From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465315781989.3035828340762;
 Fri, 4 May 2018 13:21:55 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 4B0B330C80A7;
	Fri,  4 May 2018 20:21:53 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BB281601A6;
	Fri,  4 May 2018 20:21:51 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6C37B4CAA7;
	Fri,  4 May 2018 20:21:46 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLgqK013442 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:42 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E1CA25D6A6; Fri,  4 May 2018 20:21:42 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D9C7B5D6A5
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:40 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id BF1BD30BEA46
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:39 +0000 (UTC)
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KJFZH029711
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:39 -0400
Received: from e38.co.us.ibm.com (e38.co.us.ibm.com [32.97.110.159])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hrvwfugd0-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:39 -0400
Received: from localhost
	by e38.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:38 -0600
Received: from b03cxnp07028.gho.boulder.ibm.com (9.17.130.15)
	by e38.co.us.ibm.com (192.168.1.138) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:35 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLYh714811500; Fri, 4 May 2018 13:21:34 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id DDEC1136040;
	Fri,  4 May 2018 14:21:34 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 92277136043;
	Fri,  4 May 2018 14:21:34 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:12 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0028-0000-0000-0000098D2E42
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027521; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:36
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0029-0000-0000-00003AA97419
Message-Id: <1525465285-14102-2-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Fri, 04 May 2018 20:21:39 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Fri, 04 May 2018 20:21:39 +0000 (UTC) for IP:'148.163.156.1'
	DOMAIN:'mx0a-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.156.1
	mx0a-001b2d01.pphosted.com 148.163.156.1
	mx0a-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 01/14] util: implement virFileReadOffsetQuiet()
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.46]);
 Fri, 04 May 2018 20:21:54 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Implement virFileReadOffsetQuiet() that reads a given maximum number
of bytes into a buffer that will be allocated. The reading starts
from a given offset.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/libvirt_private.syms |  1 +
 src/util/virfile.c       | 14 +++++++++++++-
 src/util/virfile.h       |  3 +++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 92b5e0f..f2a4921 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1807,6 +1807,7 @@ virFileReadHeaderFD;
 virFileReadHeaderQuiet;
 virFileReadLimFD;
 virFileReadLink;
+virFileReadOffsetQuiet;
 virFileReadValueBitmap;
 virFileReadValueInt;
 virFileReadValueScaledInt;
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 40f106d..526b9ad 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -1432,12 +1432,18 @@ virFileReadAll(const char *path, int maxlen, char *=
*buf)
 }
=20
 int
-virFileReadAllQuiet(const char *path, int maxlen, char **buf)
+virFileReadOffsetQuiet(const char *path, off_t offset,
+                       int maxlen, char **buf)
 {
     int fd =3D open(path, O_RDONLY);
     if (fd < 0)
         return -errno;
=20
+    if (offset > 0 && lseek(fd, offset, SEEK_SET) < 0) {
+        VIR_FORCE_CLOSE(fd);
+        return -errno;
+    }
+
     int len =3D virFileReadLimFD(fd, maxlen, buf);
     VIR_FORCE_CLOSE(fd);
     if (len < 0)
@@ -1446,6 +1452,12 @@ virFileReadAllQuiet(const char *path, int maxlen, ch=
ar **buf)
     return len;
 }
=20
+int
+virFileReadAllQuiet(const char *path, int maxlen, char **buf)
+{
+    return virFileReadOffsetQuiet(path, 0, maxlen, buf);
+}
+
 /* Read @file into preallocated buffer @buf of size @len.
  * Return value is -errno in case of errors and size
  * of data read (no trailing zero) in case of success.
diff --git a/src/util/virfile.h b/src/util/virfile.h
index 341320b..13d3cf6 100644
--- a/src/util/virfile.h
+++ b/src/util/virfile.h
@@ -137,6 +137,9 @@ int virFileReadLimFD(int fd, int maxlen, char **buf)
     ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(3);
 int virFileReadAll(const char *path, int maxlen, char **buf)
     ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3);
+int virFileReadOffsetQuiet(const char *path, off_t offset,
+                           int maxlen, char **buf)
+    ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(4);
 int virFileReadAllQuiet(const char *path, int maxlen, char **buf)
     ATTRIBUTE_RETURN_CHECK ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3);
 int virFileReadBufQuiet(const char *file, char *buf, int len)
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465780429479.6323457369789;
 Fri, 4 May 2018 13:29:40 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 2ADA887633;
	Fri,  4 May 2018 20:29:39 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 81C2760930;
	Fri,  4 May 2018 20:29:38 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 8B86E180BADA;
	Fri,  4 May 2018 20:29:37 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com
	[10.5.11.25])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLhAe013450 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:43 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B88FA20155E3; Fri,  4 May 2018 20:21:43 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com
	[10.5.110.30])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B21ED20155E1
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:41 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 47D3C356C0
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:40 +0000 (UTC)
Received: from pps.filterd (m0098409.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KJvRI033871
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:39 -0400
Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hrtaghwm3-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:39 -0400
Received: from localhost
	by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:39 -0600
Received: from b03cxnp07029.gho.boulder.ibm.com (9.17.130.16)
	by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:36 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLatw11665836; Fri, 4 May 2018 13:21:36 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 4D0DE136043;
	Fri,  4 May 2018 14:21:36 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 0081513603C;
	Fri,  4 May 2018 14:21:35 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:13 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0020-0000-0000-00000DDD26CD
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:37
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0021-0000-0000-000061362745
Message-Id: <1525465285-14102-3-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.30]); Fri, 04 May 2018 20:21:40 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.30]);
	Fri, 04 May 2018 20:21:40 +0000 (UTC) for IP:'148.163.156.1'
	DOMAIN:'mx0a-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.156.1
	mx0a-001b2d01.pphosted.com 148.163.156.1
	mx0a-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 02/14] util: Implement virStringFilterLines()
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Fri, 04 May 2018 20:29:39 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Implement virStringFilterLines() that takes as an input a buffer with text
and extracts each line that contains a given needle. The size of each re-
turned line can be restricted and if it is restricted '...' will automa-
tically be appended.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/util/virstring.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++=
++++
 src/util/virstring.h |  3 +++
 2 files changed, 65 insertions(+)

diff --git a/src/util/virstring.c b/src/util/virstring.c
index 15f367a..f1d91c7 100644
--- a/src/util/virstring.c
+++ b/src/util/virstring.c
@@ -1499,3 +1499,65 @@ virStringParsePort(const char *str,
=20
     return 0;
 }
+
+/**
+ * virStringFilterLines:
+ * @input: input buffer with text
+ * @needle: the needle to search in each line
+ * @maxlinelen: maximum line length of each line in output buffer;
+ *              0 to not restrict
+ *
+ * Search for a given needle in each line of the input buffer and create
+ * an output buffer that contains only these line.
+ */
+char *
+virStringFilterLines(char *input, const char *needle, size_t maxlinelen)
+{
+    char *sol =3D input;
+    char *eol;
+    char *buf =3D NULL;
+    size_t buflen =3D 1, llen;
+    const char *dots =3D "...";
+
+    while (*sol) {
+        eol =3D strchr(sol, '\n');
+        if (eol)
+            *eol =3D 0;
+
+        if (strstr(sol, needle)) {
+            size_t additional =3D 0;
+
+            llen =3D strlen(sol);
+            if (maxlinelen && llen > maxlinelen) {
+                llen =3D maxlinelen;
+                additional =3D strlen(dots);
+            }
+
+            if (VIR_REALLOC_N(buf, buflen + llen + additional + 1) < 0) {
+                VIR_FREE(buf);
+                if (*eol)
+                    *eol =3D '\n';
+                return NULL;
+            }
+            strncpy(&buf[buflen - 1], sol, llen);
+            buflen +=3D llen;
+
+            if (additional) {
+                strncpy(&buf[buflen - 1], dots, additional);
+                buflen +=3D additional;
+            }
+
+            strcpy(&buf[buflen - 1], "\n");
+            buflen +=3D 1;
+        }
+
+        if (eol)
+            *eol =3D '\n';
+        else
+            break;
+
+        sol =3D eol + 1;
+    }
+
+    return buf;
+}
diff --git a/src/util/virstring.h b/src/util/virstring.h
index fa2ec1d..1fb9851 100644
--- a/src/util/virstring.h
+++ b/src/util/virstring.h
@@ -309,4 +309,7 @@ int virStringParsePort(const char *str,
                        unsigned int *port)
     ATTRIBUTE_NONNULL(2) ATTRIBUTE_RETURN_CHECK;
=20
+char *virStringFilterLines(char *input, const char *needle, size_t maxline=
len)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+
 #endif /* __VIR_STRING_H__ */
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465423426735.9713261482582;
 Fri, 4 May 2018 13:23:43 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
 [10.5.11.26])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 5AAE33004864;
	Fri,  4 May 2018 20:23:42 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 22519309128B;
	Fri,  4 May 2018 20:23:42 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C40B1180613A;
	Fri,  4 May 2018 20:23:41 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
	[10.5.11.16])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLkYa013501 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:46 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 20D0F17549; Fri,  4 May 2018 20:21:46 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com
	[10.5.110.40])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 169B35FC24
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:43 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 93AEA3005157
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:42 +0000 (UTC)
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KEISR082922
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:42 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2hrs4q5dtk-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:41 -0400
Received: from localhost
	by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:41 -0600
Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20)
	by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:38 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLbwe10748264; Fri, 4 May 2018 13:21:37 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id BD3C9136044;
	Fri,  4 May 2018 14:21:37 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 63B8B136040;
	Fri,  4 May 2018 14:21:37 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:14 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0012-0000-0000-000016292AA8
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:39
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0013-0000-0000-00005296C808
Message-Id: <1525465285-14102-4-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=43 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.40]); Fri, 04 May 2018 20:21:42 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.40]);
	Fri, 04 May 2018 20:21:42 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.40
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 03/14] conf: Add support for external swtpm TPM
	emulator to domain XML
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]);
 Fri, 04 May 2018 20:23:42 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model=3D'tpm-tis'>
   <backend type=3D'emulator'/>
 </tpm>

The XML will currently only define a TPM 1.2.

Extend the documentation.

Add a test case testing the XML parser and formatter.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 docs/formatdomain.html.in                 | 30 +++++++++++++++++++++++++++
 docs/schemas/domaincommon.rng             |  5 +++++
 src/conf/domain_audit.c                   |  2 ++
 src/conf/domain_conf.c                    | 28 ++++++++++++++++++-------
 src/conf/domain_conf.h                    |  7 +++++++
 src/qemu/qemu_cgroup.c                    |  1 +
 src/qemu/qemu_command.c                   |  1 +
 src/qemu/qemu_domain.c                    |  1 +
 src/security/security_dac.c               |  2 ++
 src/security/security_selinux.c           |  2 ++
 tests/qemuxml2argvdata/tpm-emulator.xml   | 30 +++++++++++++++++++++++++++
 tests/qemuxml2xmloutdata/tpm-emulator.xml | 34 +++++++++++++++++++++++++++=
++++
 tests/qemuxml2xmltest.c                   |  1 +
 13 files changed, 137 insertions(+), 7 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator.xml
 create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 6a0110e..2a8912f 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -7649,6 +7649,26 @@ qemu-kvm -net nic,model=3D? /dev/null
 &lt;/devices&gt;
 ...
 </pre>
+
+    <p>
+      The emulator device type gives access to a TPM emulator providing
+      TPM functionlity for each VM. QEMU talks to it over a Unix socket. W=
ith
+      the emulator device type each guest gets its own private TPM.
+      <span class=3D"since">'emulator' since 4.4.0</span>
+    </p>
+    <p>
+     Example: usage of the TPM Emulator
+    </p>
+<pre>
+  ...
+  &lt;devices&gt;
+    &lt;tpm model=3D'tpm-tis'&gt;
+      &lt;backend type=3D'emulator'&gt;
+      &lt;/backend&gt;
+    &lt;/tpm&gt;
+  &lt;/devices&gt;
+  ...
+</pre>
     <dl>
       <dt><code>model</code></dt>
       <dd>
@@ -7682,6 +7702,16 @@ qemu-kvm -net nic,model=3D? /dev/null
             </p>
           </dd>
         </dl>
+        <dl>
+          <dt><code>emulator</code></dt>
+          <dd>
+            <p>
+              For this backend type the 'swtpm' TPM Emulator must be insta=
lled on the
+              host. Libvirt will automatically start an independent TPM em=
ulator
+              for each QEMU guest requesting access to it.
+            </p>
+          </dd>
+        </dl>
       </dd>
     </dl>
=20
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 7bad7dd..c65a9a3 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4137,6 +4137,11 @@
           </attribute>
           <ref name=3D"tpm-passthrough-device"/>
         </group>
+        <group>
+          <attribute name=3D"type">
+             <value>emulator</value>
+          </attribute>
+        </group>
       </choice>
     </element>
   </define>
diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c
index 82868bc..25cccdd 100644
--- a/src/conf/domain_audit.c
+++ b/src/conf/domain_audit.c
@@ -586,6 +586,8 @@ virDomainAuditTPM(virDomainObjPtr vm, virDomainTPMDefPt=
r tpm,
                   "virt=3D%s resrc=3Ddev reason=3D%s %s uuid=3D%s %s",
                   virt, reason, vmname, uuidstr, device);
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
     default:
         break;
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 0ea3e4c..d9945dd 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -864,7 +864,8 @@ VIR_ENUM_IMPL(virDomainTPMModel, VIR_DOMAIN_TPM_MODEL_L=
AST,
               "tpm-crb")
=20
 VIR_ENUM_IMPL(virDomainTPMBackend, VIR_DOMAIN_TPM_TYPE_LAST,
-              "passthrough")
+              "passthrough",
+              "emulator")
=20
 VIR_ENUM_IMPL(virDomainIOMMUModel, VIR_DOMAIN_IOMMU_MODEL_LAST,
               "intel")
@@ -2601,6 +2602,11 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
         VIR_FREE(def->data.passthrough.source.data.file.path);
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        VIR_FREE(def->data.emulator.source.data.nix.path);
+        VIR_FREE(def->data.emulator.storagepath);
+        VIR_FREE(def->data.emulator.logfile);
+        break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
@@ -12582,6 +12588,11 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPt=
r xmlopt,
  *   </backend>
  * </tpm>
  *
+ * or like this:
+ *
+ * <tpm model=3D'tpm-tis'>
+ *   <backend type=3D'emulator'/>
+ * </tpm>
  */
 static virDomainTPMDefPtr
 virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlopt,
@@ -12648,6 +12659,8 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlop=
t,
         def->data.passthrough.source.type =3D VIR_DOMAIN_CHR_TYPE_DEV;
         path =3D NULL;
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
         goto error;
     }
@@ -24815,22 +24828,23 @@ virDomainTPMDefFormat(virBufferPtr buf,
     virBufferAsprintf(buf, "<tpm model=3D'%s'>\n",
                       virDomainTPMModelTypeToString(def->model));
     virBufferAdjustIndent(buf, 2);
-    virBufferAsprintf(buf, "<backend type=3D'%s'>\n",
+    virBufferAsprintf(buf, "<backend type=3D'%s'",
                       virDomainTPMBackendTypeToString(def->type));
-    virBufferAdjustIndent(buf, 2);
=20
     switch (def->type) {
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
-        virBufferEscapeString(buf, "<device path=3D'%s'/>\n",
+        virBufferAddLit(buf, ">\n");
+        virBufferEscapeString(buf, "  <device path=3D'%s'/>\n",
                               def->data.passthrough.source.data.file.path);
+        virBufferAddLit(buf, "</backend>\n");
+        break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        virBufferAddLit(buf, "/>\n");
         break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
=20
-    virBufferAdjustIndent(buf, -2);
-    virBufferAddLit(buf, "</backend>\n");
-
     virDomainDeviceInfoFormat(buf, &def->info, flags);
=20
     virBufferAdjustIndent(buf, -2);
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 15d228b..c304b08 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1286,6 +1286,7 @@ typedef enum {
=20
 typedef enum {
     VIR_DOMAIN_TPM_TYPE_PASSTHROUGH,
+    VIR_DOMAIN_TPM_TYPE_EMULATOR,
=20
     VIR_DOMAIN_TPM_TYPE_LAST
 } virDomainTPMBackendType;
@@ -1300,6 +1301,11 @@ struct _virDomainTPMDef {
         struct {
             virDomainChrSourceDef source;
         } passthrough;
+        struct {
+            virDomainChrSourceDef source;
+            char *storagepath;
+            char *logfile;
+        } emulator;
     } data;
 };
=20
@@ -2814,6 +2820,7 @@ int virDomainDeviceAddressIsValid(virDomainDeviceInfo=
Ptr info,
                                   int type);
 virDomainDeviceInfoPtr virDomainDeviceGetInfo(virDomainDeviceDefPtr device=
);
 void virDomainTPMDefFree(virDomainTPMDefPtr def);
+void virDomainTPMDelete(virDomainDefPtr def);
=20
 typedef int (*virDomainDeviceInfoCallback)(virDomainDefPtr def,
                                            virDomainDeviceDefPtr dev,
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index d88eb78..1a5adca 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -278,6 +278,7 @@ qemuSetupTPMCgroup(virDomainObjPtr vm)
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
         ret =3D qemuSetupChrSourceCgroup(vm, &dev->data.passthrough.source=
);
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index dc6fb9a..bb330bf 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9490,6 +9490,7 @@ qemuBuildTPMBackendStr(const virDomainDef *def,
         VIR_FREE(cancel_path);
=20
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
     case VIR_DOMAIN_TPM_TYPE_LAST:
         goto error;
     }
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 542e20c..d3eac43 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -10364,6 +10364,7 @@ qemuDomainSetupTPM(virQEMUDriverConfigPtr cfg ATTRI=
BUTE_UNUSED,
             return -1;
         break;
=20
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
     case VIR_DOMAIN_TPM_TYPE_LAST:
         /* nada */
         break;
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 663c8c9..5efbc27 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1372,6 +1372,7 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr m=
gr,
                                             &tpm->data.passthrough.source,
                                             false);
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
@@ -1393,6 +1394,7 @@ virSecurityDACRestoreTPMFileLabel(virSecurityManagerP=
tr mgr,
                                                 &tpm->data.passthrough.sou=
rce,
                                                 false);
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index c26cdac..f5ba877 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1472,6 +1472,7 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManagerP=
tr mgr,
             return -1;
         }
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
@@ -1505,6 +1506,7 @@ virSecuritySELinuxRestoreTPMFileLabelInt(virSecurityM=
anagerPtr mgr,
             VIR_FREE(cancel_path);
         }
         break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
diff --git a/tests/qemuxml2argvdata/tpm-emulator.xml b/tests/qemuxml2argvda=
ta/tpm-emulator.xml
new file mode 100644
index 0000000..7f1e575
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator.xml
@@ -0,0 +1,30 @@
+<domain type=3D'qemu'>
+  <name>TPM-VM</name>
+  <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+  <memory unit=3D'KiB'>2097152</memory>
+  <currentMemory unit=3D'KiB'>512288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.12'>hvm</type>
+    <boot dev=3D'hd'/>
+    <bootmenu enable=3D'yes'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <tpm model=3D'tpm-tis'>
+      <backend type=3D'emulator'/>
+    </tpm>
+    <memballoon model=3D'virtio'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmloutdata/tpm-emulator.xml b/tests/qemuxml2xmlo=
utdata/tpm-emulator.xml
new file mode 100644
index 0000000..1b66e8b
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/tpm-emulator.xml
@@ -0,0 +1,34 @@
+<domain type=3D'qemu'>
+  <name>TPM-VM</name>
+  <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+  <memory unit=3D'KiB'>2097152</memory>
+  <currentMemory unit=3D'KiB'>512288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.12'>hvm</type>
+    <boot dev=3D'hd'/>
+    <bootmenu enable=3D'yes'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <tpm model=3D'tpm-tis'>
+      <backend type=3D'emulator'/>
+    </tpm>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
index 21fb411..3c39b77 100644
--- a/tests/qemuxml2xmltest.c
+++ b/tests/qemuxml2xmltest.c
@@ -673,6 +673,7 @@ mymain(void)
     DO_TEST("disk-copy_on_read", NONE);
     DO_TEST("tpm-passthrough", NONE);
     DO_TEST("tpm-passthrough-crb", NONE);
+    DO_TEST("tpm-emulator", NONE);
=20
     DO_TEST("metadata", NONE);
     DO_TEST("metadata-duplicate", NONE);
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465330466290.71354576212855;
 Fri, 4 May 2018 13:22:10 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com
 [10.5.11.24])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id E5A08883D2;
	Fri,  4 May 2018 20:22:08 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A889A30012BC;
	Fri,  4 May 2018 20:22:08 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 603F64CAAF;
	Fri,  4 May 2018 20:22:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLn2d013610 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:49 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 6EC8D60474; Fri,  4 May 2018 20:21:49 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 64B1D601A6
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:43 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 2F60F30BEA4A
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:42 +0000 (UTC)
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KL4wt035315
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:41 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hrvwfuge1-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:41 -0400
Received: from localhost
	by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:40 -0600
Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20)
	by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:39 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLdXu13435212; Fri, 4 May 2018 13:21:39 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 2C98C136043;
	Fri,  4 May 2018 14:21:39 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id D4B53136040;
	Fri,  4 May 2018 14:21:38 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:15 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0012-0000-0000-000016292AAA
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:40
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0013-0000-0000-00005296C80B
Message-Id: <1525465285-14102-5-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Fri, 04 May 2018 20:21:42 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Fri, 04 May 2018 20:21:42 +0000 (UTC) for IP:'148.163.156.1'
	DOMAIN:'mx0a-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.156.1
	mx0a-001b2d01.pphosted.com 148.163.156.1
	mx0a-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 04/14] qemu: Extend QEMU capabilities with
	'tpm-emulator'
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Fri, 04 May 2018 20:22:09 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Extend the QEMU capabilities with tpm-emulator support.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/qemu/qemu_capabilities.c                       | 5 +++++
 src/qemu/qemu_capabilities.h                       | 1 +
 tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml   | 1 +
 tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 1 +
 tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml   | 1 +
 tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml   | 1 +
 tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml  | 1 +
 7 files changed, 11 insertions(+)

diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 7b2e863..3f5368d 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -475,6 +475,7 @@ VIR_ENUM_IMPL(virQEMUCaps, QEMU_CAPS_LAST,
               "disk-write-cache",
               "nbd-tls",
               "tpm-crb",
+              "tpm-emulator",
     );
=20
=20
@@ -2338,6 +2339,10 @@ static const struct tpmTypeToCaps virQEMUCapsTPMType=
sToCaps[] =3D {
         .type =3D VIR_DOMAIN_TPM_TYPE_PASSTHROUGH,
         .caps =3D QEMU_CAPS_DEVICE_TPM_PASSTHROUGH,
     },
+    {
+        .type =3D VIR_DOMAIN_TPM_TYPE_EMULATOR,
+        .caps =3D QEMU_CAPS_DEVICE_TPM_EMULATOR,
+    },
 };
=20
 const struct tpmTypeToCaps virQEMUCapsTPMModelsToCaps[] =3D {
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 8da18a8..945696a 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -459,6 +459,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for =
syntax-check */
     QEMU_CAPS_DISK_WRITE_CACHE, /* qemu block frontends support write-cach=
e param */
     QEMU_CAPS_NBD_TLS, /* NBD server supports TLS transport */
     QEMU_CAPS_DEVICE_TPM_CRB, /* -device tpm-crb */
+    QEMU_CAPS_DEVICE_TPM_EMULATOR, /* -tpmdev emulator */
=20
     QEMU_CAPS_LAST /* this must always be the last item */
 } virQEMUCapsFlags;
diff --git a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml b/tests/qemuc=
apabilitiesdata/caps_2.11.0.s390x.xml
index 64bd554..fd981f4 100644
--- a/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml
@@ -119,6 +119,7 @@
   <flag name=3D'seccomp-blacklist'/>
   <flag name=3D'disk-write-cache'/>
   <flag name=3D'nbd-tls'/>
+  <flag name=3D'tpm-emulator'/>
   <version>2011000</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>342058</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml b/tests/qem=
ucapabilitiesdata/caps_2.12.0.aarch64.xml
index 197060a..6349d36 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml
@@ -158,6 +158,7 @@
   <flag name=3D'query-cpus-fast'/>
   <flag name=3D'disk-write-cache'/>
   <flag name=3D'nbd-tls'/>
+  <flag name=3D'tpm-emulator'/>
   <version>2011090</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>342346</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml b/tests/qemuc=
apabilitiesdata/caps_2.12.0.ppc64.xml
index b0eb055..743a1aa 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml
@@ -155,6 +155,7 @@
   <flag name=3D'query-cpus-fast'/>
   <flag name=3D'disk-write-cache'/>
   <flag name=3D'nbd-tls'/>
+  <flag name=3D'tpm-emulator'/>
   <version>2011090</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>419215</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml b/tests/qemuc=
apabilitiesdata/caps_2.12.0.s390x.xml
index 80f3ec6..bc98d6e 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml
@@ -120,6 +120,7 @@
   <flag name=3D'query-cpus-fast'/>
   <flag name=3D'disk-write-cache'/>
   <flag name=3D'nbd-tls'/>
+  <flag name=3D'tpm-emulator'/>
   <version>2011090</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>0</microcodeVersion>
diff --git a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml b/tests/qemu=
capabilitiesdata/caps_2.12.0.x86_64.xml
index 7c346e5..edd7173 100644
--- a/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
+++ b/tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml
@@ -197,6 +197,7 @@
   <flag name=3D'disk-write-cache'/>
   <flag name=3D'nbd-tls'/>
   <flag name=3D'tpm-crb'/>
+  <flag name=3D'tpm-emulator'/>
   <version>2011090</version>
   <kvmVersion>0</kvmVersion>
   <microcodeVersion>390060</microcodeVersion>
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465795485755.9357831137504;
 Fri, 4 May 2018 13:29:55 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
 [10.5.11.26])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 8199481DE7;
	Fri,  4 May 2018 20:29:54 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4DB9B30012C2;
	Fri,  4 May 2018 20:29:54 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id E5F41180BAE6;
	Fri,  4 May 2018 20:29:53 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com
	[10.5.11.24])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLlFa013534 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:47 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E24BC30012C7; Fri,  4 May 2018 20:21:47 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx12.extmail.prod.ext.phx2.redhat.com
	[10.5.110.41])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DBF4E30012BC
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:46 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 0BBB431500A1
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:44 +0000 (UTC)
Received: from pps.filterd (m0098410.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KL0g6009779
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:43 -0400
Received: from e36.co.us.ibm.com (e36.co.us.ibm.com [32.97.110.154])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hrryvdtr6-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:43 -0400
Received: from localhost
	by e36.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:42 -0600
Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17)
	by e36.co.us.ibm.com (192.168.1.136) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:41 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLeC519857724; Fri, 4 May 2018 13:21:40 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 8E4A9136043;
	Fri,  4 May 2018 14:21:40 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 42C6613603C;
	Fri,  4 May 2018 14:21:40 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:16 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0020-0000-0000-00000DDD26D8
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:42
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0021-0000-0000-000061362756
Message-Id: <1525465285-14102-6-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.41]); Fri, 04 May 2018 20:21:44 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.41]);
	Fri, 04 May 2018 20:21:44 +0000 (UTC) for IP:'148.163.156.1'
	DOMAIN:'mx0a-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.156.1
	mx0a-001b2d01.pphosted.com 148.163.156.1
	mx0a-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.41
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 05/14] util: Implement virFileChownFiles()
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Fri, 04 May 2018 20:29:55 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Implement virFileChownFiles() which changes file ownership of all
files in a given directory.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/libvirt_private.syms |  1 +
 src/util/virfile.c       | 49 ++++++++++++++++++++++++++++++++++++++++++++=
++++
 src/util/virfile.h       |  3 +++
 3 files changed, 53 insertions(+)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index f2a4921..33fe75b 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1761,6 +1761,7 @@ virFileActivateDirOverride;
 virFileBindMountDevice;
 virFileBuildPath;
 virFileCanonicalizePath;
+virFileChownFiles;
 virFileClose;
 virFileComparePaths;
 virFileCopyACLs;
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 526b9ad..b6aaf2c 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -38,6 +38,7 @@
 #include <unistd.h>
 #include <dirent.h>
 #include <dirname.h>
+#include <ftw.h>
 #if defined HAVE_MNTENT_H && defined HAVE_GETMNTENT_R
 # include <mntent.h>
 #endif
@@ -2949,6 +2950,54 @@ void virDirClose(DIR **dirp)
     *dirp =3D NULL;
 }
=20
+/*
+ * virFileChownFiles:
+ * @name: name of the directory
+ * @uid: uid
+ * @gid: gid
+ *
+ * Change ownership of all regular files in a directory.
+ *
+ * Returns -1 on error, with error already reported, 0 on success.
+ */
+int virFileChownFiles(const char *name, uid_t uid, gid_t gid)
+{
+    struct dirent *ent;
+    int ret;
+    DIR *dir;
+    char *path;
+
+    if (virDirOpen(&dir, name) < 0)
+        return -1;
+
+    while ((ret =3D virDirRead(dir, &ent, name)) > 0) {
+        if (ent->d_type !=3D DT_REG)
+            continue;
+
+        if (virAsprintf(&path, "%s/%s", name, ent->d_name) < 0) {
+            ret =3D -1;
+            break;
+        }
+        if (chown(path, uid, gid) < 0) {
+            ret =3D -1;
+            virReportSystemError(errno,
+                                 _("cannot chown '%s' to (%u, %u)"),
+                                 ent->d_name, (unsigned int) uid,
+                                 (unsigned int) gid);
+        }
+        VIR_FREE(path);
+        if (ret < 0)
+            break;
+    }
+
+    virDirClose(&dir);
+
+    if (ret < 0)
+        return -1;
+
+    return 0;
+}
+
 static int
 virFileMakePathHelper(char *path, mode_t mode)
 {
diff --git a/src/util/virfile.h b/src/util/virfile.h
index 13d3cf6..f0d99a0 100644
--- a/src/util/virfile.h
+++ b/src/util/virfile.h
@@ -239,6 +239,9 @@ int virFileOpenAs(const char *path, int openflags, mode=
_t mode,
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
 int virFileRemove(const char *path, uid_t uid, gid_t gid);
=20
+int virFileChownFiles(const char *name, uid_t uid, gid_t gid)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
+
 enum {
     VIR_DIR_CREATE_NONE        =3D 0,
     VIR_DIR_CREATE_AS_UID      =3D (1 << 0),
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465808329346.51347362166064;
 Fri, 4 May 2018 13:30:08 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 0C6B130015D1;
	Fri,  4 May 2018 20:30:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C01D7177F2;
	Fri,  4 May 2018 20:30:05 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 668DF4CAAD;
	Fri,  4 May 2018 20:30:05 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLpwI013660 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 1434260FAB; Fri,  4 May 2018 20:21:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com
	[10.5.110.30])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 094C660CD3
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:47 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 88E2F356CA
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:46 +0000 (UTC)
Received: from pps.filterd (m0098396.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KL5ff023694
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:46 -0400
Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hruy8nmvg-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:45 -0400
Received: from localhost
	by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:44 -0600
Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20)
	by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:42 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLgtv12517766; Fri, 4 May 2018 13:21:42 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id F076F13603C;
	Fri,  4 May 2018 14:21:41 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id A4A68136043;
	Fri,  4 May 2018 14:21:41 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:17 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0024-0000-0000-00001857E0B3
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027521; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:43
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0025-0000-0000-00004FD101B8
Message-Id: <1525465285-14102-7-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.30]); Fri, 04 May 2018 20:21:46 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.30]);
	Fri, 04 May 2018 20:21:46 +0000 (UTC) for IP:'148.163.156.1'
	DOMAIN:'mx0a-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.156.1
	mx0a-001b2d01.pphosted.com 148.163.156.1
	mx0a-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 06/14] security: Add DAC and SELinux security
	for tpm-emulator
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]);
 Fri, 04 May 2018 20:30:07 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Extend the DAC and SELinux modules with support for the
tpm-emulator.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/security/security_dac.c     | 4 ++++
 src/security/security_selinux.c | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 5efbc27..351f6f4 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1373,6 +1373,10 @@ virSecurityDACSetTPMFileLabel(virSecurityManagerPtr =
mgr,
                                             false);
         break;
     case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        ret =3D virSecurityDACSetChardevLabel(mgr, def,
+                                            &tpm->data.emulator.source,
+                                            false);
+        break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index f5ba877..17bc07a 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1473,6 +1473,11 @@ virSecuritySELinuxSetTPMFileLabel(virSecurityManager=
Ptr mgr,
         }
         break;
     case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        tpmdev =3D tpm->data.emulator.source.data.nix.path;
+        rc =3D virSecuritySELinuxSetFilecon(mgr, tpmdev, seclabel->imagela=
bel);
+        if (rc < 0)
+            return -1;
+        break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
     }
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465800859903.8171957159892;
 Fri, 4 May 2018 13:30:00 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com
 [10.5.11.25])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id D15834A6FF;
	Fri,  4 May 2018 20:29:59 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A7CC6201DE00;
	Fri,  4 May 2018 20:29:59 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 616394CAAD;
	Fri,  4 May 2018 20:29:59 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLpkq013661 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:51 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 15655610C8; Fri,  4 May 2018 20:21:51 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx18.extmail.prod.ext.phx2.redhat.com
	[10.5.110.47])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0958D60F87
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:49 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 0E24C300239A
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:48 +0000 (UTC)
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KEJIF082986
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:47 -0400
Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2hrs4q5dxb-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:47 -0400
Received: from localhost
	by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:46 -0600
Received: from b03cxnp08026.gho.boulder.ibm.com (9.17.130.18)
	by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:44 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLhQu12124430; Fri, 4 May 2018 13:21:43 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 77CBA136046;
	Fri,  4 May 2018 14:21:43 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 126A913603C;
	Fri,  4 May 2018 14:21:43 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:18 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-8235-0000-0000-00000D6D2F55
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:45
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-8236-0000-0000-000040C9ED50
Message-Id: <1525465285-14102-8-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.47]); Fri, 04 May 2018 20:21:48 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.47]);
	Fri, 04 May 2018 20:21:48 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.47
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 07/14] util: Extend virtpm.c with tpm-emulator
	support
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Fri, 04 May 2018 20:30:00 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Add functions for managing the storage of the external swtpm as well
as starting and stopping it. Also implement functions to use swtpm_setup,
which simulates the manufacturing of a TPM which includes creation of
certificates for the device.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/libvirt_private.syms |   5 +
 src/util/virtpm.c        | 536 +++++++++++++++++++++++++++++++++++++++++++=
+++-
 src/util/virtpm.h        |  33 ++-
 3 files changed, 572 insertions(+), 2 deletions(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 33fe75b..eebfc72 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2984,6 +2984,11 @@ virTimeStringThenRaw;
=20
 # util/virtpm.h
 virTPMCreateCancelPath;
+virTPMDeleteEmulatorStorage;
+virTPMEmulatorBuildCommand;
+virTPMEmulatorInitPaths;
+virTPMEmulatorPrepareHost;
+virTPMEmulatorStop;
=20
=20
 # util/virtypedparam.h
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index d5c10da..76bbb21 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -1,7 +1,7 @@
 /*
  * virtpm.c: TPM support
  *
- * Copyright (C) 2013 IBM Corporation
+ * Copyright (C) 2013,2018 IBM Corporation
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -22,16 +22,36 @@
=20
 #include <config.h>
=20
+#include <sys/types.h>
 #include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <cap-ng.h>
=20
+#include "conf/domain_conf.h"
+#include "viralloc.h"
+#include "vircommand.h"
 #include "virstring.h"
 #include "virerror.h"
 #include "viralloc.h"
 #include "virfile.h"
+#include "virkmod.h"
+#include "virlog.h"
 #include "virtpm.h"
+#include "virutil.h"
+#include "configmake.h"
=20
 #define VIR_FROM_THIS VIR_FROM_NONE
=20
+VIR_LOG_INIT("util.tpm")
+
+/*
+ * executables for the swtpm; to be found on the host
+ */
+static char *swtpm_path;
+static char *swtpm_setup;
+static char *swtpm_ioctl;
+
 /**
  * virTPMCreateCancelPath:
  * @devpath: Path to the TPM device
@@ -74,3 +94,517 @@ virTPMCreateCancelPath(const char *devpath)
  cleanup:
     return path;
 }
+
+/*
+ * virTPMEmulatorInit
+ *
+ * Initialize the Emulator functions by searching for necessary
+ * executables that we will use to start and setup the swtpm
+ */
+static int
+virTPMEmulatorInit(void)
+{
+    if (!swtpm_path) {
+        swtpm_path =3D virFindFileInPath("swtpm");
+        if (!swtpm_path) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("Could not find swtpm 'swtpm' in PATH"));
+            return -1;
+        }
+        if (!virFileIsExecutable(swtpm_path)) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("TPM emulator %s is not an executable"),
+                           swtpm_path);
+            VIR_FREE(swtpm_path);
+            return -1;
+        }
+    }
+
+    if (!swtpm_setup) {
+        swtpm_setup =3D virFindFileInPath("swtpm_setup");
+        if (!swtpm_setup) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("Could not find 'swtpm_setup' in PATH"));
+            return -1;
+        }
+        if (!virFileIsExecutable(swtpm_setup)) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("'%s' is not an executable"),
+                           swtpm_setup);
+            VIR_FREE(swtpm_setup);
+            return -1;
+        }
+    }
+
+    if (!swtpm_ioctl) {
+        swtpm_ioctl =3D virFindFileInPath("swtpm_ioctl");
+        if (!swtpm_ioctl) {
+            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                           _("Could not find swtpm_ioctl in PATH"));
+            return -1;
+        }
+        if (!virFileIsExecutable(swtpm_ioctl)) {
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("swtpm_ioctl program %s is not an executable"=
),
+                           swtpm_ioctl);
+            VIR_FREE(swtpm_ioctl);
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+/*
+ * virTPMCreateEmulatorStoragePath
+ *
+ * @swtpmStorageDir: directory for swtpm persistent state
+ * @vmname: The name of the VM for which to create the storage
+ *
+ * Create the swtpm's storage path
+ */
+static char *
+virTPMCreateEmulatorStoragePath(const char *swtpmStorageDir,
+                                const char *vmname)
+{
+    char *path =3D NULL;
+
+    ignore_value(virAsprintf(&path, "%s/%s/tpm1.2", swtpmStorageDir, vmnam=
e));
+
+    return path;
+}
+
+/*
+ * virtTPMGetTPMStorageDir:
+ *
+ * @storagepath: directory for swtpm's pesistent state
+ *
+ * Derive the 'TPMStorageDir' from the storagepath by searching
+ * for the last '/'.
+ */
+static char *
+virTPMGetTPMStorageDir(const char *storagepath)
+{
+    const char *tail =3D strrchr(storagepath, '/');
+    char *path =3D NULL;
+
+    if (!tail) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Could not get tail of storagedir %s"),
+                       storagepath);
+        return NULL;
+    }
+    ignore_value(VIR_STRNDUP(path, storagepath, tail - storagepath));
+
+    return path;
+}
+
+/*
+ * virTPMEmulatorInitStorage
+ *
+ * Initialize the TPM Emulator storage by creating its root directory,
+ * which is typically found in /var/lib/libvirt/tpm.
+ *
+ */
+static int
+virTPMEmulatorInitStorage(const char *swtpmStorageDir)
+{
+    int rc =3D 0;
+
+    /* allow others to cd into this dir */
+    if (virFileMakePathWithMode(swtpmStorageDir, 0711) < 0) {
+        virReportSystemError(errno,
+                             _("Could not create TPM directory %s"),
+                             swtpmStorageDir);
+        rc =3D -1;
+    }
+
+    return rc;
+}
+
+/*
+ * virTPMCreateEmulatorStorage
+ *
+ * @storagepath: directory for swtpm's pesistent state
+ * @created: a pointer to a bool that will be set to true if the
+ *           storage was created because it did not exist yet
+ * @swtpm_user: The uid that needs to be able to access the directory
+ * @swtpm_group: The gid that needs to be able to access the directory
+ *
+ * Unless the storage path for the swtpm for the given VM
+ * already exists, create it and make it accessible for the given userid.
+ * Adapt ownership of the directory and all swtpm's state files there.
+ */
+static int
+virTPMCreateEmulatorStorage(const char *storagepath,
+                            bool *created,
+                            uid_t swtpm_user, gid_t swtpm_group)
+{
+    int ret =3D -1;
+    char *swtpmStorageDir =3D virTPMGetTPMStorageDir(storagepath);
+
+    if (!swtpmStorageDir)
+        return -1;
+
+    if (virTPMEmulatorInitStorage(swtpmStorageDir) < 0)
+        return -1;
+
+    *created =3D false;
+
+    if (!virFileExists(storagepath))
+        *created =3D true;
+
+    if (virDirCreate(storagepath, 0700, swtpm_user, swtpm_group,
+                     VIR_DIR_CREATE_ALLOW_EXIST) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Could not create directory %s as %u:%d"),
+                       storagepath, swtpm_user, swtpm_group);
+        goto cleanup;
+    }
+
+    if (virFileChownFiles(storagepath, swtpm_user, swtpm_group) < 0)
+        goto cleanup;
+
+    ret =3D 0;
+
+ cleanup:
+    VIR_FREE(swtpmStorageDir);
+
+    return ret;
+}
+
+void
+virTPMDeleteEmulatorStorage(virDomainTPMDefPtr tpm)
+{
+    char *path =3D virTPMGetTPMStorageDir(tpm->data.emulator.storagepath);
+
+    if (path) {
+        ignore_value(virFileDeleteTree(path));
+        VIR_FREE(path);
+    }
+}
+
+/*
+ * virTPMCreateEmulatorSocket:
+ *
+ * @swtpmStateDir: the directory where to create the socket in
+ * @shortName: short and unique name of the domain
+ *
+ * Create the vTPM device name from the given parameters
+ */
+static char *
+virTPMCreateEmulatorSocket(const char *swtpmStateDir, const char *shortNam=
e)
+{
+    char *path =3D NULL;
+
+    ignore_value(virAsprintf(&path, "%s/%s-swtpm.sock", swtpmStateDir,
+                             shortName));
+
+    return path;
+}
+
+/*
+ * virTPMEmulatorInitPaths:
+ *
+ * @tpm: TPM definition for an emulator type
+ * @swtpmStorageDir: the general swtpm storage dir which is used as a base
+ *                   directory for creating VM specific directories
+ * @uuid: the UUID of the VM
+ */
+int virTPMEmulatorInitPaths(virDomainTPMDefPtr tpm,
+                            const char *swtpmStorageDir,
+                            const unsigned char *uuid)
+{
+    char uuidstr[VIR_UUID_STRING_BUFLEN];
+
+    virUUIDFormat(uuid, uuidstr);
+
+    VIR_FREE(tpm->data.emulator.storagepath);
+    if (!(tpm->data.emulator.storagepath =3D
+            virTPMCreateEmulatorStoragePath(swtpmStorageDir, uuidstr)))
+        return -1;
+
+    return 0;
+}
+
+/*
+ * virTPMEmulatorPrepareHost:
+ *
+ * @tpm: tpm definition
+ * @logDir: directory where swtpm writes its logs into
+ * @vmname: name of the VM
+ * @swtpm_user: uid to run the swtpm with
+ * @swtpm_group: gid to run the swtpm with
+ * @swtpmStateDir: directory for swtpm's persistent state
+ * @qemu_user: uid that qemu will run with; we share the socket file with =
