From patchwork Thu Jun 6 14:30:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Gerd Hoffmann X-Patchwork-Id: 13688574 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 86255C27C54 for ; Thu, 6 Jun 2024 14:31:27 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sFE8K-0000xz-LY; Thu, 06 Jun 2024 10:30:28 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8G-0000mA-3o for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:24 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8E-0000dL-0Q for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717684218; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FUpBrgooZvG9jgmz1Pjev1l3L+B1Cacf4mMWQpHmpl0=; b=ihoUikcTeijdj5tR32Ii6iVV3xe9Pcts7Dc49Hmm3+DTC1LEevU2+B5BA8oJIbCE4vgbaQ nOjH8ecyT+zHH+JljoMufOZ7+ndaz0DDQZq00aMUHexoDIDX+7mR9LaQpPgZslgj/VkeA0 yrxFkY519Bw+LK0JKwZEGHIrdF4a71Q= Received: from mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-325-GRq-M0ioPf6xztLZ-1K8fw-1; Thu, 06 Jun 2024 10:30:14 -0400 X-MC-Unique: GRq-M0ioPf6xztLZ-1K8fw-1 Received: from mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id DF4D6193D8B4; Thu, 6 Jun 2024 14:30:13 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.217]) by mx-prod-int-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 0230F195917B; Thu, 6 Jun 2024 14:30:12 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id E201318009A8; Thu, 6 Jun 2024 16:30:10 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Gerd Hoffmann , Markus Armbruster , Eduardo Habkost , Eric Blake , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= Subject: [PATCH v3 1/4] qom: allow to mark objects as deprecated or not secure. Date: Thu, 6 Jun 2024 16:30:07 +0200 Message-ID: <20240606143010.1318226-2-kraxel@redhat.com> In-Reply-To: <20240606143010.1318226-1-kraxel@redhat.com> References: <20240606143010.1318226-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.15 Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: 12 X-Spam_score: 1.2 X-Spam_bar: + X-Spam_report: (1.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add flags to ObjectClass for objects which are deprecated or not secure. Add 'deprecated' and 'not-secure' bools to ObjectTypeInfo, report in 'qom-list-types'. Print the flags when listing devices via '-device help'. Signed-off-by: Gerd Hoffmann Reviewed-by: Daniel P. Berrangé --- include/qom/object.h | 3 +++ qom/qom-qmp-cmds.c | 8 ++++++++ system/qdev-monitor.c | 8 ++++++++ qapi/qom.json | 8 +++++++- 4 files changed, 26 insertions(+), 1 deletion(-) diff --git a/include/qom/object.h b/include/qom/object.h index 13d3a655ddf9..419bd9a4b219 100644 --- a/include/qom/object.h +++ b/include/qom/object.h @@ -136,6 +136,9 @@ struct ObjectClass ObjectUnparent *unparent; GHashTable *properties; + + bool deprecated; + bool not_secure; }; /** diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c index e91a2353472a..325ff0ba2a25 100644 --- a/qom/qom-qmp-cmds.c +++ b/qom/qom-qmp-cmds.c @@ -101,6 +101,14 @@ static void qom_list_types_tramp(ObjectClass *klass, void *data) if (parent) { info->parent = g_strdup(object_class_get_name(parent)); } + if (klass->deprecated) { + info->has_deprecated = true; + info->deprecated = true; + } + if (klass->not_secure) { + info->has_not_secure = true; + info->not_secure = true; + } QAPI_LIST_PREPEND(*pret, info); } diff --git a/system/qdev-monitor.c b/system/qdev-monitor.c index 6af6ef7d667f..effdc95d21d3 100644 --- a/system/qdev-monitor.c +++ b/system/qdev-monitor.c @@ -144,6 +144,8 @@ static bool qdev_class_has_alias(DeviceClass *dc) static void qdev_print_devinfo(DeviceClass *dc) { + ObjectClass *klass = OBJECT_CLASS(dc); + qemu_printf("name \"%s\"", object_class_get_name(OBJECT_CLASS(dc))); if (dc->bus_type) { qemu_printf(", bus %s", dc->bus_type); @@ -157,6 +159,12 @@ static void qdev_print_devinfo(DeviceClass *dc) if (!dc->user_creatable) { qemu_printf(", no-user"); } + if (klass->deprecated) { + qemu_printf(", deprecated"); + } + if (klass->not_secure) { + qemu_printf(", not-secure"); + } qemu_printf("\n"); } diff --git a/qapi/qom.json b/qapi/qom.json index 8bd299265e39..3f20d4c6413b 100644 --- a/qapi/qom.json +++ b/qapi/qom.json @@ -163,10 +163,16 @@ # # @parent: Name of parent type, if any (since 2.10) # +# @deprecated: the type is deprecated (since 9.1) +# +# @not-secure: the type (typically a device) is not considered +# a security boundary (since 9.1) +# # Since: 1.1 ## { 'struct': 'ObjectTypeInfo', - 'data': { 'name': 'str', '*abstract': 'bool', '*parent': 'str' } } + 'data': { 'name': 'str', '*abstract': 'bool', '*parent': 'str', + '*deprecated': 'bool', '*not-secure': 'bool' } } ## # @qom-list-types: From patchwork Thu Jun 6 14:30:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerd Hoffmann X-Patchwork-Id: 13688573 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id CE4ABC25B75 for ; Thu, 6 Jun 2024 14:31:07 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sFE8J-0000tV-Hi; Thu, 06 Jun 2024 10:30:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8G-0000mB-5b for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:25 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8E-0000dV-2Q for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717684219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i5TWQAuMG6VGVSQL8cn+7DLDdEPqK+ESnRRABag01r4=; b=KMX6I2b0DdqFD0vaKhuphRhokyUChAQKKg2+6UFtgAA29i4XAP5aylHPTQfOsZSFl6BF8w +oEvsy/GNBzenvX5Zubx594la/ad2yN6EA1J9JDZF6DUC4Oq6FZIp1nA5rE8/GIorM790k jNbOOUDig49XNJMfGcQkRKnJJ+zmVlM= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-232-1Sp0-3cxOW6nhL2UhPHo7Q-1; Thu, 06 Jun 2024 10:30:15 -0400 X-MC-Unique: 1Sp0-3cxOW6nhL2UhPHo7Q-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5DE831C05122; Thu, 6 Jun 2024 14:30:15 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.217]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D3CBBFFF1; Thu, 6 Jun 2024 14:30:14 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id EFF6A18009DB; Thu, 6 Jun 2024 16:30:10 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Gerd Hoffmann , Markus Armbruster , Eduardo Habkost , Eric Blake , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= Subject: [PATCH v3 2/4] usb/hub: mark as deprecated Date: Thu, 6 Jun 2024 16:30:08 +0200 Message-ID: <20240606143010.1318226-3-kraxel@redhat.com> In-Reply-To: <20240606143010.1318226-1-kraxel@redhat.com> References: <20240606143010.1318226-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.5 Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org The hub supports only USB 1.1. When running out of usb ports it is in almost all cases the much better choice to add another usb host adapter (or increase the number of root ports when using xhci) instead of using the usb hub. Signed-off-by: Gerd Hoffmann --- hw/usb/dev-hub.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/usb/dev-hub.c b/hw/usb/dev-hub.c index 06e9537d0356..bc8d0ba4cfcf 100644 --- a/hw/usb/dev-hub.c +++ b/hw/usb/dev-hub.c @@ -686,6 +686,7 @@ static void usb_hub_class_initfn(ObjectClass *klass, void *data) set_bit(DEVICE_CATEGORY_BRIDGE, dc->categories); dc->fw_name = "hub"; dc->vmsd = &vmstate_usb_hub; + klass->deprecated = true; device_class_set_props(dc, usb_hub_properties); } From patchwork Thu Jun 6 14:30:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerd Hoffmann X-Patchwork-Id: 13688572 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 37078C25B75 for ; Thu, 6 Jun 2024 14:31:00 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sFE8I-0000qe-N4; Thu, 06 Jun 2024 10:30:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8F-0000kq-88 for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:23 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.129.