Bug 1126641

Summary: RFE: qemu: support -device hda-output (disable line-in)
Product: [Community] Virtualization Tools Reporter: bancfc
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: crobinso, fjin, lizhu, marcandre.lureau, mkletzan, mprivozn, rbalakri, wapuko
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: LibvirtFirstBug
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-07 13:13:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description bancfc 2014-08-05 00:24:43 UTC 
Description of problem:
Spice audio recording is on by default. It
passes microphone input to guests.

Has serious implications for privacy, when guests are untrusted. Could you
please change this to be off/safe by default, or support a setting to turn this off via libvirt.

Version-Release number of selected component (if applicable):
All versions of KVM and libvirt


How reproducible:
Reliably reproducible on every system running KVM with every guest that supports SPICE.



Steps to Reproduce:
1. start a vm
2. open the sound testing settings
3. testing microphone reveals host input by default.

Actual results:


Expected results:
Not having this feature enabled by default. Or alternatively having an attribute to turn this off in libvirt XML.


Additional info:
Marc suggested adding support for hda codec type 'output' in libvirt
Comment 1 wapuko 2015-04-27 21:26:39 UTC 
Hi

any word on this feature? Can you please add it in the next release?
Comment 2 Cole Robinson 2016-04-15 15:48:18 UTC 
We need to support

<sound model='ich6'/>
  <codec type='output'>
</sound>

And map it to qemu -device hda-output. There's already support for <codec type='micro'/> and <codec type='duplex'/> (the default), so extending libvirt to support the new codec type should be very simple.

See https://bugzilla.redhat.com/show_bug.cgi?id=825939#c3 for an example commit extending the XML format and qemu handling

do 'git grep codec src/qemu/qemu_command.c' to find the bits that need to be extended on the qemu command line side
Comment 3 Martin Kletzander 2018-06-07 13:13:37 UTC 
Fixed upstream with v4.4.0-rc1~113:

commit 3b8d050911ac5e7e7c445ac65ee506122dfe42f3
Author: Filip Alac <filipalac>
Date:   Tue May 22 13:12:33 2018 +0200

    qemu: capabilities: Add 'hda-output' sound codec to capabilities

This is, unfortunately, just the alternative option of this being possible to be turned off (it has to be the only codec).