mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-28 08:35:22 +00:00
87a43a907f
This change was generated using the following spatch:
@ rule1 @
expression a;
identifier f;
@@
<...
- f(*a);
... when != a;
- *a = NULL;
+ g_clear_pointer(a, f);
...>
@ rule2 @
expression a;
identifier f;
@@
<...
- f(a);
... when != a;
- a = NULL;
+ g_clear_pointer(&a, f);
...>
Then, I left some of the changes out, like tools/nss/ (which
doesn't link with glib) and put back a comment in
qemuBlockJobProcessEventCompletedActiveCommit() which coccinelle
decided to remove (I have no idea why).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
377 lines
9.1 KiB
C
377 lines
9.1 KiB
C
/*
|
|
* virtpm.c: TPM support
|
|
*
|
|
* Copyright (C) 2013 IBM Corporation
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library. If not, see
|
|
* <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include "virstring.h"
|
|
#include "virerror.h"
|
|
#include "viralloc.h"
|
|
#include "virfile.h"
|
|
#include "virtpm.h"
|
|
#include "vircommand.h"
|
|
#include "virbitmap.h"
|
|
#include "virjson.h"
|
|
#include "virlog.h"
|
|
#include "virthread.h"
|
|
|
|
#define VIR_FROM_THIS VIR_FROM_TPM
|
|
|
|
VIR_LOG_INIT("util.tpm");
|
|
|
|
VIR_ENUM_IMPL(virTPMSwtpmFeature,
|
|
VIR_TPM_SWTPM_FEATURE_LAST,
|
|
"cmdarg-pwd-fd",
|
|
);
|
|
|
|
VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
|
|
VIR_TPM_SWTPM_SETUP_FEATURE_LAST,
|
|
"cmdarg-pwdfile-fd",
|
|
"cmdarg-create-config-files",
|
|
"tpm12-not-need-root",
|
|
"cmdarg-reconfigure-pcr-banks",
|
|
);
|
|
|
|
/**
|
|
* virTPMCreateCancelPath:
|
|
* @devpath: Path to the TPM device
|
|
*
|
|
* Create the cancel path given the path to the TPM device
|
|
*/
|
|
char *
|
|
virTPMCreateCancelPath(const char *devpath)
|
|
{
|
|
char *path = NULL;
|
|
const char *dev;
|
|
const char *prefix[] = {"misc/", "tpm/"};
|
|
size_t i;
|
|
if (!devpath) {
|
|
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
|
|
_("Missing TPM device path"));
|
|
return NULL;
|
|
}
|
|
|
|
if (!(dev = strrchr(devpath, '/'))) {
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
_("TPM device path %s is invalid"), devpath);
|
|
return NULL;
|
|
}
|
|
|
|
dev++;
|
|
for (i = 0; i < G_N_ELEMENTS(prefix); i++) {
|
|
path = g_strdup_printf("/sys/class/%s%s/device/cancel", prefix[i],
|
|
dev);
|
|
|
|
if (virFileExists(path))
|
|
break;
|
|
|
|
VIR_FREE(path);
|
|
}
|
|
if (!path)
|
|
path = g_strdup("/dev/null");
|
|
|
|
return path;
|
|
}
|
|
|
|
/*
|
|
* executables for the swtpm; to be found on the host along with
|
|
* capabilities bitmap
|
|
*/
|
|
static virMutex swtpm_tools_lock = VIR_MUTEX_INITIALIZER;
|
|
|
|
typedef int (*virTPMBinaryCapsParse)(const char *);
|
|
|
|
typedef enum _virTPMBinary {
|
|
VIR_TPM_BINARY_SWTPM,
|
|
VIR_TPM_BINARY_SWTPM_SETUP,
|
|
VIR_TPM_BINARY_SWTPM_IOCTL,
|
|
|
|
VIR_TPM_BINARY_LAST
|
|
} virTPMBinary;
|
|
|
|
VIR_ENUM_DECL(virTPMBinary);
|
|
VIR_ENUM_IMPL(virTPMBinary,
|
|
VIR_TPM_BINARY_LAST,
|
|
"swtpm", "swtpm_setup", "swtpm_ioctl");
|
|
|
|
typedef struct _virTPMBinaryInfo {
|
|
