Xen project Mailing List

Re: [RFC PATCH 03/10] block: Use qemu_security_policy_taint() API

To: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx>

From: Daniel P. Berrangé <berrange@xxxxxxxxxx>

Date: Thu, 9 Sep 2021 11:40:07 +0100

Authentication-results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@xxxxxxxxxx

Cc: qemu-devel@xxxxxxxxxx, Thomas Huth <thuth@xxxxxxxxxx>, Prasad J Pandit <pjp@xxxxxxxxxxxxxxxxx>, "Michael S. Tsirkin" <mst@xxxxxxxxxx>, Markus Armbruster <armbru@xxxxxxxxxx>, Paolo Bonzini <pbonzini@xxxxxxxxxx>, Eduardo Habkost <ehabkost@xxxxxxxxxx>, Philippe Mathieu-Daudé <f4bug@xxxxxxxxx>, Eric Blake <eblake@xxxxxxxxxx>, Richard Henderson <richard.henderson@xxxxxxxxxx>, qemu-block@xxxxxxxxxx, Peter Maydell <peter.maydell@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

Delivery-date: Thu, 09 Sep 2021 10:40:23 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Thu, Sep 09, 2021 at 01:20:17AM +0200, Philippe Mathieu-Daudé wrote: > Add the BlockDriver::bdrv_taints_security_policy() handler. > Drivers implementing it might taint the global QEMU security > policy. > > Signed-off-by: Philippe Mathieu-Daudé <philmd@xxxxxxxxxx> > --- > include/block/block_int.h | 6 +++++- > block.c | 6 ++++++ > 2 files changed, 11 insertions(+), 1 deletion(-) > > diff --git a/include/block/block_int.h b/include/block/block_int.h > index f1a54db0f8c..0ec0a5c06e9 100644 > --- a/include/block/block_int.h > +++ b/include/block/block_int.h > @@ -169,7 +169,11 @@ struct BlockDriver { > int (*bdrv_file_open)(BlockDriverState *bs, QDict *options, int flags, > Error **errp); > void (*bdrv_close)(BlockDriverState *bs); > - > + /* > + * Return %true if the driver is withing QEMU security policy boundary, > + * %false otherwise. See: > https://www.qemu.org/contribute/security-process/ > + */ > + bool (*bdrv_taints_security_policy)(BlockDriverState *bs); > > int coroutine_fn (*bdrv_co_create)(BlockdevCreateOptions *opts, > Error **errp); > diff --git a/block.c b/block.c > index b2b66263f9a..696ba486001 100644 > --- a/block.c > +++ b/block.c > @@ -49,6 +49,7 @@ > #include "qemu/timer.h" > #include "qemu/cutils.h" > #include "qemu/id.h" > +#include "qemu-common.h" > #include "block/coroutines.h" > > #ifdef CONFIG_BSD > @@ -1587,6 +1588,11 @@ static int bdrv_open_driver(BlockDriverState *bs, > BlockDriver *drv, > } > } > > + if (drv->bdrv_taints_security_policy) { > + qemu_security_policy_taint(drv->bdrv_taints_security_policy(bs), > + "Block protocol '%s'", drv->format_name); > + } > + > return 0; > open_failed: > bs->drv = NULL; Again we need a way to report this via QAPI, but we don't have a natural place is hang this off for introspection before starting a guest. The best we can do is report the information after a block backend has been instantiated. eg Modify "BlockInfo" struct to gain '*secure': 'bool' Note I made this an optional field, since unless we mark every single block driver impl straight away, we'll need to cope with the absence of information. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.