On 26/10/2018 11:59, Daniel P. Berrangé wrote:
I should also say that QEMU as an upstream project has multiple goals. Running KVM guests with modern PV hardware is only one of them, albeit a widely used one. Being able to run old legacy OS with old hardware, and running arbitrary embedded boards/devices with emulation are both use cases that QEMU project aims to address. To eliminate all the old "crufty" device emulation in name of improving security for KVM, would be to eliminate core use cases of the project. THis is why we're trying to persue the direction of making it easier for vendors to disable features and devices they don't wish to support & thus limit their downstream CVE exposure.
Indeed. If we had to deprecate a feature just because it had an off-by-one bug, no C program would grow beyond 1000 lines of code... Paolo