it
+ * @shortName: short and unique name of the domain
+ *
+ * Prepare the log directory for the swtpm and adjust ownership of it and =
the
+ * log file we will be using. Prepare the state directory where we will sh=
are
+ * the socket between tss and qemu users.
+ */
+int virTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
+                              const char *logDir, const char *vmname,
+                              uid_t swtpm_user, gid_t swtpm_group,
+                              const char *swtpmStateDir,
+                              uid_t qemu_user, const char *shortName)
+{
+    int ret =3D -1;
+
+    if (virTPMEmulatorInit() < 0)
+        return -1;
+
+    /* create log dir ... */
+    if (virFileMakePathWithMode(logDir, 0730) < 0)
+        goto cleanup;
+
+    /* ... and adjust ownership */
+    if (virDirCreate(logDir, 0730, swtpm_user, swtpm_group,
+                     VIR_DIR_CREATE_ALLOW_EXIST) < 0)
+        goto cleanup;
+
+    /* create logfile name ... */
+    if (virAsprintf(&tpm->data.emulator.logfile, "%s/%s-swtpm.log",
+                    logDir, vmname) < 0)
+        goto cleanup;
+
+    /* ... and make sure it can be accessed by swtpm_user */
+    if (virFileExists(tpm->data.emulator.logfile) &&
+        chown(tpm->data.emulator.logfile, swtpm_user, swtpm_group) < 0) {
+        virReportSystemError(errno,
+                             _("Could not chown on swtpm logfile %s"),
+                             tpm->data.emulator.logfile);
+        goto cleanup;
+    }
+
+    /*
+      create our swtpm state dir ...
+      - QEMU user needs to be able to access the socket there
+      - swtpm group needs to be able to create files there
+      - in privileged mode 0570 would be enough, for non-privileged mode
+        we need 0770
+    */
+    if (virDirCreate(swtpmStateDir, 0770, qemu_user, swtpm_group,
+                     VIR_DIR_CREATE_ALLOW_EXIST) < 0)
+        goto cleanup;
+
+    /* create the socket filename */
+    if (!(tpm->data.emulator.source.data.nix.path =3D
+          virTPMCreateEmulatorSocket(swtpmStateDir, shortName)))
+        goto cleanup;
+    tpm->data.emulator.source.type =3D VIR_DOMAIN_CHR_TYPE_UNIX;
+
+    ret =3D 0;
+
+ cleanup:
+    if (ret)
+        VIR_FREE(tpm->data.emulator.logfile);
+
+    return ret;
+}
+
+/*
+ * virTPMEmulatorRunSetup
+ *
+ * @storagepath: path to the directory for TPM state
+ * @vmname: the name of the VM
+ * @vmuuid: the UUID of the VM
+ * @privileged: whether we are running in privileged mode
+ * @swtpm_user: The userid to switch to when setting up the TPM;
+ *              typically this should be the uid of 'tss' or 'root'
+ * @swtpm_group: The group id to switch to
+ * @logfile: The file to write the log into; it must be writable
+ *           for the user given by userid or 'tss'
+ *
+ * Setup the external swtpm by creating endorsement key and
+ * certificates for it.
+ */
+static int
+virTPMEmulatorRunSetup(const char *storagepath, const char *vmname,
+                       const unsigned char *vmuuid, bool privileged,
+                       uid_t swtpm_user, gid_t swtpm_group,
+                       const char *logfile)
+{
+    virCommandPtr cmd =3D NULL;
+    int exitstatus;
+    int rc =3D 0;
+    char uuid[VIR_UUID_STRING_BUFLEN];
+    char *vmid =3D NULL;
+    off_t logstart;
+
+    if (!privileged) {
+        return virFileWriteStr(logfile,
+                               _("Did not create EK and certificates since=
 "
+                               "this requires privileged mode\n"),
+                               0600);
+    }
+
+    cmd =3D virCommandNew(swtpm_setup);
+    if (!cmd) {
+        rc =3D -1;
+        goto cleanup;
+    }
+
+    virUUIDFormat(vmuuid, uuid);
+    if (virAsprintf(&vmid, "%s:%s", vmname, uuid) < 0)
+        goto cleanup;
+
+    virCommandSetUID(cmd, swtpm_user);
+    virCommandSetGID(cmd, swtpm_group);
+
+    virCommandAddArgList(cmd,
+                         "--tpm-state", storagepath,
+                         "--vmid", vmid,
+                         "--logfile", logfile,
+                         "--createek",
+                         "--create-ek-cert",
+                         "--create-platform-cert",
+                         "--lock-nvram",
+                         "--not-overwrite",
+                         NULL);
+
+    virCommandClearCaps(cmd);
+
+    /* get size of logfile */
+    logstart =3D virFileLength(logfile, -1);
+    if (logstart < 0)
+        logstart =3D 0;
+
+    if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) {
+        char *buffer =3D NULL, *errors;
+        off_t loglength =3D virFileLength(logfile, -1);
+
+        if (loglength > logstart) {
+            ignore_value(virFileReadOffsetQuiet(logfile, logstart,
+                                                loglength - logstart,
+                                                &buffer));
+            errors =3D virStringFilterLines(buffer, "Error:", 160);
+            virReportError(VIR_ERR_INTERNAL_ERROR,
+                           _("Could not run '%s'. exitstatus: %d;\n"
+                         "%s"),
+                          swtpm_setup, exitstatus, errors);
+            VIR_FREE(buffer);
+            VIR_FREE(errors);
+        }
+        rc =3D -1;
+    }
+
+ cleanup:
+    VIR_FREE(vmid);
+    virCommandFree(cmd);
+
+    return rc;
+}
+
+/*
+ * virTPMEmulatorBuildCommand:
+ *
+ * @tpm: TPM definition
+ * @vmname: The name of the VM
+ * @vmuuid: The UUID of the VM
+ * @privileged: whether we are running in privileged mode
+ * @swtpm_user: The uid for the swtpm to run as (drop privileges to from r=
oot)
+ * @swtpm_group: The gid for the swtpm to run as
+ *
+ * Create the virCommand use for starting the emulator
+ * Do some initializations on the way, such as creation of storage
+ * and emulator setup.
+ */
+virCommandPtr
+virTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, const char *vmname,
+                           const unsigned char *vmuuid, bool privileged,
+                           uid_t swtpm_user, gid_t swtpm_group)
+{
+    virCommandPtr cmd =3D NULL;
+    bool created =3D false;
+
+    if (virTPMCreateEmulatorStorage(tpm->data.emulator.storagepath,
+                                    &created, swtpm_user, swtpm_group) < 0)
+        return NULL;
+
+    if (created &&
+        virTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmu=
uid,
+                               privileged, swtpm_user, swtpm_group,
+                               tpm->data.emulator.logfile) < 0)
+        goto error;
+
+    unlink(tpm->data.emulator.source.data.nix.path);
+
+    cmd =3D virCommandNew(swtpm_path);
+    if (!cmd)
+        goto error;
+
+    virCommandClearCaps(cmd);
+
+    virCommandAddArgList(cmd, "socket", "--daemon", "--ctrl", NULL);
+    virCommandAddArgFormat(cmd, "type=3Dunixio,path=3D%s,mode=3D0600",
+                           tpm->data.emulator.source.data.nix.path);
+
+    virCommandAddArg(cmd, "--tpmstate");
+    virCommandAddArgFormat(cmd, "dir=3D%s,mode=3D0600",
+                           tpm->data.emulator.storagepath);
+
+    virCommandAddArg(cmd, "--log");
+    virCommandAddArgFormat(cmd, "file=3D%s", tpm->data.emulator.logfile);
+
+    virCommandSetUID(cmd, swtpm_user);
+    virCommandSetGID(cmd, swtpm_group);
+
+    return cmd;
+
+ error:
+    if (created)
+        virTPMDeleteEmulatorStorage(tpm);
+
+    VIR_FREE(tpm->data.emulator.source.data.nix.path);
+    VIR_FREE(tpm->data.emulator.storagepath);
+
+    virCommandFree(cmd);
+
+    return NULL;
+}
+
+/*
+ * virTPMEmulatorStop
+ * @swtpmStateDir: A directory where the socket is located
+ * @shortName: short and unique name of the domain
+ *
+ * Gracefully stop the swptm
+ */
+void
+virTPMEmulatorStop(const char *swtpmStateDir, const char *shortName)
+{
+    virCommandPtr cmd;
+    char *pathname;
+    char *errbuf =3D NULL;
+
+    if (virTPMEmulatorInit() < 0)
+        return;
+
+    if (!(pathname =3D virTPMCreateEmulatorSocket(swtpmStateDir, shortName=
)))
+        return;
+
+    if (!virFileExists(pathname))
+        goto cleanup;
+
+    cmd =3D virCommandNew(swtpm_ioctl);
+    if (!cmd) {
+        VIR_FREE(pathname);
+        goto cleanup;
+    }
+
+    virCommandAddArgList(cmd, "--unix", pathname, "-s", NULL);
+
+    virCommandSetErrorBuffer(cmd, &errbuf);
+
+    ignore_value(virCommandRun(cmd, NULL));
+
+    virCommandFree(cmd);
+
+    /* clean up the socket */
+    unlink(pathname);
+
+ cleanup:
+    VIR_FREE(pathname);
+    VIR_FREE(errbuf);
+}
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index b21fc05..63f75b8 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -1,7 +1,7 @@
 /*
  * virtpm.h: TPM support
  *
- * Copyright (C) 2013 IBM Corporation
+ * Copyright (C) 2013,2018 IBM Corporation
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -22,6 +22,37 @@
 #ifndef __VIR_TPM_H__
 # define __VIR_TPM_H__
=20
+# include "vircommand.h"
+
+typedef struct _virDomainTPMDef virDomainTPMDef;
+typedef virDomainTPMDef *virDomainTPMDefPtr;
+
 char *virTPMCreateCancelPath(const char *devpath) ATTRIBUTE_NOINLINE;
=20
+int virTPMEmulatorInitPaths(virDomainTPMDefPtr tpm,
+                            const char *swtpmStorageDir,
+                            const unsigned char *uuid)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_RETURN_CHECK;
+int virTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
+                              const char *logDir, const char *vmname,
+                              uid_t swtpm_user, gid_t swtpm_group,
+                              const char *swtpmStateDir,
+                              uid_t qemu_user, const char *shortName)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(6) ATTRIBUTE_RETURN_CHECK;
+virCommandPtr virTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
+                                         const char *vmname,
+                                         const unsigned char *vmuuid,
+                                         bool privileged,
+                                         uid_t swtpm_user,
+                                         gid_t swtpm_group)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_RETURN_CHECK;
+void virTPMEmulatorStop(const char *swtpmStateDir,
+                        const char *shortName)
+    ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
+void virTPMDeleteEmulatorStorage(virDomainTPMDefPtr tpm)
+    ATTRIBUTE_NONNULL(1);
+
 #endif /* __VIR_TPM_H__ */
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:58 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465443692958.7379078245166;
 Fri, 4 May 2018 13:24:03 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 645C53003A58;
	Fri,  4 May 2018 20:24:02 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 2EF845D6A6;
	Fri,  4 May 2018 20:24:02 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id D79164CAB0;
	Fri,  4 May 2018 20:24:01 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KM0gr013799 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:22:00 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id B00CC1001F49; Fri,  4 May 2018 20:22:00 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com
	[10.5.110.26])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id A8A6D100197A
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:59 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
	[148.163.156.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id C50A3883BF
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:49 +0000 (UTC)
Received: from pps.filterd (m0098394.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KFVc3016639
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:49 -0400
Received: from e38.co.us.ibm.com (e38.co.us.ibm.com [32.97.110.159])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hrvwfugj4-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:49 -0400
Received: from localhost
	by e38.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:48 -0600
Received: from b03cxnp07029.gho.boulder.ibm.com (9.17.130.16)
	by e38.co.us.ibm.com (192.168.1.138) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:45 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLj6X11993382; Fri, 4 May 2018 13:21:45 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id E5764136046;
	Fri,  4 May 2018 14:21:44 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 8E05B136044;
	Fri,  4 May 2018 14:21:44 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:19 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0028-0000-0000-0000098D2E51
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027521; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:46
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0029-0000-0000-00003AA97435
Message-Id: <1525465285-14102-9-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=43 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.26]); Fri, 04 May 2018 20:21:49 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.26]);
	Fri, 04 May 2018 20:21:49 +0000 (UTC) for IP:'148.163.156.1'
	DOMAIN:'mx0a-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.156.1
	mx0a-001b2d01.pphosted.com 148.163.156.1
	mx0a-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.26
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 08/14] qemu: Extend qemu_conf with tpm-emulator
	support
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]);
 Fri, 04 May 2018 20:24:02 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Extend qemu_conf with user and group for running the tpm-emulator
and add directories to the configuration for the locations of the
log, state, and socket of the tpm-emulator.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/qemu/libvirtd_qemu.aug         |  5 +++++
 src/qemu/qemu.conf                 |  8 +++++++
 src/qemu/qemu_conf.c               | 43 ++++++++++++++++++++++++++++++++++=
++++
 src/qemu/qemu_conf.h               |  6 ++++++
 src/qemu/test_libvirtd_qemu.aug.in |  2 ++
 5 files changed, 64 insertions(+)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index c19bf3a..23bfe67 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -118,6 +118,9 @@ module Libvirtd_qemu =3D
    let vxhs_entry =3D bool_entry "vxhs_tls"
                  | str_entry "vxhs_tls_x509_cert_dir"
=20
+   let swtpm_user_entry =3D str_entry "swtpm_user"
+   let swtpm_group_entry =3D str_entry "swtpm_group"
+
    (* Each entry in the config is one of the following ... *)
    let entry =3D default_tls_entry
              | vnc_entry
@@ -137,6 +140,8 @@ module Libvirtd_qemu =3D
              | gluster_debug_level_entry
              | memory_entry
              | vxhs_entry
+             | swtpm_user_entry
+             | swtpm_group_entry
=20
    let comment =3D [ label "#comment" . del /#[ \t]*/ "# " .  store /([^ \=
t\n][^\n]*)?/ . del /\n/ "\n" ]
    let empty =3D [ label "#empty" . eol ]
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 3444185..26a6dc7 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -779,3 +779,11 @@
 # This directory is used for memoryBacking source if configured as file.
 # NOTE: big files will be stored here
 #memory_backing_dir =3D "/var/lib/libvirt/qemu/ram"
+
+# User for the swtpm TPM Emulator
+#
+# Default is 'tss'; this is the same user that tcsd (TrouSerS) installs
+# and uses; alternative is 'root'
+#
+#swtpm_user =3D "tss"
+#swtpm_group =3D "tss"
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index bfbb572..99c37c6 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -159,6 +159,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri=
vileged)
                         "%s/log/libvirt/qemu", LOCALSTATEDIR) < 0)
             goto error;
=20
+        if (virAsprintf(&cfg->swtpmLogDir,
+                        "%s/log/swtpm/libvirt/qemu", LOCALSTATEDIR) < 0)
+            goto error;
+
         if (VIR_STRDUP(cfg->configBaseDir, SYSCONFDIR "/libvirt") < 0)
             goto error;
=20
@@ -166,6 +170,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri=
vileged)
                       "%s/run/libvirt/qemu", LOCALSTATEDIR) < 0)
             goto error;
=20
+        if (virAsprintf(&cfg->swtpmStateDir,
+                       "%s/run/libvirt/qemu/swtpm", LOCALSTATEDIR) < 0)
+            goto error;
+
         if (virAsprintf(&cfg->cacheDir,
                       "%s/cache/libvirt/qemu", LOCALSTATEDIR) < 0)
             goto error;
@@ -186,6 +194,13 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri=
vileged)
             goto error;
         if (virAsprintf(&cfg->memoryBackingDir, "%s/ram", cfg->libDir) < 0)
             goto error;
+        if (virAsprintf(&cfg->swtpmStorageDir, "%s/lib/libvirt/swtpm",
+                        LOCALSTATEDIR) < 0)
+            goto error;
+        if (virGetUserID("tss", &cfg->swtpm_user) < 0)
+            cfg->swtpm_user =3D 0; /* fall back to root */
+        if (virGetGroupID("tss", &cfg->swtpm_group) < 0)
+            cfg->swtpm_group =3D 0; /* fall back to root */
     } else {
         char *rundir;
         char *cachedir;
@@ -199,6 +214,11 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri=
vileged)
             VIR_FREE(cachedir);
             goto error;
         }
+        if (virAsprintf(&cfg->swtpmLogDir,
+                        "%s/qemu/log", cachedir) < 0) {
+            VIR_FREE(cachedir);
+            goto error;
+        }
         if (virAsprintf(&cfg->cacheDir, "%s/qemu/cache", cachedir) < 0) {
             VIR_FREE(cachedir);
             goto error;
@@ -214,6 +234,9 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool priv=
ileged)
         }
         VIR_FREE(rundir);
=20
+        if (virAsprintf(&cfg->swtpmStateDir, "%s/swtpm", cfg->stateDir) < =
0)
+            goto error;
+
         if (!(cfg->configBaseDir =3D virGetUserConfigDirectory()))
             goto error;
=20
@@ -233,6 +256,10 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool pri=
vileged)
             goto error;
         if (virAsprintf(&cfg->memoryBackingDir, "%s/qemu/ram", cfg->config=
BaseDir) < 0)
             goto error;
+        if (virAsprintf(&cfg->swtpmStorageDir, "%s/qemu/swtpm", cfg->confi=
gBaseDir) < 0)
+            goto error;
+        cfg->swtpm_user =3D -1;
+        cfg->swtpm_group =3D -1;
     }
=20
     if (virAsprintf(&cfg->configDir, "%s/qemu", cfg->configBaseDir) < 0)
@@ -351,7 +378,9 @@ static void virQEMUDriverConfigDispose(void *obj)
     VIR_FREE(cfg->configDir);
     VIR_FREE(cfg->autostartDir);
     VIR_FREE(cfg->logDir);
+    VIR_FREE(cfg->swtpmLogDir);
     VIR_FREE(cfg->stateDir);
+    VIR_FREE(cfg->swtpmStateDir);
=20
     VIR_FREE(cfg->libDir);
     VIR_FREE(cfg->cacheDir);
@@ -400,6 +429,7 @@ static void virQEMUDriverConfigDispose(void *obj)
     virFirmwareFreeList(cfg->firmwares, cfg->nfirmwares);
=20
     VIR_FREE(cfg->memoryBackingDir);
+    VIR_FREE(cfg->swtpmStorageDir);
 }
=20
=20
@@ -471,6 +501,7 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr =
cfg,
     size_t i, j;
     char *stdioHandler =3D NULL;
     char *user =3D NULL, *group =3D NULL;
+    char *swtpm_user =3D NULL, *swtpm_group =3D NULL;
     char **controllers =3D NULL;
     char **hugetlbfs =3D NULL;
     char **nvram =3D NULL;
@@ -907,6 +938,16 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr=
 cfg,
     if (virConfGetValueString(conf, "memory_backing_dir", &cfg->memoryBack=
ingDir) < 0)
         goto cleanup;
=20
+    if (virConfGetValueString(conf, "swtpm_user", &swtpm_user) < 0)
+        goto cleanup;
+    if (swtpm_user && virGetUserID(swtpm_user, &cfg->swtpm_user) < 0)
+        goto cleanup;
+
+    if (virConfGetValueString(conf, "swtpm_group", &swtpm_group) < 0)
+        goto cleanup;
+    if (swtpm_group && virGetGroupID(swtpm_group, &cfg->swtpm_group) < 0)
+        goto cleanup;
+
     ret =3D 0;
=20
  cleanup:
@@ -917,6 +958,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr =
cfg,
     VIR_FREE(corestr);
     VIR_FREE(user);
     VIR_FREE(group);
+    VIR_FREE(swtpm_user);
+    VIR_FREE(swtpm_group);
     virConfFree(conf);
     return ret;
 }
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index e1ad546..19dc0bc 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -102,7 +102,9 @@ struct _virQEMUDriverConfig {
     char *configDir;
     char *autostartDir;
     char *logDir;
+    char *swtpmLogDir;
     char *stateDir;
+    char *swtpmStateDir;
     /* These two directories are ones QEMU processes use (so must match
      * the QEMU user/group */
     char *libDir;
@@ -111,6 +113,7 @@ struct _virQEMUDriverConfig {
     char *snapshotDir;
     char *channelTargetDir;
     char *nvramDir;
+    char *swtpmStorageDir;
=20
     char *defaultTLSx509certdir;
     bool checkdefaultTLSx509certdir;
@@ -206,6 +209,9 @@ struct _virQEMUDriverConfig {
=20
     bool vxhsTLS;
     char *vxhsTLSx509certdir;
+
+    uid_t swtpm_user;
+    gid_t swtpm_group;
 };
=20
 /* Main driver state */
diff --git a/src/qemu/test_libvirtd_qemu.aug.in b/src/qemu/test_libvirtd_qe=
mu.aug.in
index 688e5b9..6d6e1d4 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -100,3 +100,5 @@ module Test_libvirtd_qemu =3D
     { "1" =3D "mount" }
 }
 { "memory_backing_dir" =3D "/var/lib/libvirt/qemu/ram" }
+{ "swtpm_user" =3D "tss" }
+{ "swtpm_group" =3D "tss" }
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:59 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465432939630.2361819135363;
 Fri, 4 May 2018 13:23:52 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id F37A73002475;
	Fri,  4 May 2018 20:23:51 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id C2EA060F9B;
	Fri,  4 May 2018 20:23:51 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 7CD284CAAF;
	Fri,  4 May 2018 20:23:51 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLtHk013750 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:55 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 5211A17F3F; Fri,  4 May 2018 20:21:55 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 47BED60930
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:52 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 4179C30016FB
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:50 +0000 (UTC)
Received: from pps.filterd (m0098421.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KFkur056230
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:49 -0400
Received: from e38.co.us.ibm.com (e38.co.us.ibm.com [32.97.110.159])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hrwnx9qf6-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:49 -0400
Received: from localhost
	by e38.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:48 -0600
Received: from b03cxnp08027.gho.boulder.ibm.com (9.17.130.19)
	by e38.co.us.ibm.com (192.168.1.138) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:46 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLkfH10944850; Fri, 4 May 2018 13:21:46 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 5EE42136048;
	Fri,  4 May 2018 14:21:46 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 07500136043;
	Fri,  4 May 2018 14:21:45 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:20 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0028-0000-0000-0000098D2E55
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027521; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:47
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0029-0000-0000-00003AA9743A
Message-Id: <1525465285-14102-10-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=4 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.45]); Fri, 04 May 2018 20:21:50 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Fri, 04 May 2018 20:21:50 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 09/14] qemu: Implement a layer for external
	devices like tpm-emulator
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]);
 Fri, 04 May 2018 20:23:52 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Implement a layer for starting and stopping of external devices.
The tpm-emulator is the only user of this layer.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/qemu/Makefile.inc.am  |   2 +
 src/qemu/qemu_extdevice.c | 300 ++++++++++++++++++++++++++++++++++++++++++=
++++
 src/qemu/qemu_extdevice.h |  43 +++++++
 src/qemu/qemu_process.c   |  13 ++
 4 files changed, 358 insertions(+)
 create mode 100644 src/qemu/qemu_extdevice.c
 create mode 100644 src/qemu/qemu_extdevice.h

