[libvirt] [PATCH 4/4] qemu: Add TLS hotplug for qemuDomainAttachRNGDevice
Pavel Hrdina
phrdina at redhat.com
Mon Oct 24 07:16:08 UTC 2016
On Fri, Oct 21, 2016 at 10:22:31AM -0400, John Ferlan wrote:
> Commit id '2c322378' missed the nuance that the rng backend could be
> using a TCP chardev and if TLS is enabled on the host, thus will need
> to have the TLS object added.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/qemu/qemu_hotplug.c | 31 +++++++++++++++++++++++++++----
> 1 file changed, 27 insertions(+), 4 deletions(-)
>
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index 4b2a24c..aac1338 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -1851,26 +1851,30 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> virDomainRNGDefPtr rng)
> {
> + virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
> qemuDomainObjPrivatePtr priv = vm->privateData;
> virErrorPtr orig_err;
> char *devstr = NULL;
> char *charAlias = NULL;
> char *objAlias = NULL;
> + char *tlsAlias = NULL;
> bool releaseaddr = false;
> bool chardevAdded = false;
> bool objAdded = false;
> + bool tlsobjAdded = false;
> virJSONValuePtr props = NULL;
> + virJSONValuePtr tlsProps = NULL;
> virDomainCCWAddressSetPtr ccwaddrs = NULL;
> const char *type;
> int ret = -1;
> int rv;
>
> if (qemuAssignDeviceRNGAlias(vm->def, rng) < 0)
> - return -1;
> + goto cleanup;
>
> /* preallocate space for the device definition */
> if (VIR_REALLOC_N(vm->def->rngs, vm->def->nrngs + 1) < 0)
> - return -1;
> + goto cleanup;
>
> if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
> if (qemuDomainMachineIsS390CCW(vm->def) &&
> @@ -1882,14 +1886,14 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
> } else {
> if (!qemuCheckCCWS390AddressSupport(vm->def, rng->info, priv->qemuCaps,
> rng->source.file))
> - return -1;
> + goto cleanup;
> }
> releaseaddr = true;
>
> if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE ||
> rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
> if (virDomainPCIAddressEnsureAddr(priv->pciaddrs, &rng->info) < 0)
> - return -1;
> + goto cleanup;
> } else if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
> if (!(ccwaddrs = qemuDomainCCWAddrSetCreateFromDomain(vm->def)))
> goto cleanup;
> @@ -1911,8 +1915,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
> if (!(charAlias = qemuAliasChardevFromDevAlias(rng->info.alias)))
> goto cleanup;
>
> + if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&
There should be check for dev->type == VIR_DOMAIN_CHR_TYPE_TCP, but as
I've pointed out in patch 01 the check should be moved into the helper.
ACK
Pavel
> + qemuDomainGetChardevTLSObjects(cfg, priv, rng->source.chardev,
> + charAlias, &tlsProps, &tlsAlias) < 0)
> + goto cleanup;
> +
> qemuDomainObjEnterMonitor(driver, vm);
>
> + if (tlsAlias) {
> + rv = qemuMonitorAddObject(priv->mon, "tls-creds-x509",
> + tlsAlias, tlsProps);
> + tlsProps = NULL; /* qemuMonitorAddObject consumes */
> + if (rv < 0)
> + goto exit_monitor;
> + tlsobjAdded = true;
> + }
> +
> if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&
> qemuMonitorAttachCharDev(priv->mon, charAlias,
> rng->source.chardev) < 0)
> @@ -1940,17 +1958,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
> audit:
> virDomainAuditRNG(vm, NULL, rng, "attach", ret == 0);
> cleanup:
> + virJSONValueFree(tlsProps);
> virJSONValueFree(props);
> if (ret < 0 && releaseaddr)
> qemuDomainReleaseDeviceAddress(vm, &rng->info, NULL);
> + VIR_FREE(tlsAlias);
> VIR_FREE(charAlias);
> VIR_FREE(objAlias);
> VIR_FREE(devstr);
> virDomainCCWAddressSetFree(ccwaddrs);
> + virObjectUnref(cfg);
> return ret;
>
> exit_monitor:
> orig_err = virSaveLastError();
> + if (tlsobjAdded)
> + ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
> if (objAdded)
> ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
> if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD && chardevAdded)
> --
> 2.7.4
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161024/1b63bbbe/attachment-0001.sig>
More information about the libvir-list
mailing list