From nobody Tue Feb 10 02:43:51 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=huawei.com
ARC-Seal: i=1; a=rsa-sha256; t=1620741954; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Eb3esMHNqK4Uw7NTciJ2bSX1+hHqeN8W3xUt0BEGLvx3ZVyJU6L8PgW+u2vQMuU/wrOsuPbZC0ps5Fk78t5n2E//52dFyVbm6iQQs2XTvym+R1kWdHr9lkkLrHBjD65WU2DmbXu1S5QZ1z0LDQQ1YmesvH2m7npN8pdJSqhwYTs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620741954;
 h=Content-Type:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=n6/brOO7J+6O6CfphgzuJBqsAfgDRM4+gDnyLouU1Vg=;
	b=UGblmEFqcr3NysF+qTo2fMugAyxLwJ73iVcIJ+rX5yFywe6/PaRn+hcF9xoVYGqhTOrYiJsRU8xU1l04UI6kjI1HD7GVNhUthM8GZfFFuItvAMxan7kp+pC9fwSF4QHz+/3UKyj3RMBStAf/zLjSFiXRmRwwQeKaihphgh6WhLU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<yanzheng759@huawei.com> (p=none dis=none)
 header.from=<yanzheng759@huawei.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1620741954024557.4355091512118;
 Tue, 11 May 2021 07:05:54 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-478-aoOw3kRjNV6MQhVQmdUYpQ-1; Tue, 11 May 2021 10:05:46 -0400
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A87C5100806D;
	Tue, 11 May 2021 14:05:40 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 206812BFF6;
	Tue, 11 May 2021 14:05:38 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 4B4D544A6D;
	Tue, 11 May 2021 14:05:36 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com
	[10.11.54.6])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 14BE5Yqq032699 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 11 May 2021 10:05:34 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 50B9520F74F5; Tue, 11 May 2021 14:05:34 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 4D14220F74F6
	for <libvir-list@redhat.com>; Tue, 11 May 2021 14:05:31 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[205.139.110.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 138AD8339A8
	for <libvir-list@redhat.com>; Tue, 11 May 2021 14:05:31 +0000 (UTC)
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com
	[45.249.212.188]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-496-E64eaflMPsORSJvnNBwMlQ-1; Tue, 11 May 2021 10:05:27 -0400
Received: from dggeml714-chm.china.huawei.com (unknown [172.30.72.56])
	by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4Fffkq5RLfz617R;
	Tue, 11 May 2021 22:02:43 +0800 (CST)
Received: from dggema769-chm.china.huawei.com (10.1.198.211) by
	dggeml714-chm.china.huawei.com (10.3.17.125) with Microsoft SMTP Server
	(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id
	15.1.2176.2; Tue, 11 May 2021 22:05:23 +0800
Received: from localhost (10.174.149.15) by dggema769-chm.china.huawei.com
	(10.1.198.211) with Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2176.2;
	Tue, 11 May 2021 22:05:22 +0800
X-MC-Unique: aoOw3kRjNV6MQhVQmdUYpQ-1
X-MC-Unique: E64eaflMPsORSJvnNBwMlQ-1
From: Zheng Yan <yanzheng759@huawei.com>
To: <libvir-list@redhat.com>
Subject: [PATCH 2/4] qemu: add new driver API for reload TLS certs
Date: Tue, 11 May 2021 22:05:19 +0800
Message-ID: <1620741921-22056-3-git-send-email-yanzheng759@huawei.com>
In-Reply-To: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com>
References: <1620741921-22056-1-git-send-email-yanzheng759@huawei.com>
MIME-Version: 1.0
X-Originating-IP: [10.174.149.15]
X-ClientProxiedBy: dggems704-chm.china.huawei.com (10.3.19.181) To
	dggema769-chm.china.huawei.com (10.1.198.211)
X-CFilter-Loop: Reflected
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
	Definition; Similar Internal Domain=false;
	Similar Monitored External Domain=false;
	Custom External Domain=false; Mimecast External Domain=false;
	Newly Observed Domain=false; Internal User Name=false;
	Custom Display Name List=false; Reply-to Address Mismatch=false;
	Targeted Threat Dictionary=false;
	Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-loop: libvir-list@redhat.com
Cc: mprivozn@redhat.com, wangxinxin.wang@huawei.com, changzihao1@huawei.com,
	hhan@redhat.com, oscar.zhangbo@huawei.com, hexiaoyu3@huawei.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The 'display-reload' QMP command had been introduced from QEMU 6.0.0:

https://gitlab.com/qemu-project/qemu/-/commit/9cc07651655ee86eca41059f5ead8=
c4e5607c734

TO support the new QMP command, we added a new internal API
'virDrvDomainReloadTlsCertificates' to virHypervisorDriver, and
implemented the qemu driver.