diff --git a/src/qemu/Makefile.inc.am b/src/qemu/Makefile.inc.am
index 63e7c87..d16e880 100644
--- a/src/qemu/Makefile.inc.am
+++ b/src/qemu/Makefile.inc.am
@@ -19,6 +19,8 @@ QEMU_DRIVER_SOURCES =3D \
 	qemu/qemu_domain_address.h \
 	qemu/qemu_cgroup.c \
 	qemu/qemu_cgroup.h \
+	qemu/qemu_extdevice.c \
+	qemu/qemu_extdevice.h \
 	qemu/qemu_hostdev.c \
 	qemu/qemu_hostdev.h \
 	qemu/qemu_hotplug.c \
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
new file mode 100644
index 0000000..f3f337d
--- /dev/null
+++ b/src/qemu/qemu_extdevice.c
@@ -0,0 +1,300 @@
+/*
+ * qemu_extdevice.c: QEMU external devices support
+ *
+ * Copyright (C) 2014, 2018 IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Stefan Berger <stefanb@linux.vnet.ibm.com>
+ */
+
+#include <config.h>
+
+#include "qemu_extdevice.h"
+#include "qemu_domain.h"
+
+#include "viralloc.h"
+#include "virlog.h"
+#include "virstring.h"
+#include "virtime.h"
+#include "virtpm.h"
+
+#define VIR_FROM_THIS VIR_FROM_QEMU
+
+VIR_LOG_INIT("qemu.qemu_extdevice")
+
+static int
+qemuExtDeviceLogCommand(qemuDomainLogContextPtr logCtxt,
+                        virCommandPtr cmd,
+                        const char *info)
+{
+    int ret =3D -1;
+    char *timestamp =3D NULL;
+    char *logline =3D NULL;
+    int logFD;
+
+    logFD =3D qemuDomainLogContextGetWriteFD(logCtxt);
+
+    if ((timestamp =3D virTimeStringNow()) =3D=3D NULL)
+        goto cleanup;
+
+    if (virAsprintf(&logline, "%s: Starting external device: %s\n",
+                    timestamp, info) < 0)
+        goto cleanup;
+
+    if (safewrite(logFD, logline, strlen(logline)) < 0)
+        goto cleanup;
+
+    virCommandWriteArgLog(cmd, logFD);
+
+    ret =3D 0;
+
+ cleanup:
+    VIR_FREE(timestamp);
+    VIR_FREE(logline);
+
+    return ret;
+}
+
+
+static int
+qemuExtTPMInitPaths(virQEMUDriverPtr driver,
+                    virDomainDefPtr def)
+{
+    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
+    int ret =3D 0;
+
+    switch (def->tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        ret =3D virTPMEmulatorInitPaths(def->tpm, cfg->swtpmStorageDir,
+                                      def->uuid);
+        break;
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
+    virObjectUnref(cfg);
+
+    return ret;
+}
+
+
+static int
+qemuExtTPMPrepareHost(virQEMUDriverPtr driver,
+                      virDomainDefPtr def)
+{
+    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
+    int ret =3D 0;
+    char *shortName =3D NULL;
+
+    switch (def->tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        shortName =3D virDomainDefGetShortName(def);
+        if (!shortName)
+            goto cleanup;
+
+        ret =3D virTPMEmulatorPrepareHost(def->tpm, cfg->swtpmLogDir,
+                                        def->name, cfg->swtpm_user,
+                                        cfg->swtpm_group,
+                                        cfg->swtpmStateDir, cfg->user,
+                                        shortName);
+        break;
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
+cleanup:
+    VIR_FREE(shortName);
+    virObjectUnref(cfg);
+
+    return ret;
+}
+
+
+/*
+ * qemuExtTPMStartEmulator:
+ *
+ * @driver: QEMU driver
+ * @def: domain definition
+ * @logCtxt: log context
+ *
+ * Start the external TPM Emulator:
+ * - have the command line built
+ * - start the external TPM Emulator and sync with it before QEMU start
+ */
+static int
+qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
+                        virDomainDefPtr def,
+                        qemuDomainLogContextPtr logCtxt)
+{
+    int ret =3D -1;
+    virCommandPtr cmd =3D NULL;
+    int exitstatus;
+    char *errbuf =3D NULL;
+    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
+    virDomainTPMDefPtr tpm =3D def->tpm;
+    char *shortName =3D virDomainDefGetShortName(def);
+
+    if (!shortName)
+        return -1;
+
+    /* stop any left-over TPM emulator for this VM */
+    virTPMEmulatorStop(cfg->swtpmStateDir, shortName);
+
+    if (!(cmd =3D virTPMEmulatorBuildCommand(tpm, def->name, def->uuid,
+                                           driver->privileged,
+                                           cfg->swtpm_user,
+                                           cfg->swtpm_group)))
+        goto cleanup;
+
+    if (qemuExtDeviceLogCommand(logCtxt, cmd, "TPM Emulator") < 0)
+        goto cleanup;
+
+    virCommandSetErrorBuffer(cmd, &errbuf);
+
+    if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) {
+        VIR_ERROR("Could not start 'swtpm'. exitstatus: %d\n"
+                  "stderr: %s\n", exitstatus, errbuf);
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Could not start 'swtpm'. exitstatus: %d, "
+                       "error: %s"), exitstatus, errbuf);
+        goto error;
+    }
+
+    ret =3D 0;
+
+ cleanup:
+    VIR_FREE(shortName);
+    VIR_FREE(errbuf);
+    virCommandFree(cmd);
+
+    virObjectUnref(cfg);
+
+    return ret;
+
+ error:
+    VIR_FREE(tpm->data.emulator.source.data.nix.path);
+
+    goto cleanup;
+}
+
+static int
+qemuExtTPMStart(virQEMUDriverPtr driver,
+                virDomainDefPtr def,
+                qemuDomainLogContextPtr logCtxt)
+{
+    int ret =3D 0;
+    virDomainTPMDefPtr tpm =3D def->tpm;
+
+    switch (tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        ret =3D qemuExtTPMStartEmulator(driver, def, logCtxt);
+        break;
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
+    return ret;
+}
+
+static void
+qemuExtTPMStop(virQEMUDriverPtr driver, virDomainDefPtr def)
+{
+    virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
+    char *shortName =3D NULL;
+
+    switch (def->tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        shortName =3D virDomainDefGetShortName(def);
+        if (!shortName)
+            goto cleanup;
+
+        virTPMEmulatorStop(cfg->swtpmStateDir, shortName);
+        break;
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
+cleanup:
+    VIR_FREE(shortName);
+    virObjectUnref(cfg);
+}
+
+/*
+ * qemuExtDevicesInitPaths:
+ *
+ * @driver: QEMU driver
+ * @def: domain definition
+ *
+ * Initialize paths of external devices so that it is known where state is
+ * stored and we can remove directories and files in case of domain XML
+ * changes.
+ */
+int
+qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
+                        virDomainDefPtr def)
+{
+    int ret =3D 0;
+
+    if (def->tpm)
+        ret =3D qemuExtTPMInitPaths(driver, def);
+
+    return ret;
+}
+
+/*
+ * qemuExtDevicesPrepareHost:
+ *
+ * @driver: QEMU driver
+ * @def: domain definition
+ *
+ * Prepare host storage paths for external devices.
+ */
+int
+qemuExtDevicesPrepareHost(virQEMUDriverPtr driver,
+                          virDomainDefPtr def)
+{
+    int ret =3D 0;
+
+    if (def->tpm)
+        ret =3D qemuExtTPMPrepareHost(driver, def);
+
+    return ret;
+}
+
+int
+qemuExtDevicesStart(virQEMUDriverPtr driver,
+                    virDomainDefPtr def,
+                    qemuDomainLogContextPtr logCtxt)
+{
+    int ret =3D 0;
+
+    if (def->tpm)
+        ret =3D qemuExtTPMStart(driver, def, logCtxt);
+
+    return ret;
+}
+
+void
+qemuExtDevicesStop(virQEMUDriverPtr driver,
+                   virDomainDefPtr def)
+{
+     if (def->tpm)
+         qemuExtTPMStop(driver, def);
+}
diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h
new file mode 100644
index 0000000..fd6b630
--- /dev/null
+++ b/src/qemu/qemu_extdevice.h
@@ -0,0 +1,43 @@
+/*
+ * qemu_extdevice.h: QEMU external devices support
+ *
+ * Copyright (C) 2014, 2018 IBM Corporation
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library.  If not, see
+ * <http://www.gnu.org/licenses/>.
+ *
+ * Author: Stefan Berger <stefanb@linux.vnet.ibm.com>
+ */
+#ifndef __QEMU_EXTDEVICE_H__
+# define __QEMU_EXTDEVICE_H__
+
+# include "qemu_conf.h"
+# include "qemu_domain.h"
+
+int qemuExtDevicesInitPaths(virQEMUDriverPtr driver,
+                            virDomainDefPtr def)
+    ATTRIBUTE_RETURN_CHECK;
+
+int qemuExtDevicesPrepareHost(virQEMUDriverPtr driver,
+                              virDomainDefPtr def)
+    ATTRIBUTE_RETURN_CHECK;
+
+int qemuExtDevicesStart(virQEMUDriverPtr driver,
+                        virDomainDefPtr def,
+                        qemuDomainLogContextPtr logCtxt)
+    ATTRIBUTE_RETURN_CHECK;
+
+void qemuExtDevicesStop(virQEMUDriverPtr driver, virDomainDefPtr def);
+
+#endif /* __QEMU_EXTDEVICE_H__ */
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 9233d26..2b07530 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -48,6 +48,7 @@
 #include "qemu_migration_params.h"
 #include "qemu_interface.h"
 #include "qemu_security.h"
+#include "qemu_extdevice.h"
=20
 #include "cpu/cpu.h"
 #include "datatypes.h"
@@ -5872,6 +5873,10 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver,
     if (qemuProcessPrepareHostStorage(driver, vm, flags) < 0)
         goto cleanup;
=20
+    VIR_DEBUG("Preparing external devices");
+    if (qemuExtDevicesPrepareHost(driver, vm->def) < 0)
+        goto cleanup;
+
     ret =3D 0;
  cleanup:
     virObjectUnref(cfg);
@@ -5955,6 +5960,10 @@ qemuProcessLaunch(virConnectPtr conn,
         goto cleanup;
     logfile =3D qemuDomainLogContextGetWriteFD(logCtxt);
=20
+    if (qemuExtDevicesInitPaths(driver, vm->def) < 0 ||
+        qemuExtDevicesStart(driver, vm->def, logCtxt) < 0)
+        goto cleanup;
+
     VIR_DEBUG("Building emulator command line");
     if (!(cmd =3D qemuBuildCommandLine(driver,
                                      qemuDomainLogContextGetManager(logCtx=
t),
@@ -6194,6 +6203,8 @@ qemuProcessLaunch(virConnectPtr conn,
     ret =3D 0;
=20
  cleanup:
+    if (ret)
+        qemuExtDevicesStop(driver, vm->def);
     qemuDomainSecretDestroy(vm);
     virCommandFree(cmd);
     virObjectUnref(logCtxt);
@@ -6614,6 +6625,8 @@ void qemuProcessStop(virQEMUDriverPtr driver,
=20
     qemuDomainCleanupRun(driver, vm);
=20
+    qemuExtDevicesStop(driver, vm->def);
+
     /* Stop autodestroy in case guest is restarted */
     qemuProcessAutoDestroyRemove(driver, vm);
=20
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:59 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465448600972.7775386490313;
 Fri, 4 May 2018 13:24:08 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com
 [10.5.11.25])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 287C481DE7;
	Fri,  4 May 2018 20:24:07 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id EA33E20155E7;
	Fri,  4 May 2018 20:24:06 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9439E180613A;
	Fri,  4 May 2018 20:24:06 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
	[10.5.11.26])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KNCnA013888 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:23:12 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 43B3730012C4; Fri,  4 May 2018 20:23:12 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx11.extmail.prod.ext.phx2.redhat.com
	[10.5.110.40])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3874930012C2
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:23:09 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 4F22A3005157
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:23:08 +0000 (UTC)
Received: from pps.filterd (m0098413.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KJjHp071096
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:23:07 -0400
Received: from e33.co.us.ibm.com (e33.co.us.ibm.com [32.97.110.151])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2hrv0qdsuv-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:23:07 -0400
Received: from localhost
	by e33.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:23:06 -0600
Received: from b03cxnp08025.gho.boulder.ibm.com (9.17.130.17)
	by e33.co.us.ibm.com (192.168.1.133) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:23:03 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLjeJ21234110; Fri, 4 May 2018 13:21:47 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id CCB21136048;
	Fri,  4 May 2018 14:21:47 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 7545C136043;
	Fri,  4 May 2018 14:21:47 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:21 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0008-0000-0000-000009B68470
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806656;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:23:04
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0009-0000-0000-0000471A9C8E
Message-Id: <1525465285-14102-11-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.40]); Fri, 04 May 2018 20:23:08 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.40]);
	Fri, 04 May 2018 20:23:08 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.40
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 10/14] qemu: Add support for external swtpm TPM
	emulator
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Fri, 04 May 2018 20:24:07 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model=3D'tpm-tis'>
   <backend type=3D'emulator'/>
 </tpm>

