[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe

To: qemu-devel@xxxxxxxxxx
From: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>
Date: Thu, 9 Sep 2021 01:20:16 +0200
Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=philmd@xxxxxxxxxx
Cc: Thomas Huth <thuth@xxxxxxxxxx>, Prasad J Pandit <pjp@xxxxxxxxxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Markus Armbruster <armbru@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Eduardo Habkost <ehabkost@xxxxxxxxxx>, Philippe Mathieu-Daudé <f4bug@xxxxxxxxx>, Daniel P. Berrangé <berrange@xxxxxxxxxx>, Eric Blake <eblake@xxxxxxxxxx>, Richard Henderson <richard.henderson@xxxxxxxxxx>, qemu-block@xxxxxxxxxx, Peter Maydell <peter.maydell@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>
Delivery-date: Wed, 08 Sep 2021 23:20:40 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Add the AccelClass::secure_policy_supported field to classify
safe (within security boundary) vs unsafe accelerators.

Signed-off-by: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>
---
 include/qemu/accel.h | 5 +++++
 accel/kvm/kvm-all.c  | 1 +
 accel/xen/xen-all.c  | 1 +
 softmmu/vl.c         | 3 +++
 4 files changed, 10 insertions(+)

diff --git a/include/qemu/accel.h b/include/qemu/accel.h
index 4f4c283f6fc..895e30be0de 100644
--- a/include/qemu/accel.h
+++ b/include/qemu/accel.h
@@ -44,6 +44,11 @@ typedef struct AccelClass {
                        hwaddr start_addr, hwaddr size);
 #endif
     bool *allowed;
+    /*
+     * Whether the accelerator is withing QEMU security policy boundary.
+     * See: https://www.qemu.org/contribute/security-process/
+     */
+    bool secure_policy_supported;
     /*
      * Array of global properties that would be applied when specific
      * accelerator is chosen. It works like MachineClass.compat_props
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 0125c17edb8..eb6b9e44df2 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3623,6 +3623,7 @@ static void kvm_accel_class_init(ObjectClass *oc, void 
*data)
     ac->init_machine = kvm_init;
     ac->has_memory = kvm_accel_has_memory;
     ac->allowed = &kvm_allowed;
+    ac->secure_policy_supported = true;
 
     object_class_property_add(oc, "kernel-irqchip", "on|off|split",
         NULL, kvm_set_kernel_irqchip,
diff --git a/accel/xen/xen-all.c b/accel/xen/xen-all.c
index 69aa7d018b2..57867af5faf 100644
--- a/accel/xen/xen-all.c
+++ b/accel/xen/xen-all.c
@@ -198,6 +198,7 @@ static void xen_accel_class_init(ObjectClass *oc, void 
*data)
     ac->setup_post = xen_setup_post;
     ac->allowed = &xen_allowed;
     ac->compat_props = g_ptr_array_new();
+    ac->secure_policy_supported = true;
 
     compat_props_add(ac->compat_props, compat, G_N_ELEMENTS(compat));
 
diff --git a/softmmu/vl.c b/softmmu/vl.c
index 92c05ac97ee..e4f94e159c3 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -2388,6 +2388,9 @@ static int do_configure_accelerator(void *opaque, 
QemuOpts *opts, Error **errp)
         return 0;
     }
 
+    qemu_security_policy_taint(!ac->secure_policy_supported,
+                               "%s accelerator", acc);
+
     return 1;
 }
 
-- 
2.31.1

Follow-Ups:
- Re: [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe
  - From: Eric Blake
- Re: [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe
  - From: Daniel P. Berrangé

References:
- [RFC PATCH 00/10] security: Introduce qemu_security_policy_taint() API
  - From: Philippe Mathieu-Daudé

Prev by Date: [RFC PATCH 01/10] sysemu: Introduce qemu_security_policy_taint() API
Next by Date: [RFC PATCH 03/10] block: Use qemu_security_policy_taint() API
Previous by thread: Re: [RFC PATCH 01/10] sysemu: Introduce qemu_security_policy_taint() API
Next by thread: Re: [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.