Only QEMU VNC TLS certificates are supported currenly.

Signed-off-by: Zheng Yan <yanzheng759@huawei.com>
---
 src/driver-hypervisor.h      |  8 ++++++++
 src/qemu/qemu_driver.c       | 40 ++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_hotplug.c      | 17 +++++++++++++++
 src/qemu/qemu_hotplug.h      |  4 ++++
 src/qemu/qemu_monitor.c      | 27 ++++++++++++++++++++++++
 src/qemu/qemu_monitor.h      |  3 +++
 src/qemu/qemu_monitor_json.c | 27 ++++++++++++++++++++++++
 src/qemu/qemu_monitor_json.h |  4 ++++
 8 files changed, 130 insertions(+)

diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h
index d642af8a37..d0d4976441 100644
--- a/src/driver-hypervisor.h
+++ b/src/driver-hypervisor.h
@@ -1410,6 +1410,13 @@ typedef int
                                   int seconds,
                                   unsigned int flags);
=20
+typedef int
+(*virDrvDomainReloadTlsCertificates)(virDomainPtr domain,
+                                     unsigned int type,
+                                     virTypedParameterPtr params,
+                                     int nparams,
+                                     unsigned int flags);
+
 typedef struct _virHypervisorDriver virHypervisorDriver;
=20
 /**
@@ -1676,4 +1683,5 @@ struct _virHypervisorDriver {
     virDrvDomainAuthorizedSSHKeysSet domainAuthorizedSSHKeysSet;
     virDrvDomainGetMessages domainGetMessages;
     virDrvDomainStartDirtyRateCalc domainStartDirtyRateCalc;
+    virDrvDomainReloadTlsCertificates domainReloadTlsCertificates;
 };
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index c90d52edc0..422a350c65 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -20449,6 +20449,45 @@ qemuDomainStartDirtyRateCalc(virDomainPtr dom,
     return ret;
 }
=20
+static int
+qemuDomainReloadTlsCertificates(virDomainPtr domain,
+                                unsigned int type,
+                                virTypedParameterPtr params,
+                                int nparams,
+                                unsigned int flags)
+{
+    int ret =3D -1;
+    virQEMUDriver *driver =3D domain->conn->privateData;
+    virDomainObj *vm =3D qemuDomObjFromDomain(domain);
+
+    if (!vm)
+        goto cleanup;
+
+    virCheckNonNullArgGoto(params, cleanup);
+    if (nparams !=3D 0) {
+        virReportInvalidZeroArg(nparams);
+        goto cleanup;
+    }
+    virCheckFlagsGoto(0, cleanup);
+
+    if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
+        goto cleanup;
+
+     if (!virDomainObjIsActive(vm)) {
+        virReportError(VIR_ERR_OPERATION_INVALID,
+                       "%s", _("domain is not running"));
+        goto endjob;
+    }
+
+    ret =3D qemuDomainReloadTLSCerts(driver, vm, type);
+
+ endjob:
+    qemuDomainObjEndJob(driver, vm);
+
+ cleanup:
+    virDomainObjEndAPI(&vm);
+    return ret;
+}
=20
 static virHypervisorDriver qemuHypervisorDriver =3D {
     .name =3D QEMU_DRIVER_NAME,
@@ -20693,6 +20732,7 @@ static virHypervisorDriver qemuHypervisorDriver =3D=
 {
     .domainAuthorizedSSHKeysSet =3D qemuDomainAuthorizedSSHKeysSet, /* 6.1=
0.0 */
     .domainGetMessages =3D qemuDomainGetMessages, /* 7.1.0 */
     .domainStartDirtyRateCalc =3D qemuDomainStartDirtyRateCalc, /* 7.2.0 */
+    .domainReloadTlsCertificates =3D qemuDomainReloadTlsCertificates, /* 7=
.4.0 */
 };
=20
=20
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index a64cddb9e7..34dc035d73 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -6704,3 +6704,20 @@ qemuDomainSetVcpuInternal(virQEMUDriver *driver,
     virBitmapFree(livevcpus);
     return ret;
 }
+
+int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver,
+                             virDomainObjPtr vm,
+                             unsigned int type)
+{
+    int ret =3D -1;
+    qemuDomainObjPrivate *priv =3D vm->privateData;
