qemu/include
David Gibson 0a794529bd spapr: Simplify handling of host-serial and host-model values
27461d69a0 "ppc: add host-serial and host-model machine attributes
(CVE-2019-8934)" introduced 'host-serial' and 'host-model' machine
properties for spapr to explicitly control the values advertised to the
guest in device tree properties with the same names.

The previous behaviour on KVM was to unconditionally populate the device
tree with the real host serial number and model, which leaks possibly
sensitive information about the host to the guest.

To maintain compatibility for old machine types, we allowed those props
to be set to "passthrough" to take the value from the host as before.  Or
they could be set to "none" to explicitly omit the device tree items.

Special casing specific values on what's otherwise a user supplied string
is very ugly.  So, this patch simplifies things by implementing the
backwards compatibility in a different way: we have a machine class flag
set for the older machines, and we only load the host values into the
device tree if A) they're not set by the user and B) we have that flag set.

This does mean that the "passthrough" functionality is no longer available
with the current machine type.  That's ok though: if a user or management
layer really wants the information passed through they can read it
themselves (OpenStack Nova already does something similar for x86).

It also means the user can't explicitly ask for the values to be omitted
on the old machine types.  I think that's an acceptable trade-off: if you
care enough about not leaking the host information you can either move to
the new machine type, or use a dummy value for the properties.

For the new machine type, this also removes an odd inconsistency
between running on a POWER and non-POWER (or non-Linux) hosts: if the
host information couldn't be read from where we expect (in the host's
device tree as exposed by Linux), we'd fallback to omitting the guest
device tree items.

While we're there, improve some poorly worded comments, and the help text
for the properties.

Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Tested-by: Greg Kurz <groug@kaod.org>
2019-03-29 10:25:50 +11:00
..
authz authz: Use OBJECT_CHECK() on objects 2019-03-21 11:52:37 +00:00
block file-posix: Support BDRV_REQ_NO_FALLBACK for zero writes 2019-03-26 11:37:51 +01:00
chardev char: move SpiceChardev and open_spice_port() to spice.h header 2019-02-21 14:09:17 +01:00
crypto Don't talk about the LGPL if the file is licensed under the GPL 2019-01-30 10:51:20 +01:00
disas target/mips: Add disassembler support for nanoMIPS 2018-10-25 22:13:33 +02:00
exec migration: Add an ability to ignore shared RAM blocks 2019-03-06 10:49:17 +00:00
fpu softfloat: Implement float128_to_uint32 2019-02-26 14:05:19 +00:00
hw spapr: Simplify handling of host-serial and host-model values 2019-03-29 10:25:50 +11:00
io io: Make qio_channel_yield() interruptible 2019-02-25 15:03:19 +01:00
libdecnumber Clean up ill-advised or unusual header guards 2016-07-12 16:20:46 +02:00
migration slirp: use libslirp migration code 2019-03-07 12:46:31 +01:00
monitor monitor: Remove "x-oob", offer capability "oob" unconditionally 2018-12-12 10:28:27 +01:00
net net: Add a network device specific self-announcement ability 2019-03-05 11:27:41 +08:00
qapi qapi: remove qmp_unregister_command() 2019-02-18 14:44:05 +01:00
qemu hostmem-file: reject invalid pmem file sizes 2019-03-11 10:44:19 -03:00
qom qom: Move compat_props machinery from qdev to QOM 2019-03-11 22:53:44 +01:00
scsi avoid TABs in files that only contain a few 2019-01-11 15:46:56 +01:00
standard-headers * cpu-exec fixes (Emilio, Laurent) 2019-02-05 19:39:22 +00:00
sysemu hw/nvram/fw_cfg: Remove the unnecessary boot_splash_filedata_size 2019-03-11 18:48:20 +01:00
ui spice: set device address and device display ID in QXL interface 2019-02-21 10:15:26 +01:00
elf.h elf: Add RISC-V PSABI ELF header defines 2019-03-19 05:14:39 -07:00
glib-compat.h slirp: Move g_spawn_async_with_fds_qemu compatibility to slirp/ 2019-02-07 15:49:08 +02:00
qemu-common.h qemu-common.h: Update copyright string for 2019 2019-02-06 15:45:23 +01:00
qemu-io.h qemu-io: Let command functions return error code 2018-06-11 16:18:45 +02:00
trace-tcg.h trace: get rid of generated-events.h/generated-events.c 2016-10-12 09:54:52 +02:00