qemu_add_opts(&qemu_action_opts); + qemu_add_opts(&qemu_security_policy_opts); module_call_init(MODULE_INIT_OPTS); error_init(argv[0]); @@ -3230,6 +3291,12 @@ void qemu_init(int argc, char **argv, char **envp) exit(1); } break; + case QEMU_OPTION_security_policy: + if (select_security_policy(optarg) == -1) { + error_report("unknown -security-policy parameter"); + exit(1); + } + break; case QEMU_OPTION_parallel: add_device_config(DEV_PARALLEL, optarg); default_parallel = 0; diff --git a/qemu-options.hx b/qemu-options.hx index 8f603cc7e65..d9939f7ae1d 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4298,6 +4298,23 @@ SRST ERST +DEF("security-policy", HAS_ARG, QEMU_OPTION_security_policy, \ + "-security-policy none|warn|strict\n" \ + " action when security policy is tainted [default=none]\n", + QEMU_ARCH_ALL) +SRST +``-security-policy policy`` + The policy controls what QEMU will do when an unsecure feature is + used, tainting the process security. The default is ``none`` (do + nothing). Other possible actions are: ``warn`` (display a warning + and keep going) or ``strict`` (exits QEMU before launching a VM). + + Examples: + + ``-security-policy warn``; \ ``-security-policy strict`` + +ERST + DEF("echr", HAS_ARG, QEMU_OPTION_echr, \ "-echr chr set terminal escape character instead of ctrl-a\n", QEMU_ARCH_ALL) From patchwork Wed Sep 8 23:20:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526044 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=CNr7uEMA; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dS22dlvz9s5R for ; Thu, 9 Sep 2021 09:21:22 +1000 (AEST) Received: from localhost ([::1]:48042 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6sa-0006qK-2L for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:21:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36118) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6ry-0006UU-8f for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:42 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:21492) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6rv-0002iH-El for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143238; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=VWnIa1NnZmGclGfmWQAc+byFrHYlEtTXg6KMBnsWc1s=; b=CNr7uEMA9kce1mHm8iJRelPNGfg/Oj7Dn6LovQY5TTLblc8kbJOcFtS22RRLTtSaNaEl4E VLYd9KZkuGraLYmHaL3r2Jw+BHe28d/3lc1D6u88BLC7NtYOvuGSOhyDdvS8coF4RZ+KJH 4/0/Kg2IXtekjoQnjG/sd5TxZZtASz4= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-101-6Q8R3zvrMoSU5R8aT9PUng-1; Wed, 08 Sep 2021 19:20:37 -0400 X-MC-Unique: 6Q8R3zvrMoSU5R8aT9PUng-1 Received: by mail-wm1-f70.google.com with SMTP id v2-20020a7bcb420000b02902e6b108fcf1so32016wmj.8 for ; Wed, 08 Sep 2021 16:20:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VWnIa1NnZmGclGfmWQAc+byFrHYlEtTXg6KMBnsWc1s=; b=YL/FP/DYEBNYPztG8FAwp2ISrvt2qkHp72Fx2nvxpL3gxSBsMJtcDt7h4R6l2bWFbI PMaI1fn+ictz5k08ri2gdd01uGwDCj/ozC/RmGgZK+snbhfSjYA3ji2aDR6a24juXN0P lUBGBvu6c3IIlPh0F4kuA9PT1Wa7hikWJL1WLoVrqEFrFdoii8pkAv2y9Zrbl2j+M4Fc Swa6kJgN3HEuxC0VHGnKAQjWvMmaiYfL/jpQS8w/f78vWiWHbBSDOWYg9dLeA1uYy95l vEpWV1cSeVDCvFX8c+CXNDp/IIf7r23Ygh3UxoGkPzGufkaoGiJiUaipOIGqVy+aG56T VlDQ== X-Gm-Message-State: AOAM532LJhh2nBuAsquZIwBVjEyE5FrSDIm7TJ6RFhMN5Nh90szYFrkq QdlHdq06W83KEtiknKKHiFBlvB+Hu28E7UWSTMQi2Ic34UKB4p9p2NCqSb3ngxkxiiCtlX6kQJE V6426hhESwOuLYY85leraPvFivk9dXh00q46tqu7lagq/kcg45K9OtvyQ5ASypzOy X-Received: by 2002:a1c:448a:: with SMTP id r132mr557416wma.105.1631143236109; Wed, 08 Sep 2021 16:20:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw6WkilBgiH6FuwGNniEzqjgdLM6GzbGQfLFFCepoIH7M5nhemfkyQL//fRVRjKLyNs63E1PQ== X-Received: by 2002:a1c:448a:: with SMTP id r132mr557389wma.105.1631143235880; Wed, 08 Sep 2021 16:20:35 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id j14sm30789wrp.21.2021.09.08.16.20.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:35 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe Date: Thu, 9 Sep 2021 01:20:16 +0200 Message-Id: <20210908232024.2399215-3-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Add the AccelClass::secure_policy_supported field to classify safe (within security boundary) vs unsafe accelerators. Signed-off-by: Philippe Mathieu-Daudé --- include/qemu/accel.h | 5 +++++ accel/kvm/kvm-all.c | 1 + accel/xen/xen-all.c | 1 + softmmu/vl.c | 3 +++ 4 files changed, 10 insertions(+) diff --git a/include/qemu/accel.h b/include/qemu/accel.h index 4f4c283f6fc..895e30be0de 100644 --- a/include/qemu/accel.h +++ b/include/qemu/accel.h @@ -44,6 +44,11 @@ typedef struct AccelClass { hwaddr start_addr, hwaddr size); #endif bool *allowed; + /* + * Whether the accelerator is withing QEMU security policy boundary. + * See: https://www.qemu.org/contribute/security-process/ + */ + bool