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8D-0000dY-0R for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717684219; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DDfMUZhKmae+/Kl8rhTqSkxDB2J+XbFOFNJIOaJqc98=; b=dM41TOL/wTkswF7i18NUNtg5qHGbvWucNriI51BuaRvQ67gVNlgBnLLG8p/Wx4cN2NefLE gO8hkIWrc3mP0MJMWutTEvQ+HEfO/Dw62XgDZcaVqh2Hbw04++zAlutsZ6vj+rvZtOFyOm PY4E3Au5B1m9ZMtIl0cuOVA5GRK26mM= Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-205-ZoJZRBQqP520_fmRGwGH4g-1; Thu, 06 Jun 2024 10:30:15 -0400 X-MC-Unique: ZoJZRBQqP520_fmRGwGH4g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5CA6B3C025B2; Thu, 6 Jun 2024 14:30:15 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.217]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D3DA5202279E; Thu, 6 Jun 2024 14:30:14 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 0C40C1800D60; Thu, 6 Jun 2024 16:30:11 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Gerd Hoffmann , Markus Armbruster , Eduardo Habkost , Eric Blake , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= Subject: [PATCH v3 3/4] vga/cirrus: mark as not secure Date: Thu, 6 Jun 2024 16:30:09 +0200 Message-ID: <20240606143010.1318226-4-kraxel@redhat.com> In-Reply-To: <20240606143010.1318226-1-kraxel@redhat.com> References: <20240606143010.1318226-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.4 Received-SPF: pass client-ip=170.10.129.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Signed-off-by: Gerd Hoffmann --- hw/display/cirrus_vga.c | 1 + hw/display/cirrus_vga_isa.c | 1 + 2 files changed, 2 insertions(+) diff --git a/hw/display/cirrus_vga.c b/hw/display/cirrus_vga.c index 150883a97166..1f4c55b21415 100644 --- a/hw/display/cirrus_vga.c +++ b/hw/display/cirrus_vga.c @@ -3007,6 +3007,7 @@ static void cirrus_vga_class_init(ObjectClass *klass, void *data) dc->vmsd = &vmstate_pci_cirrus_vga; device_class_set_props(dc, pci_vga_cirrus_properties); dc->hotpluggable = false; + klass->not_secure = true; } static const TypeInfo cirrus_vga_info = { diff --git a/hw/display/cirrus_vga_isa.c b/hw/display/cirrus_vga_isa.c index 84be51670ed8..535a631b4b09 100644 --- a/hw/display/cirrus_vga_isa.c +++ b/hw/display/cirrus_vga_isa.c @@ -85,6 +85,7 @@ static void isa_cirrus_vga_class_init(ObjectClass *klass, void *data) dc->realize = isa_cirrus_vga_realizefn; device_class_set_props(dc, isa_cirrus_vga_properties); set_bit(DEVICE_CATEGORY_DISPLAY, dc->categories); + klass->not_secure = true; } static const TypeInfo isa_cirrus_vga_info = { From patchwork Thu Jun 6 14:30:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gerd Hoffmann X-Patchwork-Id: 13688576 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0DB3DC27C54 for ; Thu, 6 Jun 2024 14:31:36 +0000 (UTC) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sFE8N-0000zm-J1; Thu, 06 Jun 2024 10:30:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8G-0000nw-I3 for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:25 -0400 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sFE8E-0000dm-Vi for qemu-devel@nongnu.org; Thu, 06 Jun 2024 10:30:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1717684222; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hDPgf6aEIIwBxTyK1XZbu26GI1zbXPnF25d6ETE9IBk=; b=Ndb2p4h+I3ufqR0cVXu2e4j6kZ17x96tc1+IW75RxV25gNcNHKAwq+sFC7R7pPuy7JJ2MP