From nobody Sun Apr 28 11:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com ARC-Seal: i=1; a=rsa-sha256; t=1573730466; cv=none; d=zoho.com; s=zohoarc; b=mC+WKcaiboxp9zGnQEtBMx67JaXHP6Ydvb/M9r9nBu3NJtbXQa49rhmVuJ9oN5XbmEcCpKGdhXpD/DSHL0EIep1SZG2k0CihJfgua+uPnfpiA3sO67wgPY7WXvYwrWZDocGOlfAo7ZQolj8KRvrE3E37WfEOxIYiWsaZa0UiAIc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1573730466; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=MQSsl2ciS2p0gpUIS7AC/rmD1q99cjDJrSHBMPrzUls=; b=bQQx/AUpREy0lCC0X7p1yYRE/BVnXYpQYkoUuUOQcmTXdqjGCfUlFTo2nqqdjxkDk6JR/gJeT0OCsa2AMfNfNK14ne3vKScfFuhz5pWaPUc5tOprkPLbEQyi9cXMadUDN4SOxlpYl4T6AufkQUfiZfpd8DcRMSnL/jA325aHkSU= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1573730466180307.2538414588595; Thu, 14 Nov 2019 03:21:06 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-299-UWwHM8kCNgedpC1Hm8pD2w-1; Thu, 14 Nov 2019 06:21:03 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 45C70805A61; Thu, 14 Nov 2019 11:20:57 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1D7B55E254; Thu, 14 Nov 2019 11:20:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id BC6AD18089D7; Thu, 14 Nov 2019 11:20:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id xAEBKo9x007345 for ; Thu, 14 Nov 2019 06:20:50 -0500 Received: by smtp.corp.redhat.com (Postfix) id E97D52166BC4; Thu, 14 Nov 2019 11:20:49 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E4FD12166BBA for ; Thu, 14 Nov 2019 11:20:48 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 20BA01035E01 for ; Thu, 14 Nov 2019 11:20:48 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-134-Pt7sF14-PB-v4mSOZrpgvQ-1; Thu, 14 Nov 2019 06:20:44 -0500 Received: from 2.general.paelzer.uk.vpn ([10.172.196.173] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iVDB5-0007D9-9s; Thu, 14 Nov 2019 11:20:43 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573730465; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=MQSsl2ciS2p0gpUIS7AC/rmD1q99cjDJrSHBMPrzUls=; b=IYYcPhAHS5BivoxIe/kPjU//fESLPBTiJDe8GkNTIqww+O0RynnrteuVMbA8NEV8bWL2My 7EIBF75BDfRd60xeBX63kAU2YOHMqFMGevRBALcTn2xOa3unpqfVl4HMH3BarsawLHy6Br mhYuH4CxumdLQXxv6TQKOsWuSdAYx6s= From: Christian Ehrhardt To: libvir-list@redhat.com Date: Thu, 14 Nov 2019 12:20:37 +0100 Message-Id: <20191114112039.22239-2-christian.ehrhardt@canonical.com> In-Reply-To: <20191114112039.22239-1-christian.ehrhardt@canonical.com> References: <20191022121858.16871-1-christian.ehrhardt@canonical.com> <20191114112039.22239-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 X-MC-Unique: Pt7sF14-PB-v4mSOZrpgvQ-1 X-MC-Unique: UWwHM8kCNgedpC1Hm8pD2w-1 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id xAEBKo9x007345 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt , Cole Robinson Subject: [libvirt] [PATCH v2 1/3] virt-aa-helper: add rules for shmem devices X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Shared memory devices need qemu to be able to access certain paths either for the shared memory directly (mostly ivshmem-plain) or for a socket (mostly ivshmem-doorbell). Add logic to virt-aa-helper to render those apparmor rules based on the domain configuration. https://bugzilla.redhat.com/show_bug.cgi?id=3D1761645 Reviewed-by: Cole Robinson Signed-off-by: Christian Ehrhardt --- src/security/virt-aa-helper.