secure_policy_supported; /* * Array of global properties that would be applied when specific * accelerator is chosen. It works like MachineClass.compat_props diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c index 0125c17edb8..eb6b9e44df2 100644 --- a/accel/kvm/kvm-all.c +++ b/accel/kvm/kvm-all.c @@ -3623,6 +3623,7 @@ static void kvm_accel_class_init(ObjectClass *oc, void *data) ac->init_machine = kvm_init; ac->has_memory = kvm_accel_has_memory; ac->allowed = &kvm_allowed; + ac->secure_policy_supported = true; object_class_property_add(oc, "kernel-irqchip", "on|off|split", NULL, kvm_set_kernel_irqchip, diff --git a/accel/xen/xen-all.c b/accel/xen/xen-all.c index 69aa7d018b2..57867af5faf 100644 --- a/accel/xen/xen-all.c +++ b/accel/xen/xen-all.c @@ -198,6 +198,7 @@ static void xen_accel_class_init(ObjectClass *oc, void *data) ac->setup_post = xen_setup_post; ac->allowed = &xen_allowed; ac->compat_props = g_ptr_array_new(); + ac->secure_policy_supported = true; compat_props_add(ac->compat_props, compat, G_N_ELEMENTS(compat)); diff --git a/softmmu/vl.c b/softmmu/vl.c index 92c05ac97ee..e4f94e159c3 100644 --- a/softmmu/vl.c +++ b/softmmu/vl.c @@ -2388,6 +2388,9 @@ static int do_configure_accelerator(void *opaque, QemuOpts *opts, Error **errp) return 0; } + qemu_security_policy_taint(!ac->secure_policy_supported, + "%s accelerator", acc); + return 1; } From patchwork Wed Sep 8 23:20:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526047 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=DzNscKHD; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dVt23Ghz9t0p for ; Thu, 9 Sep 2021 09:23:50 +1000 (AEST) Received: from localhost ([::1]:56464 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6ux-00041x-RW for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:23:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36144) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6s2-0006gu-2g for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:46 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:54231) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6s0-0002md-Bz for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143243; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AztXDO9JQH0V78yza1WhT6PPCcwDZClDQJU1AbRxT1E=; b=DzNscKHD3B+rraynLTiG6CcFw3GBOY0qxjYVo/6Orqx2lRKrTmHUdjS8qLxwmpQcj7StRN Mykf0lwDYaebs39zHs5SnQpcb9VgCmEOSsSQ8VtDZoP1M16PR3lxxWqBDQNoTCfYQwlhAW wdLaQ24zI0jb7CYEshHXMM+oVlnWEZo= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-233-mGKaeruPN1SYzwcTs6Yyjw-1; Wed, 08 Sep 2021 19:20:42 -0400 X-MC-Unique: mGKaeruPN1SYzwcTs6Yyjw-1 Received: by mail-wm1-f72.google.com with SMTP id f17-20020a05600c155100b002f05f30ff03so43155wmg.3 for ; Wed, 08 Sep 2021 16:20:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AztXDO9JQH0V78yza1WhT6PPCcwDZClDQJU1AbRxT1E=; b=MZYzep8O1l98mZ/F6yNVwfIIpnAU5ItQy58TJpEaqLTFZ7ew48j90v6+9UqC9gx6RU jgj4zqQbfCH5N8lrQM5w/knYLnaRAeyg/IP74wFvanUf4XxqlkcIqR7Q6a1A+L0NfuXe BNuz3OggEoj/H3RVV9Idf0e35Bb1gNBysuM11rbj5BSqBLmLLH3KfDU7B0e5nK2qr+gI FiYu142Q3uJq8FJxlW8ttIZogRqsWeJqtmwuvq0fsr3h/1rREOVWxKl1ajDKxu5nsQcM yCL8Bs8EZNS3h3vJ/pHrJVqtOXai+7aK4lYOedFeR3ygDLwSpZaUcr82ennhd5xQYNUO 9FJA== X-Gm-Message-State: AOAM5319uzGC9/Ms4TkJ/Y+ySNxW+j5GxZR5yssaX7zGLpj3NmF/PmoI gUTKYlE2D2ERSdfHfuCPoykOXGlSDpPuycaajksohCAoe7Zr0m1xJUa5Gs3rdIsJVnmOR8obfY4 4A/GlrTcuhWFB51U0+Q5LLdUZgNFILWKumh4ZysYouDaXwOuWMU9l9tAB+WBJR1YP X-Received: by 2002:adf:cd92:: with SMTP id q18mr84511wrj.211.1631143241104; Wed, 08 Sep 2021 16:20:41 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyXGBcGkm4TBFmSADncXUcjFYrWCY3XIJ3gTrnp0jPkA2D2pCoYXECv5ulk3hjXuxgjKt0f9A== X-Received: by 2002:adf:cd92:: with SMTP id q18mr84482wrj.211.1631143240917; Wed, 08 Sep 2021 16:20:40 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id u8sm3407763wmq.45.2021.09.08.16.20.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:40 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 03/10] block: Use qemu_security_policy_taint() API Date: Thu, 9 Sep 2021 01:20:17 +0200 Message-Id: <20210908232024.2399215-4-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Add the BlockDriver::bdrv_taints_security_policy() handler. Drivers implementing it might taint the global QEMU security policy. Signed-off-by: Philippe Mathieu-Daudé --- include/block/block_int.h | 6 +++++- block.c | 6 ++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/include/block/block_int.h b/include/block/block_int.h index f1a54db0f8c..0ec0a5c06e9 100644 --- a/include/block/block_int.h +++ b/include/block/block_int.h @@ -169,7 +169,11 @@ struct BlockDriver { int (*bdrv_file_open)(BlockDriverState *bs, QDict *options, int flags, Error **errp); void (*bdrv_close)(BlockDriverState *bs); - + /* + * Return %true