External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 13:45:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

conf, qemu, security, tests: introducing 'def->tpms' array

Browse Source 
A TPM Proxy device can coexist with a regular TPM, but the
current domain definition supports only a single TPM device
in the 'tpm' pointer. This patch replaces this existing pointer
in the domain definition to an array of TPM devices.

All files that references the old pointer were adapted to
handle the new array instead. virDomainDefParseXML() TPM related
code was adapted to handle the parsing of an extra TPM device.
TPM validations after this new scenario will be updated in
the next patch.

Tested-by: Satheesh Rajendran <sathnaga@linux.vnet.ibm.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Daniel Henrique Barboza 2020-06-10 15:11:47 -03:00 committed by Ján Tomko
parent db45fb49e8
commit 19d74fdf0e
14 changed files with 186 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/conf/domain_audit.c
View File

@ -821,8 +821,8 @@ virDomainAuditStart(virDomainObjPtr vm, const char *reason, bool success)
for (i = 0; i < vm->def->nrngs; i++) for (i = 0; i < vm->def->nrngs; i++)
virDomainAuditRNG(vm, NULL, vm->def->rngs[i], "start", true); virDomainAuditRNG(vm, NULL, vm->def->rngs[i], "start", true);
if (vm->def->tpm) for (i = 0; i < vm->def->ntpms; i++)
virDomainAuditTPM(vm, vm->def->tpm, "start", true); virDomainAuditTPM(vm, vm->def->tpms[i], "start", true);
for (i = 0; i < vm->def->nshmems; i++) for (i = 0; i < vm->def->nshmems; i++)
virDomainAuditShmem(vm, vm->def->shmems[i], "start", true); virDomainAuditShmem(vm, vm->def->shmems[i], "start", true);