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 5ac9a9eeb8..c6c4bb9bd0 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -929,6 +929,7 @@ get_files(vahControl * ctl) int rc =3D -1; size_t i; char *uuid; + char *mem_path =3D NULL; char uuidstr[VIR_UUID_STRING_BUFLEN]; bool needsVfio =3D false, needsvhost =3D false, needsgl =3D false; =20 @@ -1192,6 +1193,35 @@ get_files(vahControl * ctl) } } =20 + for (i =3D 0; i < ctl->def->nshmems; i++) { + virDomainShmemDef *shmem =3D ctl->def->shmems[i]; + /* server path can be on any type and overwrites defaults */ + if (shmem->server.enabled && + shmem->server.chr.data.nix.path) { + if (vah_add_file(&buf, shmem->server.chr.data.nix.path, + "rw") !=3D 0) + goto cleanup; + } else { + switch (shmem->model) { + case VIR_DOMAIN_SHMEM_MODEL_IVSHMEM_PLAIN: + /* until exposed, recreate qemuBuildShmemBackendMemProps */ + mem_path =3D g_strdup_printf("/dev/shm/%s", shmem->name); + break; + case VIR_DOMAIN_SHMEM_MODEL_IVSHMEM_DOORBELL: + case VIR_DOMAIN_SHMEM_MODEL_IVSHMEM: + /* until exposed, recreate qemuDomainPrepareShmemChardev = */ + mem_path =3D g_strdup_printf("/var/lib/libvirt/shmem-%s-so= ck", + shmem->name); + break; + } + if (mem_path !=3D NULL) { + if (vah_add_file(&buf, mem_path, "rw") !=3D 0) + goto cleanup; + } + } + } + + if (ctl->def->tpm) { char *shortName =3D NULL; const char *tpmpath =3D NULL; @@ -1286,6 +1316,7 @@ get_files(vahControl * ctl) ctl->files =3D virBufferContentAndReset(&buf); =20 cleanup: + VIR_FREE(mem_path); VIR_FREE(uuid); return rc; } --=20 2.24.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun Apr 28 11:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) client-ip=207.211.31.120; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com ARC-Seal: i=1; a=rsa-sha256; t=1573730465; cv=none; d=zoho.com; s=zohoarc; b=G1sl7QJdz9iOLYknq4nv73s2cvdrICJj8T5vneNhgwNZx57iHNRYuZw4WKL08VirKtmmQaoEmqgLST8IfPIIrtPseOR75J44SnHQ872NZ4MsUnWfJa9I0SoaEbpjgzzrl7z+fg5+1M2XK7xD5t37x7qF2zn69bcseHGqNTtq6sI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1573730465; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aL16lDBUMNao1DhwMPdv8JKNTSjc6n7eeyqfyL0HZjg=; b=e3xIdjVtTFayQpfjN1WpHPErTVlDkiuCZ3gIg7IZx9oEhTZOoHMiG5Bcxy3EJOG+SjfUSSsntE7is1SclZUhMa6xWC/6sTjbDcUFAK/dmndSn/PhpdmDPp9FCZo1eSYfEE7CAuwcfgC/EhynGYafkhZmURa/EQ2DHhIYpR1MQ84= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 207.211.31.120 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) by mx.zohomail.com with SMTPS id 1573730465963841.9700373218723; Thu, 14 Nov 2019 03:21:05 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-243-4Lh9TIxbMOK_HmNNBGpFhA-1; Thu, 14 Nov 2019 06:21:02 -0500 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5BB548048E5; Thu, 14 Nov 2019 11:20:56 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2AA8360303; Thu, 14 Nov 2019 11:20:56 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C5BA24BB65; Thu, 14 Nov 2019 11:20:55 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id xAEBKqS9007356 for ; Thu, 14 Nov 2019 06:20:52 -0500 Received: by smtp.corp.redhat.com (Postfix) id 432FC2037E44; Thu, 14 Nov 2019 11:20:52 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 3F2532037D50 for ; Thu, 14 Nov 2019 11:20:47 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BD551802FEF for ; Thu, 14 Nov 2019 11:20:47 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-432-RpvhEc7pPeynBiyTLvq_eg-1; Thu, 14 Nov 2019 06:20:45 -0500 Received: from 2.general.paelzer.uk.vpn ([10.172.196.173] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iVDB6-0007D9-BC; Thu, 14 Nov 2019 