if the driver is withing QEMU security policy boundary, + * %false otherwise. See: https://www.qemu.org/contribute/security-process/ + */ + bool (*bdrv_taints_security_policy)(BlockDriverState *bs); int coroutine_fn (*bdrv_co_create)(BlockdevCreateOptions *opts, Error **errp); diff --git a/block.c b/block.c index b2b66263f9a..696ba486001 100644 --- a/block.c +++ b/block.c @@ -49,6 +49,7 @@ #include "qemu/timer.h" #include "qemu/cutils.h" #include "qemu/id.h" +#include "qemu-common.h" #include "block/coroutines.h" #ifdef CONFIG_BSD @@ -1587,6 +1588,11 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv, } } + if (drv->bdrv_taints_security_policy) { + qemu_security_policy_taint(drv->bdrv_taints_security_policy(bs), + "Block protocol '%s'", drv->format_name); + } + return 0; open_failed: bs->drv = NULL; From patchwork Wed Sep 8 23:20:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526048 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=eFitySEz; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dWK2Tgwz9s5R for ; Thu, 9 Sep 2021 09:24:13 +1000 (AEST) Received: from localhost ([::1]:57388 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6vL-0004dY-5z for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:24:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36182) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6s7-0006v6-Uq for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:52 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:52361) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6s5-0002qP-6i for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143248; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=AWN2pZpGs6sHyN/PrFeo6PGJIp1YJY+EJRzHbkMHcxk=; b=eFitySEzpqjh8S+blF/SNzqVLEpUBdOl9Tl+W/tlo6SNOaMsUbPVLtr9QFRC+SKfXNh1ce +4MjvYeIqHgWHSLNxR21Zvm1DaZoMu/qYaFBul8PzCVbFxxXaN3/yTADnb7KInf2kDt3Mk StBfjU7YSg7SugwQnNyiteCvgiUVdHI= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-568-TUhVUoRIMD-SG85XEkZs8g-1; Wed, 08 Sep 2021 19:20:47 -0400 X-MC-Unique: TUhVUoRIMD-SG85XEkZs8g-1 Received: by mail-wm1-f71.google.com with SMTP id u1-20020a05600c210100b002e74fc5af71so11784wml.1 for ; Wed, 08 Sep 2021 16:20:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AWN2pZpGs6sHyN/PrFeo6PGJIp1YJY+EJRzHbkMHcxk=; b=sWPDzq80lTlAKhV/h4WhWt03qygonwhp8BpcgXsHN/011zlMRXptUi8dt0b9Im2mK2 4dz6qcY7limZnMGPdHbkMCCWlE5/D0jw+Jx7T3OVPkb2V5gWNc4ZNPSaX3kqM9/nncdH 55coMaAfAtdMFXoxkyPE/Dncta43GlvbiXtL4VJ8nAOx7QEIyxcj5trLquISg9Luil+H 5INnGh2PAIlcB9a5niII8IzY2haVhllRXeEjyS8bJWYKg1ee1xDVOBtUVikoghG4It0X Yh+ArHc/u++CiWYsWXg+uHecv4S5wMpEfr54Mk0d1m33YDnPMynB8KC+56TZEYvheawj ESfA== X-Gm-Message-State: AOAM531obL7k6N9rFHSSAVkG1ZKMFzV/xe5spa0fsXMsUi7tpFo4jMCw fDEWe6Cr3z0RfGNWww7wLioC8EmJqhdB5vqZ1ewAC926M09QiIzHYFQ7QiVBkjqEd9O5EIMN9Ky 8ScnnWDsoJp476evgfGjyj44tavfX44lAwki7PqtQsV8KxDdZneNofmetYt4ZvPPb X-Received: by 2002:a05:600c:3641:: with SMTP id y1mr5746041wmq.181.1631143245986; Wed, 08 Sep 2021 16:20:45 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyRx5vddYT6ifvfXuEUZzDhSVwlkW5T8HDOd0oz2QEHRH1Qx3AckLgtuI1lDwOwP+2e9s6Xjw== X-Received: by 2002:a05:600c:3641:: with SMTP id y1mr5746017wmq.181.1631143245705; Wed, 08 Sep 2021 16:20:45 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id p13sm36976wro.8.2021.09.08.16.20.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:45 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 04/10] block/vvfat: Mark the driver as unsafe Date: Thu, 9 Sep 2021 01:20:18 +0200 Message-Id: <20210908232024.2399215-5-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" While being listed as 'supported' in MAINTAINERS, this driver does not have many reviewers and contains various /* TODO */ unattended since various years. Not safe enough for production environment, so have it taint the global security policy. Signed-off-by: Philippe Mathieu-Daudé --- block/vvfat.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/block/vvfat.c b/block/vvfat.c index 34bf1e3a86e..993e40727d6 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -3199,6 +3199,11 @@ static void vvfat_close(BlockDriverState *bs) } } +static bool vvfat_taints_security_policy(BlockDriverState *bs) +{ + return true; +} + static const char *const vvfat_strong_runtime_opts[] = { "dir", "fat-type", @@ -3219,6 +3224,7 @@ static BlockDriver bdrv_vvfat = { .bdrv_refresh_limits = vvfat_refresh_limits, .bdrv_close = vvfat_close, .bdrv_child_perm = vvfat_child_perm, + .bdrv_taints_security_policy = vvfat_taints_security_policy, .bdrv_co_preadv = vvfat_co_preadv, .bdrv_co_pwritev = vvfat_co_pwritev, From patchwork Wed Sep 8 23:20:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526046 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=UAbntxhN; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dVT3lB2z9s5R