50
src/conf/domain_conf.c
View File

@ -1165,6 +1165,7 @@ VIR_ENUM_IMPL(virDomainTPMModel,
"tpm-tis", "tpm-tis",
"tpm-crb", "tpm-crb",
"tpm-spapr", "tpm-spapr",
"spapr-tpm-proxy",
); );
VIR_ENUM_IMPL(virDomainTPMBackend, VIR_ENUM_IMPL(virDomainTPMBackend,
@ -3480,7 +3481,9 @@ void virDomainDefFree(virDomainDefPtr def)
virDomainMemoryDefFree(def->mems[i]); virDomainMemoryDefFree(def->mems[i]);
VIR_FREE(def->mems); VIR_FREE(def->mems);
virDomainTPMDefFree(def->tpm); for (i = 0; i < def->ntpms; i++)
virDomainTPMDefFree(def->tpms[i]);
VIR_FREE(def->tpms);
for (i = 0; i < def->npanics; i++) for (i = 0; i < def->npanics; i++)
virDomainPanicDefFree(def->panics[i]); virDomainPanicDefFree(def->panics[i]);
@ -4315,10 +4318,10 @@ virDomainDeviceInfoIterateInternal(virDomainDefPtr def,
if ((rc = cb(def, &device, &def->shmems[i]->info, opaque)) != 0) if ((rc = cb(def, &device, &def->shmems[i]->info, opaque)) != 0)
return rc; return rc;
} }
if (def->tpm) { device.type = VIR_DOMAIN_DEVICE_TPM;
device.type = VIR_DOMAIN_DEVICE_TPM; for (i = 0; i < def->ntpms; i++) {
device.data.tpm = def->tpm; device.data.tpm = def->tpms[i];
if ((rc = cb(def, &device, &def->tpm->info, opaque)) != 0) if ((rc = cb(def, &device, &def->tpms[i]->info, opaque)) != 0)
return rc; return rc;
} }
device.type = VIR_DOMAIN_DEVICE_PANIC; device.type = VIR_DOMAIN_DEVICE_PANIC;
@ -22069,15 +22072,23 @@ virDomainDefParseXML(xmlDocPtr xml,
if ((n = virXPathNodeSet("./devices/tpm", ctxt, &nodes)) < 0) if ((n = virXPathNodeSet("./devices/tpm", ctxt, &nodes)) < 0)
goto error; goto error;
if (n > 1) { if (n > 2) {
virReportError(VIR_ERR_XML_ERROR, "%s", virReportError(VIR_ERR_XML_ERROR, "%s",
_("only a single TPM device is supported")); _("a maximum of two TPM devices is supported, one of "
"them being a TPM Proxy device"));
goto error; goto error;
} }
if (n > 0) { if (n && VIR_ALLOC_N(def->tpms, n) < 0)
if (!(def->tpm = virDomainTPMDefParseXML(xmlopt, nodes[0], ctxt, flags))) goto error;
for (i = 0; i < n; i++) {
virDomainTPMDefPtr tpm = virDomainTPMDefParseXML(xmlopt, nodes[i],
ctxt, flags);
if (!tpm)
goto error; goto error;
def->tpms[def->ntpms++] = tpm;
} }
VIR_FREE(nodes); VIR_FREE(nodes);
@ -24461,16 +24472,19 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src,
goto error; goto error;
} }
if (src->tpm && dst->tpm) { if (src->ntpms != dst->ntpms) {
if (!virDomainTPMDefCheckABIStability(src->tpm, dst->tpm)) virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
goto error; _("Target domain TPM device count %zu "
} else if (src->tpm || dst->tpm) { "does not match source %zu"),
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", dst->ntpms, src->ntpms);
_("Either both target and source domains or none of "
"them must have TPM device present"));
goto error; goto error;
} }
for (i = 0; i < src->ntpms; i++) {
if (!virDomainTPMDefCheckABIStability(src->tpms[i], dst->tpms[i]))
goto error;
}
if (src->nmems != dst->nmems) { if (src->nmems != dst->nmems) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Target domain memory device count %zu " _("Target domain memory device count %zu "
@ -29917,8 +29931,8 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
goto error; goto error;
} }
if (def->tpm) { for (n = 0; n < def->ntpms; n++) {
if (virDomainTPMDefFormat(buf, def->tpm, flags) < 0) if (virDomainTPMDefFormat(buf, def->tpms[n], flags) < 0)
goto error; goto error;
} }

6
src/conf/domain_conf.h
View File

@ -1294,6 +1294,7 @@ typedef enum {
VIR_DOMAIN_TPM_MODEL_TIS, VIR_DOMAIN_TPM_MODEL_TIS,
VIR_DOMAIN_TPM_MODEL_CRB, VIR_DOMAIN_TPM_MODEL_CRB,
VIR_DOMAIN_TPM_MODEL_SPAPR, VIR_DOMAIN_TPM_MODEL_SPAPR,
VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY,
VIR_DOMAIN_TPM_MODEL_LAST VIR_DOMAIN_TPM_MODEL_LAST
} virDomainTPMModel; } virDomainTPMModel;
@ -2628,11 +2629,14 @@ struct _virDomainDef {
size_t nsysinfo; size_t nsysinfo;
virSysinfoDefPtr *sysinfo; virSysinfoDefPtr *sysinfo;
/* At maximum 2 TPMs on the domain if a TPM Proxy is present. */
size_t ntpms;
virDomainTPMDefPtr *tpms;
/* Only 1 */ /* Only 1 */
virDomainWatchdogDefPtr watchdog; virDomainWatchdogDefPtr watchdog;
virDomainMemballoonDefPtr memballoon; virDomainMemballoonDefPtr memballoon;
virDomainNVRAMDefPtr nvram; virDomainNVRAMDefPtr nvram;
virDomainTPMDefPtr tpm;
virCPUDefPtr cpu; virCPUDefPtr cpu;
virDomainRedirFilterDefPtr redirfilter; virDomainRedirFilterDefPtr redirfilter;
virDomainIOMMUDefPtr iommu; virDomainIOMMUDefPtr iommu;