11:20:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573730464; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=aL16lDBUMNao1DhwMPdv8JKNTSjc6n7eeyqfyL0HZjg=; b=Gr1vb+ODe3skVsay7CVqj5EKYoyp5oA9pLEmsaJZ7IdjMDz3vfO/HteSbKYqQ/Swb38cPG ydJ358/FWz2IODXFyZnPbAiGvclTN0BOIFlKKeCyic9oVMFW+q2CRY7M9s8KhE8X21Z9XB KKpjjqLrOn0Bl6aT+ZqwaEXirNI+voY= From: Christian Ehrhardt To: libvir-list@redhat.com Date: Thu, 14 Nov 2019 12:20:38 +0100 Message-Id: <20191114112039.22239-3-christian.ehrhardt@canonical.com> In-Reply-To: <20191114112039.22239-1-christian.ehrhardt@canonical.com> References: <20191022121858.16871-1-christian.ehrhardt@canonical.com> <20191114112039.22239-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 X-MC-Unique: RpvhEc7pPeynBiyTLvq_eg-1 X-MC-Unique: 4Lh9TIxbMOK_HmNNBGpFhA-1 X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id xAEBKqS9007356 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt , Cole Robinson Subject: [libvirt] [PATCH v2 2/3] virt-aa-helper: testcase for shmem devices X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" Adding build time self tests for basic (deprecated), doorbell and plain mod= e. Reviewed-by: Cole Robinson Signed-off-by: Christian Ehrhardt --- tests/virt-aa-helper-test | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/virt-aa-helper-test b/tests/virt-aa-helper-test index 6e674bfe5c..6a6703ecf5 100755 --- a/tests/virt-aa-helper-test +++ b/tests/virt-aa-helper-test @@ -384,6 +384,21 @@ testme "0" "dri egl" "-r -u $valid_uuid" "$test_xml" "= /dev/dri/testegl1.*rw,$" sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" testme "0" "dri spice" "-r -u $valid_uuid" "$test_xml" "/dev/dri/testegl2.= *rw,$" =20 +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= 4,g" "$template_xml" > "$test_xml" +testme "0" "shmem" "-r -u $valid_uuid" "$test_xml" "\"/var/lib/libvirt/shm= em-my_shmem0-sock\"\s*rw,$" + +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= 4,g" "$= template_xml" > "$test_xml" +testme "0" "shmem serverpath" "-r -u $valid_uuid" "$test_xml" "\"/var/lib/= libvirt/ivshmem_socket\"\s*rw,$" + +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= 4= ,g" "$template_xml" > "$test_xml" +testme "0" "shmem plain" "-r -u $valid_uuid" "$test_xml" "\"/dev/shm/my_sh= mem0\"\s*rw,$" + +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml" > "$test_xml" +testme "0" "shmem doorbell" "-r -u $valid_uuid" "$test_xml" "\"/var/lib/li= bvirt/shmem-shmem_server-sock\"\s*rw,$" + +sed -e "s,###UUID###,$uuid,g" -e "s,###DISK###,$disk1,g" -e "s,,= ,g" "$template_xml"= > "$test_xml" +testme "0" "shmem doorbell serverpath" "-r -u $valid_uuid" "$test_xml" "\"= /var/lib/libvirt/ivshmem_socket\"\s*rw,$" + testme "0" "help" "-h" =20 echo "" >$output --=20 2.24.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Sun Apr 28 11:32:49 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 205.139.110.61 as permitted sender) client-ip=205.139.110.61; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-1.