Daniel P. Berrangé <berra...@redhat.com> writes: > On Wed, Jun 12, 2024 at 01:07:44PM +0200, Markus Armbruster wrote: >> Gerd Hoffmann <kra...@redhat.com> writes: >> >> > Add flags to ObjectClass for objects which are deprecated or not secure. >> > Add 'deprecated' and 'not-secure' bools to ObjectTypeInfo, report in >> > 'qom-list-types'. Print the flags when listing devices via '-device >> > help'. >> > >> > Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
[...] >> > diff --git a/qapi/qom.json b/qapi/qom.json >> > index 8bd299265e39..3f20d4c6413b 100644 >> > --- a/qapi/qom.json >> > +++ b/qapi/qom.json >> > @@ -163,10 +163,16 @@ >> > # >> > # @parent: Name of parent type, if any (since 2.10) >> > # >> > +# @deprecated: the type is deprecated (since 9.1) >> > +# >> > +# @not-secure: the type (typically a device) is not considered >> > +# a security boundary (since 9.1) >> >> What does this mean? Does it mean "do not add an instance of this >> device the guest unless you trust the guest"? > > Essentially yes. This ties to our security doc where we declare > we won't consider non-virtualization use cases as being security > bugs (CVEs) as large parts of QEMU haven't been designed to > provide a guest security boundary > > https://www.qemu.org/docs/master/system/security.html Would it make sense to add a suitable pointer to the doc comment?