[libvirt] [PATCH 4/4] qemu: Add TLS hotplug for qemuDomainAttachRNGDevice

Pavel Hrdina phrdina at redhat.com
Mon Oct 24 07:16:08 UTC 2016 

On Fri, Oct 21, 2016 at 10:22:31AM -0400, John Ferlan wrote:
> Commit id '2c322378' missed the nuance that the rng backend could be
> using a TCP chardev and if TLS is enabled on the host, thus will need
> to have the TLS object added.
> 
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>  src/qemu/qemu_hotplug.c | 31 +++++++++++++++++++++++++++----
>  1 file changed, 27 insertions(+), 4 deletions(-)
> 
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index 4b2a24c..aac1338 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -1851,26 +1851,30 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>                            virDomainObjPtr vm,
>                            virDomainRNGDefPtr rng)
>  {
> +    virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
>      qemuDomainObjPrivatePtr priv = vm->privateData;
>      virErrorPtr orig_err;
>      char *devstr = NULL;
>      char *charAlias = NULL;
>      char *objAlias = NULL;
> +    char *tlsAlias = NULL;
>      bool releaseaddr = false;
>      bool chardevAdded = false;
>      bool objAdded = false;
> +    bool tlsobjAdded = false;
>      virJSONValuePtr props = NULL;
> +    virJSONValuePtr tlsProps = NULL;
>      virDomainCCWAddressSetPtr ccwaddrs = NULL;
>      const char *type;
>      int ret = -1;
>      int rv;
>  
>      if (qemuAssignDeviceRNGAlias(vm->def, rng) < 0)
> -        return -1;
> +        goto cleanup;
>  
>      /* preallocate space for the device definition */
>      if (VIR_REALLOC_N(vm->def->rngs, vm->def->nrngs + 1) < 0)
> -        return -1;
> +        goto cleanup;
>  
>      if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
>          if (qemuDomainMachineIsS390CCW(vm->def) &&
> @@ -1882,14 +1886,14 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>      } else {
>          if (!qemuCheckCCWS390AddressSupport(vm->def, rng->info, priv->qemuCaps,
>                                              rng->source.file))
> -            return -1;
> +            goto cleanup;
>      }
>      releaseaddr = true;
>  
>      if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE ||
>          rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
>          if (virDomainPCIAddressEnsureAddr(priv->pciaddrs, &rng->info) < 0)
> -            return -1;
> +            goto cleanup;
>      } else if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
>          if (!(ccwaddrs = qemuDomainCCWAddrSetCreateFromDomain(vm->def)))
>              goto cleanup;
> @@ -1911,8 +1915,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>      if (!(charAlias = qemuAliasChardevFromDevAlias(rng->info.alias)))
>          goto cleanup;
>  
> +    if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&

There should be check for dev->type == VIR_DOMAIN_CHR_TYPE_TCP, but as
I've pointed out in patch 01 the check should be moved into the helper.

ACK

Pavel

> +        qemuDomainGetChardevTLSObjects(cfg, priv, rng->source.chardev,
> +                                       charAlias, &tlsProps, &tlsAlias) < 0)
> +        goto cleanup;
> +
>      qemuDomainObjEnterMonitor(driver, vm);
>  
> +    if (tlsAlias) {
> +        rv = qemuMonitorAddObject(priv->mon, "tls-creds-x509",
> +                                  tlsAlias, tlsProps);
> +        tlsProps = NULL; /* qemuMonitorAddObject consumes */
> +        if (rv < 0)
> +            goto exit_monitor;
> +        tlsobjAdded = true;
> +    }
> +
>      if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&
>          qemuMonitorAttachCharDev(priv->mon, charAlias,
>                                   rng->source.chardev) < 0)
> @@ -1940,17 +1958,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>   audit:
>      virDomainAuditRNG(vm, NULL, rng, "attach", ret == 0);
>   cleanup:
> +    virJSONValueFree(tlsProps);
>      virJSONValueFree(props);
>      if (ret < 0 && releaseaddr)
>          qemuDomainReleaseDeviceAddress(vm, &rng->info, NULL);
> +    VIR_FREE(tlsAlias);
>      VIR_FREE(charAlias);
>      VIR_FREE(objAlias);
>      VIR_FREE(devstr);
>      virDomainCCWAddressSetFree(ccwaddrs);
> +    virObjectUnref(cfg);
>      return ret;
>  
>   exit_monitor:
>      orig_err = virSaveLastError();
> +    if (tlsobjAdded)
> +        ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
>      if (objAdded)
>          ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
>      if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD && chardevAdded)
> -- 
> 2.7.4
> 
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20161024/1b63bbbe/attachment-0001.sig>

More information about the libvir-list mailing list