Re: [libvirt] [PATCH 4/4] qemu: Add TLS hotplug for qemuDomainAttachRNGDevice

2016-10-24 Thread Pavel Hrdina 
On Fri, Oct 21, 2016 at 10:22:31AM -0400, John Ferlan wrote:
> Commit id '2c322378' missed the nuance that the rng backend could be
> using a TCP chardev and if TLS is enabled on the host, thus will need
> to have the TLS object added.
> 
> Signed-off-by: John Ferlan 
> ---
>  src/qemu/qemu_hotplug.c | 31 +++
>  1 file changed, 27 insertions(+), 4 deletions(-)
> 
> diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
> index 4b2a24c..aac1338 100644
> --- a/src/qemu/qemu_hotplug.c
> +++ b/src/qemu/qemu_hotplug.c
> @@ -1851,26 +1851,30 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>virDomainObjPtr vm,
>virDomainRNGDefPtr rng)
>  {
> +virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
>  qemuDomainObjPrivatePtr priv = vm->privateData;
>  virErrorPtr orig_err;
>  char *devstr = NULL;
>  char *charAlias = NULL;
>  char *objAlias = NULL;
> +char *tlsAlias = NULL;
>  bool releaseaddr = false;
>  bool chardevAdded = false;
>  bool objAdded = false;
> +bool tlsobjAdded = false;
>  virJSONValuePtr props = NULL;
> +virJSONValuePtr tlsProps = NULL;
>  virDomainCCWAddressSetPtr ccwaddrs = NULL;
>  const char *type;
>  int ret = -1;
>  int rv;
>  
>  if (qemuAssignDeviceRNGAlias(vm->def, rng) < 0)
> -return -1;
> +goto cleanup;
>  
>  /* preallocate space for the device definition */
>  if (VIR_REALLOC_N(vm->def->rngs, vm->def->nrngs + 1) < 0)
> -return -1;
> +goto cleanup;
>  
>  if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
>  if (qemuDomainMachineIsS390CCW(vm->def) &&
> @@ -1882,14 +1886,14 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>  } else {
>  if (!qemuCheckCCWS390AddressSupport(vm->def, rng->info, 
> priv->qemuCaps,
>  rng->source.file))
> -return -1;
> +goto cleanup;
>  }
>  releaseaddr = true;
>  
>  if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE ||
>  rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
>  if (virDomainPCIAddressEnsureAddr(priv->pciaddrs, >info) < 0)
> -return -1;
> +goto cleanup;
>  } else if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
>  if (!(ccwaddrs = qemuDomainCCWAddrSetCreateFromDomain(vm->def)))
>  goto cleanup;
> @@ -1911,8 +1915,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>  if (!(charAlias = qemuAliasChardevFromDevAlias(rng->info.alias)))
>  goto cleanup;
>  
> +if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&

There should be check for dev->type == VIR_DOMAIN_CHR_TYPE_TCP, but as
I've pointed out in patch 01 the check should be moved into the helper.

ACK

Pavel

> +qemuDomainGetChardevTLSObjects(cfg, priv, rng->source.chardev,
> +   charAlias, , ) < 0)
> +goto cleanup;
> +
>  qemuDomainObjEnterMonitor(driver, vm);
>  
> +if (tlsAlias) {
> +rv = qemuMonitorAddObject(priv->mon, "tls-creds-x509",
> +  tlsAlias, tlsProps);
> +tlsProps = NULL; /* qemuMonitorAddObject consumes */
> +if (rv < 0)
> +goto exit_monitor;
> +tlsobjAdded = true;
> +}
> +
>  if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&
>  qemuMonitorAttachCharDev(priv->mon, charAlias,
>   rng->source.chardev) < 0)
> @@ -1940,17 +1958,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
>   audit:
>  virDomainAuditRNG(vm, NULL, rng, "attach", ret == 0);
>   cleanup:
> +virJSONValueFree(tlsProps);
>  virJSONValueFree(props);
>  if (ret < 0 && releaseaddr)
>  qemuDomainReleaseDeviceAddress(vm, >info, NULL);
> +VIR_FREE(tlsAlias);
>  VIR_FREE(charAlias);
>  VIR_FREE(objAlias);
>  VIR_FREE(devstr);
>  virDomainCCWAddressSetFree(ccwaddrs);
> +virObjectUnref(cfg);
>  return ret;
>  
>   exit_monitor:
>  orig_err = virSaveLastError();
> +if (tlsobjAdded)
> +ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
>  if (objAdded)
>  ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
>  if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD && chardevAdded)
> -- 
> 2.7.4
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list


signature.asc
Description: Digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 4/4] qemu: Add TLS hotplug for qemuDomainAttachRNGDevice

2016-10-21 Thread John Ferlan 
Commit id '2c322378' missed the nuance that the rng backend could be
using a TCP chardev and if TLS is enabled on the host, thus will need
to have the TLS object added.