The XML will currently only start a TPM 1.2.

Upon first start, libvirt will run `swtpm_setup`, which will simulate the
manufacturing of a TPM and create certificates for it and write them into
NVRAM locations of the emulated TPM.

After that libvirt starts the swtpm TPM emulator using the `swtpm` executab=
le.

Once the VM terminates, libvirt uses the swtpm_ioctl executable to graceful=
ly
shut down the `swtpm` in case it is still running (QEMU did not send shutdo=
wn)
or clean up the socket file.

The above mentioned executables must be found in the PATH.

The executables can either be run as root or started as root and switch to
the tss user. The requirement for the tss user comes through 'tcsd', which
is used for the simulation of the manufacturing. Which user is used can be
configured through qemu.conf. By default 'tss' is used.

The swtpm writes out state into files. The state is kept in /var/lib/libvir=
t/swtpm:

[root@localhost libvirt]# ls -lZ | grep swtpm

drwx--x--x. 7 root root unconfined_u:object_r:virt_var_lib_t:s0 4096 Apr  5=
 16:22 swtpm

The directory /var/lib/libvirt/swtpm maintains per-TPM state directories.
(Using the uuid of the VM for that since the name can change per VM renamin=
g but
 we need a stable directory name.)

[root@localhost swtpm]# ls -lZ
total 4
drwx------. 2 tss  tss  system_u:object_r:virt_var_lib_t:s0          4096 A=
pr  5 16:46 485d0004-a48f-436a-8457-8a3b73e28568

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28568]# ls -lZ
total 4
drwx------. 2 tss tss system_u:object_r:virt_var_lib_t:s0 4096 Apr 10 21:34=
 tpm1.2

[root@localhost tpm1.2]# ls -lZ
total 8
-rw-r--r--. 1 tss tss system_u:object_r:virt_var_lib_t:s0 3648 Apr  5 16:46=
 tpm-00.permall

The directory /var/run/libvirt/qemu/swtpm/ hosts the swtpm.sock that
QEMU uses to communicate with the swtpm:

root@localhost domain-1-testvm]# ls -lZ
total 0
srw-------. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c597,c632  0 Apr=
  6 10:24 1-testvm-swtpm.sock

The logfile for the swtpm is in /var/log/swtpm/libvirt/qemu:

[root@localhost-3 qemu]# ls -lZ
total 4
-rw-------. 1 tss tss unconfined_u:object_r:var_log_t:s0 2199 Apr  6 14:01 =
testvm-swtpm.log

The processes are labeled as follows:

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep swtpm=
 | grep socket | grep -v grep
system_u:system_r:virtd_t:s0-s0:c0.c1023 tss 18697 0.0  0.0 28172 3892 ?   =
    Ss   16:46   0:00 /usr/bin/swtpm socket --daemon --ctrl type=3Dunixio,p=
ath=3D/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.sock,mode=3D0600 --tpmstat=
e dir=3D/var/lib/libvirt/swtpm/485d0004-a48f-436a-8457-8a3b73e28568/tpm1.2 =
--log file=3D/var/log/swtpm/libvirt/qemu/testvm-swtpm.log

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep qemu =
| grep tpm | grep -v grep
system_u:system_r:svirt_t:s0:c413,c430 qemu 18702 2.5  0.0 3036052 48676 ? =
    Sl   16:46   0:08 /bin/qemu-system-x86_64 [...]