4
src/qemu/qemu_alias.c
View File

@ -669,8 +669,8 @@ qemuAssignDeviceAliases(virDomainDefPtr def, virQEMUCapsPtr qemuCaps)
if (qemuAssignDeviceRNGAlias(def, def->rngs[i]) < 0) if (qemuAssignDeviceRNGAlias(def, def->rngs[i]) < 0)
return -1; return -1;
} }
if (def->tpm) { for (i = 0; i < def->ntpms; i++) {
if (qemuAssignDeviceTPMAlias(def->tpm, 0) < 0) if (qemuAssignDeviceTPMAlias(def->tpms[i], i) < 0)
return -1; return -1;
} }
for (i = 0; i < def->nmems; i++) { for (i = 0; i < def->nmems; i++) {

10
src/qemu/qemu_cgroup.c
View File

@ -332,10 +332,10 @@ qemuSetupChardevCgroupCB(virDomainDefPtr def G_GNUC_UNUSED,
static int static int
qemuSetupTPMCgroup(virDomainObjPtr vm) qemuSetupTPMCgroup(virDomainObjPtr vm,
virDomainTPMDefPtr dev)
{ {
int ret = 0; int ret = 0;
virDomainTPMDefPtr dev = vm->def->tpm;
switch (dev->type) { switch (dev->type) {
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
@ -805,8 +805,10 @@ qemuSetupDevicesCgroup(virDomainObjPtr vm)
vm) < 0) vm) < 0)
return -1; return -1;
if (vm->def->tpm && qemuSetupTPMCgroup(vm) < 0) for (i = 0; i < vm->def->ntpms; i++) {
return -1; if (qemuSetupTPMCgroup(vm, vm->def->tpms[i]) < 0)
return -1;
}
for (i = 0; i < vm->def->nhostdevs; i++) { for (i = 0; i < vm->def->nhostdevs; i++) {
/* This may allow /dev/vfio/vfio multiple times, but that /* This may allow /dev/vfio/vfio multiple times, but that

