On 24/9/25 20:16, Bernhard Beschow wrote:
Am 8. September 2025 15:15:43 UTC schrieb Peter Maydell
<[email protected]>:
On Mon, 8 Sept 2025 at 16:09, Daniel P. Berrangé <[email protected]> wrote:
On Mon, Sep 08, 2025 at 01:50:57PM +0100, Peter Maydell wrote:
[...]
Currently 'virtualization use case' is reasonably vague such that we can
bend its scope as we desire, at the time it is questioned in a possible
security report.
Machine types are only one aspect of this. Devices are the other, and
the area where it gets significantly more fuzzy and difficult because
essentially any device can be used with KVM, and where we draw the
line is fairly arbitrary.
I think that being vague like this is a disservice to our users.
If I'm a user of QEMU, I'd like to know whether I'm inside the
line or outside of it before I put my config into production,
not later on when it turns out there was an exploitable bug
that wasn't classified as a security issue...
Most devices can't in fact be used with KVM, because they're
sysbus devices that aren't used in the machines that you can
use with KVM. Pluggable devices are rarer (and yes, under
our current policy random PCI devices are effectively
in-scope).
From the top of my head: Various USB and I²C devices can be used as well.
I suppose USB /is/ regularly used by 'virtualization use case' for input.
Also I expect I2C to be mandatory on x86/q35 due to the SMBus
dependency.
Like we list machines here, should we be explicit about devices covered?
Best regards,
Bernhard
thanks
-- PMM
