[libvirt] [PATCH 2/2] qemu: Add support for pseries 'host-model' machine parameter
Fabiano Rosas
farosas at linux.ibm.com
Wed Oct 9 17:27:33 UTC 2019
Daniel P. Berrangé <berrange at redhat.com> writes:
> On Tue, Oct 08, 2019 at 01:46:57PM -0300, Fabiano Rosas wrote:
>> Since QEMU v4.0.0, the host's model is no longer automatically exposed
>> to the guest via /proc/device-tree/host-model. There is now a machine
>> option 'host-model' that allows an arbitrary string to be used as the
>> host model [1].
>>
>> This patch adds support for exposing the real host model string from
>> /proc/cpuinfo (also found on /proc/device-tree/model) to the guest via
>> -machine pseries,host-model=<model> by setting in the domain XML file:
>>
>> <features>
>> <host_model_passthrough state='on'/>
>> <features/>
>
> I definitely don't want to see that. A mgmt app which used this
> would be re-exposing the security risk that the QEMU change was
> intended to fix. That might be ok in some cases, but in the
> general case we need the ability for the mgmt app to supply the
> actual data to expose. This is how we deal with SMBIOS - we allow
> <smbios mode="emulate|host|sysinfo"/>, where 'sysinfo' option lets
> the mgmt app have full control over what's exposed.
Ok, fair enough
My ideia of only allowing either the vulnerable behavior or none at
all (the default) was to encourage users to find another solution,
instead of having them alter the management applications and continue
relying on (some sort of) host information exposure.
So do you suggest something like <host-model mode="none|sysinfo"/> ?
Because having "host" as well (like smbios has) would have the same
effect as this patch.
Thanks
More information about the libvir-list
mailing list