34
src/qemu/qemu_command.c
View File

@ -8954,10 +8954,10 @@ qemuBuildDomainLoaderCommandLine(virCommandPtr cmd,
static char * static char *
qemuBuildTPMDevStr(const virDomainDef *def, qemuBuildTPMDevStr(const virDomainDef *def,
virDomainTPMDefPtr tpm,
virQEMUCapsPtr qemuCaps) virQEMUCapsPtr qemuCaps)
{ {
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
virDomainTPMDef *tpm = def->tpm;
const char *model = virDomainTPMModelTypeToString(tpm->model); const char *model = virDomainTPMModelTypeToString(tpm->model);
virBufferAsprintf(&buf, "%s,tpmdev=tpm-%s,id=%s", virBufferAsprintf(&buf, "%s,tpmdev=tpm-%s,id=%s",
@ -8996,13 +8996,12 @@ qemuBuildTPMOpenBackendFDs(const char *tpmdev,
static char * static char *
qemuBuildTPMBackendStr(const virDomainDef *def, qemuBuildTPMBackendStr(virCommandPtr cmd,
virCommandPtr cmd, virDomainTPMDefPtr tpm,
int *tpmfd, int *tpmfd,
int *cancelfd, int *cancelfd,
char **chardev) char **chardev)
{ {
const virDomainTPMDef *tpm = def->tpm;
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
g_autofree char *cancel_path = NULL; g_autofree char *cancel_path = NULL;
g_autofree char *devset = NULL; g_autofree char *devset = NULL;
@ -9056,6 +9055,7 @@ qemuBuildTPMBackendStr(const virDomainDef *def,
static int static int
qemuBuildTPMCommandLine(virCommandPtr cmd, qemuBuildTPMCommandLine(virCommandPtr cmd,
const virDomainDef *def, const virDomainDef *def,
virDomainTPMDefPtr tpm,
virQEMUCapsPtr qemuCaps) virQEMUCapsPtr qemuCaps)
{ {
char *optstr; char *optstr;
@ -9064,10 +9064,7 @@ qemuBuildTPMCommandLine(virCommandPtr cmd,
int cancelfd = -1; int cancelfd = -1;
char *fdset; char *fdset;
if (!def->tpm) if (!(optstr = qemuBuildTPMBackendStr(cmd, tpm,
return 0;
if (!(optstr = qemuBuildTPMBackendStr(def, cmd,
&tpmfd, &cancelfd, &tpmfd, &cancelfd,
&chardev))) &chardev)))
return -1; return -1;
@ -9096,7 +9093,7 @@ qemuBuildTPMCommandLine(virCommandPtr cmd,
VIR_FREE(fdset); VIR_FREE(fdset);
} }
if (!(optstr = qemuBuildTPMDevStr(def, qemuCaps))) if (!(optstr = qemuBuildTPMDevStr(def, tpm, qemuCaps)))
return -1; return -1;
virCommandAddArgList(cmd, "-device", optstr, NULL); virCommandAddArgList(cmd, "-device", optstr, NULL);
@ -9105,6 +9102,23 @@ qemuBuildTPMCommandLine(virCommandPtr cmd,
return 0; return 0;
} }
static int
qemuBuildTPMsCommandLine(virCommandPtr cmd,
const virDomainDef *def,
virQEMUCapsPtr qemuCaps)
{
size_t i;
for (i = 0; i < def->ntpms; i++) {