Signed-off-by: John Ferlan 
---
 src/qemu/qemu_hotplug.c | 31 +++
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 4b2a24c..aac1338 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1851,26 +1851,30 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
   virDomainObjPtr vm,
   virDomainRNGDefPtr rng)
 {
+virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
 qemuDomainObjPrivatePtr priv = vm->privateData;
 virErrorPtr orig_err;
 char *devstr = NULL;
 char *charAlias = NULL;
 char *objAlias = NULL;
+char *tlsAlias = NULL;
 bool releaseaddr = false;
 bool chardevAdded = false;
 bool objAdded = false;
+bool tlsobjAdded = false;
 virJSONValuePtr props = NULL;
+virJSONValuePtr tlsProps = NULL;
 virDomainCCWAddressSetPtr ccwaddrs = NULL;
 const char *type;
 int ret = -1;
 int rv;
 
 if (qemuAssignDeviceRNGAlias(vm->def, rng) < 0)
-return -1;
+goto cleanup;
 
 /* preallocate space for the device definition */
 if (VIR_REALLOC_N(vm->def->rngs, vm->def->nrngs + 1) < 0)
-return -1;
+goto cleanup;
 
 if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE) {
 if (qemuDomainMachineIsS390CCW(vm->def) &&
@@ -1882,14 +1886,14 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
 } else {
 if (!qemuCheckCCWS390AddressSupport(vm->def, rng->info, priv->qemuCaps,
 rng->source.file))
-return -1;
+goto cleanup;
 }
 releaseaddr = true;
 
 if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_NONE ||
 rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI) {
 if (virDomainPCIAddressEnsureAddr(priv->pciaddrs, >info) < 0)
-return -1;
+goto cleanup;
 } else if (rng->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_CCW) {
 if (!(ccwaddrs = qemuDomainCCWAddrSetCreateFromDomain(vm->def)))
 goto cleanup;
@@ -1911,8 +1915,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
 if (!(charAlias = qemuAliasChardevFromDevAlias(rng->info.alias)))
 goto cleanup;
 
+if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&
+qemuDomainGetChardevTLSObjects(cfg, priv, rng->source.chardev,
+   charAlias, , ) < 0)
+goto cleanup;
+
 qemuDomainObjEnterMonitor(driver, vm);
 
+if (tlsAlias) {
+rv = qemuMonitorAddObject(priv->mon, "tls-creds-x509",
+  tlsAlias, tlsProps);
+tlsProps = NULL; /* qemuMonitorAddObject consumes */
+if (rv < 0)
+goto exit_monitor;
+tlsobjAdded = true;
+}
+
 if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD &&
 qemuMonitorAttachCharDev(priv->mon, charAlias,
  rng->source.chardev) < 0)
@@ -1940,17 +1958,22 @@ qemuDomainAttachRNGDevice(virQEMUDriverPtr driver,
  audit:
 virDomainAuditRNG(vm, NULL, rng, "attach", ret == 0);
  cleanup:
+virJSONValueFree(tlsProps);
 virJSONValueFree(props);
 if (ret < 0 && releaseaddr)
 qemuDomainReleaseDeviceAddress(vm, >info, NULL);
+VIR_FREE(tlsAlias);
 VIR_FREE(charAlias);
 VIR_FREE(objAlias);
 VIR_FREE(devstr);
 virDomainCCWAddressSetFree(ccwaddrs);
+virObjectUnref(cfg);
 return ret;
 
  exit_monitor:
 orig_err = virSaveLastError();
+if (tlsobjAdded)
+ignore_value(qemuMonitorDelObject(priv->mon, tlsAlias));
 if (objAdded)
 ignore_value(qemuMonitorDelObject(priv->mon, objAlias));
 if (rng->backend == VIR_DOMAIN_RNG_BACKEND_EGD && chardevAdded)
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list