[libvirt] [PATCH v2 2/4] libvirt: conf: parse XML for protected key management ops

Mon May 18 12:40:35 UTC 2015

On 05/15/2015 10:43 AM, Michal Privoznik wrote:
...
Coverity complaint...

> +static int
> +virDomainKeyWrapDefParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt)
> +{
> +    size_t i;
> +    int ret = -1;
> +    xmlNodePtr *nodes = NULL;
> +    int n;
> +
> +    if (!(n = virXPathNodeSet("./keywrap/cipher", ctxt, &nodes)))

Can return a negative number...

> +        return 0;
> +
> +    if (VIR_ALLOC(def->keywrap) < 0)
> +        goto cleanup;
> +
> +    for (i = 0; i < n; i++) {

Causing this to run a long time.

I'll append something to my current on list Coverity patches to resolve.

John

> +        if (virDomainKeyWrapCipherDefParseXML(def->keywrap, nodes[i], ctxt) < 0)
> +            goto cleanup;
> +    }
> +
> +    if (!def->keywrap->aes &&
> +        !def->keywrap->dea)
> +        VIR_FREE(def->keywrap);
> +
> +    ret = 0;
> +
> + cleanup:
> +    if (ret < 0)
> +        VIR_FREE(def->keywrap);
> +    VIR_FREE(nodes);
> +    return ret;
> +}
> +
>  
>  /**
>   * virDomainXMLOptionNew:
> @@ -2361,6 +2491,8 @@ void virDomainDefFree(virDomainDefPtr def)
>          virDomainShmemDefFree(def->shmems[i]);
>      VIR_FREE(def->shmems);
>  
> +    VIR_FREE(def->keywrap);
> +
>      if (def->namespaceData && def->ns.free)
>          (def->ns.free)(def->namespaceData);
>  
> @@ -15535,6 +15667,9 @@ virDomainDefParseXML(xmlDocPtr xml,
>          VIR_FREE(tmp);
>      }
>  
> +    if (virDomainKeyWrapDefParseXML(def, ctxt) < 0)
> +        goto error;
> +
>      /* Extract custom metadata */
>      if ((node = virXPathNode("./metadata[1]", ctxt)) != NULL)
>          def->metadata = xmlCopyNode(node, 1);
> @@ -20588,6 +20723,24 @@ virDomainLoaderDefFormat(virBufferPtr buf,
>      }
>  }
>  
> +static void
> +virDomainKeyWrapDefFormat(virBufferPtr buf, virDomainKeyWrapDefPtr keywrap)
> +{
> +    virBufferAddLit(buf, "<keywrap>\n");
> +    virBufferAdjustIndent(buf, 2);
> +
> +    if (keywrap->aes)
> +        virBufferAsprintf(buf, "<cipher name='aes' state='%s'/>\n",
> +                          virTristateSwitchTypeToString(keywrap->aes));
> +
> +    if (keywrap->dea)
> +        virBufferAsprintf(buf, "<cipher name='dea' state='%s'/>\n",
> +                          virTristateSwitchTypeToString(keywrap->dea));
> +
> +    virBufferAdjustIndent(buf, -2);
> +    virBufferAddLit(buf, "</keywrap>\n");
> +}
> +
>  static bool
>  virDomainDefHasCapabilitiesFeatures(virDomainDefPtr def)
>  {
> @@ -21490,6 +21643,9 @@ virDomainDefFormatInternal(virDomainDefPtr def,
>              goto error;
>      }
>  
> +    if (def->keywrap)
> +        virDomainKeyWrapDefFormat(buf, def->keywrap);
> +
>      virBufferAdjustIndent(buf, -2);
>      virBufferAddLit(buf, "</domain>\n");
>  
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 8312c20..7b29008 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -2119,6 +2119,13 @@ struct _virDomainPowerManagement {
>      int s4;
>  };
>  
> +typedef struct _virDomainKeyWrapDef virDomainKeyWrapDef;
> +typedef virDomainKeyWrapDef *virDomainKeyWrapDefPtr;
> +struct _virDomainKeyWrapDef {
> +    int aes; /* enum virTristateSwitch */
> +    int dea; /* enum virTristateSwitch */
> +};
> +
>  /*
>   * Guest VM main configuration
>   *
> @@ -2255,6 +2262,8 @@ struct _virDomainDef {
>      void *namespaceData;
>      virDomainXMLNamespace ns;
>  
> +    virDomainKeyWrapDefPtr keywrap;
> +
>      /* Application-specific custom metadata */
>      xmlNodePtr metadata;
>  };
> @@ -2264,6 +2273,13 @@ void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size);
>  unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def);
>  
>  typedef enum {
> +    VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES,
> +    VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_DEA,
> +
> +    VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_LAST
> +} virDomainKeyWrapCipherName;
> +
> +typedef enum {
>      VIR_DOMAIN_TAINT_CUSTOM_ARGV,      /* Custom ARGV passthrough from XML */
>      VIR_DOMAIN_TAINT_CUSTOM_MONITOR,   /* Custom monitor commands issued */
>      VIR_DOMAIN_TAINT_HIGH_PRIVILEGES,  /* Running with undesirably high privileges */
> @@ -2951,6 +2967,7 @@ VIR_ENUM_DECL(virDomainChrTcpProtocol)
>  VIR_ENUM_DECL(virDomainChrSpicevmc)
>  VIR_ENUM_DECL(virDomainSoundCodec)
>  VIR_ENUM_DECL(virDomainSoundModel)
> +VIR_ENUM_DECL(virDomainKeyWrapCipherName)
>  VIR_ENUM_DECL(virDomainMemballoonModel)
>  VIR_ENUM_DECL(virDomainSmbiosMode)
>  VIR_ENUM_DECL(virDomainWatchdogModel)
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index f80fc70..afd0cb6 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -329,6 +329,8 @@ virDomainIOThreadIDDefFree;
>  virDomainIOThreadIDDel;
>  virDomainIOThreadIDFind;
>  virDomainIOThreadSchedDelId;
> +virDomainKeyWrapCipherNameTypeFromString;
> +virDomainKeyWrapCipherNameTypeToString;
>  virDomainLeaseDefFree;
>  virDomainLeaseIndex;
>  virDomainLeaseInsert;
> 