From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47390)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1agY0g-0001BP-8r
	for qemu-devel@nongnu.org; Thu, 17 Mar 2016 09:30:46 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1agY0c-00014c-Q9
	for qemu-devel@nongnu.org; Thu, 17 Mar 2016 09:30:42 -0400
Received: from mx1.redhat.com ([209.132.183.28]:56382)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1agY0c-00014T-Ka
	for qemu-devel@nongnu.org; Thu, 17 Mar 2016 09:30:38 -0400
References: <1458053080-29170-1-git-send-email-mst@redhat.com>
	<87fuvpv2jv.fsf@blackfin.pond.sub.org>
	<20160317143531-mutt-send-email-mst@redhat.com>
From: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <56EAB17A.1000400@redhat.com>
Date: Thu, 17 Mar 2016 14:30:34 +0100
MIME-Version: 1.0
In-Reply-To: <20160317143531-mutt-send-email-mst@redhat.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg
 without opt/
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>, Markus Armbruster <armbru@redhat.com>
Cc: "Gabriel L. Somlo" <somlo@cmu.edu>, Laszlo Ersek <lersek@redhat.com>, qemu-devel@nongnu.org, Gerd Hoffmann <kraxel@redhat.com>

I frankly think it's overengineered, but it's already much better and if
it helps converging to a compromise why not.

Alternatives to your proposals follow:

On 17/03/2016 14:13, Michael S. Tsirkin wrote:
>=20
> QEMU command line:
> 	A. -fw-cfg RFQDN/PATH prepends usr/. So users will not get conflicts
> 	   with QEMU hardware

Alternative: no need to prepend usr/, I think.

> 	B. -fw-cfg org.qemu/unsupported/XXX as a hack, removes
> 		org.qemu/unsupported/ and leaves just XXX,
> 		for people who want to break^?^?^?^?^?debug QEMU hardware

Alternative: fail on:

- a blacklist of etc/* files including etc/system-states,
etc/smbios/smbios-tables, etc/smbios/smbios-anchor,
etc/reserved-memory-end, etc/pvpanic-port, etc/e820, and possibly
etc/boot-menu-wait

- on all org.qemu/* files

- iff etc/boot-menu-wait is blacklisted, fail on
org.seabios/boot-menu-wait too.

Everything else is passed through.  No hacks required.

> 	C. -fw-cfg opt/FOO accepts any path, for backwards compatibility

Implicit in my proposed alternative to A.

> 	D. any other use fails

Replaced by my alternative to B.  RFQDN is just a best practice, and it
is not enforced except as proposed in B.  For the same reason, no
changes are required in the Linux driver.

> OVMF:
> 	Can use the compatible opt/ovmf/ for now. [snip]
> 	Long term: Gradually transition OVMF to look up paths in usr/org.uefi/=
:
> 	if nothing is found there, look up in opt/ovmf/ for backwards
> 	compatibility.

Agreed except it would be org.tianocore.edk2.ovmf/ rather than usr/org.ue=
fi.

Likewise SeaBIOS would switch from etc/ to an org.seabios/ prefix (for
stuff usable from both Coreboot and QEMU, e.g.
org.seabios/bootsplash.bmp) or org.qemu/ (for stuff that is specific to
QEMU).

Files that could be moved from etc/ to org.qemu/ correspond to the ones
that are blacklisted in (B), e.g. etc/system-states ->
org.qemu/system-states.

Paolo