[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without o
|
From: |
Markus Armbruster |
|
Subject: |
Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/ |
|
Date: |
Thu, 17 Mar 2016 11:09:24 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Top level reply, because this isn't in reply to any specific message in
the thread, more like in reply to all of them.
FW CFG's primary user is QEMU, which uses it to expose configuration
information (in the widest sense) to Firmware. Thus the name FW CFG.
FW CFG can also be used by others for their own purposes. QEMU is
merely acting as transport then.
I think there are actually three separate questions that should not be
mixed up.
1. Is it a good idea to offer FW CFG as a transport to others?
I have no opinion on this myself, but I trust Gerd's and Laszlo's
judgement. Their answer seems to be a clear yes.
2. Is it a good idea to let users mess with QEMU's use of FW CFG?
I think this is a special case of a more general question: should we
try to protect the user from himself?
We should definitely try not to trap the user. Obvious usage should
be as safe as we can make it. Risky usage should be marked in the
docs and/or warn on use.
However, we should not try to stop our users from doing stupid
things, as that would also stop them from doing clever things.
3. How should the FW CFG name space be shared among its users?
Bad things can happen if others use the namespace in ways that
conflict with QEMU's use, or conflict with another "other".
This isn't an issue specific to FW CFG. For instance, upstream QEMU
and the various downstream QEMUs all use the QMP command name space,
and bad things can happen if they conflict. The difference is they'd
conflict at compile time. Conflicts are easier to detect, but just
as hard to resolve.
QMP's solution is to reserve part of the name space for "others"
(downstreams), and subdivide the reserved part further via RFQDN:
owning a DNS domain name makes you own that RFQDN subdivision.
For FW CFG, we did only the first half, namely reserving part of the
name space for others: /opt/. We neglected to spell out rules for
its safe sharing, i.e. the second part.
I don't think it's too late to fix that: amend the specification to
stipulate that owning a DNS domain name makes you own /opt/RFQDN/.
Throw in known existing uses like /opt/ovmf/ as special cases.
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, (continued)
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Michael S. Tsirkin, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Gerd Hoffmann, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Laszlo Ersek, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Gerd Hoffmann, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Laszlo Ersek, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Michael S. Tsirkin, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Paolo Bonzini, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Gerd Hoffmann, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Michael S. Tsirkin, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Laszlo Ersek, 2016/03/17
Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/,
Markus Armbruster <=
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Michael S. Tsirkin, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Paolo Bonzini, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Laszlo Ersek, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Michael S. Tsirkin, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Paolo Bonzini, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Michael S. Tsirkin, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Paolo Bonzini, 2016/03/17
- Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Michael S. Tsirkin, 2016/03/17
Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Gerd Hoffmann, 2016/03/17
Re: [Qemu-devel] [PATCH v2] vl.c: disallow command line fw cfg without opt/, Paolo Bonzini, 2016/03/17