[PATCH 8/8] conf: Don't lose <active_pcr_banks/> when no TPM version is provided

[Peter Krempa]

On Mon, Jul 18, 2022 at 11:30:50 +0200, Michal Privoznik wrote:
> When no TPM version is provided in the input XML we may default
> to version 2.0 (see qemuDomainTPMDefPostParse()). However,
> <active_pcr_banks/> are parsed iff a version 2.0 was specified.
> This means that this piece of information might be lost.
> 
> It's better to parse everything we've been given and then
> validate that the configuration is valid.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2084046
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/conf/domain_conf.c     | 21 ++++++++++-----------
>  src/conf/domain_validate.c | 28 +++++++++++++++++++++++++++-
>  2 files changed, 37 insertions(+), 12 deletions(-)
> 
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 6263d90fdb..610fa5262b 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -10422,18 +10422,17 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
>                  goto error;
>              }
>          }
> -        if (def->data.emulator.version == VIR_DOMAIN_TPM_VERSION_2_0) {
> -            if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
> -                break;
> -            for (i = 0; i < nnodes; i++) {
> -                if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
> -                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> -                                   _("Unsupported PCR banks '%s'"),
> -                                   nodes[i]->name);
> -                    goto error;
> -                }
> -                def->data.emulator.activePcrBanks |= (1 << bank);
> +
> +        if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
> +            break;
> +        for (i = 0; i < nnodes; i++) {
> +            if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
> +                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> +                               _("Unsupported PCR banks '%s'"),
> +                               nodes[i]->name);
> +                goto error;
>              }
> +            def->data.emulator.activePcrBanks |= (1 << bank);

Ewww. This is clearly a job for virBitmap. I'll post a patch to refactor
it on top of this patch, so don't worry about it or conflicts.

Reviewed-by: Peter Krempa <pkrempa at redhat.com>