for ; Thu, 9 Sep 2021 09:23:29 +1000 (AEST) Received: from localhost ([::1]:56256 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6ud-0003ta-Ad for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:23:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36208) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sD-0007BH-AW for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:57 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:45706) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sB-0002uK-Pn for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:20:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143255; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=p6u3sclI6JBi/0aQ8m/8uYmNWK6u/Efc+CTX33mwcn4=; b=UAbntxhNMDLfhVBJUanQ/nbNFX8SsAgORd8PabEo0ooHKj4cGHZLtZJV1Ap4C+4U+v4W1m 9JXqOZLnbflNIhvAsLodB2QDw6saRyC5xk4oXokL4grrM0ug0kgsIlLCH43ermB775L6GW OxaKR8ypL7bHx7uyTyNf2AXNhuX1iS8= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-195-1-U5T_N-Pea7ZEr0JgWsYA-1; Wed, 08 Sep 2021 19:20:52 -0400 X-MC-Unique: 1-U5T_N-Pea7ZEr0JgWsYA-1 Received: by mail-wm1-f72.google.com with SMTP id c4-20020a1c9a04000000b002e864b7edd1so1787wme.6 for ; Wed, 08 Sep 2021 16:20:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=p6u3sclI6JBi/0aQ8m/8uYmNWK6u/Efc+CTX33mwcn4=; b=aAzTX9t8esGM88D7I0OpURMWVfDugAunxUp951Cddz68aIhH9wC57pVzZ8PKsiqAO2 Hp7PM5gX9yMw75POEbRl/AWpLJkrsH2KtXrhsck5e2qt/Q8f4XSl+MBzYB+ccJJG3HbQ ++KYbA4mkax8N55+8NN5cKAKlnR+I/v/Fxugo56LG21KrwgA45GrV8XmWmeUDRQDPncj 4DUtQrkl2GQceLcWFiscPDWZCtB2Uyw4SzNORSK8khkVpDgtsDxEd344ogI563/Sy+wd xSuf2Zb6vI2esPT0QRZg0g6f27Bv7yMCj/yPXqyEDEdazfrov5MFSGOMkREwJ/3Zg0MS S2iA== X-Gm-Message-State: AOAM533T5zRdojSqSjhnVDUJtgGkQ2YW+CM5XW5j3RtvWXvaKb/yxLtw C3/swt9ooAR2zpes+WWeaeEoGms/yCSYR36VUPsh+N2e/EfMPgsOG63VGBlbFxTppQ5qEn/N06l ggaoRLpL+6rYlm9N+CC3VGcDkahAQJGnwPBnwlqFyhsBb8+BYBHT1qCJaID19+qGW X-Received: by 2002:adf:fb8d:: with SMTP id a13mr108077wrr.164.1631143250668; Wed, 08 Sep 2021 16:20:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrh/n5wSnZqfaTQvrzl6IJ2DKh1pSXkkHEuOdKtVrOvCH+TWDpEiwg1GoyEgBtyhNoco5QeA== X-Received: by 2002:adf:fb8d:: with SMTP id a13mr108055wrr.164.1631143250497; Wed, 08 Sep 2021 16:20:50 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id c3sm30713wrd.34.2021.09.08.16.20.49 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:50 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 05/10] block/null: Mark 'read-zeroes=off' option as unsafe Date: Thu, 9 Sep 2021 01:20:19 +0200 Message-Id: <20210908232024.2399215-6-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" See commit b317006a3f1 ("docs/secure-coding-practices: Describe how to use 'null-co' block driver") for rationale. Signed-off-by: Philippe Mathieu-Daudé --- block/null.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/block/null.c b/block/null.c index cc9b1d4ea72..11e428f3cc2 100644 --- a/block/null.c +++ b/block/null.c @@ -99,6 +99,13 @@ static int null_file_open(BlockDriverState *bs, QDict *options, int flags, return ret; } +static bool null_taints_security_policy(BlockDriverState *bs) +{ + BDRVNullState *s = bs->opaque; + + return !s->read_zeroes; +} + static int64_t null_getlength(BlockDriverState *bs) { BDRVNullState *s = bs->opaque; @@ -283,6 +290,7 @@ static BlockDriver bdrv_null_co = { .bdrv_parse_filename = null_co_parse_filename, .bdrv_getlength = null_getlength, .bdrv_get_allocated_file_size = null_allocated_file_size, + .bdrv_taints_security_policy = null_taints_security_policy, .bdrv_co_preadv = null_co_preadv, .bdrv_co_pwritev = null_co_pwritev, From patchwork Wed Sep 8 23:20:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526051 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=RozFAsnn; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dZ30qjgz9t0J for ; Thu, 9 Sep 2021 09:26:35 +1000 (AEST) Received: from localhost ([::1]:37622 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6xc-0001ve-Rr for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:26:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36232) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sG-0007KZ-Br for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:00 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:29540) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sE-0002wS-E6 for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143257; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=l2rov07jCDHA26r/9GcgxSj1NkWhTs7Eb1vPCWPgxnA=; b=RozFAsnnwYFkaB0pfKzK9DQMb1u2uHJ5zI8M5bmUzi/8hI+7Pz8yqiGnYTuGIZcu00cbVd JmeiTD2j6hg3mLMbDNIkcel7sy77u4AYx80QLjruhpnw+Lg4gp+vWK9gnX7w3kR66fr74F 62kzflqAg8uWRDuspmlsA44ZS6bwqdo= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-256-t_aiY6zjN2CH9IMAhJws_g-1; Wed, 