Xen project Mailing List

Re: [RFC PATCH 01/10] sysemu: Introduce qemu_security_policy_taint() API

To: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>

Date: Thu, 9 Sep 2021 13:45:03 -0500

Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=eblake@xxxxxxxxxx

Cc: qemu-devel@xxxxxxxxxx, Thomas Huth <thuth@xxxxxxxxxx>, Prasad J Pandit <pjp@xxxxxxxxxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Markus Armbruster <armbru@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Eduardo Habkost <ehabkost@xxxxxxxxxx>, Philippe Mathieu-Daudé <f4bug@xxxxxxxxx>, Daniel P. Berrangé <berrange@xxxxxxxxxx>, Richard Henderson <richard.henderson@xxxxxxxxxx>, qemu-block@xxxxxxxxxx, Peter Maydell <peter.maydell@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 09 Sep 2021 18:45:39 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Sep 09, 2021 at 01:20:15AM +0200, Philippe Mathieu-Daudé wrote: > Introduce qemu_security_policy_taint() which allows unsafe (read > "not very maintained") code to 'taint' QEMU security policy. > > The "security policy" is the @SecurityPolicy QAPI enum, composed of: > - "none" (no policy, current behavior) > - "warn" (display a warning when the policy is tainted, keep going) > - "strict" (once tainted, exit QEMU before starting the VM) > > The qemu_security_policy_is_strict() helper is also provided, which > will be proved useful once a VM is started (example we do not want s/be proved/prove/ > to kill a running VM if an unsafe device is hot-added). > > Signed-off-by: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx> > --- > qapi/run-state.json | 16 +++++++++++ > include/qemu-common.h | 19 ++++++++++++ > softmmu/vl.c | 67 +++++++++++++++++++++++++++++++++++++++++++ > qemu-options.hx | 17 +++++++++++ > 4 files changed, 119 insertions(+) > > diff --git a/qapi/run-state.json b/qapi/run-state.json > index 43d66d700fc..b15a107fa01 100644 > --- a/qapi/run-state.json > +++ b/qapi/run-state.json > @@ -638,3 +638,19 @@ > { 'struct': 'MemoryFailureFlags', > 'data': { 'action-required': 'bool', > 'recursive': 'bool'} } > + > +## > +# @SecurityPolicy: > +# > +# An enumeration of the actions taken when the security policy is tainted. > +# > +# @none: do nothing. > +# > +# @warn: display a warning. > +# > +# @strict: prohibit QEMU to start a VM. s/to start/from starting/ > +# > +# Since: 6.2 > +## > +{ 'enum': 'SecurityPolicy', > + 'data': [ 'none', 'warn', 'strict' ] } -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.