[libvirt] [PATCH v7 17/19] tpm: Check TPM XML device configuration changes after edit
John Ferlan
jferlan at redhat.com
Fri Jul 26 10:44:59 UTC 2019
On 7/25/19 2:22 PM, Stefan Berger wrote:
> Since swtpm does not support getting started without password
> once it was created with encryption enabled, we don't allow
> encryption to be removed. Similarly, we do not allow encryption
> to be added once swtpm has run. We also prevent chaning the type
> of the TPM backend since the encrypted state is still around and
> the next time one was to switch back to the emulator backend
> and forgot the encryption the TPM would not work.
>
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
> Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
> ---
> src/conf/domain_conf.c | 56 +++++++++++++++++++++++++++++++++++++++
> src/conf/domain_conf.h | 4 +++
> src/libvirt_private.syms | 1 +
> src/qemu/qemu_driver.c | 28 ++++++++++++++++++++
> src/qemu/qemu_extdevice.c | 2 +-
> src/qemu/qemu_extdevice.h | 3 +++
> 6 files changed, 93 insertions(+), 1 deletion(-)
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 6673a323c6..d60ef81061 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
[...]
> +
> +int
> +virDomainCheckDeviceChanges(virDomainDefPtr def,
> + virDomainDefPtr newDef)
> +{
> + if (!def || !newDef)
Because !newDef is checked here...
> + return 0;
> +
> + return virDomainCheckTPMChanges(def, newDef);
> +}
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 8092893c2a..285fa6c496 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -3636,3 +3636,7 @@ virDomainGraphicsGetRenderNode(const virDomainGraphicsDef *graphics);
>
> bool
> virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics);
> +
> +int
> +virDomainCheckDeviceChanges(virDomainDefPtr def, virDomainDefPtr newDef)
> + ATTRIBUTE_NONNULL(2);
This ATTRIBUTE_NONNULL(2) is unnecessary
Causes a Coverity (or whenever STATIC_ANALYSIS is set) build error.
John
More information about the libvir-list
mailing list