if (qemuBuildTPMCommandLine(cmd, def, def->tpms[i], qemuCaps) < 0)
return -1;
}
return 0;
}
static int static int
qemuBuildSEVCommandLine(virDomainObjPtr vm, virCommandPtr cmd, qemuBuildSEVCommandLine(virDomainObjPtr vm, virCommandPtr cmd,
virDomainSEVDefPtr sev) virDomainSEVDefPtr sev)
@ -9787,7 +9801,7 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
chardevStdioLogd) < 0) chardevStdioLogd) < 0)
return NULL; return NULL;
if (qemuBuildTPMCommandLine(cmd, def, qemuCaps) < 0) if (qemuBuildTPMsCommandLine(cmd, def, qemuCaps) < 0)
return NULL; return NULL;
if (qemuBuildInputCommandLine(cmd, def, qemuCaps) < 0) if (qemuBuildInputCommandLine(cmd, def, qemuCaps) < 0)

31
src/qemu/qemu_domain.c
View File

@ -11623,16 +11623,9 @@ qemuDomainSetupAllChardevs(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED,
static int static int
qemuDomainSetupTPM(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED, qemuDomainSetupTPM(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED,
virDomainObjPtr vm, virDomainTPMDefPtr dev,
const struct qemuDomainCreateDeviceData *data) const struct qemuDomainCreateDeviceData *data)
{ {
virDomainTPMDefPtr dev = vm->def->tpm;
if (!dev)
return 0;
VIR_DEBUG("Setting up TPM");
switch (dev->type) { switch (dev->type) {
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH: case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
if (qemuDomainCreateDevice(dev->data.passthrough.source.data.file.path, if (qemuDomainCreateDevice(dev->data.passthrough.source.data.file.path,
@ -11646,7 +11639,25 @@ qemuDomainSetupTPM(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED,
break; break;
} }
VIR_DEBUG("Setup TPM"); return 0;
}
static int
qemuDomainSetupAllTPMs(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED,
virDomainObjPtr vm,
const struct qemuDomainCreateDeviceData *data)
{
size_t i;
VIR_DEBUG("Setting up TPMs");
for (i = 0; i < vm->def->ntpms; i++) {
if (qemuDomainSetupTPM(cfg, vm->def->tpms[i], data) < 0)
return -1;
}
VIR_DEBUG("Setup all TPMs");
return 0; return 0;
} }
@ -11872,7 +11883,7 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupAllChardevs(cfg, vm, &data) < 0) if (qemuDomainSetupAllChardevs(cfg, vm, &data) < 0)
goto cleanup; goto cleanup;
if (qemuDomainSetupTPM(cfg, vm, &data) < 0) if (qemuDomainSetupAllTPMs(cfg, vm, &data) < 0)
goto cleanup; goto cleanup;
if (qemuDomainSetupAllGraphics(cfg, vm, &data) < 0) if (qemuDomainSetupAllGraphics(cfg, vm, &data) < 0)