08 Sep 2021 19:20:56 -0400 X-MC-Unique: t_aiY6zjN2CH9IMAhJws_g-1 Received: by mail-wm1-f72.google.com with SMTP id h1-20020a05600c350100b002e751bf6733so27885wmq.8 for ; Wed, 08 Sep 2021 16:20:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=l2rov07jCDHA26r/9GcgxSj1NkWhTs7Eb1vPCWPgxnA=; b=DLcHWz9edKgvESYhhygeMPAHZROi6fcZeA6iEZtiD7XqeXz85iGzbrV7za9f4mTec9 firegZV3JOHrxO125jyBOHt1F9eJ0QYKmUWtERRLAr/74t8n3izK6BWTk6zJwmNz9DJ6 od8XHAX57jn/RXbfouynwRxi7w3+++inQIcy0QohRCQVo3DP19/hXHcnu2LMlB890+Rx q8H9I4iAESiAO1yM3HsbhC2p3CD9/+Hz871siliVhCd7C7JJ5K1nVTAONUCZvhBRQuVv osmnP6RRk9wzWfuYh0RxEtNe0qDNzp0X10/5GvRuspHUJfgeZx3oXA3sFtAPCEbOhEnr NjCA== X-Gm-Message-State: AOAM530fqKFc/oSsRrC9M/pj6OUX3bwC7MRZ1sBwJ5n/PZmIQt3W6cMj By1OVZkGR1bexHtNWDS8Mq/8w+7gViCIYx1NEF0vsgHd5e6rK7DsgoEsPk70tFe28BaCTvAsfXI tpoHvIdKtGhDbg2+do24B/NNRaKDymrNjO/1RZCSCKyjftS4ICdhGHgqittUjYjBY X-Received: by 2002:a5d:6781:: with SMTP id v1mr83005wru.249.1631143255312; Wed, 08 Sep 2021 16:20:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx0YS7l2ozSVHS0MrlXrrjEkKOBRZTLJQiA3uLjalXryjpOEItjin5eop39X0TrxKIC57agAQ== X-Received: by 2002:a5d:6781:: with SMTP id v1mr82983wru.249.1631143255072; Wed, 08 Sep 2021 16:20:55 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id b22sm390180wmn.18.2021.09.08.16.20.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:54 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 06/10] qdev: Use qemu_security_policy_taint() API Date: Thu, 9 Sep 2021 01:20:20 +0200 Message-Id: <20210908232024.2399215-7-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Add DeviceClass::taints_security_policy field to allow an unsafe device to eventually taint the global security policy in DeviceRealize(). Signed-off-by: Philippe Mathieu-Daudé --- include/hw/qdev-core.h | 6 ++++++ hw/core/qdev.c | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h index bafc311bfa1..ff9ce6671be 100644 --- a/include/hw/qdev-core.h +++ b/include/hw/qdev-core.h @@ -122,6 +122,12 @@ struct DeviceClass { */ bool user_creatable; bool hotpluggable; + /* + * %false if the device is within the QEMU security policy boundary, + * %true if there is no guarantee this device can be used safely. + * See: https://www.qemu.org/contribute/security-process/ + */ + bool taints_security_policy; /* callbacks */ /* diff --git a/hw/core/qdev.c b/hw/core/qdev.c index cefc5eaa0a9..a5a00f3564c 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -31,6 +31,7 @@ #include "qapi/qmp/qerror.h" #include "qapi/visitor.h" #include "qemu/error-report.h" +#include "qemu-common.h" #include "qemu/option.h" #include "hw/hotplug.h" #include "hw/irq.h" @@ -257,6 +258,13 @@ bool qdev_hotplug_allowed(DeviceState *dev, Error **errp) MachineClass *mc; Object *m_obj = qdev_get_machine(); + if (qemu_security_policy_is_strict() + && DEVICE_GET_CLASS(dev)->taints_security_policy) { + error_setg(errp, "Device '%s' can not be hotplugged when" + " 'strict' security policy is in place", + object_get_typename(OBJECT(dev))); + } + if (object_dynamic_cast(m_obj, TYPE_MACHINE)) { machine = MACHINE(m_obj); mc = MACHINE_GET_CLASS(machine); @@ -385,6 +393,9 @@ bool qdev_realize(DeviceState *dev, BusState *bus, Error **errp) } else { assert(!DEVICE_GET_CLASS(dev)->bus_type); } + qemu_security_policy_taint(DEVICE_GET_CLASS(dev)->taints_security_policy, + "device type %s", + object_get_typename(OBJECT(dev))); return object_property_set_bool(OBJECT(dev), "realized", true, errp); } From patchwork Wed Sep 8 23:20:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526050 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=BZf5flKn; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dYt5nx0z9sQt for ; Thu, 9 Sep 2021 09:26:25 +1000 (AEST) Received: from localhost ([::1]:36496 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6xS-0001AZ-0w for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:26:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36278) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sK-0007Zm-OT for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:04 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:42883) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sJ-0002yh-8E for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143262; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Qceza/WB3CtMew9GJDkTkDK3S8IfTB0xLv9ykQRmWEY=; b=BZf5flKneby/HH/TUn+2En4hcuRn0nmqUQlhObaQRtHRTS85+MH3RYybtdnDIP/nlNwvYl OqT0y4+C9/70yYBTF9ExiumHax9KbbMvWoqxYzsKno14Lq6ti5oo0k+SYsOzxIrHtDInIZ Ay6kf2TslFss/rF3NzONLuSpIgUsdmU= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-591-XEyRmGphPVCA4xNF1TilaA-1; Wed, 08 Sep 2021 19:21:01 -0400 X-MC-Unique: XEyRmGphPVCA4xNF1TilaA-1 Received: by