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: John Ferlan <jferlan@redhat.com>
---
 src/conf/domain_conf.c   | 22 ++++++++++++++++++++++
 src/libvirt_private.syms |  1 +
 src/qemu/qemu_command.c  | 39 +++++++++++++++++++++++++++++++++------
 src/qemu/qemu_domain.c   |  3 +++
 src/qemu/qemu_driver.c   |  7 +++++++
 5 files changed, 66 insertions(+), 6 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index d9945dd..a42574a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2593,6 +2593,24 @@ void virDomainHostdevDefClear(virDomainHostdevDefPtr=
 def)
     }
 }
=20
+void virDomainTPMDelete(virDomainDefPtr def)
+{
+    virDomainTPMDefPtr tpm =3D def->tpm;
+
+    if (!tpm)
+        return;
+
+    switch (tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        virTPMDeleteEmulatorStorage(tpm);
+        break;
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        /* nothing to do */
+        break;
+    }
+}
+
 void virDomainTPMDefFree(virDomainTPMDefPtr def)
 {
     if (!def)
@@ -27614,6 +27632,10 @@ virDomainDeleteConfig(const char *configDir,
         goto cleanup;
     }
=20
+    /* in case domain is NOT running, remove any TPM storage */
+    if (!dom->persistent)
+        virDomainTPMDelete(dom->def);
+
     ret =3D 0;
=20
  cleanup:
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index eebfc72..e533b95 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -559,6 +559,7 @@ virDomainTimerTrackTypeToString;
 virDomainTPMBackendTypeFromString;
 virDomainTPMBackendTypeToString;
 virDomainTPMDefFree;
+virDomainTPMDelete;
 virDomainTPMModelTypeFromString;
 virDomainTPMModelTypeToString;
 virDomainUSBDeviceDefForeach;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index bb330bf..c02b783 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9425,21 +9425,31 @@ qemuBuildTPMDevStr(const virDomainDef *def,
=20
=20
 static char *
-qemuBuildTPMBackendStr(const virDomainDef *def,
+qemuBuildTPMBackendStr(virDomainDef *def,
                        virCommandPtr cmd,
                        virQEMUCapsPtr qemuCaps,
                        int *tpmfd,
-                       int *cancelfd)
+                       int *cancelfd,
+                       char **chardev)
 {
-    const virDomainTPMDef *tpm =3D def->tpm;
+    virDomainTPMDef *tpm =3D def->tpm;
     virBuffer buf =3D VIR_BUFFER_INITIALIZER;
-    const char *type =3D virDomainTPMBackendTypeToString(tpm->type);
+    const char *type =3D NULL;
     char *cancel_path =3D NULL, *devset =3D NULL;
     const char *tpmdev;
=20
     *tpmfd =3D -1;
     *cancelfd =3D -1;
=20
+    switch (tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        type =3D virDomainTPMBackendTypeToString(tpm->type);
+        break;
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        goto error;
+    }
+
     virBufferAsprintf(&buf, "%s,id=3Dtpm-%s", type, tpm->info.alias);
=20
     switch (tpm->type) {
@@ -9491,6 +9501,16 @@ qemuBuildTPMBackendStr(const virDomainDef *def,
=20
         break;
     case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_DEVICE_TPM_EMULATOR))
+            goto no_support;
+
+        virBufferAddLit(&buf, ",chardev=3Dchrtpm");
+
+        if (virAsprintf(chardev, "socket,id=3Dchrtpm,path=3D%s",
+                        tpm->data.emulator.source.data.nix.path) < 0)
+            goto error;
+
+        break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
         goto error;
     }
@@ -9517,10 +9537,11 @@ qemuBuildTPMBackendStr(const virDomainDef *def,
=20
 static int
 qemuBuildTPMCommandLine(virCommandPtr cmd,
-                        const virDomainDef *def,
+                        virDomainDef *def,
                         virQEMUCapsPtr qemuCaps)
 {
     char *optstr;
+    char *chardev =3D NULL;
     int tpmfd =3D -1;
     int cancelfd =3D -1;
     char *fdset;
@@ -9529,12 +9550,18 @@ qemuBuildTPMCommandLine(virCommandPtr cmd,
         return 0;
=20
     if (!(optstr =3D qemuBuildTPMBackendStr(def, cmd, qemuCaps,
-                                          &tpmfd, &cancelfd)))
+                                          &tpmfd, &cancelfd,
+                                          &chardev)))
         return -1;
=20
     virCommandAddArgList(cmd, "-tpmdev", optstr, NULL);
     VIR_FREE(optstr);
=20
+    if (chardev) {
+        virCommandAddArgList(cmd, "-chardev", chardev, NULL);
+        VIR_FREE(chardev);
+    }
+
     if (tpmfd >=3D 0) {
         fdset =3D qemuVirCommandGetFDSet(cmd, tpmfd);
         if (!fdset)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index d3eac43..57a82dc 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -34,6 +34,7 @@
 #include "qemu_migration.h"
 #include "qemu_migration_params.h"
 #include "qemu_security.h"
+#include "qemu_extdevice.h"
 #include "viralloc.h"
 #include "virlog.h"
 #include "virerror.h"
@@ -7166,6 +7167,8 @@ qemuDomainRemoveInactive(virQEMUDriverPtr driver,
             VIR_WARN("unable to remove snapshot directory %s", snapDir);
         VIR_FREE(snapDir);
     }
+    if (!qemuExtDevicesInitPaths(driver, vm->def))
+        virDomainTPMDelete(vm->def);
=20
     virObjectRef(vm);
=20
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 9ce97ea..f496f89 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -60,6 +60,7 @@
 #include "qemu_migration_params.h"
 #include "qemu_blockjob.h"
 #include "qemu_security.h"
+#include "qemu_extdevice.h"
=20
 #include "virerror.h"
 #include "virlog.h"
@@ -7349,6 +7350,9 @@ qemuDomainCreateWithFlags(virDomainPtr dom, unsigned =
int flags)
         goto endjob;
     }
=20
+    if (qemuExtDevicesInitPaths(driver, vm->def) < 0)
+        goto endjob;
+
     if (qemuDomainObjStart(dom->conn, driver, vm, flags,
                            QEMU_ASYNC_JOB_START) < 0)
         goto endjob;
@@ -7494,6 +7498,9 @@ qemuDomainUndefineFlags(virDomainPtr dom,
     if (!(vm =3D qemuDomObjFromDomain(dom)))
         return -1;
=20
+    if (qemuExtDevicesInitPaths(driver, vm->def) < 0)
+        return -1;
+
     cfg =3D virQEMUDriverGetConfig(driver);
=20
     if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0)
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:59 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465428242833.6065875705807;
 Fri, 4 May 2018 13:23:48 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
 [10.5.11.15])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 145FDC03D468;
	Fri,  4 May 2018 20:23:47 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id D19295D6A5;
	Fri,  4 May 2018 20:23:46 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 91CDE4CAA1;
	Fri,  4 May 2018 20:23:46 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLscV013745 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:54 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id BBE685D6A6; Fri,  4 May 2018 20:21:54 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx08.extmail.prod.ext.phx2.redhat.com
	[10.5.110.32])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B4BE55D6A5
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:54 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id ACF86C057F84
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:53 +0000 (UTC)
Received: from pps.filterd (m0098419.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KEJIH082986
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:53 -0400
Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2hrs4q5e1b-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:52 -0400
Received: from localhost
	by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:52 -0600
Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20)
	by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:49 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLnvI11207110; Fri, 4 May 2018 13:21:49 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 3B177136040;
	Fri,  4 May 2018 14:21:49 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id E326D136049;
	Fri,  4 May 2018 14:21:48 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:22 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-8235-0000-0000-00000D6D2F61
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:51
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-8236-0000-0000-000040C9ED62
Message-Id: <1525465285-14102-12-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.32]); Fri, 04 May 2018 20:21:53 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.32]);
	Fri, 04 May 2018 20:21:53 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.32
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 11/14] tests: Add test cases for external swtpm
	TPM emulator
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]);
 Fri, 04 May 2018 20:23:47 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

This patch adds extensions to existing test cases and specific test cases
for the tpm-emulator.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 tests/qemuxml2argvdata/tpm-emulator.args | 27 +++++++++++++++++++++++++++
 tests/qemuxml2argvtest.c                 | 15 +++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator.args

diff --git a/tests/qemuxml2argvdata/tpm-emulator.args b/tests/qemuxml2argvd=
ata/tpm-emulator.args
new file mode 100644
index 0000000..5970928
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator.args
@@ -0,0 +1,27 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/home/test \
+USER=3Dtest \
+LOGNAME=3Dtest \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-x86_64 \
+-name TPM-VM \
+-S \
+-machine pc-i440fx-2.12,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \
+-m 2048 \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 11d7cd22-da89-3094-6212-079a48a309a1 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,\
+path=3D/tmp/lib/domain--1-TPM-VM/monitor.sock,server,nowait \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot order=3Dc,menu=3Don \
+-usb \
+-tpmdev emulator,id=3Dtpm-tpm0,chardev=3Dchrtpm \
+-chardev socket,id=3Dchrtpm,path=3D/dev/test \
+-device tpm-tis,tpmdev=3Dtpm-tpm0,id=3Dtpm0 \
+-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index 8ef7701..a80e3f2 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -532,6 +532,19 @@ testCompareXMLToArgv(const void *data)
         }
     }
=20
+    if (vm->def->tpm) {
+       switch (vm->def->tpm->type) {
+       case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+           if (VIR_STRDUP(vm->def->tpm->data.emulator.source.data.file.pat=
h,
+                          "/dev/test") < 0)
+               goto cleanup;
+           break;
+       case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+       case VIR_DOMAIN_TPM_TYPE_LAST:
+           break;
+       }
+    }
+
     if (!(cmd =3D qemuProcessCreatePretendCmd(&driver, vm, migrateURI,
                                             (flags & FLAG_FIPS), false,
                                             VIR_QEMU_PROCESS_START_COLD)))=
 {
@@ -1989,6 +2002,8 @@ mymain(void)
             QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE_TPM_CRB);
     DO_TEST_PARSE_ERROR("tpm-no-backend-invalid",
                         QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE=
_TPM_TIS);
+    DO_TEST("tpm-emulator",
+            QEMU_CAPS_DEVICE_TPM_EMULATOR, QEMU_CAPS_DEVICE_TPM_TIS);
=20
=20
     DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE);
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:59 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465335940261.82220034775514;
 Fri, 4 May 2018 13:22:15 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
 [10.5.11.26])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id AB4F63002386;
	Fri,  4 May 2018 20:22:14 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 67FBA30012D1;
	Fri,  4 May 2018 20:22:14 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id E43AF180613A;
	Fri,  4 May 2018 20:22:13 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLvLa013764 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:57 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 101EE60CD3; Fri,  4 May 2018 20:21:57 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx14.extmail.prod.ext.phx2.redhat.com
	[10.5.110.43])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0771860F9B
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:57 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id C8AF630001DF
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:55 +0000 (UTC)
Received: from pps.filterd (m0098420.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KEKwO068639
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:55 -0400
Received: from e31.co.us.ibm.com (e31.co.us.ibm.com [32.97.110.149])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2hrsab3cd9-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:54 -0400
Received: from localhost
	by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:54 -0600
Received: from b03cxnp08028.gho.boulder.ibm.com (9.17.130.20)
	by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:51 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLoTH11010480; Fri, 4 May 2018 13:21:50 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id A91B3136040;
	Fri,  4 May 2018 14:21:50 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 50F7813603C;
	Fri,  4 May 2018 14:21:50 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:23 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-8235-0000-0000-00000D6D2F63
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:52
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-8236-0000-0000-000040C9ED67
Message-Id: <1525465285-14102-13-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.43]); Fri, 04 May 2018 20:21:56 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.43]);
	Fri, 04 May 2018 20:21:56 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.43
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 12/14] security: Label the external swtpm with
	SELinux labels
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.47]);
 Fri, 04 May 2018 20:22:15 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

In this patch we label the swtpm process with SELinux labels. We give it the
same label as the QEMU process has. We label its state directory and files
as well.

The file and process labels now look as follows:

Directory: /var/lib/libvirt/swtpm

[root@localhost swtpm]# ls -lZ
total 4
rwx------. 2 tss  tss  system_u:object_r:svirt_image_t:s0:c254,c932 4096 Ap=
r  5 16:46 testvm

[root@localhost testvm]# ls -lZ
total 8
-rw-r--r--. 1 tss tss system_u:object_r:svirt_image_t:s0:c254,c932 3648 Apr=
  5 16:46 tpm-00.permall

The log in /var/log/swtpm/libvirt/qemu is labeled as follows:

-rw-r--r--. 1 tss tss system_u:object_r:svirt_image_t:s0:c254,c932 2237 Apr=
  5 16:46 vtpm.log

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep swtpm=
 | grep ctrl | grep -v grep
system_u:system_r:svirt_t:s0:c254,c932 tss 25664 0.0  0.0 28172  3892 ?    =
    Ss   16:57   0:00 /usr/bin/swtpm socket --daemon --ctrl type=3Dunixio,p=
ath=3D/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=3D0660 --tpmstate =
dir=3D/var/lib/libvirt/swtpm/testvm/tpm1.2 --log file=3D/var/log/swtpm/libv=
irt/qemu/testvm-swtpm.log

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep qemu =
| grep tpm | grep -v grep
system_u:system_r:svirt_t:s0:c254,c932 qemu 25669 99.0  0.0 3096704 48500 ?=
    Sl   16:57   3:28 /bin/qemu-system-x86_64 [..]

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/libvirt_private.syms        |  1 +
 src/qemu/qemu_extdevice.c       | 22 ++++++++++-
 src/security/security_driver.h  |  4 ++
 src/security/security_manager.c | 17 +++++++++
 src/security/security_manager.h |  3 ++
 src/security/security_selinux.c | 82 +++++++++++++++++++++++++++++++++++++=
++++
 src/security/security_stack.c   | 19 ++++++++++
 7 files changed, 147 insertions(+), 1 deletion(-)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index e533b95..79b8afa 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1334,6 +1334,7 @@ virSecurityManagerSetProcessLabel;
 virSecurityManagerSetSavedStateLabel;
 virSecurityManagerSetSocketLabel;
 virSecurityManagerSetTapFDLabel;
+virSecurityManagerSetTPMLabels;
 virSecurityManagerStackAddNested;
 virSecurityManagerTransactionAbort;
 virSecurityManagerTransactionCommit;
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index f3f337d..eb7220d 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -166,12 +166,32 @@ qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
=20
     virCommandSetErrorBuffer(cmd, &errbuf);
=20
-    if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) {
+    if (virSecurityManagerSetTPMLabels(driver->securityManager,
+                                       def) < 0)
+        goto error;
+
+    if (virSecurityManagerSetChildProcessLabel(driver->securityManager,
+                                               def, cmd) < 0)
+        goto error;
+
+    if (virSecurityManagerPreFork(driver->securityManager) < 0)
+        goto error;
+
+    /* make sure we run this with the appropriate user */
+    virCommandSetUID(cmd, cfg->swtpm_user);
+    virCommandSetGID(cmd, cfg->swtpm_group);
+
+    ret =3D virCommandRun(cmd, &exitstatus);
+
+    virSecurityManagerPostFork(driver->securityManager);
+
+    if (ret < 0 || exitstatus !=3D 0) {
         VIR_ERROR("Could not start 'swtpm'. exitstatus: %d\n"
                   "stderr: %s\n", exitstatus, errbuf);
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("Could not start 'swtpm'. exitstatus: %d, "
                        "error: %s"), exitstatus, errbuf);
+        ret =3D -1;
         goto error;
     }
=20
diff --git a/src/security/security_driver.h b/src/security/security_driver.h
index 95e7c4d..4aa415f 100644
--- a/src/security/security_driver.h
+++ b/src/security/security_driver.h
@@ -149,6 +149,8 @@ typedef int (*virSecurityDomainRestoreChardevLabel) (vi=
rSecurityManagerPtr mgr,
                                                      virDomainDefPtr def,
                                                      virDomainChrSourceDef=
Ptr dev_source,
                                                      bool chardevStdioLogd=
);
+typedef int (*virSecurityDomainSetTPMLabels) (virSecurityManagerPtr mgr,
+                                              virDomainDefPtr def);
=20
=20
 struct _virSecurityDriver {
@@ -213,6 +215,8 @@ struct _virSecurityDriver {
=20
     virSecurityDomainSetChardevLabel domainSetSecurityChardevLabel;
     virSecurityDomainRestoreChardevLabel domainRestoreSecurityChardevLabel;
+
+    virSecurityDomainSetTPMLabels domainSetSecurityTPMLabels;
 };
=20
 virSecurityDriverPtr virSecurityDriverLookup(const char *name,
diff --git a/src/security/security_manager.c b/src/security/security_manage=
r.c
index 71f7f59..48777bb 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -1204,3 +1204,20 @@ virSecurityManagerRestoreChardevLabel(virSecurityMan=
agerPtr mgr,
     virReportUnsupportedError();
     return -1;
 }
+
+
+int virSecurityManagerSetTPMLabels(virSecurityManagerPtr mgr,
+                                   virDomainDefPtr vm)
+{
+    int ret;
+
+    if (mgr->drv->domainSetSecurityTPMLabels) {
+        virObjectLock(mgr);
+        ret =3D mgr->drv->domainSetSecurityTPMLabels(mgr, vm);
+        virObjectUnlock(mgr);
+
+        return ret;
+    }
+
+    return 0;
+}
diff --git a/src/security/security_manager.h b/src/security/security_manage=
r.h
index c36a8b4..671f6a8 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -194,4 +194,7 @@ int virSecurityManagerRestoreChardevLabel(virSecurityMa=
nagerPtr mgr,
                                           virDomainChrSourceDefPtr dev_sou=
rce,
                                           bool chardevStdioLogd);
=20
+int virSecurityManagerSetTPMLabels(virSecurityManagerPtr mgr,
+                                   virDomainDefPtr vm);
+
 #endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 17bc07a..42a940b 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -3047,6 +3047,86 @@ virSecuritySELinuxDomainSetPathLabel(virSecurityMana=
gerPtr mgr,
     return virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagelabel);
 }
=20
+/*
+ * _virSecuritySELinuxSetSecurityFileLabels:
+ *
+ * @mgr: the virSecurityManager
+ * @path: path to a directory or a file
+ * @seclabel: the security label
+ *
+ * Set the file labels on the given path; if the path is a directory
+ * we label all files found there, including the directory itself,
+ * otherwise we just label the file.
+ */
+static int
+_virSecuritySELinuxSetSecurityFileLabels(virSecurityManagerPtr mgr,
+                                         const char *path,
+                                         virSecurityLabelDefPtr seclabel)
+{
+    int ret =3D 0;
+    struct dirent *ent;
+    char *filename =3D NULL;
+    DIR *dir;
+
+    if ((ret =3D virSecuritySELinuxSetFilecon(mgr, path, seclabel->imagela=
bel)))
+        return ret;
+
+    if (virDirOpen(&dir, path) < 0)
+        return 0;
+
+    while ((ret =3D virDirRead(dir, &ent, path)) > 0) {
+        if (ent->d_type !=3D DT_REG)
+            continue;
+
+        if (virAsprintf(&filename, "%s/%s", path, ent->d_name) < 0) {
+            ret =3D -1;
+            break;
+        }
+        ret =3D virSecuritySELinuxSetFilecon(mgr, filename,
+                                           seclabel->imagelabel);
+        VIR_FREE(filename);
+        if (ret)
+            break;
+    }
+    if (ret)
+        virReportSystemError(errno, _("Unable to label files under %s"),
+                             path);
+
+    virDirClose(&dir);
+
+    return ret;
+}
+
+static int
+virSecuritySELinuxSetSecurityTPMLabels(virSecurityManagerPtr mgr,
+                                       virDomainDefPtr def)
+{
+    int ret =3D 0;
+    virSecurityLabelDefPtr seclabel;
+
+    seclabel =3D virDomainDefGetSecurityLabelDef(def, SECURITY_SELINUX_NAM=
E);
+    if (seclabel =3D=3D NULL)
+        return 0;
+
+    switch (def->tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+        break;
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        ret =3D _virSecuritySELinuxSetSecurityFileLabels(
+            mgr, def->tpm->data.emulator.storagepath,
+            seclabel);
+        if (ret =3D=3D 0 && def->tpm->data.emulator.logfile)
+            ret =3D _virSecuritySELinuxSetSecurityFileLabels(
+                mgr, def->tpm->data.emulator.logfile,
+                seclabel);
+        break;
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
+    return ret;
+}
+
 virSecurityDriver virSecurityDriverSELinux =3D {
     .privateDataLen                     =3D sizeof(virSecuritySELinuxData),
     .name                               =3D SECURITY_SELINUX_NAME,
@@ -3106,4 +3186,6 @@ virSecurityDriver virSecurityDriverSELinux =3D {
=20
     .domainSetSecurityChardevLabel      =3D virSecuritySELinuxSetChardevLa=
bel,
     .domainRestoreSecurityChardevLabel  =3D virSecuritySELinuxRestoreChard=
evLabel,
+
+    .domainSetSecurityTPMLabels         =3D virSecuritySELinuxSetSecurityT=
PMLabels,
 };
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 9615f9f..7f10ef0 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -760,6 +760,23 @@ virSecurityStackDomainRestoreChardevLabel(virSecurityM=
anagerPtr mgr,
     return rc;
 }
=20
+static int
+virSecurityStackSetSecurityTPMLabels(virSecurityManagerPtr mgr,
+                                     virDomainDefPtr vm)
+{
+    virSecurityStackDataPtr priv =3D virSecurityManagerGetPrivateData(mgr);
+    virSecurityStackItemPtr item =3D priv->itemsHead;
+    int rc =3D 0;
+
+    for (; item; item =3D item->next) {
+        if (virSecurityManagerSetTPMLabels(item->securityManager,
+                                           vm) < 0)
+            rc =3D -1;
+    }
+
+    return rc;
+}
+
 virSecurityDriver virSecurityDriverStack =3D {
     .privateDataLen                     =3D sizeof(virSecurityStackData),
     .name                               =3D "stack",
@@ -822,4 +839,6 @@ virSecurityDriver virSecurityDriverStack =3D {
=20
     .domainSetSecurityChardevLabel      =3D virSecurityStackDomainSetChard=
evLabel,
     .domainRestoreSecurityChardevLabel  =3D virSecurityStackDomainRestoreC=
hardevLabel,
+
+    .domainSetSecurityTPMLabels         =3D virSecurityStackSetSecurityTPM=
Labels,
 };
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:59 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465437658372.54744767123464;
 Fri, 4 May 2018 13:23:57 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx12.intmail.prod.int.phx2.redhat.com
 [10.5.11.27])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id A104E3002F88;
	Fri,  4 May 2018 20:23:56 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 718C59D7E4;
	Fri,  4 May 2018 20:23:56 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 127A8180BAE5;
	Fri,  4 May 2018 20:23:56 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com
	[10.5.11.24])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KLvIV013769 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:21:57 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id E79FB30012C7; Fri,  4 May 2018 20:21:57 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx18.extmail.prod.ext.phx2.redhat.com
	[10.5.110.47])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id DF4EA30012AA
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:57 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 9CDF63002381
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:56 +0000 (UTC)
Received: from pps.filterd (m0098421.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KFlId056307
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:56 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
	by mx0a-001b2d01.pphosted.com with ESMTP id 2hrwnx9qjh-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:55 -0400
Received: from localhost
	by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:55 -0600
Received: from b03cxnp08026.gho.boulder.ibm.com (9.17.130.18)
	by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:52 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLqdv7012642; Fri, 4 May 2018 13:21:52 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 22DAD136044;
	Fri,  4 May 2018 14:21:52 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id BFB32136040;
	Fri,  4 May 2018 14:21:51 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:24 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0012-0000-0000-000016292AC4
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:53
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0013-0000-0000-00005296C837
Message-Id: <1525465285-14102-14-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=43 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.47]); Fri, 04 May 2018 20:21:56 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.47]);
	Fri, 04 May 2018 20:21:56 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.47
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.24
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 13/14] tpm: Add support for choosing emulation
	of a TPM 2
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.27
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]);
 Fri, 04 May 2018 20:23:57 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