11
src/qemu/qemu_domain_address.c
View File

@ -268,10 +268,13 @@ qemuDomainAssignSpaprVIOAddresses(virDomainDefPtr def)
return -1; return -1;
} }
if (def->tpm) { for (i = 0; i < def->ntpms; i++) {
if (qemuDomainIsPSeries(def)) virDomainTPMDefPtr tpm = def->tpms[i];
def->tpm->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
if (qemuDomainAssignSpaprVIOAddress(def, &def->tpm->info, if (tpm->model != VIR_DOMAIN_TPM_MODEL_SPAPR_PROXY &&
qemuDomainIsPSeries(def))
tpm->info.type = VIR_DOMAIN_DEVICE_ADDRESS_TYPE_SPAPRVIO;
if (qemuDomainAssignSpaprVIOAddress(def, &tpm->info,
VIO_ADDR_TPM) < 0) VIO_ADDR_TPM) < 0)
return -1; return -1;
} }

18
src/qemu/qemu_extdevice.c
View File

@ -73,7 +73,7 @@ static int
qemuExtDevicesInitPaths(virQEMUDriverPtr driver, qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
virDomainDefPtr def) virDomainDefPtr def)
{ {
if (def->tpm) if (def->ntpms > 0)
return qemuExtTPMInitPaths(driver, def); return qemuExtTPMInitPaths(driver, def);
return 0; return 0;
@ -132,7 +132,7 @@ qemuExtDevicesPrepareHost(virQEMUDriverPtr driver,
virDomainDefPtr def = vm->def; virDomainDefPtr def = vm->def;
size_t i; size_t i;
if (def->tpm && if (def->ntpms > 0 &&
qemuExtTPMPrepareHost(driver, def) < 0) qemuExtTPMPrepareHost(driver, def) < 0)
return -1; return -1;
@ -155,7 +155,7 @@ qemuExtDevicesCleanupHost(virQEMUDriverPtr driver,
if (qemuExtDevicesInitPaths(driver, def) < 0) if (qemuExtDevicesInitPaths(driver, def) < 0)
return; return;
if (def->tpm) if (def->ntpms > 0)
qemuExtTPMCleanupHost(def); qemuExtTPMCleanupHost(def);
} }
@ -181,7 +181,7 @@ qemuExtDevicesStart(virQEMUDriverPtr driver,
} }
} }
if (def->tpm && qemuExtTPMStart(driver, vm, incomingMigration) < 0) if (def->ntpms > 0 && qemuExtTPMStart(driver, vm, incomingMigration) < 0)
return -1; return -1;
for (i = 0; i < def->nnets; i++) { for (i = 0; i < def->nnets; i++) {
@ -223,7 +223,7 @@ qemuExtDevicesStop(virQEMUDriverPtr driver,
qemuExtVhostUserGPUStop(driver, vm, video); qemuExtVhostUserGPUStop(driver, vm, video);
} }
if (def->tpm) if (def->ntpms > 0)
qemuExtTPMStop(driver, vm); qemuExtTPMStop(driver, vm);
for (i = 0; i < def->nnets; i++) { for (i = 0; i < def->nnets; i++) {
@ -256,8 +256,10 @@ qemuExtDevicesHasDevice(virDomainDefPtr def)
return true; return true;
} }
if (def->tpm && def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) for (i = 0; i < def->ntpms; i++) {
return true; if (def->tpms[i]->type == VIR_DOMAIN_TPM_TYPE_EMULATOR)
return true;
}
for (i = 0; i < def->nfss; i++) { for (i = 0; i < def->nfss; i++) {
virDomainFSDefPtr fs = def->fss[i]; virDomainFSDefPtr fs = def->fss[i];
@ -297,7 +299,7 @@ qemuExtDevicesSetupCgroup(virQEMUDriverPtr driver,
return -1; return -1;
} }
if (def->tpm && if (def->ntpms > 0 &&
qemuExtTPMSetupCgroup(driver, def, cgroup) < 0) qemuExtTPMSetupCgroup(driver, def, cgroup) < 0)
return -1; return -1;

