mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-08 22:15:21 +00:00
tpm: Check TPM XML device configuration changes after edit
Since swtpm does not support getting started without password once it was created with encryption enabled, we don't allow encryption to be removed. Similarly, we do not allow encryption to be added once swtpm has run. We also prevent chaning the type of the TPM backend since the encrypted state is still around and the next time one was to switch back to the emulator backend and forgot the encryption the TPM would not work. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
a9d6f1c054
commit
94b3aa55f8
@ -31430,3 +31430,59 @@ virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics)
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
static int
|
||||
virDomainCheckTPMChanges(virDomainDefPtr def,
|
||||
virDomainDefPtr newDef)
|
||||
{
|
||||
bool oldEnc, newEnc;
|
||||
|
||||
if (!def->tpm)
|
||||
return 0;
|
||||
|
||||
switch (def->tpm->type) {
|
||||
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
|
||||
if (virFileExists(def->tpm->data.emulator.storagepath)) {
|
||||
/* VM has been started */
|
||||
/* Once a VM was started with an encrypted state we allow
|
||||
* less configuration changes.
|
||||
*/
|
||||
oldEnc = def->tpm->data.emulator.hassecretuuid;
|
||||
if (oldEnc && def->tpm->type != newDef->tpm->type) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("Changing the type of TPM is not allowed"));
|
||||
return -1;
|
||||
}
|
||||
if (oldEnc && !newDef->tpm) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("Removing an encrypted TPM is not allowed"));
|
||||
return -1;
|
||||
}
|
||||
newEnc = newDef->tpm->data.emulator.hassecretuuid;
|
||||
if (oldEnc != newEnc) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("TPM state encryption cannot be changed "
|
||||
"once VM was started"));
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
break;
|
||||
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
|
||||
case VIR_DOMAIN_TPM_TYPE_LAST:
|
||||
break;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
virDomainCheckDeviceChanges(virDomainDefPtr def,
|
||||
virDomainDefPtr newDef)
|
||||
{
|
||||
if (!def || !newDef)
|
||||
return 0;
|
||||
|
||||
return virDomainCheckTPMChanges(def, newDef);
|
||||
}
|
||||
|
@ -3636,3 +3636,7 @@ virDomainGraphicsGetRenderNode(const virDomainGraphicsDef *graphics);
|
||||
|
||||
bool
|
||||
virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics);
|
||||
|
||||
int
|
||||
virDomainCheckDeviceChanges(virDomainDefPtr def, virDomainDefPtr newDef)
|
||||
ATTRIBUTE_NONNULL(2);
|
||||
|
@ -205,6 +205,7 @@ virDomainBootTypeFromString;
|
||||
virDomainBootTypeToString;
|
||||
virDomainCapabilitiesPolicyTypeToString;
|
||||
virDomainCapsFeatureTypeToString;
|
||||
virDomainCheckDeviceChanges;
|
||||
virDomainChrConsoleTargetTypeFromString;
|
||||
virDomainChrConsoleTargetTypeToString;
|
||||
virDomainChrDefForeach;
|
||||
|
@ -52,6 +52,7 @@
|
||||
#include "qemu_migration_params.h"
|
||||
#include "qemu_blockjob.h"
|
||||
#include "qemu_security.h"
|
||||
#include "qemu_extdevice.h"
|
||||
|
||||
#include "virerror.h"
|
||||
#include "virlog.h"
|
||||
@ -7600,6 +7601,30 @@ qemuDomainCreate(virDomainPtr dom)
|
||||
return qemuDomainCreateWithFlags(dom, 0);
|
||||
}
|
||||
|
||||
static int
|
||||
qemuDomainCheckDeviceChanges(virQEMUDriverPtr driver,
|
||||
virDomainDefPtr def)
|
||||
{
|
||||
virDomainObjPtr vm;
|
||||
int ret;
|
||||
|
||||
vm = virDomainObjListFindByUUID(driver->domains, def->uuid);
|
||||
if (!vm)
|
||||
return 0;
|
||||
|
||||
if (qemuExtDevicesInitPaths(driver, vm->def) < 0) {
|
||||
ret = -1;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
ret = virDomainCheckDeviceChanges(vm->def, def);
|
||||
|
||||
cleanup:
|
||||
virDomainObjEndAPI(&vm);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static virDomainPtr
|
||||
qemuDomainDefineXMLFlags(virConnectPtr conn,
|
||||
const char *xml,
|
||||
@ -7636,6 +7661,9 @@ qemuDomainDefineXMLFlags(virConnectPtr conn,
|
||||
if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (qemuDomainCheckDeviceChanges(driver, def) < 0)
|
||||
goto cleanup;
|
||||
|
||||
if (!(vm = virDomainObjListAdd(driver->domains, def,
|
||||
driver->xmlopt,
|
||||
0, &oldDef)))
|
||||
|
@ -79,7 +79,7 @@ qemuExtDeviceLogCommand(qemuDomainLogContextPtr logCtxt,
|
||||
* stored and we can remove directories and files in case of domain XML
|
||||
* changes.
|
||||
*/
|
||||
static int
|
||||
int
|
||||
qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
|
||||
virDomainDefPtr def)
|
||||
{
|
||||
|
@ -53,3 +53,6 @@ bool qemuExtDevicesHasDevice(virDomainDefPtr def);
|
||||
int qemuExtDevicesSetupCgroup(virQEMUDriverPtr driver,
|
||||
virDomainDefPtr def,
|
||||
virCgroupPtr cgroup);
|
||||
|
||||
int qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
|
||||
virDomainDefPtr def);
|
||||
|
Loading…
Reference in New Issue
Block a user