char *path;
|
|
struct stat stat;
|
|
const char *parm;
|
|
virBitmap *caps;
|
|
virTPMBinaryCapsParse capsParse;
|
|
} virTPMBinaryInfo;
|
|
|
|
static virTPMBinaryInfo swtpmBinaries[VIR_TPM_BINARY_LAST] = {
|
|
[VIR_TPM_BINARY_SWTPM] = {
|
|
.parm = "socket",
|
|
.capsParse = virTPMSwtpmFeatureTypeFromString,
|
|
},
|
|
[VIR_TPM_BINARY_SWTPM_SETUP] = {
|
|
.capsParse = virTPMSwtpmSetupFeatureTypeFromString,
|
|
},
|
|
[VIR_TPM_BINARY_SWTPM_IOCTL] = {
|
|
},
|
|
};
|
|
|
|
static int virTPMEmulatorInit(bool quiet);
|
|
|
|
static char *
|
|
virTPMBinaryGetPath(virTPMBinary binary)
|
|
{
|
|
char *s = NULL;
|
|
|
|
virMutexLock(&swtpm_tools_lock);
|
|
|
|
if (virTPMEmulatorInit(false) < 0)
|
|
goto cleanup;
|
|
|
|
s = g_strdup(swtpmBinaries[binary].path);
|
|
|
|
cleanup:
|
|
virMutexUnlock(&swtpm_tools_lock);
|
|
return s;
|
|
}
|
|
|
|
char *
|
|
virTPMGetSwtpm(void)
|
|
{
|
|
return virTPMBinaryGetPath(VIR_TPM_BINARY_SWTPM);
|
|
}
|
|
|
|
char *
|
|
virTPMGetSwtpmSetup(void)
|
|
{
|
|
return virTPMBinaryGetPath(VIR_TPM_BINARY_SWTPM_SETUP);
|
|
}
|
|
|
|
char *
|
|
virTPMGetSwtpmIoctl(void)
|
|
{
|
|
return virTPMBinaryGetPath(VIR_TPM_BINARY_SWTPM_IOCTL);
|
|
}
|
|
|
|
bool virTPMHasSwtpm(void)
|
|
{
|
|
bool ret = false;
|
|
|
|
virMutexLock(&swtpm_tools_lock);
|
|
|
|
if (virTPMEmulatorInit(true) < 0)
|
|
goto cleanup;
|
|
|
|
ret = swtpmBinaries[VIR_TPM_BINARY_SWTPM].path != NULL &&
|
|
swtpmBinaries[VIR_TPM_BINARY_SWTPM_SETUP].path != NULL &&
|
|
swtpmBinaries[VIR_TPM_BINARY_SWTPM_IOCTL].path != NULL;
|
|
|
|
cleanup:
|
|
virMutexUnlock(&swtpm_tools_lock);
|
|
return ret;
|
|
}
|
|
|
|
/* virTPMExecGetCaps
|
|
*
|
|
* Execute the prepared command and parse the returned JSON object
|
|
* to get the capabilities supported by the executable.
|
|
* A JSON object like this is expected:
|
|
*
|
|
* {
|
|
* "type": "swtpm",
|
|
* "features": [
|
|
* "cmdarg-seccomp",
|
|
* "cmdarg-key-fd",
|
|
* "cmdarg-pwd-fd"
|
|
* ]
|
|
* }
|
|
*/
|
|
static virBitmap *
|
|
virTPMExecGetCaps(virCommand *cmd,
|
|
virTPMBinaryCapsParse capsParse)
|
|
{
|
|
int exitstatus;
|
|
virBitmap *bitmap;
|
|
g_autofree char *outbuf = NULL;
|
|
g_autoptr(virJSONValue) json = NULL;
|
|
virJSONValue *featureList;
|
|
virJSONValue *item;
|
|
size_t idx;
|
|
const char *str;
|
|
int typ;
|
|
|
|
virCommandSetOutputBuffer(cmd, &outbuf);
|
|
if (virCommandRun(cmd, &exitstatus) < 0)
|
|
return NULL;
|
|
|
|
bitmap = virBitmapNew(0);
|
|
|
|
/* older version does not support --print-capabilties -- that's fine */
|
|
if (exitstatus != 0) {
|
|
VIR_DEBUG("Found swtpm that doesn't support --print-capabilities");
|
|
return bitmap;
|
|
}
|
|
|
|
json = virJSONValueFromString(outbuf);
|
|
if (!json)
|
|
goto error_bad_json;
|
|
|
|
featureList = virJSONValueObjectGetArray(json, "features");
|
|
if (!featureList)
|
|
goto error_bad_json;
|
|
|
|
if (!virJSONValueIsArray(featureList))
|
|
goto error_bad_json;
|
|
|
|
for (idx = 0; idx < virJSONValueArraySize(featureList); idx++) {
|
|
item = virJSONValueArrayGet(featureList, idx);
|
|
if (!item)
|
|
continue;