52
src/qemu/qemu_tpm.c
View File

@ -679,10 +679,15 @@ qemuExtTPMInitPaths(virQEMUDriverPtr driver,
virDomainDefPtr def) virDomainDefPtr def)
{ {
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
size_t i;
if (def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) for (i = 0; i < def->ntpms; i++) {
return qemuTPMEmulatorInitPaths(def->tpm, cfg->swtpmStorageDir, if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
return qemuTPMEmulatorInitPaths(def->tpms[i], cfg->swtpmStorageDir,
def->uuid); def->uuid);
}
return 0; return 0;
} }
@ -694,13 +699,17 @@ qemuExtTPMPrepareHost(virQEMUDriverPtr driver,
{ {
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autofree char *shortName = NULL; g_autofree char *shortName = NULL;
size_t i;
for (i = 0; i < def->ntpms; i++) {
if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
if (def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) {
shortName = virDomainDefGetShortName(def); shortName = virDomainDefGetShortName(def);
if (!shortName) if (!shortName)
return -1; return -1;
return qemuTPMEmulatorPrepareHost(def->tpm, cfg->swtpmLogDir, return qemuTPMEmulatorPrepareHost(def->tpms[i], cfg->swtpmLogDir,
def->name, cfg->swtpm_user, def->name, cfg->swtpm_user,
cfg->swtpm_group, cfg->swtpm_group,
cfg->swtpmStateDir, cfg->user, cfg->swtpmStateDir, cfg->user,
@ -714,8 +723,14 @@ qemuExtTPMPrepareHost(virQEMUDriverPtr driver,
void void
qemuExtTPMCleanupHost(virDomainDefPtr def) qemuExtTPMCleanupHost(virDomainDefPtr def)
{ {
if (def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) size_t i;
qemuTPMDeleteEmulatorStorage(def->tpm);
for (i = 0; i < def->ntpms; i++) {
if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
qemuTPMDeleteEmulatorStorage(def->tpms[i]);
}
} }
@ -733,13 +748,13 @@ qemuExtTPMCleanupHost(virDomainDefPtr def)
static int static int
qemuExtTPMStartEmulator(virQEMUDriverPtr driver, qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
virDomainObjPtr vm, virDomainObjPtr vm,
virDomainTPMDefPtr tpm,
bool incomingMigration) bool incomingMigration)
{ {
g_autoptr(virCommand) cmd = NULL; g_autoptr(virCommand) cmd = NULL;
int exitstatus = 0; int exitstatus = 0;
g_autofree char *errbuf = NULL; g_autofree char *errbuf = NULL;
g_autoptr(virQEMUDriverConfig) cfg = NULL; g_autoptr(virQEMUDriverConfig) cfg = NULL;
virDomainTPMDefPtr tpm = vm->def->tpm;
g_autofree char *shortName = virDomainDefGetShortName(vm->def); g_autofree char *shortName = virDomainDefGetShortName(vm->def);
int cmdret = 0, timeout, rc; int cmdret = 0, timeout, rc;
pid_t pid; pid_t pid;
@ -807,10 +822,15 @@ qemuExtTPMStart(virQEMUDriverPtr driver,
virDomainObjPtr vm, virDomainObjPtr vm,
bool incomingMigration) bool incomingMigration)
{ {
virDomainTPMDefPtr tpm = vm->def->tpm; size_t i;
if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) for (i = 0; i < vm->def->ntpms; i++) {
return qemuExtTPMStartEmulator(driver, vm, incomingMigration); if (vm->def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
return qemuExtTPMStartEmulator(driver, vm, vm->def->tpms[i],
incomingMigration);
}
return 0; return 0;
} }
@ -822,8 +842,12 @@ qemuExtTPMStop(virQEMUDriverPtr driver,
{ {
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autofree char *shortName = NULL; g_autofree char *shortName = NULL;
size_t i;
for (i = 0; i < vm->def->ntpms; i++) {
if (vm->def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
if (vm->def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) {
shortName = virDomainDefGetShortName(vm->def); shortName = virDomainDefGetShortName(vm->def);
if (!shortName) if (!shortName)
return; return;
@ -845,8 +869,12 @@ qemuExtTPMSetupCgroup(virQEMUDriverPtr driver,
g_autofree char *shortName = NULL; g_autofree char *shortName = NULL;
int rc; int rc;
pid_t pid; pid_t pid;
size_t i;
for (i = 0; i < def->ntpms; i++) {
if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
if (def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) {
shortName = virDomainDefGetShortName(def); shortName = virDomainDefGetShortName(def);
if (!shortName) if (!shortName)
return -1; return -1;