mail-wm1-f72.google.com with SMTP id r125-20020a1c2b830000b0290197a4be97b7so26483wmr.9 for ; Wed, 08 Sep 2021 16:21:01 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Qceza/WB3CtMew9GJDkTkDK3S8IfTB0xLv9ykQRmWEY=; b=SGlhbAlNEkN0dzsbjyfUb3AxKsHUb04yKBlNf5NJ2XGx60HGQGb10vDjUZ1J1UseYM nRTY7iQXFT+DigjCzrLYpFxJL8Z5k/XKyvi0D1B5mFuQJOQMh/21VOWPomlncWkIikhb 9Poamo1FR5jtAaAiA589GKMDAHknP25hG78frJ32xyVSInQGHpEpXf3sFYX+YPb3s8Gg BksidVyb1W0lISxV0JO3DUGfaWfFaZ9w2DBu5ZqZHXmbQ1BNjiudeIfOrImkFYaeyMna V5PGOp6VWsKWJjLQfTpDI3XwzFR0rPaiDYjEpp9nX/nQue7/ui6fHRBzJrlW9zqmOeY9 CQmA== X-Gm-Message-State: AOAM532HkYYIkaCOo5Bakl4yhU2NIWsk9pBVdAAM0eeRGOnSj5YnEY71 c6eCLVV6dxElx5wHXHkJHDwiTawq+b9TfK10lipcY2DutodBVsI/hmTonR1ONolbPQSHecqHeKt lygDdlnJRPlAp9GpatZdkgco4SmneoT7LDEGW1XozuM9n5hat3d/VO1tdH82i98rf X-Received: by 2002:adf:fd51:: with SMTP id h17mr109124wrs.178.1631143260205; Wed, 08 Sep 2021 16:21:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGCdGOUWAMH7ZAThbx+xTDgHh6zdyfVzIsc9P7NbgQbnC+meNZTqgQ/wi8QkKk51AhWel3JA== X-Received: by 2002:adf:fd51:: with SMTP id h17mr109093wrs.178.1631143259991; Wed, 08 Sep 2021 16:20:59 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id e8sm14000wrc.96.2021.09.08.16.20.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:20:59 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 07/10] hw/display: Mark ATI and Artist devices as unsafe Date: Thu, 9 Sep 2021 01:20:21 +0200 Message-Id: <20210908232024.2399215-8-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Philippe Mathieu-Daudé --- hw/display/artist.c | 1 + hw/display/ati.c | 1 + 2 files changed, 2 insertions(+) diff --git a/hw/display/artist.c b/hw/display/artist.c index 21b7fd1b440..067a4b2cb59 100644 --- a/hw/display/artist.c +++ b/hw/display/artist.c @@ -1482,6 +1482,7 @@ static void artist_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_artist; dc->reset = artist_reset; device_class_set_props(dc, artist_properties); + dc->taints_security_policy = true; } static const TypeInfo artist_info = { diff --git a/hw/display/ati.c b/hw/display/ati.c index 31f22754dce..2f27ab69a87 100644 --- a/hw/display/ati.c +++ b/hw/display/ati.c @@ -1024,6 +1024,7 @@ static void ati_vga_class_init(ObjectClass *klass, void *data) device_class_set_props(dc, ati_vga_properties); dc->hotpluggable = false; set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories); + dc->taints_security_policy = true; k->class_id = PCI_CLASS_DISPLAY_VGA; k->vendor_id = PCI_VENDOR_ID_ATI; From patchwork Wed Sep 8 23:20:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526045 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Ej2G0uBD; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dSX4dkYz9t0J for ; Thu, 9 Sep 2021 09:21:48 +1000 (AEST) Received: from localhost ([::1]:50378 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6t0-0008R6-CN for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:21:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36330) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sS-00082T-Tz for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:12 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:44980) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sQ-00033k-Dm for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143269; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=geCiN4saZ2frlXmhHZT44DYe1b4J1aCN7Xj/FRob9pQ=; b=Ej2G0uBDOnT4bgcRFr2XEZEQUaG9J7w5/mINcOg8a7am3t3rPUNysiTDy+w+eF/s/VuT+p mpc/4x9/mFF+0a9ML2HKhbOG9Joibj5TnStWRA1B3TvQW6aDVAK0DwzSi8orDEbEPssqdn Ognn3BuVOzsI74EyAQEykqlVYpt2uBY= Received: from mail-wm1-f71.google.com (mail-wm1-f71.google.com [209.85.128.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-476-aan1HTk1N_e0Y_MnT3-Gkg-1; Wed, 08 Sep 2021 19:21:08 -0400 X-MC-Unique: aan1HTk1N_e0Y_MnT3-Gkg-1 Received: by mail-wm1-f71.google.com with SMTP id p29-20020a1c545d000000b002f88d28e1f1so437wmi.7 for ; Wed, 08 Sep 2021 16:21:08 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=geCiN4saZ2frlXmhHZT44DYe1b4J1aCN7Xj/FRob9pQ=; b=BkPGRn8shSyfQRCflDnrXuSwqoyTlj6X7hQ+py+FzOou5+r887bnUxYBofrNpeZM4U pdDCR4gU2GU0JdB1d0Cw/E1oDT+3OgVJk5bgg9huPqy5F9u/zoWd0bWaCr4U+VWK/3wa RVzgkyIlrpirCJHjgMqvGASjhxWBuNwBWOcfVW5zk72/tIDQ/Q7UoCI2cOhikxos2d9P GXXWnsJ2c+AIe5l3c6Z8yTWg+z1hbX6aIhb/MG+EC3iVTqxljyNFlS1QWsaXlKl3nPa9 rE8fjcgIqhHKccH8FY7y3iUS1AOfrwnZYQ1fb5GD1sTYW8pmyv1EmoFJnll69TLOu2hf QhTw== X-Gm-Message-State: AOAM531Mv5FMD5OEfpw/bl8+Y/jNTcOLT8nH80ebcpMSnJmBTwiNBu2G W9rBFfYDr1/94zHFvwbmXWVa8Ec1XhQql4BxKaHLJbFW7zSrXwXfkPqr9HwhkZcf/JxXujtsqx7 69EvLn/CtUk8UJIdLB0MuwirFz+QCVRgxN/jnS03CQQkSWSQS5vQLl3wiiYh9WgHy X-Received: by 2002:a05:600c:3b84:: with SMTP id n4mr5902116wms.50.1631143265125; Wed, 08 Sep 2021 16:21:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxCzGiWOShaEshb6oqBDiWr1/WLhbErNDpTZCYYbU0bD2w0oJKgL2kMezD9hKtqCektWiLpSA== X-Received: by 2002:a05:600c:3b84:: with SMTP id n4mr5902087wms.50.1631143264855; Wed, 08 Sep 2021 16:21:04 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id t18sm13191wrp.97.2021.09.08.16.21.