HVM qemu unexpectedly enabling emulated VGA graphics backends

When instantiating an emulated VGA device for an x86 HVM guest qemu will by default enable a backend to expose that device, either SDL or VNC depending on the version of qemu and the build time configuration.

The libxl toolstack library does not explicitly disable these default backends when they are not enabled, leading to an unexpected backend running.

inconsistence between configuration of vnc and sdl and the implementation of libxl toolstack.



By default qemu will try to create some sort of backend for the emulated VGA device, either SDL or VNC.

However when the user specifies sdl=0 and vnc=0 in their configuration libxl was not explicitly disabling either backend, which could lead to one unexpectedly running.

make implementation consistent with configuration


In both cases unexpected access to the guest console may then, depending on the guest configuration, grant further privilege or opportunities for attack.

Both cases also open up the qemu process to attacks via the VNC or X network protocols.

unexpected access to VNC or SDL