The VFIO subsystem is about securely passing host PCI devices to a guest, so all the classes should be presumed to be offering a security boundary.
Signed-off-by: Daniel P. Berrangé <[email protected]> --- hw/vfio/ap.c | 1 + hw/vfio/ccw.c | 1 + hw/vfio/container.c | 2 ++ hw/vfio/igd.c | 1 + hw/vfio/iommufd.c | 2 ++ hw/vfio/pci.c | 3 +++ hw/vfio/spapr.c | 1 + 7 files changed, 11 insertions(+) diff --git a/hw/vfio/ap.c b/hw/vfio/ap.c index 7719f24579..811866876c 100644 --- a/hw/vfio/ap.c +++ b/hw/vfio/ap.c @@ -361,6 +361,7 @@ static const TypeInfo vfio_ap_info = { .instance_size = sizeof(VFIOAPDevice), .instance_init = vfio_ap_instance_init, .class_init = vfio_ap_class_init, + .secure = true, }; static void vfio_ap_type_init(void) diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c index 9560b8d851..bddeb5dffd 100644 --- a/hw/vfio/ccw.c +++ b/hw/vfio/ccw.c @@ -729,6 +729,7 @@ static const TypeInfo vfio_ccw_info = { .instance_size = sizeof(VFIOCCWDevice), .instance_init = vfio_ccw_instance_init, .class_init = vfio_ccw_class_init, + .secure = true, }; static void register_vfio_ccw_type(void) diff --git a/hw/vfio/container.c b/hw/vfio/container.c index 030c6d3f89..a4d89cadcc 100644 --- a/hw/vfio/container.c +++ b/hw/vfio/container.c @@ -1265,10 +1265,12 @@ static const TypeInfo types[] = { .instance_init = vfio_iommu_legacy_instance_init, .instance_size = sizeof(VFIOContainer), .class_init = vfio_iommu_legacy_class_init, + .secure = true, }, { .name = TYPE_HOST_IOMMU_DEVICE_LEGACY_VFIO, .parent = TYPE_HOST_IOMMU_DEVICE, .class_init = hiod_legacy_vfio_class_init, + .secure = true, } }; diff --git a/hw/vfio/igd.c b/hw/vfio/igd.c index 4bfa2e0fcd..53d7dea87e 100644 --- a/hw/vfio/igd.c +++ b/hw/vfio/igd.c @@ -312,6 +312,7 @@ static const TypeInfo vfio_pci_igd_lpc_bridge_info = { .name = "vfio-pci-igd-lpc-bridge", .parent = TYPE_PCI_DEVICE, .class_init = vfio_pci_igd_lpc_bridge_class_init, + .secure = true, .interfaces = (const InterfaceInfo[]) { { INTERFACE_CONVENTIONAL_PCI_DEVICE }, { }, diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c index 8c27222f75..2d6168a90e 100644 --- a/hw/vfio/iommufd.c +++ b/hw/vfio/iommufd.c @@ -958,10 +958,12 @@ static const TypeInfo types[] = { .parent = TYPE_VFIO_IOMMU, .instance_size = sizeof(VFIOIOMMUFDContainer), .class_init = vfio_iommu_iommufd_class_init, + .secure = true, }, { .name = TYPE_HOST_IOMMU_DEVICE_IOMMUFD_VFIO, .parent = TYPE_HOST_IOMMU_DEVICE_IOMMUFD, .class_init = hiod_iommufd_vfio_class_init, + .secure = true, } }; diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index bc0b4c4d56..f98384da93 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -3673,6 +3673,7 @@ static const TypeInfo vfio_pci_base_dev_info = { .parent = TYPE_PCI_DEVICE, .instance_size = sizeof(VFIOPCIDevice), .abstract = true, + .secure = true, .class_init = vfio_pci_base_dev_class_init, .interfaces = (const InterfaceInfo[]) { { INTERFACE_PCIE_DEVICE }, @@ -3918,6 +3919,7 @@ static const TypeInfo vfio_pci_dev_info = { .class_init = vfio_pci_dev_class_init, .instance_init = vfio_instance_init, .instance_finalize = vfio_instance_finalize, + .secure = true, }; static const Property vfio_pci_dev_nohotplug_properties[] = { @@ -3954,6 +3956,7 @@ static const TypeInfo vfio_pci_nohotplug_dev_info = { .parent = TYPE_VFIO_PCI, .instance_size = sizeof(VFIOPCIDevice), .class_init = vfio_pci_nohotplug_dev_class_init, + .secure = true, }; static void register_vfio_pci_dev_type(void) diff --git a/hw/vfio/spapr.c b/hw/vfio/spapr.c index c41e4588d6..a926faa0aa 100644 --- a/hw/vfio/spapr.c +++ b/hw/vfio/spapr.c @@ -571,6 +571,7 @@ static const TypeInfo types[] = { .parent = TYPE_VFIO_IOMMU_LEGACY, .instance_size = sizeof(VFIOSpaprContainer), .class_init = vfio_iommu_spapr_class_init, + .secure = true, }, }; -- 2.50.1
