From: Markus Armbruster <armbru@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>,
qemu-devel@nongnu.org, Paolo Bonzini <pbonzini@redhat.com>,
Eduardo Habkost <eduardo@habkost.net>,
Eric Blake <eblake@redhat.com>
Subject: Re: [PATCH v3 1/4] qom: allow to mark objects as deprecated or not secure.
Date: Wed, 12 Jun 2024 13:44:33 +0200 [thread overview]
Message-ID: <87ikyee672.fsf@pond.sub.org> (raw)
In-Reply-To: <ZmmFiJY4gBTk8kKk@redhat.com> ("Daniel P. Berrangé"'s message of "Wed, 12 Jun 2024 12:24:56 +0100")
Daniel P. Berrangé <berrange@redhat.com> writes:
> On Wed, Jun 12, 2024 at 01:07:44PM +0200, Markus Armbruster wrote:
>> Gerd Hoffmann <kraxel@redhat.com> writes:
>>
>> > Add flags to ObjectClass for objects which are deprecated or not secure.
>> > Add 'deprecated' and 'not-secure' bools to ObjectTypeInfo, report in
>> > 'qom-list-types'. Print the flags when listing devices via '-device
>> > help'.
>> >
>> > Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
[...]
>> > diff --git a/qapi/qom.json b/qapi/qom.json
>> > index 8bd299265e39..3f20d4c6413b 100644
>> > --- a/qapi/qom.json
>> > +++ b/qapi/qom.json
>> > @@ -163,10 +163,16 @@
>> > #
>> > # @parent: Name of parent type, if any (since 2.10)
>> > #
>> > +# @deprecated: the type is deprecated (since 9.1)
>> > +#
>> > +# @not-secure: the type (typically a device) is not considered
>> > +# a security boundary (since 9.1)
>>
>> What does this mean? Does it mean "do not add an instance of this
>> device the guest unless you trust the guest"?
>
> Essentially yes. This ties to our security doc where we declare
> we won't consider non-virtualization use cases as being security
> bugs (CVEs) as large parts of QEMU haven't been designed to
> provide a guest security boundary
>
> https://www.qemu.org/docs/master/system/security.html
Would it make sense to add a suitable pointer to the doc comment?
next prev parent reply other threads:[~2024-06-12 11:45 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-06 14:30 [PATCH v3 0/4] allow to deprecate objects and devices Gerd Hoffmann
2024-06-06 14:30 ` [PATCH v3 1/4] qom: allow to mark objects as deprecated or not secure Gerd Hoffmann
2024-06-06 14:38 ` Daniel P. Berrangé
2024-06-07 6:24 ` Philippe Mathieu-Daudé
2024-06-12 11:07 ` Markus Armbruster
2024-06-12 11:24 ` Daniel P. Berrangé
2024-06-12 11:44 ` Markus Armbruster [this message]
2024-06-06 14:30 ` [PATCH v3 2/4] usb/hub: mark as deprecated Gerd Hoffmann
2024-06-06 14:41 ` Daniel P. Berrangé
2024-06-12 15:52 ` Alex Bennée
2024-06-13 8:31 ` Markus Armbruster
2024-06-13 8:34 ` Daniel P. Berrangé
2024-06-13 10:38 ` Markus Armbruster
2024-06-13 10:48 ` Daniel P. Berrangé
2024-06-13 14:49 ` Alex Bennée
2024-06-14 7:03 ` Gerd Hoffmann
2024-06-13 8:44 ` Daniel P. Berrangé
2024-06-14 8:40 ` Gerd Hoffmann
2024-06-06 14:30 ` [PATCH v3 3/4] vga/cirrus: mark as not secure Gerd Hoffmann
2024-06-06 14:37 ` Daniel P. Berrangé
2024-06-06 14:30 ` [PATCH v3 4/4] qdev: add device policy [RfC] Gerd Hoffmann
2024-06-06 14:49 ` Peter Maydell
2024-06-12 8:30 ` Markus Armbruster
2024-06-12 11:40 ` [PATCH v3 0/4] allow to deprecate objects and devices Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ikyee672.fsf@pond.sub.org \
--to=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=eblake@redhat.com \
--cc=eduardo@habkost.net \
--cc=kraxel@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).