|
|
|
|
str = virJSONValueGetString(item);
|
|
if (!str)
|
|
goto error_bad_json;
|
|
typ = capsParse(str);
|
|
if (typ < 0)
|
|
continue;
|
|
|
|
virBitmapSetBitExpand(bitmap, typ);
|
|
}
|
|
|
|
return bitmap;
|
|
|
|
error_bad_json:
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
_("Unexpected JSON format: %s"), outbuf);
|
|
return bitmap;
|
|
}
|
|
|
|
static virBitmap *
|
|
virTPMGetCaps(virTPMBinaryCapsParse capsParse,
|
|
const char *exec, const char *param1)
|
|
{
|
|
g_autoptr(virCommand) cmd = NULL;
|
|
|
|
if (!(cmd = virCommandNew(exec)))
|
|
return NULL;
|
|
|
|
if (param1)
|
|
virCommandAddArg(cmd, param1);
|
|
virCommandAddArg(cmd, "--print-capabilities");
|
|
virCommandClearCaps(cmd);
|
|
|
|
return virTPMExecGetCaps(cmd, capsParse);
|
|
}
|
|
|
|
/*
|
|
* virTPMEmulatorInit
|
|
*
|
|
* Initialize the Emulator functions by searching for necessary
|
|
* executables that we will use to start and setup the swtpm
|
|
*/
|
|
static int
|
|
virTPMEmulatorInit(bool quiet)
|
|
{
|
|
size_t i;
|
|
|
|
for (i = 0; i < VIR_TPM_BINARY_LAST; i++) {
|
|
g_autofree char *path = NULL;
|
|
bool findit = swtpmBinaries[i].path == NULL;
|
|
struct stat statbuf;
|
|
|
|
if (!findit) {
|
|
/* has executables changed? */
|
|
if (stat(swtpmBinaries[i].path, &statbuf) < 0)
|
|
findit = true;
|
|
|
|
if (!findit &&
|
|
statbuf.st_mtime != swtpmBinaries[i].stat.st_mtime)
|
|
findit = true;
|
|
}
|
|
|
|
if (findit) {
|
|
VIR_FREE(swtpmBinaries[i].path);
|
|
|
|
path = virFindFileInPath(virTPMBinaryTypeToString(i));
|
|
if (!path) {
|
|
if (!quiet)
|
|
virReportSystemError(ENOENT,
|
|
_("Unable to find '%s' binary in $PATH"),
|
|
virTPMBinaryTypeToString(i));
|
|
return -1;
|
|
}
|
|
if (!virFileIsExecutable(path)) {
|
|
if (!quiet)
|
|
virReportError(VIR_ERR_INTERNAL_ERROR,
|
|
_("%s is not an executable"),
|
|
path);
|
|
return -1;
|
|
}
|
|
if (stat(path, &swtpmBinaries[i].stat) < 0) {
|
|
if (!quiet)
|
|
virReportSystemError(errno,
|
|
_("Could not stat %s"), path);
|
|
return -1;
|
|
}
|
|
swtpmBinaries[i].path = g_steal_pointer(&path);
|
|
g_clear_pointer(&swtpmBinaries[i].caps, virBitmapFree);
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static bool
|
|
virTPMBinaryGetCaps(virTPMBinary binary,
|
|
unsigned int cap)
|
|
{
|
|
bool ret = false;
|
|
|
|
virMutexLock(&swtpm_tools_lock);
|
|
|
|
if (virTPMEmulatorInit(false) < 0)
|
|
goto cleanup;
|
|
|
|
if (!swtpmBinaries[binary].caps &&
|
|
swtpmBinaries[binary].capsParse) {
|
|
swtpmBinaries[binary].caps = virTPMGetCaps(
|
|
swtpmBinaries[binary].capsParse,
|
|
swtpmBinaries[binary].path,
|
|
swtpmBinaries[binary].parm);
|
|
}
|
|
if (swtpmBinaries[binary].caps)
|
|
ret = virBitmapIsBitSet(swtpmBinaries[binary].caps, cap);
|
|
|
|
cleanup:
|
|
virMutexUnlock(&swtpm_tools_lock);
|
|
return ret;
|
|
}
|
|
|
|
bool
|
|
virTPMSwtpmCapsGet(unsigned int cap)
|
|
{
|
|
return virTPMBinaryGetCaps(VIR_TPM_BINARY_SWTPM, cap);
|
|
}
|
|
|
|
bool
|
|
virTPMSwtpmSetupCapsGet(unsigned int cap)
|
|
{
|
|
return virTPMBinaryGetCaps(VIR_TPM_BINARY_SWTPM_SETUP, cap);
|
|
}
|