On Mon, Feb 25, 2019 at 08:20:09PM -0300, Murilo Opsfelder Araujo wrote: > Hi, Maxiwell. > > On Mon, Feb 25, 2019 at 01:23:25PM -0300, Maxiwell S. Garcia wrote: > > This adds a handler for ibm,get-vpd RTAS calls, allowing pseries > > guest to collect host information. It is disabled by default to > > avoid unwanted information leakage. To enable it, use: > > ‘-M pseries,vpd-export=on’ > > The patch for setting host-serial and host-model already landed Gibson's > ppc-for-4.0 branch: > > commit 9e584f45868f6945c1282c938278038cba0e4af2 > Author: Prasad J Pandit <p...@fedoraproject.org> > Date: Mon Feb 18 23:43:49 2019 +0530 > > ppc: add host-serial and host-model machine attributes (CVE-2019-8934) > > > QEMU should only return host-serial and host-model from the host if the > following combination of parameters are provided: > > -M host-serial=passthrough,host-model=passthrough,vpd-export=on > > If host-serial or host-model are set with a user-string, ibm,get-vpd should > honor these values and return them, not exposing host information by accident. > > I'm not even sure if we need vpd-export=<bool> setting. Its logic could be > derived from the presence of host-serial=passthrough and > host-model=passthrough > options. > > What do you think?
That's an excellent point - I hadn't thought through the fact that this is the same information exposed by those properties. I do indeed think that exposing the same information set in those properties - and thereby avoiding the new machine option - would be a better plan. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
signature.asc
Description: PGP signature