From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MfZRK-0007Dy-7A
	for qemu-devel@nongnu.org; Mon, 24 Aug 2009 09:18:26 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MfZRF-0007Cz-PJ
	for qemu-devel@nongnu.org; Mon, 24 Aug 2009 09:18:25 -0400
Received: from [199.232.76.173] (port=60446 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MfZRF-0007Cj-Fy
	for qemu-devel@nongnu.org; Mon, 24 Aug 2009 09:18:21 -0400
Received: from qw-out-1920.google.com ([74.125.92.146]:14736)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1MfZRF-0004ye-0f
	for qemu-devel@nongnu.org; Mon, 24 Aug 2009 09:18:21 -0400
Received: by qw-out-1920.google.com with SMTP id 5so1192186qwc.4
	for <qemu-devel@nongnu.org>; Mon, 24 Aug 2009 06:18:18 -0700 (PDT)
Message-ID: <4A929316.3070004@codemonkey.ws>
Date: Mon, 24 Aug 2009 08:18:14 -0500
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 0/7] ATAPI CDROM passthrough v5
References: <19074.63829.151234.423348@mariner.uk.xensource.com>
In-Reply-To: <19074.63829.151234.423348@mariner.uk.xensource.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: qemu-devel@nongnu.org, Alexandre Bique <alexandre.bique@citrix.com>

Ian Jackson wrote:
>>   I would also suggest that you only expose this as an option 
>> through qdev properties instead of a new command line option as it 
>> should be controllable on a per-device basis.
>>     
>
> The reason to disable it is not to prevent the guest breaking the
> hardware.  It is to prevent the guest escaping the containment
> entirely, which it can probably do if firmware updates are allowed.
> This seems to me to be a general property of the guest, rather than of
> the device.  So I think disabling it in one place is better.
>   

If you go back to the original thread, the argument against this was 
that some devices abuse other atapi commands to do firmware updates so 
you cannot 100% reliably contain this.

But more importantly, and the reason I originally requested this, having 
a global option bakes knowledge of atapi pass through into vl.c.  Making 
it a qdev property means vl.c does not need explicit knowledge of this 
mechanism.

I think this is an important change to make for merging.

Regards,

Anthony Liguori

> Patches follow.
>
> Thanks,
> Ian.
>
>
>