This patch extends the TPM's device XML with TPM 2 support. This only works
for the emulator type backend and looks as follows:

    <tpm model=3D'tpm-tis'>
      <backend type=3D'emulator' tpmversion=3D'2'/>
    </tpm>

The swtpm process now has --tpm2 as an additional parameter:

system_u:system_r:svirt_t:s0:c597,c632 tss 18477 11.8  0.0 28364  3868 ?   =
     Rs   11:13  13:50 /usr/bin/swtpm socket --daemon --ctrl type=3Dunixio,=
path=3D/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=3D0660 --tpmstate=
 dir=3D/var/lib/libvirt/swtpm/testvm/tpm2,mode=3D0640 --log file=3D/var/log=
/swtpm/libvirt/qemu/testvm-swtpm.log --tpm2 --pid file=3D/var/run/libvirt/q=
emu/swtpm/testvm-swtpm.pid

The version of the TPM can be changed and the state of the TPM is preserved.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 docs/formatdomain.html.in                      | 17 +++++-
 docs/schemas/domaincommon.rng                  | 12 ++++
 src/conf/domain_conf.c                         | 21 ++++++-
 src/conf/domain_conf.h                         |  6 ++
 src/util/virtpm.c                              | 79 ++++++++++++++++++++++=
++--
 tests/qemuxml2argvdata/tpm-emulator-tpm2.args  | 27 +++++++++
 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml   | 30 ++++++++++
 tests/qemuxml2argvtest.c                       |  2 +
 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml | 34 +++++++++++
 9 files changed, 221 insertions(+), 7 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.args
 create mode 100644 tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
 create mode 100644 tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index 2a8912f..08df78a 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -7663,7 +7663,7 @@ qemu-kvm -net nic,model=3D? /dev/null
   ...
   &lt;devices&gt;
     &lt;tpm model=3D'tpm-tis'&gt;
-      &lt;backend type=3D'emulator'&gt;
+      &lt;backend type=3D'emulator' tpmversion=3D'2'&gt;
       &lt;/backend&gt;
     &lt;/tpm&gt;
   &lt;/devices&gt;
@@ -7713,6 +7713,21 @@ qemu-kvm -net nic,model=3D? /dev/null
           </dd>
         </dl>
       </dd>
+      <dt><code>tpmversion</code></dt>
+      <dd>
+        <p>
+          The <code>tpmversion</code> attribute indicates the version
+          of the TPM. By default a TPM 1.2 is created. This attribute
+          only works with the <code>emulator</code> backend. The following
+          versions are supported:
+        </p>
+        <ul>
+          <li>'1.2' : creates a TPM 1.2</li>
+          <li>'2' :  creates a TPM 2</li>
+        </ul>
+        Note that once a certain version of a TPM has been created for
+        a guest, the version must not be changed anymore.
+      </dd>
     </dl>
=20
     <h4><a id=3D"elementsNVRAM">NVRAM device</a></h4>
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index c65a9a3..a452a13 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -4143,6 +4143,18 @@
           </attribute>
         </group>
       </choice>
+      <choice>
+        <group>
+          <optional>
+            <attribute name=3D"tpmversion">
+              <choice>
+                <value>1.2</value>
+                <value>2</value>
+              </choice>
+           </attribute>
+          </optional>
+        </group>
+      </choice>
     </element>
   </define>
=20
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index a42574a..c98d26a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -12609,7 +12609,7 @@ virDomainSmartcardDefParseXML(virDomainXMLOptionPtr=
 xmlopt,
  * or like this:
  *
  * <tpm model=3D'tpm-tis'>
- *   <backend type=3D'emulator'/>
+ *   <backend type=3D'emulator' tpmversion=3D'2'/>
  * </tpm>
  */
 static virDomainTPMDefPtr
@@ -12622,6 +12622,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlop=
t,
     char *path =3D NULL;
     char *model =3D NULL;
     char *backend =3D NULL;
+    char *tpmversion =3D NULL;
     virDomainTPMDefPtr def;
     xmlNodePtr save =3D ctxt->node;
     xmlNodePtr *backends =3D NULL;
@@ -12668,6 +12669,20 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlo=
pt,
         goto error;
     }
=20
+    tpmversion =3D virXMLPropString(backends[0], "tpmversion");
+    if (!tpmversion || STREQ(tpmversion, "1.2")) {
+        def->tpmversion =3D VIR_DOMAIN_TPM_VERSION_1_2;
+        /* only TIS available for emulator */
+        if (def->type =3D=3D VIR_DOMAIN_TPM_TYPE_EMULATOR)
+            def->model =3D VIR_DOMAIN_TPM_MODEL_TIS;
+    } else if (STREQ(tpmversion, "2")) {
+        def->tpmversion =3D VIR_DOMAIN_TPM_VERSION_2;
+    } else {
+        virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                       _("Unsupported TPM version '%s'"),
+                       tpmversion);
+    }
+
     switch (def->type) {
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
         path =3D virXPathString("string(./backend/device/@path)", ctxt);
@@ -12692,6 +12707,7 @@ virDomainTPMDefParseXML(virDomainXMLOptionPtr xmlop=
t,
     VIR_FREE(model);
     VIR_FREE(backend);
     VIR_FREE(backends);
+    VIR_FREE(tpmversion);
     ctxt->node =3D save;
     return def;
=20
@@ -24849,6 +24865,9 @@ virDomainTPMDefFormat(virBufferPtr buf,
     virBufferAsprintf(buf, "<backend type=3D'%s'",
                       virDomainTPMBackendTypeToString(def->type));
=20
+    if (def->tpmversion =3D=3D VIR_DOMAIN_TPM_VERSION_2)
+        virBufferAddLit(buf, " tpmversion=3D'2'");
+
     switch (def->type) {
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
         virBufferAddLit(buf, ">\n");
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index c304b08..826ff26 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1291,12 +1291,18 @@ typedef enum {
     VIR_DOMAIN_TPM_TYPE_LAST
 } virDomainTPMBackendType;
=20
+typedef enum {
+    VIR_DOMAIN_TPM_VERSION_1_2,
+    VIR_DOMAIN_TPM_VERSION_2,
+} virDomainTPMVersion;
+
 # define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0"
=20
 struct _virDomainTPMDef {
     virDomainTPMBackendType type;
     virDomainDeviceInfo info;
     virDomainTPMModel model;
+    virDomainTPMVersion tpmversion;
     union {
         struct {
             virDomainChrSourceDef source;
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 76bbb21..0617326 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -52,6 +52,8 @@ static char *swtpm_path;
 static char *swtpm_setup;
 static char *swtpm_ioctl;
=20
+static bool swtpm_supports_tpm2;
+
 /**
  * virTPMCreateCancelPath:
  * @devpath: Path to the TPM device
@@ -96,6 +98,38 @@ virTPMCreateCancelPath(const char *devpath)
 }
=20
 /*
+ * virTPMCheckForTPM2Support
+ *
+ * Check whether swtpm_setup supports TPM 2
+ */
+static void
+virTPMCheckForTPM2Support(void)
+{
+    virCommandPtr cmd;
+    char *help =3D NULL;
+
+    if (!swtpm_setup)
+        return;
+
+    cmd =3D virCommandNew(swtpm_setup);
+    if (!cmd)
+        return;
+
+    virCommandAddArg(cmd, "--help");
+    virCommandSetOutputBuffer(cmd, &help);
+
+    if (virCommandRun(cmd, NULL) < 0)
+        goto cleanup;
+
+    if (strstr(help, "--tpm2"))
+        swtpm_supports_tpm2 =3D true;
+
+ cleanup:
+    virCommandFree(cmd);
+    VIR_FREE(help);
+}
+
+/*
  * virTPMEmulatorInit
  *
  * Initialize the Emulator functions by searching for necessary
@@ -134,6 +168,7 @@ virTPMEmulatorInit(void)
             VIR_FREE(swtpm_setup);
             return -1;
         }
+        virTPMCheckForTPM2Support();
     }
=20
     if (!swtpm_ioctl) {
@@ -160,16 +195,28 @@ virTPMEmulatorInit(void)
  *
  * @swtpmStorageDir: directory for swtpm persistent state
  * @vmname: The name of the VM for which to create the storage
+ * @tpmversion: version of the TPM
  *
  * Create the swtpm's storage path
  */
 static char *
 virTPMCreateEmulatorStoragePath(const char *swtpmStorageDir,
-                                const char *vmname)
+                                const char *vmname,
+                                virDomainTPMVersion tpmversion)
 {
     char *path =3D NULL;
+    const char *dir =3D "";
+
+    switch (tpmversion) {
+    case VIR_DOMAIN_TPM_VERSION_1_2:
+        dir =3D "tpm1.2";
+        break;
+    case VIR_DOMAIN_TPM_VERSION_2:
+        dir =3D "tpm2";
+        break;
+    }
=20
-    ignore_value(virAsprintf(&path, "%s/%s/tpm1.2", swtpmStorageDir, vmnam=
e));
+    ignore_value(virAsprintf(&path, "%s/%s/%s", swtpmStorageDir, vmname, d=
ir));
=20
     return path;
 }
@@ -321,7 +368,8 @@ int virTPMEmulatorInitPaths(virDomainTPMDefPtr tpm,
=20
     VIR_FREE(tpm->data.emulator.storagepath);
     if (!(tpm->data.emulator.storagepath =3D
-            virTPMCreateEmulatorStoragePath(swtpmStorageDir, uuidstr)))
+            virTPMCreateEmulatorStoragePath(swtpmStorageDir, uuidstr,
+                                            tpm->tpmversion)))
         return -1;
=20
     return 0;
@@ -415,6 +463,7 @@ int virTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
  * @swtpm_group: The group id to switch to
  * @logfile: The file to write the log into; it must be writable
  *           for the user given by userid or 'tss'
+ * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
  *
  * Setup the external swtpm by creating endorsement key and
  * certificates for it.
@@ -423,7 +472,8 @@ static int
 virTPMEmulatorRunSetup(const char *storagepath, const char *vmname,
                        const unsigned char *vmuuid, bool privileged,
                        uid_t swtpm_user, gid_t swtpm_group,
-                       const char *logfile)
+                       const char *logfile,
+                       const virDomainTPMVersion tpmversion)
 {
     virCommandPtr cmd =3D NULL;
     int exitstatus;
@@ -452,6 +502,17 @@ virTPMEmulatorRunSetup(const char *storagepath, const =
char *vmname,
     virCommandSetUID(cmd, swtpm_user);
     virCommandSetGID(cmd, swtpm_group);
=20
+    switch (tpmversion) {
+    case VIR_DOMAIN_TPM_VERSION_1_2:
+        break;
+    case VIR_DOMAIN_TPM_VERSION_2:
+        virCommandAddArgList(cmd, "--tpm2", NULL);
+        if (!swtpm_supports_tpm2) {
+            goto cleanup;
+        }
+        break;
+    }
+
     virCommandAddArgList(cmd,
                          "--tpm-state", storagepath,
                          "--vmid", vmid,
@@ -525,7 +586,7 @@ virTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, cons=
t char *vmname,
     if (created &&
         virTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmu=
uid,
                                privileged, swtpm_user, swtpm_group,
-                               tpm->data.emulator.logfile) < 0)
+                               tpm->data.emulator.logfile, tpm->tpmversion=
) < 0)
         goto error;
=20
     unlink(tpm->data.emulator.source.data.nix.path);
@@ -550,6 +611,14 @@ virTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, con=
st char *vmname,
     virCommandSetUID(cmd, swtpm_user);
     virCommandSetGID(cmd, swtpm_group);
=20
+    switch (tpm->tpmversion) {
+    case VIR_DOMAIN_TPM_VERSION_1_2:
+        break;
+    case VIR_DOMAIN_TPM_VERSION_2:
+        virCommandAddArg(cmd, "--tpm2");
+        break;
+    }
+
     return cmd;
=20
  error:
diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2.args b/tests/qemuxml2=
argvdata/tpm-emulator-tpm2.args
new file mode 100644
index 0000000..5970928
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2.args
@@ -0,0 +1,27 @@
+LC_ALL=3DC \
+PATH=3D/bin \
+HOME=3D/home/test \
+USER=3Dtest \
+LOGNAME=3Dtest \
+QEMU_AUDIO_DRV=3Dnone \
+/usr/bin/qemu-system-x86_64 \
+-name TPM-VM \
+-S \
+-machine pc-i440fx-2.12,accel=3Dtcg,usb=3Doff,dump-guest-core=3Doff \
+-m 2048 \
+-smp 1,sockets=3D1,cores=3D1,threads=3D1 \
+-uuid 11d7cd22-da89-3094-6212-079a48a309a1 \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=3Dcharmonitor,\
+path=3D/tmp/lib/domain--1-TPM-VM/monitor.sock,server,nowait \
+-mon chardev=3Dcharmonitor,id=3Dmonitor,mode=3Dcontrol \
+-rtc base=3Dutc \
+-no-shutdown \
+-boot order=3Dc,menu=3Don \
+-usb \
+-tpmdev emulator,id=3Dtpm-tpm0,chardev=3Dchrtpm \
+-chardev socket,id=3Dchrtpm,path=3D/dev/test \
+-device tpm-tis,tpmdev=3Dtpm-tpm0,id=3Dtpm0 \
+-device virtio-balloon-pci,id=3Dballoon0,bus=3Dpci.0,addr=3D0x3
diff --git a/tests/qemuxml2argvdata/tpm-emulator-tpm2.xml b/tests/qemuxml2a=
rgvdata/tpm-emulator-tpm2.xml
new file mode 100644
index 0000000..a1f39ea
--- /dev/null
+++ b/tests/qemuxml2argvdata/tpm-emulator-tpm2.xml
@@ -0,0 +1,30 @@
+<domain type=3D'qemu'>
+  <name>TPM-VM</name>
+  <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+  <memory unit=3D'KiB'>2097152</memory>
+  <currentMemory unit=3D'KiB'>512288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.12'>hvm</type>
+    <boot dev=3D'hd'/>
+    <bootmenu enable=3D'yes'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0'/>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <tpm model=3D'tpm-tis'>
+      <backend type=3D'emulator' tpmversion=3D'2'/>
+    </tpm>
+    <memballoon model=3D'virtio'/>
+  </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index a80e3f2..9a0910e 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -2004,6 +2004,8 @@ mymain(void)
                         QEMU_CAPS_DEVICE_TPM_PASSTHROUGH, QEMU_CAPS_DEVICE=
_TPM_TIS);
     DO_TEST("tpm-emulator",
             QEMU_CAPS_DEVICE_TPM_EMULATOR, QEMU_CAPS_DEVICE_TPM_TIS);
+    DO_TEST("tpm-emulator-tpm2",
+            QEMU_CAPS_DEVICE_TPM_EMULATOR, QEMU_CAPS_DEVICE_TPM_TIS);
=20
=20
     DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE);
diff --git a/tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml b/tests/qemuxml=
2xmloutdata/tpm-emulator-tpm2.xml
new file mode 100644
index 0000000..012fbbf
--- /dev/null
+++ b/tests/qemuxml2xmloutdata/tpm-emulator-tpm2.xml
@@ -0,0 +1,34 @@
+<domain type=3D'qemu'>
+  <name>TPM-VM</name>
+  <uuid>11d7cd22-da89-3094-6212-079a48a309a1</uuid>
+  <memory unit=3D'KiB'>2097152</memory>
+  <currentMemory unit=3D'KiB'>512288</currentMemory>
+  <vcpu placement=3D'static'>1</vcpu>
+  <os>
+    <type arch=3D'x86_64' machine=3D'pc-i440fx-2.12'>hvm</type>
+    <boot dev=3D'hd'/>
+    <bootmenu enable=3D'yes'/>
+  </os>
+  <features>
+    <acpi/>
+  </features>
+  <clock offset=3D'utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <controller type=3D'usb' index=3D'0'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x01' f=
unction=3D'0x2'/>
+    </controller>
+    <controller type=3D'pci' index=3D'0' model=3D'pci-root'/>
+    <input type=3D'mouse' bus=3D'ps2'/>
+    <input type=3D'keyboard' bus=3D'ps2'/>
+    <tpm model=3D'tpm-tis'>
+      <backend type=3D'emulator' tpmversion=3D'2'/>
+    </tpm>
+    <memballoon model=3D'virtio'>
+      <address type=3D'pci' domain=3D'0x0000' bus=3D'0x00' slot=3D'0x03' f=
unction=3D'0x0'/>
+    </memballoon>
+  </devices>
+</domain>
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
From nobody Wed May 14 01:37:59 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1525465814680270.33963475893916;
 Fri, 4 May 2018 13:30:14 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id D179A883C7;
	Fri,  4 May 2018 20:30:12 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 98A15271BD;
	Fri,  4 May 2018 20:30:12 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 528364CAB2;
	Fri,  4 May 2018 20:30:12 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
	[10.5.11.11])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w44KM0hp013789 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 4 May 2018 16:22:00 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 05C81601AE; Fri,  4 May 2018 20:22:00 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx04.extmail.prod.ext.phx2.redhat.com
	[10.5.110.28])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id F20AE601A6
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:59 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
	[148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id A7F1585545
	for <libvir-list@redhat.com>; Fri,  4 May 2018 20:21:58 +0000 (UTC)
Received: from pps.filterd (m0098414.ppops.net [127.0.0.1])
	by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id
	w44KFlKH125787
	for <libvir-list@redhat.com>; Fri, 4 May 2018 16:21:58 -0400
Received: from e35.co.us.ibm.com (e35.co.us.ibm.com [32.97.110.153])
	by mx0b-001b2d01.pphosted.com with ESMTP id 2hrs664vk8-1
	(version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
	for <libvir-list@redhat.com>; Fri, 04 May 2018 16:21:57 -0400
Received: from localhost
	by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <libvir-list@redhat.com> from <stefanb@linux.vnet.ibm.com>;
	Fri, 4 May 2018 14:21:57 -0600
Received: from b03cxnp08026.gho.boulder.ibm.com (9.17.130.18)
	by e35.co.us.ibm.com (192.168.1.135) with IBM ESMTP SMTP Gateway:
	Authorized Use Only! Violators will be prosecuted;
	Fri, 4 May 2018 14:21:54 -0600
Received: from b03ledav002.gho.boulder.ibm.com
	(b03ledav002.gho.boulder.ibm.com [9.17.130.233])
	by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with
	ESMTP id w44KLruY8651254; Fri, 4 May 2018 13:21:53 -0700
Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 8FF51136043;
	Fri,  4 May 2018 14:21:53 -0600 (MDT)
Received: from sbct-3.watson.ibm.com (unknown [9.47.158.153])
	by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP id 391F013603C;
	Fri,  4 May 2018 14:21:53 -0600 (MDT)
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
To: libvir-list@redhat.com
Date: Fri,  4 May 2018 16:21:25 -0400
In-Reply-To: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
References: <1525465285-14102-1-git-send-email-stefanb@linux.vnet.ibm.com>
X-TM-AS-GCONF: 00
x-cbid: 18050420-0012-0000-0000-000016292ACA
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00008970; HX=3.00000241; KW=3.00000007;
	PH=3.00000004; SC=3.00000258; SDB=6.01027522; UDB=6.00524878;
	IPR=6.00806655;
	MB=3.00020932; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-04 20:21:55
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18050420-0013-0000-0000-00005296C840
Message-Id: <1525465285-14102-15-git-send-email-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, ,
	definitions=2018-05-04_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
	priorityscore=1501
	malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0
	clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0
	classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
	definitions=main-1805040185
X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 207
	matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.28]); Fri, 04 May 2018 20:21:58 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.28]);
	Fri, 04 May 2018 20:21:58 +0000 (UTC) for IP:'148.163.158.5'
	DOMAIN:'mx0b-001b2d01.pphosted.com'
	HELO:'mx0a-001b2d01.pphosted.com'
	FROM:'stefanb@linux.vnet.ibm.com' RCPT:''
X-RedHat-Spam-Score: -0.7 (RCVD_IN_DNSWL_LOW) 148.163.158.5
	mx0b-001b2d01.pphosted.com 148.163.158.5
	mx0b-001b2d01.pphosted.com <stefanb@linux.vnet.ibm.com>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.28
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH v3 14/14] qemu: Add swtpm to emulator cgroup
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Fri, 04 May 2018 20:30:14 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Add the external swtpm to the emulator cgroup so that upper limits of CPU
usage can be enforced on the emulated TPM.