cN3cNeg0ccJTLsbOp8lXHIkjzd8hBkmev0BV/zaxJzZzSJIMcVFQ08oEsibVIltv5XiLYR vLQ+l/NISumL4T0XqLy4ilLGY99GABY= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-136-cdMmpptCM0Ojy8tAlhO9ZA-1; Thu, 06 Jun 2024 10:30:16 -0400 X-MC-Unique: cdMmpptCM0Ojy8tAlhO9ZA-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id ACB1B800074; Thu, 6 Jun 2024 14:30:16 +0000 (UTC) Received: from sirius.home.kraxel.org (unknown [10.39.192.217]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 49AF8492C27; Thu, 6 Jun 2024 14:30:16 +0000 (UTC) Received: by sirius.home.kraxel.org (Postfix, from userid 1000) id 1BA801800D65; Thu, 6 Jun 2024 16:30:11 +0200 (CEST) From: Gerd Hoffmann To: qemu-devel@nongnu.org Cc: Paolo Bonzini , Gerd Hoffmann , Markus Armbruster , Eduardo Habkost , Eric Blake , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= Subject: [PATCH v3 4/4] qdev: add device policy [RfC] Date: Thu, 6 Jun 2024 16:30:10 +0200 Message-ID: <20240606143010.1318226-5-kraxel@redhat.com> In-Reply-To: <20240606143010.1318226-1-kraxel@redhat.com> References: <20240606143010.1318226-1-kraxel@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.10 Received-SPF: pass client-ip=170.10.133.124; envelope-from=kraxel@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Add policies for devices which are deprecated or not secure. There are three options: allow, warn and deny. It's implemented for devices only. Devices will probably be the main user of this. Also object_new() can't fail as of today so it's a bit hard to implement policy checking at object level, especially the 'deny' part of it. TODO: add a command line option to actually set these policies. Comments are welcome. Signed-off-by: Gerd Hoffmann --- hw/core/qdev.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/hw/core/qdev.c b/hw/core/qdev.c index f3a996f57dee..0c4e5cec743c 100644 --- a/hw/core/qdev.c +++ b/hw/core/qdev.c @@ -43,6 +43,15 @@ static bool qdev_hot_added = false; bool qdev_hot_removed = false; +enum qdev_policy { + QDEV_ALLOW = 0, + QDEV_WARN = 1, + QDEV_DENY = 2, +}; + +static enum qdev_policy qdev_deprecated_policy; +static enum qdev_policy qdev_not_secure_policy; + const VMStateDescription *qdev_get_vmsd(DeviceState *dev) { DeviceClass *dc = DEVICE_GET_CLASS(dev); @@ -144,6 +153,43 @@ bool qdev_set_parent_bus(DeviceState *dev, BusState *bus, Error **errp) return true; } +static bool qdev_class_check(const char *name, ObjectClass *oc) +{ + bool allow = true; + + if (oc->deprecated) { + switch (qdev_deprecated_policy) { + case QDEV_WARN: + warn_report("device \"%s\" is deprecated", name); + break; + case QDEV_DENY: + error_report("device \"%s\" is deprecated", name); + allow = false; + break; + default: + /* nothing */ + break; + } + } + + if (oc->not_secure) { + switch (qdev_not_secure_policy) { + case QDEV_WARN: + warn_report("device \"%s\" is not secure", name); + break; + case QDEV_DENY: + error_report("device \"%s\" is not secure", name); + allow = false; + break; + default: + /* nothing */ + break; + } + } + + return allow; +} + DeviceState *qdev_new(const char *name) { ObjectClass *oc = object_class_by_name(name); @@ -162,14 +208,26 @@ DeviceState *qdev_new(const char *name) error_report("unknown type '%s'", name); abort(); } + + if (!qdev_class_check(name, oc)) { + exit(1); + } + return DEVICE(object_new(name)); } DeviceState *qdev_try_new(const char *name) { - if (!module_object_class_by_name(name)) { + ObjectClass *oc = module_object_class_by_name(name); + + if (!oc) { return NULL; } + + if (!qdev_class_check(name, oc)) { + return NULL; + } + return DEVICE(object_new(name)); }