[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 06/10] qdev: Use qemu_security_policy_taint() API
From: |
Philippe Mathieu-Daudé |
Subject: |
[RFC PATCH 06/10] qdev: Use qemu_security_policy_taint() API |
Date: |
Thu, 9 Sep 2021 01:20:20 +0200 |
Add DeviceClass::taints_security_policy field to allow an
unsafe device to eventually taint the global security policy
in DeviceRealize().
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
---
include/hw/qdev-core.h | 6 ++++++
hw/core/qdev.c | 11 +++++++++++
2 files changed, 17 insertions(+)
diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h
index bafc311bfa1..ff9ce6671be 100644
--- a/include/hw/qdev-core.h
+++ b/include/hw/qdev-core.h
@@ -122,6 +122,12 @@ struct DeviceClass {
*/
bool user_creatable;
bool hotpluggable;
+ /*
+ * %false if the device is within the QEMU security policy boundary,
+ * %true if there is no guarantee this device can be used safely.
+ * See: https://www.qemu.org/contribute/security-process/
+ */
+ bool taints_security_policy;
/* callbacks */
/*
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index cefc5eaa0a9..a5a00f3564c 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -31,6 +31,7 @@
#include "qapi/qmp/qerror.h"
#include "qapi/visitor.h"
#include "qemu/error-report.h"
+#include "qemu-common.h"
#include "qemu/option.h"
#include "hw/hotplug.h"
#include "hw/irq.h"
@@ -257,6 +258,13 @@ bool qdev_hotplug_allowed(DeviceState *dev, Error **errp)
MachineClass *mc;
Object *m_obj = qdev_get_machine();
+ if (qemu_security_policy_is_strict()
+ && DEVICE_GET_CLASS(dev)->taints_security_policy) {
+ error_setg(errp, "Device '%s' can not be hotplugged when"
+ " 'strict' security policy is in place",
+ object_get_typename(OBJECT(dev)));
+ }
+
if (object_dynamic_cast(m_obj, TYPE_MACHINE)) {
machine = MACHINE(m_obj);
mc = MACHINE_GET_CLASS(machine);
@@ -385,6 +393,9 @@ bool qdev_realize(DeviceState *dev, BusState *bus, Error
**errp)
} else {
assert(!DEVICE_GET_CLASS(dev)->bus_type);
}
+ qemu_security_policy_taint(DEVICE_GET_CLASS(dev)->taints_security_policy,
+ "device type %s",
+ object_get_typename(OBJECT(dev)));
return object_property_set_bool(OBJECT(dev), "realized", true, errp);
}
--
2.31.1
- [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe, (continued)
- [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 03/10] block: Use qemu_security_policy_taint() API, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 04/10] block/vvfat: Mark the driver as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 05/10] block/null: Mark 'read-zeroes=off' option as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 06/10] qdev: Use qemu_security_policy_taint() API,
Philippe Mathieu-Daudé <=
- [RFC PATCH 07/10] hw/display: Mark ATI and Artist devices as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 08/10] hw/misc: Mark testdev devices as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 09/10] hw/net: Mark Tulip device as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 10/10] hw/sd: Mark sdhci-pci device as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- Re: [RFC PATCH 00/10] security: Introduce qemu_security_policy_taint() API, Daniel P . Berrangé, 2021/09/09
- Re: [RFC PATCH 00/10] security: Introduce qemu_security_policy_taint() API, Alexander Bulekov, 2021/09/09