[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM
From: |
Eric Blake |
Subject: |
Re: [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe |
Date: |
Thu, 9 Sep 2021 13:46:37 -0500 |
User-agent: |
NeoMutt/20210205-739-420e15 |
On Thu, Sep 09, 2021 at 01:20:16AM +0200, Philippe Mathieu-Daudé wrote:
> Add the AccelClass::secure_policy_supported field to classify
> safe (within security boundary) vs unsafe accelerators.
>
> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
> ---
> include/qemu/accel.h | 5 +++++
> accel/kvm/kvm-all.c | 1 +
> accel/xen/xen-all.c | 1 +
> softmmu/vl.c | 3 +++
> 4 files changed, 10 insertions(+)
>
> diff --git a/include/qemu/accel.h b/include/qemu/accel.h
> index 4f4c283f6fc..895e30be0de 100644
> --- a/include/qemu/accel.h
> +++ b/include/qemu/accel.h
> @@ -44,6 +44,11 @@ typedef struct AccelClass {
> hwaddr start_addr, hwaddr size);
> #endif
> bool *allowed;
> + /*
> + * Whether the accelerator is withing QEMU security policy boundary.
within
> + * See: https://www.qemu.org/contribute/security-process/
> + */
> + bool secure_policy_supported;
> /*
> * Array of global properties that would be applied when specific
> * accelerator is chosen. It works like MachineClass.compat_props
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
- [RFC PATCH 00/10] security: Introduce qemu_security_policy_taint() API, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 01/10] sysemu: Introduce qemu_security_policy_taint() API, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 02/10] accel: Use qemu_security_policy_taint(), mark KVM and Xen as safe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 03/10] block: Use qemu_security_policy_taint() API, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 04/10] block/vvfat: Mark the driver as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 05/10] block/null: Mark 'read-zeroes=off' option as unsafe, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 06/10] qdev: Use qemu_security_policy_taint() API, Philippe Mathieu-Daudé, 2021/09/08
- [RFC PATCH 07/10] hw/display: Mark ATI and Artist devices as unsafe, Philippe Mathieu-Daudé, 2021/09/08