Re: [Qemu-ppc] [PATCH] ppc: add host-serial and host-model machine attributes

[Daniel P . Berrangé]

On Mon, Feb 04, 2019 at 12:09:04PM +1100, David Gibson wrote:
> On Sat, Feb 02, 2019 at 12:23:58AM +0530, P J P wrote:
> > From: Prasad J Pandit <address@hidden>
> > 
> > On ppc hosts, hypervisor shares following system attributes
> > 
> >   - /proc/device-tree/system-id
> >   - /proc/device-tree/model
> > 
> > with a guest. This could lead to information leakage and misuse.[*]
> > Add machine attributes to control such system information exposure
> > to a guest.
> > 
> > [*] https://wiki.openstack.org/wiki/OSSN/OSSN-0028
> > 
> > Reported-by: Daniel P. Berrangé <address@hidden>
> > Fix-suggested-by: Daniel P. Berrangé <address@hidden>
> > Signed-off-by: Prasad J Pandit <address@hidden>
> 
> Hm.  This seems like it might be overkill.  I mean, obviously we need
> to not leak that host information, but it's not clear we really need
> these properties at all.  They're not specified in PAPR (contrary to
> my previous guess) and it's not clear what actually uses them.
> 
> I'm wondering if we can just ditch them entirely, or at least make
> them default to not present without regard to machine version.
> 
> Yes, that's technically a compatibility breaking change, but it's hard
> to see anything that actually relied on these as not being broken
> already, so I think that's actually a fair trade off for the security
> improvement here.

We cannot assume that no one is using it.

In fact this issue came to light precisely because a person on IRC
was asking why x86 couldn't provide the same info as PPC, because
they found it useful on PPC.

So we will definitely break people if we remove this from existing
VMs.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|