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:21:04 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 08/10] hw/misc: Mark testdev devices as unsafe Date: Thu, 9 Sep 2021 01:20:22 +0200 Message-Id: <20210908232024.2399215-9-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Philippe Mathieu-Daudé --- hw/hyperv/hyperv_testdev.c | 1 + hw/misc/pc-testdev.c | 1 + hw/misc/pci-testdev.c | 1 + 3 files changed, 3 insertions(+) diff --git a/hw/hyperv/hyperv_testdev.c b/hw/hyperv/hyperv_testdev.c index 9a56ddf83fe..6a75c350389 100644 --- a/hw/hyperv/hyperv_testdev.c +++ b/hw/hyperv/hyperv_testdev.c @@ -310,6 +310,7 @@ static void hv_test_dev_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); dc->realize = hv_test_dev_realizefn; + dc->taints_security_policy = true; } static const TypeInfo hv_test_dev_info = { diff --git a/hw/misc/pc-testdev.c b/hw/misc/pc-testdev.c index e3896518694..6294b80ec1b 100644 --- a/hw/misc/pc-testdev.c +++ b/hw/misc/pc-testdev.c @@ -199,6 +199,7 @@ static void testdev_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); dc->realize = testdev_realizefn; + dc->taints_security_policy = true; } static const TypeInfo testdev_info = { diff --git a/hw/misc/pci-testdev.c b/hw/misc/pci-testdev.c index 03845c8de34..189eb9bf1bb 100644 --- a/hw/misc/pci-testdev.c +++ b/hw/misc/pci-testdev.c @@ -340,6 +340,7 @@ static void pci_testdev_class_init(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_MISC, dc->categories); dc->reset = qdev_pci_testdev_reset; device_class_set_props(dc, pci_testdev_properties); + dc->taints_security_policy = true; } static const TypeInfo pci_testdev_info = { From patchwork Wed Sep 8 23:20:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526049 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Fx3nK6ai; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dWv75C8z9s5R for ; Thu, 9 Sep 2021 09:24:43 +1000 (AEST) Received: from localhost ([::1]:58924 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6vp-0005gT-MB for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:24:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36372) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sV-00089T-CY for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:15 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:29841) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sS-00035h-SG for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:14 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143272; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/j1jkBDfrokHKQKoDNuT1x0UKxyqYOGBFYU13ViaHTo=; b=Fx3nK6aiId+EhkAPAy8QS0GBolzeCzh2xvMPG6f7aQrhShjKYCZdroQd/DNLyUFLK56Djp Gd5/XciW1uABWMQPkhw6rHSd/rocHwVKjN0Fb3yLqWWPDPoYCAXcPdt1598gkRGOk5GDRH vypZj2qYL1L6WRwZ5Y1lMoCBIRlu3IM= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-369-xcXpg_UnP76GWSSiV579tA-1; Wed, 08 Sep 2021 19:21:11 -0400 X-MC-Unique: xcXpg_UnP76GWSSiV579tA-1 Received: by mail-wm1-f72.google.com with SMTP id n17-20020a7bc5d1000000b002f8ca8bacdeso37201wmk.3 for ; Wed, 08 Sep 2021 16:21:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/j1jkBDfrokHKQKoDNuT1x0UKxyqYOGBFYU13ViaHTo=; b=jp7PMyIg3ldWMQe36lOrDha4SX3gtPtnU5fF7hkVRA9sH6sX2pZ801BF3BsaK+5PwK xmQpZcm1B9p46EKnl2zqWNHCbzUQ4yJ3TPU4wqziTz5hRS+bKoIZe9TqJ6JIZwI1Q8Sz dsdU9I6xyoKHa55Zf1TBGiG1k0/IcH/7lWt5BZQAcxhcqWvFJSjlV5Ef9Iu83ElQHpxC X6ITorxb3KkNUdT7wQWRzT6syQ1V1fhqkWvZsyOtbMqfIwc3xePXYlzfrFnumErLS/Jm Wv8cDTKg7P1OKVOaiDWmcn4NFhEK27G3F7hgUvKbBBUI3Gm+7xwNW0aMw447fzNpAP0N p5cA== X-Gm-Message-State: AOAM530XxgNPP+/YGJlGoywWyXcM4Kt+AjVASkoKOx19/BnMT68cmM72 zO6c8C2g2bHeraYXMQPN7iA92xyrVmV7JLCzy6hFy7PBRDKWi2eyh31Jd/u+iLl/wr1ccek65FV qyaPG95TqKH4EgfdcHT41wiNDFUp1zT+Nt4OzWZZjcSUwT9gbSjZFwR3e4c39RJBD X-Received: by 2002:a1c:f709:: with SMTP id v9mr5800245wmh.124.1631143269960; Wed, 08 Sep 2021 16:21:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzsU5M2MRY44dKoBP/lcBIPQuM1MTJ8pmbiG93tEMNWtoFxyRNm7Nzd/6gGAEAcV0FSbIvT1A== X-Received: by 2002:a1c:f709:: with SMTP id v9mr5800221wmh.124.1631143269808; Wed, 08 Sep 2021 16:21:09 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id e2sm29478wra.40.2021.09.08.16.21.08 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:21:09 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 09/10] hw/net: Mark Tulip device as unsafe Date: Thu, 9 Sep 2021 01:20:23 +0200 Message-Id: <20210908232024.2399215-10-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=216.205.24.