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=canonical.com ARC-Seal: i=1; a=rsa-sha256; t=1573730459; cv=none; d=zoho.com; s=zohoarc; b=Ka4R8ZGkcHbbaJR+50E7fs0jCeQeiq6b2zmnHefatsI9pfldl5/SiiuiUHxiV7iQgJCmc0dKfyKgDJscBf3QzDMvm/B20wsYVGRFDBN4e4pxbKARMV6PyEhKBOLVao8iteHJBrJXc4nD4zLBSJOXmQst6rHKYAU72/gEHv4MkU4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1573730459; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=RwaCqNwf5ZOWy3jsx/7Kje4jZRkoespNyFvgErtdRHk=; b=A8KN2LSDm7A7B710MOuIzLAfQx8jJ3ZTt/lM93NC3RouOqNcK0hH1PTVzoWExwnl6FGkZ6dbAl105YCUtWpRnR5eeC3XD/hwHCPZTUmFQnsU+jT1EC8ed5FKAOMeX3RJh9USUvurcC3/MZCupRSer8dQWr8XKYjZhs12HplQSP4= ARC-Authentication-Results: i=1; mx.zoho.com; dkim=pass; spf=pass (zoho.com: domain of redhat.com designates 205.139.110.61 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by mx.zohomail.com with SMTPS id 1573730459129567.4090924490155; Thu, 14 Nov 2019 03:20:59 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-182-RtXuc2voN66tIHCprCRU5g-1; Thu, 14 Nov 2019 06:20:56 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 84A49100550E; Thu, 14 Nov 2019 11:20:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5E91D5E254; Thu, 14 Nov 2019 11:20:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 1A73E18089C8; Thu, 14 Nov 2019 11:20:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id xAEBKnCk007335 for ; Thu, 14 Nov 2019 06:20:49 -0500 Received: by smtp.corp.redhat.com (Postfix) id 1BFB853C4; Thu, 14 Nov 2019 11:20:49 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 17C7E63A7E for ; Thu, 14 Nov 2019 11:20:49 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E8E838047A5 for ; Thu, 14 Nov 2019 11:20:48 +0000 (UTC) Received: from youngberry.canonical.com (youngberry.canonical.com [91.189.89.112]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-344-t3cTgGhQM7-Bed2ZB7c6sA-1; Thu, 14 Nov 2019 06:20:47 -0500 Received: from 2.general.paelzer.uk.vpn ([10.172.196.173] helo=localhost.localdomain) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1iVDB7-0007D9-Qu; Thu, 14 Nov 2019 11:20:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1573730457; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=RwaCqNwf5ZOWy3jsx/7Kje4jZRkoespNyFvgErtdRHk=; b=FI09WXK1szaYEELBhMEmzgP/zLbgNT1bsYoMw+2P3zxm5ajzJaqMsRXyXDXle9PBKTj7Zf p5J7Ctpk/R9t314nnKVPC5cqf3MyseMoH5maB832Ynl+qP7bPIcuTlhe9cXoPcQbsgNyGB 5CwAg/zcwGjl+i+5/jVd9y//AK6Thdw= From: Christian Ehrhardt To: libvir-list@redhat.com Date: Thu, 14 Nov 2019 12:20:39 +0100 Message-Id: <20191114112039.22239-4-christian.ehrhardt@canonical.com> In-Reply-To: <20191114112039.22239-1-christian.ehrhardt@canonical.com> References: <20191022121858.16871-1-christian.ehrhardt@canonical.com> <20191114112039.22239-1-christian.ehrhardt@canonical.com> MIME-Version: 1.0 X-MC-Unique: t3cTgGhQM7-Bed2ZB7c6sA-1 X-MC-Unique: RtXuc2voN66tIHCprCRU5g-1 X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id xAEBKnCk007335 X-loop: libvir-list@redhat.com Cc: Christian Ehrhardt , Cole Robinson Subject: [libvirt] [PATCH v2 3/3] virt-aa-helper: drop pointer checks in get_files X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 X-Mimecast-Spam-Score: 0 Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" It was mentioned that the pointers in loops like: for (i =3D 0; i < ctl->def->nserials; i++) if (ctl->def->serials[i] ... will always be !NULL or we would have a much more serious problem. Simplify the if chains in get_files by dropping these checks. Signed-off-by: Christian Ehrhardt Reviewed-by: Cole Robinson --- src/security/virt-aa-helper.c | 135 ++++++++++++++++------------------ 1 file changed, 63 insertions(+), 72 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index c6c4bb9bd0..17f49a6259 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -965,8 +965,7 @@ get_files(vahControl * ctl) } =20 for (i =3D 0; i < ctl->def->nserials; i++) - if (ctl->def->serials[i] && - (ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _PTY || + if ((ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _PTY || ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _DEV || ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _FILE || ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _UNIX || @@ -980,8 +979,7 @@ get_files(vahControl * ctl) goto cleanup; =20 for (i =3D 0; i < ctl->def->nconsoles; i++) - if (ctl->def->consoles[i] && - (ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PTY || + if ((ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PTY || ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_DEV || ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_FILE || ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_UNIX || @@ -993,8 +991,7 @@ get_files(vahControl * ctl) goto cleanup; =20 for (i =3D 0; i < ctl->def->nparallels; i++) - if (ctl->def->parallels[i] && - (ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_PTY || + if ((ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_PTY || ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_DEV || ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_FILE || ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_UNIX || @@ -1008,8 +1005,7 @@ get_files(vahControl * ctl) goto cleanup; =20 for (i =3D 0; i < ctl->def->nchannels; i++) - if (ctl->def->channels[i] && - (ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PTY || + if ((ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PTY || ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_DEV || ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_FILE || ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_UNIX || @@ -1082,76 +1078,74 @@ get_files(vahControl * ctl) "r") !=3D 0) goto cleanup; =20 - for (i =3D 0; i < ctl->def->nhostdevs; i++) - if (ctl->def->hostdevs[i]) { - virDomainHostdevDefPtr dev =3D ctl->def->hostdevs[i]; - virDomainHostdevSubsysUSBPtr usbsrc =3D &dev->source.subsys.u.= usb; - switch (dev->source.subsys.type) { - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { - virUSBDevicePtr usb =3D - virUSBDeviceNew(usbsrc->bus, usbsrc->device, NULL); + for (i =3D 0; i < ctl->def->nhostdevs; i++) { + virDomainHostdevDefPtr dev =3D ctl->def->hostdevs[i]; + virDomainHostdevSubsysUSBPtr usbsrc =3D &dev->source.subsys.u.usb; + switch (dev->source.subsys.type) { + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { + virUSBDevicePtr usb =3D + virUSBDeviceNew(usbsrc->bus, usbsrc->device, NULL); =20 - if (usb =3D=3D NULL) - continue; - - if (virHostdevFindUSBDevice(dev, true, &usb) < 0) - continue; + if (usb =3D=3D NULL) + continue; =20 - rc =3D virUSBDeviceFileIterate(usb, file_iterate_hostdev_c= b, &buf); - virUSBDeviceFree(usb); - if (rc !=3D 0) - goto cleanup; - break; - } + if (virHostdevFindUSBDevice(dev, true, &usb) < 0) + continue; =20 - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: { - virDomainHostdevSubsysMediatedDevPtr mdevsrc =3D &dev->sou= rce.subsys.u.mdev; - switch ((virMediatedDeviceModelType) mdevsrc->model) { - case VIR_MDEV_MODEL_TYPE_VFIO_PCI: - case VIR_MDEV_MODEL_TYPE_VFIO_AP: - case VIR_MDEV_MODEL_TYPE_VFIO_CCW: - needsVfio =3D true; - break; - case VIR_MDEV_MODEL_TYPE_LAST: - default: - virReportEnumRangeError(virMediatedDeviceModelType, - mdevsrc->model); - break; - } - break; - } - - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { - virPCIDevicePtr pci =3D virPCIDeviceNew( - dev->source.subsys.u.pci.addr.domain, - dev->source.subsys.u.pci.addr.bus, - dev->source.subsys.u.pci.addr.slot, - dev->source.subsys.u.pci.addr.function); + rc =3D virUSBDeviceFileIterate(usb, file_iterate_hostdev_cb, &= buf); + virUSBDeviceFree(usb); + if (rc !