From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Markus Armbruster <armbru@redhat.com>
Cc: qemu-devel@nongnu.org, "Thomas Huth" <thuth@redhat.com>,
"Stefan Hajnoczi" <stefanha@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
"Peter Maydell" <peter.maydell@linaro.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Michael S. Tsirkin" <mst@redhat.com>
Subject: Re: [PATCH v2 08/32] system: check security of device types
Date: Fri, 24 Oct 2025 14:28:35 +0100 [thread overview]
Message-ID: <aPt_A2AHAeGrUAo6@redhat.com> (raw)
In-Reply-To: <87bjlx7s0f.fsf@pond.sub.org>
On Thu, Oct 23, 2025 at 01:54:24PM +0200, Markus Armbruster wrote:
> Daniel P. Berrangé <berrange@redhat.com> writes:
>
> > This wires up the DeviceClass types to have their
> > security checked when devices are created.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> > system/qdev-monitor.c | 9 +++++++++
> > 1 file changed, 9 insertions(+)
> >
> > diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c
> > index 2ac92d0a07..520fe5c495 100644
> > --- a/system/qdev-monitor.c
> > +++ b/system/qdev-monitor.c
> > @@ -43,6 +43,8 @@
> > #include "hw/qdev-properties.h"
> > #include "hw/clock.h"
> > #include "hw/boards.h"
> > +#include "qapi/compat-policy.h"
> > +
> >
> > /*
> > * Aliases were a bad idea from the start. Let's keep them
> > @@ -644,6 +646,13 @@ DeviceState *qdev_device_add_from_qdict(const QDict *opts,
> > return NULL;
> > }
> >
> > + if (!compat_policy_check_security(&compat_policy,
> > + object_class_get_name(OBJECT_CLASS(dc)),
> > + object_class_is_secure(OBJECT_CLASS(dc)),
> > + errp)) {
> > + return NULL;
> > + }
> > +
> > /* find bus */
> > path = qdict_get_try_str(opts, "bus");
> > if (path != NULL) {
>
> All users of compat_policy_check_security() in this series pass
>
> object_class_get_name(<the-object>),
> object_class_is_secure(<the-object>),
>
> Have you considered passing just <the-object> instead?
That would make qapi/qapi-compat.c have a dependency on QOM which I
felt was undesirable. What I could do, however, is introduced a
object_check_security method in qom/object.c that calls into
compat_policy_check_security, so we simplify the callers.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2025-10-24 13:29 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-26 14:01 [PATCH v2 00/32] Encode object type security status in code Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 01/32] qom: replace 'abstract' with 'flags' Daniel P. Berrangé
2025-10-23 10:26 ` Markus Armbruster
2025-10-24 13:39 ` Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 02/32] qom: add tracking of security state of object types Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 03/32] qapi: add 'insecure-types' option for -compat argument Daniel P. Berrangé
2025-10-23 10:38 ` Markus Armbruster
2025-09-26 14:01 ` [PATCH v2 04/32] system: check security for accelerator types Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 05/32] system: report acclerator security status in help output Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 06/32] system: check security for machine types Daniel P. Berrangé
2025-10-23 11:51 ` Markus Armbruster
2025-09-26 14:01 ` [PATCH v2 07/32] system: report machine security status in help output Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 08/32] system: check security of device types Daniel P. Berrangé
2025-10-23 11:54 ` Markus Armbruster
2025-10-24 13:28 ` Daniel P. Berrangé [this message]
2025-09-26 14:01 ` [PATCH v2 09/32] system: report device security status in help output Daniel P. Berrangé
2025-10-23 11:57 ` Markus Armbruster
2025-09-26 14:01 ` [PATCH v2 10/32] hw/core: report security status in query-machines Daniel P. Berrangé
2025-10-23 12:17 ` Markus Armbruster
2025-10-24 13:32 ` Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 11/32] qom: report & filter on security status in qom-list-types Daniel P. Berrangé
2025-10-23 10:58 ` Markus Armbruster
2025-10-24 13:38 ` Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 12/32] docs: expand security docs with info about security status Daniel P. Berrangé
2025-10-23 12:22 ` Markus Armbruster
2025-10-24 13:42 ` Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 13/32] machine: add helpers for declaring secure/insecure machine types Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 14/32] hw: mark x86, s390, ppc, arm versioned machine types as secure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 15/32] hw: declare Xen & microvm machines as secure, isapc as insecure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 16/32] hw/core: declare 'none' machine to be insecure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 17/32] accel: mark kvm, xen & hvf as secure; tcg & qtest as insecure Daniel P. Berrangé
2026-03-10 13:09 ` Philippe Mathieu-Daudé
2026-03-10 13:28 ` Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 18/32] hw: mark all virtio PCI devices as secure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 19/32] hw: mark all virtio CCW " Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 20/32] hw: mark all vhost devices a secure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 21/32] hw: mark all remaining virtio object types as secure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 22/32] hw/vfio: mark all VFIO object classes " Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 23/32] hw/xen: mark all Xen related object types as being secure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 24/32] hw/net: mark most non-virtio NICs as insecure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 25/32] hw/usb: mark most USB devices/hosts as secure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 26/32] hw/watchdog: mark some watchdog devices " Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 27/32] hw/scsi: mark most SCSI controllers as insecure / " Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 28/32] hw/ide: mark ICH9 and ide-hd/ide-cd " Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 29/32] hw: mark test/demo devices as insecure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 30/32] hw: define most common PCI types as secure Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 31/32] hw/pci-host: define some PCI hosts " Daniel P. Berrangé
2025-09-26 14:01 ` [PATCH v2 32/32] hw/display: mark most display adapters as insecure Daniel P. Berrangé
2025-10-23 7:23 ` [PATCH v2 00/32] Encode object type security status in code Markus Armbruster
2025-10-23 9:00 ` Daniel P. Berrangé
2025-10-23 12:38 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aPt_A2AHAeGrUAo6@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.