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -31 X-Spam_score: -3.2 X-Spam_bar: --- X-Spam_report: (-3.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Philippe Mathieu-Daudé --- hw/net/tulip.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/net/tulip.c b/hw/net/tulip.c index ca69f7ea5e1..eaad3266212 100644 --- a/hw/net/tulip.c +++ b/hw/net/tulip.c @@ -1025,6 +1025,7 @@ static void tulip_class_init(ObjectClass *klass, void *data) device_class_set_props(dc, tulip_properties); dc->reset = tulip_qdev_reset; set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); + dc->taints_security_policy = true; } static const TypeInfo tulip_info = { From patchwork Wed Sep 8 23:20:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 1526052 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MbajT/kN; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4H4dZM1Nw7z9t0J for ; Thu, 9 Sep 2021 09:26:51 +1000 (AEST) Received: from localhost ([::1]:39030 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mO6xs-0002qf-VB for incoming@patchwork.ozlabs.org; Wed, 08 Sep 2021 19:26:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36402) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sZ-0008RO-MZ for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:19 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:45466) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mO6sY-0003AB-2Z for qemu-devel@nongnu.org; Wed, 08 Sep 2021 19:21:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1631143277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ZkBFAMCpq6n9y+VH8JjTuNHo5ej2dLMGMd9K3LlaeP8=; b=MbajT/kNKsg4SXBKvHTR6tDLMIIK9gQUeckCC931eQZSpF/3DAT0PItZYHI/N0H3/BXSkH mgVNMFrCiSG+J/8pX7Eo5vNPU5izZBGZXmdUjY39Rzc5qYqdr1iwlNITyuZWSRp48lgDbc BYG9oZIHlsPUzJa+vTOzD1n6xajIZpI= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-584-MSOfV3SwOfmiIKhNA_qD8g-1; Wed, 08 Sep 2021 19:21:16 -0400 X-MC-Unique: MSOfV3SwOfmiIKhNA_qD8g-1 Received: by mail-wm1-f69.google.com with SMTP id x125-20020a1c3183000000b002e73f079eefso59726wmx.0 for ; Wed, 08 Sep 2021 16:21:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZkBFAMCpq6n9y+VH8JjTuNHo5ej2dLMGMd9K3LlaeP8=; b=gZQszYS8N6QRi9hlTOHYtCaK+ZSJccQVgRu2iyEgnryJTWc2tesBhb0fGjQAq+B9vp nm4wSIfw/ncHg7+1luDlZ1UI1IjAxggqpaYXIaICHDiB6TCbkUl2ekrq560beq7dsWtY gqc5nO9EFwHpvfjv2WMnywDRJ4W2+mdxYCQpYh3XxAgnJZ7L3SYrCtj4x+WrmU29xnhd M8z1meeMRAbF+/aX9fKRBYDosxoqYpE5GBvOlYPX4pS4cagv6a7eT1z5xn6nhm72/Odr O8hlHESqX1tfvAW3YYqQUD7jHAg+c4hVZEnFvdj8/CBQLn6cmpQHW4+3zVM4cjE/xPAO 40rw== X-Gm-Message-State: AOAM533Upj9UrsWPz74sa+GtMG7tL4XZrJwL/HhG+gGu6kBe/oJ6B6O9 MA5fR1hTxoKjtEa4+yV/sN6Hhd+gkENmREnR/RxannCrzYX3E2uimt7aw+vHdBBvT3/nDKnbVVY JRfREvVXn+yZPRJMlrOiVBNOdcS46RDtEWGqoWBYhNT3Uv48MZ1wOhQ5pQ4JVJbR4 X-Received: by 2002:a7b:c4cd:: with SMTP id g13mr5796256wmk.91.1631143275375; Wed, 08 Sep 2021 16:21:15 -0700 (PDT) X-Google-Smtp-Source: ABdhPJybmoGBTuN4rPAmVNoHLJ613PnCRxyUI7oFmyfrpx3hP5AYKM4updonQnfJItVUJwu02OE/7Q== X-Received: by 2002:a7b:c4cd:: with SMTP id g13mr5796223wmk.91.1631143275096; Wed, 08 Sep 2021 16:21:15 -0700 (PDT) Received: from x1w.. (21.red-83-52-55.dynamicip.rima-tde.net. [83.52.55.21]) by smtp.gmail.com with ESMTPSA id t64sm344074wma.48.2021.09.08.16.21.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 08 Sep 2021 16:21:14 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org Subject: [RFC PATCH 10/10] hw/sd: Mark sdhci-pci device as unsafe Date: Thu, 9 Sep 2021 01:20:24 +0200 Message-Id: <20210908232024.2399215-11-philmd@redhat.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210908232024.2399215-1-philmd@redhat.com> References: <20210908232024.2399215-1-philmd@redhat.com> MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=philmd@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -12 X-Spam_score: -1.3 X-Spam_bar: - X-Spam_report: (-1.3 / 5.0 requ) DKIMWL_WL_HIGH=-0.393, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Prasad J Pandit , qemu-block@nongnu.org, "Michael S. Tsirkin" , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , Richard Henderson , Markus Armbruster , =?utf-8?q?Philippe_Mathieu-Daud?= =?utf-8?q?=C3=A9?= , xen-devel@lists.xenproject.org, Paolo Bonzini , Eric Blake , Eduardo Habkost Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sdhci-pci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/sd/sdhci-pci.c b/hw/sd/sdhci-pci.c index c737c8b930e..7a36f88fd87 100644 --- a/hw/sd/sdhci-pci.c +++ b/hw/sd/sdhci-pci.c @@ -64,6 +64,7 @@ static void sdhci_pci_class_init(ObjectClass *klass, void *data) k->device_id = PCI_DEVICE_ID_REDHAT_SDHCI; k->class_id = PCI_CLASS_SYSTEM_SDHCI; device_class_set_props(dc, sdhci_pci_properties); + dc->taints_security_policy = true; sdhci_common_class_init(klass, data); }