8
src/security/security_dac.c
View File

@ -1997,10 +1997,10 @@ virSecurityDACRestoreAllLabel(virSecurityManagerPtr mgr,
&chardevData) < 0) &chardevData) < 0)
rc = -1; rc = -1;
if (def->tpm) { for (i = 0; i < def->ntpms; i++) {
if (virSecurityDACRestoreTPMFileLabel(mgr, if (virSecurityDACRestoreTPMFileLabel(mgr,
def, def,
def->tpm) < 0) def->tpms[i]) < 0)
rc = -1; rc = -1;
} }
@ -2203,10 +2203,10 @@ virSecurityDACSetAllLabel(virSecurityManagerPtr mgr,
&chardevData) < 0) &chardevData) < 0)
return -1; return -1;
if (def->tpm) { for (i = 0; i < def->ntpms; i++) {
if (virSecurityDACSetTPMFileLabel(mgr, if (virSecurityDACSetTPMFileLabel(mgr,
def, def,
def->tpm) < 0) def->tpms[i]) < 0)
return -1; return -1;
} }

32
src/security/security_selinux.c
View File

@ -2780,8 +2780,8 @@ virSecuritySELinuxRestoreAllLabel(virSecurityManagerPtr mgr,
return -1; return -1;
} }
if (def->tpm) { for (i = 0; i < def->ntpms; i++) {
if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, def->tpm) < 0) if (virSecuritySELinuxRestoreTPMFileLabelInt(mgr, def, def->tpms[i]) < 0)
rc = -1; rc = -1;
} }
@ -3183,8 +3183,8 @@ virSecuritySELinuxSetAllLabel(virSecurityManagerPtr mgr,
return -1; return -1;
} }
if (def->tpm) { for (i = 0; i < def->ntpms; i++) {
if (virSecuritySELinuxSetTPMFileLabel(mgr, def, def->tpm) < 0) if (virSecuritySELinuxSetTPMFileLabel(mgr, def, def->tpms[i]) < 0)
return -1; return -1;
} }
@ -3526,19 +3526,23 @@ virSecuritySELinuxSetTPMLabels(virSecurityManagerPtr mgr,
virDomainDefPtr def) virDomainDefPtr def)
{ {
int ret = 0; int ret = 0;
size_t i;
virSecurityLabelDefPtr seclabel; virSecurityLabelDefPtr seclabel;
seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME); seclabel = virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAME);
if (seclabel == NULL) if (seclabel == NULL)
return 0; return 0;
if (def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) { for (i = 0; i < def->ntpms; i++) {
if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
ret = virSecuritySELinuxSetFileLabels( ret = virSecuritySELinuxSetFileLabels(
mgr, def->tpm->data.emulator.storagepath, mgr, def->tpms[i]->data.emulator.storagepath,
seclabel); seclabel);
if (ret == 0 && def->tpm->data.emulator.logfile) if (ret == 0 && def->tpms[i]->data.emulator.logfile)
ret = virSecuritySELinuxSetFileLabels( ret = virSecuritySELinuxSetFileLabels(
mgr, def->tpm->data.emulator.logfile, mgr, def->tpms[i]->data.emulator.logfile,
seclabel); seclabel);
} }
@ -3551,13 +3555,17 @@ virSecuritySELinuxRestoreTPMLabels(virSecurityManagerPtr mgr,
virDomainDefPtr def) virDomainDefPtr def)
{ {
int ret = 0; int ret = 0;
size_t i;
for (i = 0; i < def->ntpms; i++) {
if (def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
if (def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) {
ret = virSecuritySELinuxRestoreFileLabels( ret = virSecuritySELinuxRestoreFileLabels(
mgr, def->tpm->data.emulator.storagepath); mgr, def->tpms[i]->data.emulator.storagepath);
if (ret == 0 && def->tpm->data.emulator.logfile) if (ret == 0 && def->tpms[i]->data.emulator.logfile)
ret = virSecuritySELinuxRestoreFileLabels( ret = virSecuritySELinuxRestoreFileLabels(
mgr, def->tpm->data.emulator.logfile); mgr, def->tpms[i]->data.emulator.logfile);
} }
return ret; return ret;

9
src/security/virt-aa-helper.c
View File

@ -1218,14 +1218,17 @@ get_files(vahControl * ctl)
} }
if (ctl->def->tpm) { if (ctl->def->ntpms > 0) {
char *shortName = NULL; char *shortName = NULL;
const char *tpmpath = NULL; const char *tpmpath = NULL;
if (ctl->def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) { for (i = 0; i < ctl->def->ntpms; i++) {
if (ctl->def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
continue;
shortName = virDomainDefGetShortName(ctl->def); shortName = virDomainDefGetShortName(ctl->def);
switch (ctl->def->tpm->version) { switch (ctl->def->tpms[i]->version) {
case VIR_DOMAIN_TPM_VERSION_1_2: case VIR_DOMAIN_TPM_VERSION_1_2:
tpmpath = "tpm1.2"; tpmpath = "tpm1.2";
break; break;

13
tests/qemuxml2argvtest.c
View File

@ -437,12 +437,13 @@ testCompareXMLToArgvCreateArgs(virQEMUDriverPtr drv,
vsockPriv->vhostfd = 6789; vsockPriv->vhostfd = 6789;
} }
if (vm->def->tpm) { for (i = 0; i < vm->def->ntpms; i++) {
if (vm->def->tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR) { if (vm->def->tpms[i]->type != VIR_DOMAIN_TPM_TYPE_EMULATOR)
VIR_FREE(vm->def->tpm->data.emulator.source.data.file.path); continue;
vm->def->tpm->data.emulator.source.data.file.path = g_strdup("/dev/test");
vm->def->tpm->data.emulator.source.type = VIR_DOMAIN_CHR_TYPE_FILE; VIR_FREE(vm->def->tpms[i]->data.emulator.source.data.file.path);
} vm->def->tpms[i]->data.emulator.source.data.file.path = g_strdup("/dev/test");
vm->def->tpms[i]->data.emulator.source.type = VIR_DOMAIN_CHR_TYPE_FILE;
} }
for (i = 0; i < vm->def->nvideos; i++) { for (i = 0; i < vm->def->nvideos; i++) {