+
+    qemuDomainObjEnterMonitor(driver, vm);
+
+    ret =3D qemuMonitorDisplayReloadTLSCerts(priv->mon, type);
+
+    if (qemuDomainObjExitMonitor(driver, vm) < 0)
+        ret =3D -1;
+
+    return ret;
+}
diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h
index df8f76f8d6..411741a688 100644
--- a/src/qemu/qemu_hotplug.h
+++ b/src/qemu/qemu_hotplug.h
@@ -160,3 +160,7 @@ int qemuHotplugAttachDBusVMState(virQEMUDriver *driver,
 int qemuHotplugRemoveDBusVMState(virQEMUDriver *driver,
                                  virDomainObj *vm,
                                  qemuDomainAsyncJob asyncJob);
+
+int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver,
+                             virDomainObjPtr vm,
+                             unsigned int type);
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 1e6f892e08..11f8cc8670 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -4746,3 +4746,30 @@ qemuMonitorQueryDirtyRate(qemuMonitor *mon,
=20
     return qemuMonitorJSONQueryDirtyRate(mon, info);
 }
+
+static const char *
+qemuMonitorTLSCertificateTypeToString(unsigned int type)
+{
+    switch (type) {
+    /* for now, only VNC is supported */
+    case VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC:
+        return "vnc";
+    default:
+        virReportError(VIR_ERR_INVALID_ARG,
+                       _("unsupported qemu certificate type %u"),
+                       type);
+        return NULL;
+    }
+}
+
+int
+qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon, unsigned int type)
+{
+    const char *certType =3D qemuMonitorTLSCertificateTypeToString(type);
+    if (!certType)
+        return -1;
+
+    QEMU_CHECK_MONITOR(mon);
+
+    return qemuMonitorJSONDisplayReload(mon, certType, true);
+}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index 6a25def78b..f26f92fb51 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1496,3 +1496,6 @@ struct _qemuMonitorDirtyRateInfo {
 int
 qemuMonitorQueryDirtyRate(qemuMonitor *mon,
                           qemuMonitorDirtyRateInfo *info);
+
+int qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon,
+                                     unsigned int type);
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 46aa3330a8..9934613cc2 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -9446,3 +9446,30 @@ qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon,
=20
     return qemuMonitorJSONExtractDirtyRateInfo(data, info);
 }
+
+int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon,
+                                 const char *type,
+                                 bool tlsCerts)
+{
+    int ret =3D -1;
+    virJSONValuePtr reply =3D NULL;
+    virJSONValuePtr cmd =3D qemuMonitorJSONMakeCommand("display-reload",
+                                                     "s:type", type,
+                                                     "b:tls-certs", tlsCer=
ts,
+                                                     NULL);
+    if (!cmd)
+        return -1;
+
+    if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0)
+        goto cleanup;
+
+    if (qemuMonitorJSONCheckError(cmd, reply) < 0)
+        goto cleanup;
+
+    ret =3D 0;
+
+ cleanup:
+    virJSONValueFree(cmd);
+    virJSONValueFree(reply);
+    return ret;
+}
diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h
index 01a3ba25f1..73761d54f8 100644
--- a/src/qemu/qemu_monitor_json.h
+++ b/src/qemu/qemu_monitor_json.h
@@ -706,3 +706,7 @@ qemuMonitorJSONStartDirtyRateCalc(qemuMonitor *mon,
 int
 qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon,
                               qemuMonitorDirtyRateInfo *info);
+
+int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon,
+                                 const char *type,
+                                 bool tlsCerts);
--=20
2.25.1