[PATCH 8/8] conf: Don't lose <active_pcr_banks/> when no TPM version is provided
Peter Krempa
pkrempa at redhat.com
Mon Aug 1 11:39:04 UTC 2022
On Mon, Jul 18, 2022 at 11:30:50 +0200, Michal Privoznik wrote:
> When no TPM version is provided in the input XML we may default
> to version 2.0 (see qemuDomainTPMDefPostParse()). However,
> <active_pcr_banks/> are parsed iff a version 2.0 was specified.
> This means that this piece of information might be lost.
>
> It's better to parse everything we've been given and then
> validate that the configuration is valid.
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2084046
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> src/conf/domain_conf.c | 21 ++++++++++-----------
> src/conf/domain_validate.c | 28 +++++++++++++++++++++++++++-
> 2 files changed, 37 insertions(+), 12 deletions(-)
>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index 6263d90fdb..610fa5262b 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -10422,18 +10422,17 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
> goto error;
> }
> }
> - if (def->data.emulator.version == VIR_DOMAIN_TPM_VERSION_2_0) {
> - if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
> - break;
> - for (i = 0; i < nnodes; i++) {
> - if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
> - virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> - _("Unsupported PCR banks '%s'"),
> - nodes[i]->name);
> - goto error;
> - }
> - def->data.emulator.activePcrBanks |= (1 << bank);
> +
> + if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
> + break;
> + for (i = 0; i < nnodes; i++) {
> + if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
> + _("Unsupported PCR banks '%s'"),
> + nodes[i]->name);
> + goto error;
> }
> + def->data.emulator.activePcrBanks |= (1 << bank);
Ewww. This is clearly a job for virBitmap. I'll post a patch to refactor
it on top of this patch, so don't worry about it or conflicts.
Reviewed-by: Peter Krempa <pkrempa at redhat.com>
More information about the libvir-list
mailing list