On Thu, 6 Jun 2024 at 15:31, Gerd Hoffmann <kra...@redhat.com> wrote:
>
> Add policies for devices which are deprecated or not secure.
> There are three options: allow, warn and deny.
>
> It's implemented for devices only. Devices will probably be the main
> user of this. Also object_new() can't fail as of today so it's a bit
> hard to implement policy checking at object level, especially the 'deny'
> part of it.
>
> TODO: add a command line option to actually set these policies.
>
> Comments are welcome.
>
> Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
> @@ -162,14 +208,26 @@ DeviceState *qdev_new(const char *name)
> error_report("unknown type '%s'", name);
> abort();
> }
> +
> + if (!qdev_class_check(name, oc)) {
> + exit(1);
> + }
> +
> return DEVICE(object_new(name));
> }
>
> DeviceState *qdev_try_new(const char *name)
> {
> - if (!module_object_class_by_name(name)) {
> + ObjectClass *oc = module_object_class_by_name(name);
> +
> + if (!oc) {
> return NULL;
> }
> +
> + if (!qdev_class_check(name, oc)) {
> + return NULL;
> + }
> +
> return DEVICE(object_new(name));
> }
It's valid to create a qdev device via object_new(), so
this doesn't work as a place to put the check. My suggestion
would be to restrict the deprecation handling to qdev only,
not to objects in general. Then you can do it in the
qdev device base class realize method, and fail realize
if it's not supported.
(qdev_try_new() is one of those "we use this in just 4
places" APIs that always tempts me to wonder if we should
really have it...)
thanks
-- PMM