To enable this we need to have the swtpm write its process id (pid) into a
file. We then read it from the file to configure the emulator cgroup.

The PID file is created in /var/run/libvirt/qemu/swtpm:

[root@localhost swtpm]# ls -lZ /var/run/libvirt/qemu/swtpm/
total 4
-rw-r--r--. 1 tss  tss  system_u:object_r:qemu_var_run_t:s0          5 Apr =
10 12:26 1-testvm-swtpm.pid
srw-rw----. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c597,c632 0 Apr =
10 12:26 1-testvm-swtpm.sock

The swtpm command line now looks as follows:

root@localhost testvm]# ps auxZ | grep swtpm | grep socket | grep -v grep
system_u:system_r:virtd_t:s0:c597,c632 tss 18697 0.0  0.0 28172 3892 ?     =
  Ss   16:46   0:00 /usr/bin/swtpm socket --daemon --ctrl type=3Dunixio,pat=
h=3D/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.sock,mode=3D0600 --tpmstate =
dir=3D/var/lib/libvirt/swtpm/485d0004-a48f-436a-8457-8a3b73e28568/tpm1.2/ -=
-log file=3D/var/log/swtpm/libvirt/qemu/testvm-swtpm.log --pid file=3D/var/=
run/libvirt/qemu/swtpm/1-testvm-swtpm.pid

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 src/conf/domain_conf.c    |  1 +
 src/conf/domain_conf.h    |  1 +
 src/qemu/qemu_cgroup.c    | 53 +++++++++++++++++++++++++++++++++++++++++++=
++++
 src/qemu/qemu_cgroup.h    |  1 +
 src/qemu/qemu_extdevice.c | 19 +++++++++++++++++
 src/qemu/qemu_process.c   |  4 ++++
 src/util/virtpm.c         | 33 +++++++++++++++++++++++++++++
 7 files changed, 112 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c98d26a..f542c8e 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -2624,6 +2624,7 @@ void virDomainTPMDefFree(virDomainTPMDefPtr def)
         VIR_FREE(def->data.emulator.source.data.nix.path);
         VIR_FREE(def->data.emulator.storagepath);
         VIR_FREE(def->data.emulator.logfile);
+        VIR_FREE(def->data.emulator.pidfile);
         break;
     case VIR_DOMAIN_TPM_TYPE_LAST:
         break;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 826ff26..49c77f7 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1311,6 +1311,7 @@ struct _virDomainTPMDef {
             virDomainChrSourceDef source;
             char *storagepath;
             char *logfile;
+            char *pidfile;
         } emulator;
     } data;
 };
diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 1a5adca..f86ac3f 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -38,6 +38,7 @@
 #include "virnuma.h"
 #include "virsystemd.h"
 #include "virdevmapper.h"
+#include "virpidfile.h"
=20
 #define VIR_FROM_THIS VIR_FROM_QEMU
=20
@@ -1146,6 +1147,58 @@ qemuSetupCgroupCpusetCpus(virCgroupPtr cgroup,
=20
=20
 int
+qemuSetupCgroupForExtDevices(virDomainObjPtr vm)
+{
+    qemuDomainObjPrivatePtr priv =3D vm->privateData;
+    virDomainTPMDefPtr tpm =3D vm->def->tpm;
+    virCgroupPtr cgroup_temp =3D NULL;
+    pid_t pid;
+    int ret =3D -1;
+
+    if (priv->cgroup =3D=3D NULL)
+        return 0; /* Not supported, so claim success */
+
+    /*
+     * If CPU cgroup controller is not initialized here, then we need
+     * neither period nor quota settings.  And if CPUSET controller is
+     * not initialized either, then there's nothing to do anyway.
+     */
+    if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU) &&
+        !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET=
))
+        return 0;
+
+    if (virCgroupNewThread(priv->cgroup, VIR_CGROUP_THREAD_EMULATOR, 0,
+                           false, &cgroup_temp) < 0)
+        goto cleanup;
+
+    if (tpm) {
+        switch (tpm->type) {
+        case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+            if (virPidFileReadPath(tpm->data.emulator.pidfile, &pid) < 0) {
+                virReportError(VIR_ERR_INTERNAL_ERROR,
+                               _("Could not read swtpm's pidfile %s"),
+                               tpm->data.emulator.pidfile);
+                goto cleanup;
+            }
+            if (virCgroupAddTask(cgroup_temp, pid) < 0)
+                goto cleanup;
+            break;
+        case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+        case VIR_DOMAIN_TPM_TYPE_LAST:
+            break;
+        }
+    }
+
+    ret =3D 0;
+
+cleanup:
+    virCgroupFree(&cgroup_temp);
+
+    return ret;
+}
+
+
+int
 qemuSetupGlobalCpuCgroup(virDomainObjPtr vm)
 {
     qemuDomainObjPrivatePtr priv =3D vm->privateData;
diff --git a/src/qemu/qemu_cgroup.h b/src/qemu/qemu_cgroup.h
index 3b8ff60..478bf7e 100644
--- a/src/qemu/qemu_cgroup.h
+++ b/src/qemu/qemu_cgroup.h
@@ -69,6 +69,7 @@ int qemuSetupCgroupVcpuBW(virCgroupPtr cgroup,
                           long long quota);
 int qemuSetupCgroupCpusetCpus(virCgroupPtr cgroup, virBitmapPtr cpumask);
 int qemuSetupGlobalCpuCgroup(virDomainObjPtr vm);
+int qemuSetupCgroupForExtDevices(virDomainObjPtr vm);
 int qemuRemoveCgroup(virDomainObjPtr vm);
=20
 typedef struct _qemuCgroupEmulatorAllNodesData qemuCgroupEmulatorAllNodesD=
ata;
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index eb7220d..779e759 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -148,6 +148,9 @@ qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
     virQEMUDriverConfigPtr cfg =3D virQEMUDriverGetConfig(driver);
     virDomainTPMDefPtr tpm =3D def->tpm;
     char *shortName =3D virDomainDefGetShortName(def);
+    char *pidfiledata =3D NULL;
+    int timeout;
+    int len;
=20
     if (!shortName)
         return -1;
@@ -195,6 +198,22 @@ qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
         goto error;
     }
=20
+    /* check that the swtpm has written its pid into the file */
+    timeout =3D 1000; /* ms */
+    while  ((len =3D virFileReadHeaderQuiet(tpm->data.emulator.pidfile,
+                                          10, &pidfiledata)) <=3D 0) {
+        if (len =3D=3D 0 && timeout > 0) {
+            timeout -=3D 50;
+            usleep(50 * 1000);
+            continue;
+        }
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("swtpm did not write pidfile '%s'"),
+                       tpm->data.emulator.pidfile);
+        goto error;
+    }
+    VIR_FREE(pidfiledata);
+
     ret =3D 0;
=20
  cleanup:
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 2b07530..bf0e4da 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6076,6 +6076,10 @@ qemuProcessLaunch(virConnectPtr conn,
     if (qemuProcessSetupEmulator(vm) < 0)
         goto cleanup;
=20
+    VIR_DEBUG("Setting cgroup for external devices (if required)");
+    if (qemuSetupCgroupForExtDevices(vm) < 0)
+        goto cleanup;
+
     VIR_DEBUG("Setting up resctrl");
     if (qemuProcessResctrlCreate(driver, vm) < 0)
         goto cleanup;
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 0617326..3d8a195 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -39,6 +39,7 @@
 #include "virlog.h"
 #include "virtpm.h"
 #include "virutil.h"
+#include "virpidfile.h"
 #include "configmake.h"
=20
 #define VIR_FROM_THIS VIR_FROM_NONE
@@ -376,6 +377,25 @@ int virTPMEmulatorInitPaths(virDomainTPMDefPtr tpm,
 }
=20
 /*
+ * virTPMCreatePidFilename
+ */
+static char *virTPMCreatePidFilename(const char *swtpmStateDir,
+                                     const char *shortName)
+{
+    char *pidfile =3D NULL;
+    char *devname =3D NULL;
+
+    if (virAsprintf(&devname, "%s-swtpm", shortName) < 0)
+        return NULL;
+
+    pidfile =3D virPidFileBuildPath(swtpmStateDir, devname);
+
+    VIR_FREE(devname);
+
+    return pidfile;
+}
+
+/*
  * virTPMEmulatorPrepareHost:
  *
  * @tpm: tpm definition
@@ -442,6 +462,10 @@ int virTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
         goto cleanup;
     tpm->data.emulator.source.type =3D VIR_DOMAIN_CHR_TYPE_UNIX;
=20
+    if (!(tpm->data.emulator.pidfile =3D
+           virTPMCreatePidFilename(swtpmStateDir, shortName)))
+        goto cleanup;
+
     ret =3D 0;
=20
  cleanup:
@@ -619,6 +643,9 @@ virTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm, cons=
t char *vmname,
         break;
     }
=20
+    virCommandAddArg(cmd, "--pid");
+    virCommandAddArgFormat(cmd, "file=3D%s", tpm->data.emulator.pidfile);
+
     return cmd;
=20
  error:
@@ -646,6 +673,7 @@ virTPMEmulatorStop(const char *swtpmStateDir, const cha=
r *shortName)
     virCommandPtr cmd;
     char *pathname;
     char *errbuf =3D NULL;
+    char *pidfile;
=20
     if (virTPMEmulatorInit() < 0)
         return;
@@ -674,6 +702,11 @@ virTPMEmulatorStop(const char *swtpmStateDir, const ch=
ar *shortName)
     unlink(pathname);
=20
  cleanup:
+    /* clean up the PID file */
+    if ((pidfile =3D virTPMCreatePidFilename(swtpmStateDir, shortName))) {
+        unlink(pidfile);
+        VIR_FREE(pidfile);
+    }
     VIR_FREE(pathname);
     VIR_FREE(errbuf);
 }
--=20
2.5.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list