=3D 0) + goto cleanup; + break; + } =20 - virDomainHostdevSubsysPCIBackendType backend =3D dev->sour= ce.subsys.u.pci.backend; - if (backend =3D=3D VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO || - backend =3D=3D VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFA= ULT) { + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: { + virDomainHostdevSubsysMediatedDevPtr mdevsrc =3D &dev->source.= subsys.u.mdev; + switch ((virMediatedDeviceModelType) mdevsrc->model) { + case VIR_MDEV_MODEL_TYPE_VFIO_PCI: + case VIR_MDEV_MODEL_TYPE_VFIO_AP: + case VIR_MDEV_MODEL_TYPE_VFIO_CCW: needsVfio =3D true; - } + break; + case VIR_MDEV_MODEL_TYPE_LAST: + default: + virReportEnumRangeError(virMediatedDeviceModelType, + mdevsrc->model); + break; + } + break; + } =20 - if (pci =3D=3D NULL) - continue; + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { + virPCIDevicePtr pci =3D virPCIDeviceNew( + dev->source.subsys.u.pci.addr.domain, + dev->source.subsys.u.pci.addr.bus, + dev->source.subsys.u.pci.addr.slot, + dev->source.subsys.u.pci.addr.function); + + virDomainHostdevSubsysPCIBackendType backend =3D dev->source.s= ubsys.u.pci.backend; + if (backend =3D=3D VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO || + backend =3D=3D VIR_DOMAIN_HOSTDEV_PCI_BACKEND_DEFAULT)= { + needsVfio =3D true; + } =20 - rc =3D virPCIDeviceFileIterate(pci, file_iterate_pci_cb, &= buf); - virPCIDeviceFree(pci); + if (pci =3D=3D NULL) + continue; =20 - break; - } + rc =3D virPCIDeviceFileIterate(pci, file_iterate_pci_cb, &buf); + virPCIDeviceFree(pci); =20 - default: - rc =3D 0; - break; - } /* switch */ + break; } =20 + default: + rc =3D 0; + break; + } /* switch */ + } + for (i =3D 0; i < ctl->def->nfss; i++) { - if (ctl->def->fss[i] && - ctl->def->fss[i]->type =3D=3D VIR_DOMAIN_FS_TYPE_MOUNT && + if (ctl->def->fss[i]->type =3D=3D VIR_DOMAIN_FS_TYPE_MOUNT && (ctl->def->fss[i]->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TY= PE_PATH || ctl->def->fss[i]->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TY= PE_DEFAULT) && ctl->def->fss[i]->src) { @@ -1166,16 +1160,14 @@ get_files(vahControl * ctl) } =20 for (i =3D 0; i < ctl->def->ninputs; i++) { - if (ctl->def->inputs[i] && - ctl->def->inputs[i]->type =3D=3D VIR_DOMAIN_INPUT_TYPE_PAS= STHROUGH) { + if (ctl->def->inputs[i]->type =3D=3D VIR_DOMAIN_INPUT_TYPE_PASSTHR= OUGH) { if (vah_add_file(&buf, ctl->def->inputs[i]->source.evdev, "rw"= ) !=3D 0) goto cleanup; } } =20 for (i =3D 0; i < ctl->def->nnets; i++) { - if (ctl->def->nets[i] && - ctl->def->nets[i]->type =3D=3D VIR_DOMAIN_NET_TYPE_VHOSTUS= ER && + if (ctl->def->nets[i]->type =3D=3D VIR_DOMAIN_NET_TYPE_VHOSTUSER && ctl->def->nets[i]->data.vhostuser) { virDomainChrSourceDefPtr vhu =3D ctl->def->nets[i]->data.vhost= user; =20 @@ -1186,8 +1178,7 @@ get_files(vahControl * ctl) } =20 for (i =3D 0; i < ctl->def->nmems; i++) { - if (ctl->def->mems[i] && - ctl->def->mems[i]->model =3D=3D VIR_DOMAIN_MEMORY_MODEL_NV= DIMM) { + if (ctl->def->mems[i]->model =3D=3D VIR_DOMAIN_MEMORY_MODEL_NVDIMM= ) { if (vah_add_file(&buf, ctl->def->mems[i]->nvdimmPath, "rw") != =3D 0) goto cleanup; } --=20 2.24.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list