From nobody Mon Feb 9 21:21:45 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1644000798; cv=none; d=zohomail.com; s=zohoarc; b=CZ6AV3jI+Ag1RAa0UwzqtOc10erEEOZl63DYwxdUP+GQ2ghp9vouPPKdnRE6ujoFnvIfdvHnVPSw30/drfVVPTh9fGrnZaYBHBnkYn0EZhb1ke67BgHARxq+MJuRN6KxGxCCU0mFOksD2dA2Vx4CRUQ0vUqyWrfzZ7PJNl7XS2s= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1644000798; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=NOJmSJ+cc7DrRuXWsGcOgC66gA6NuADefBcm3oCYJ2k=; b=PM/xxinyLprexij93bKWjs/+TmXiER+whigrgjT581x2xN7pCms2Upq2obAuf71Xb6gEGSy1tnAE9i6WkW10pYVQ/grs2A1pLe845oRpd8F1qyh8vl/VvYlapEmB9VdGMlIrJdMS47HxnzzetdTw5LI3UfbGahL0uYG7qDuck7c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1644000798665130.07671213585888; Fri, 4 Feb 2022 10:53:18 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-318-WQJmeWcJNKShT99dE48Z4Q-1; Fri, 04 Feb 2022 13:53:14 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 758F01091DBB; Fri, 4 Feb 2022 18:53:08 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 577A87A436; Fri, 4 Feb 2022 18:53:08 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 2825C1806D1D; Fri, 4 Feb 2022 18:53:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 214Ipc7l002290 for ; Fri, 4 Feb 2022 13:51:38 -0500 Received: by smtp.corp.redhat.com (Postfix) id D7F0F70F53; Fri, 4 Feb 2022 18:51:38 +0000 (UTC) Received: from harajuku.usersys.redhat.com (unknown [10.40.193.119]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E4C54703B5 for ; Fri, 4 Feb 2022 18:51:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1644000797; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=NOJmSJ+cc7DrRuXWsGcOgC66gA6NuADefBcm3oCYJ2k=; b=NW+Z9Rp1IoB15b/W1EHgWTYsHB3NWuHBEt918Gh3xQeJFDTG8t9Z3xEr73egOuxdk+acwt 8bc1G6O9UKvqH3OM34yeru5DbqZsgdiXg0cs7CSDrPNDRFieyGsRl7iZqZWPaPZs8nLU0X NueTdTgsmdXNRfVA7BVCLo/GT9SfI2Q= X-MC-Unique: WQJmeWcJNKShT99dE48Z4Q-1 From: Andrea Bolognani To: libvir-list@redhat.com Subject: [libvirt PATCH 14/14] qemu: Move high-level actions close together Date: Fri, 4 Feb 2022 19:51:17 +0100 Message-Id: <20220204185117.61149-15-abologna@redhat.com> In-Reply-To: <20220204185117.61149-1-abologna@redhat.com> References: <20220204185117.61149-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1644000812640100002 Content-Type: text/plain; charset="utf-8" Signed-off-by: Andrea Bolognani --- src/qemu/qemu_tpm.c | 245 +++++++++++++++++++++++--------------------- 1 file changed, 128 insertions(+), 117 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 4c0b42e7ff..50f9caabf3 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -224,123 +224,6 @@ qemuTPMEmulatorDeleteStorage(virDomainTPMDef *tpm) } =20 =20 -/* - * qemuTPMEmulatorInitPaths: - * - * @tpm: TPM definition for an emulator type - * @swtpmStorageDir: the general swtpm storage dir which is used as a base - * directory for creating VM specific directories - * @logDir: directory where swtpm writes its logs into - * @vmname: name of the VM - * @uuid: the UUID of the VM - */ -static int -qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, - const char *swtpmStorageDir, - const char *logDir, - const char *vmname, - const unsigned char *uuid) -{ - char uuidstr[VIR_UUID_STRING_BUFLEN]; - - virUUIDFormat(uuid, uuidstr); - - if (!tpm->data.emulator.storagepath && - !(tpm->data.emulator.storagepath =3D - qemuTPMEmulatorStorageBuildPath(swtpmStorageDir, uuidstr, - tpm->version))) - return -1; - - if (!tpm->data.emulator.logfile) { - tpm->data.emulator.logfile =3D qemuTPMEmulatorLogBuildPath(logDir, - vmname); - } - - return 0; -} - - -/** - * qemuTPMEmulatorCleanupHost: - * @tpm: TPM definition - * - * Clean up persistent storage for the swtpm. - */ -static void -qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm) -{ - if (!tpm->data.emulator.persistent_state) - qemuTPMEmulatorDeleteStorage(tpm); -} - - -/* - * qemuTPMEmulatorPrepareHost: - * - * @tpm: tpm definition - * @logDir: directory where swtpm writes its logs into - * @swtpm_user: uid to run the swtpm with - * @swtpm_group: gid to run the swtpm with - * @swtpmStateDir: directory for swtpm runtime state - * @qemu_user: uid that qemu will run with; we share the socket file with = it - * @shortName: short and unique name of the domain - * - * Prepare the log directory for the swtpm and adjust ownership of it and = the - * log file we will be using. Prepare the state directory where we will sh= are - * the socket between tss and qemu users. - */ -static int -qemuTPMEmulatorPrepareHost(virDomainTPMDef *tpm, - const char *logDir, - uid_t swtpm_user, - gid_t swtpm_group, - const char *swtpmStateDir, - uid_t qemu_user, - const char *shortName) -{ - /* create log dir ... allow 'tss' user to cd into it */ - if (g_mkdir_with_parents(logDir, 0711) < 0) - return -1; - - /* ... and adjust ownership */ - if (virDirCreate(logDir, 0730, swtpm_user, swtpm_group, - VIR_DIR_CREATE_ALLOW_EXIST) < 0) - return -1; - - if (!virFileExists(tpm->data.emulator.logfile) && - virFileTouch(tpm->data.emulator.logfile, 0644) < 0) { - return -1; - } - - /* ... and make sure it can be accessed by swtpm_user */ - if (chown(tpm->data.emulator.logfile, swtpm_user, swtpm_group) < 0) { - virReportSystemError(errno, - _("Could not chown on swtpm logfile %s"), - tpm->data.emulator.logfile); - return -1; - } - - /* - create our swtpm state dir ... - - QEMU user needs to be able to access the socket there - - swtpm group needs to be able to create files there - - in privileged mode 0570 would be enough, for non-privileged mode - we need 0770 - */ - if (virDirCreate(swtpmStateDir, 0770, qemu_user, swtpm_group, - VIR_DIR_CREATE_ALLOW_EXIST) < 0) - return -1; - - /* create the socket filename */ - if (!tpm->data.emulator.source->data.nix.path && - !(tpm->data.emulator.source->data.nix.path =3D - qemuTPMEmulatorSocketBuildPath(swtpmStateDir, shortName))) - return -1; - tpm->data.emulator.source->type =3D VIR_DOMAIN_CHR_TYPE_UNIX; - - return 0; -} - /* * qemuTPMSetupEncryption * @@ -772,6 +655,134 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, } =20 =20 +/* -------------------- + * High-level actions + * -------------------- + * + * Each of these corresponds to one of the public entry points + * defined below, but operates on a single TPM device instead of the + * entire VM. + */ + + +/* + * qemuTPMEmulatorInitPaths: + * + * @tpm: TPM definition for an emulator type + * @swtpmStorageDir: the general swtpm storage dir which is used as a base + * directory for creating VM specific directories + * @logDir: directory where swtpm writes its logs into + * @vmname: name of the VM + * @uuid: the UUID of the VM + */ +static int +qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, + const char *swtpmStorageDir, + const char *logDir, + const char *vmname, + const unsigned char *uuid) +{ + char uuidstr[VIR_UUID_STRING_BUFLEN]; + + virUUIDFormat(uuid, uuidstr); + + if (!tpm->data.emulator.storagepath && + !(tpm->data.emulator.storagepath =3D + qemuTPMEmulatorStorageBuildPath(swtpmStorageDir, uuidstr, + tpm->version))) + return -1; + + if (!tpm->data.emulator.logfile) { + tpm->data.emulator.logfile =3D qemuTPMEmulatorLogBuildPath(logDir, + vmname); + } + + return 0; +} + + +/** + * qemuTPMEmulatorCleanupHost: + * @tpm: TPM definition + * + * Clean up persistent storage for the swtpm. + */ +static void +qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm) +{ + if (!tpm->data.emulator.persistent_state) + qemuTPMEmulatorDeleteStorage(tpm); +} + + +/* + * qemuTPMEmulatorPrepareHost: + * + * @tpm: tpm definition + * @logDir: directory where swtpm writes its logs into + * @swtpm_user: uid to run the swtpm with + * @swtpm_group: gid to run the swtpm with + * @swtpmStateDir: directory for swtpm runtime state + * @qemu_user: uid that qemu will run with; we share the socket file with = it + * @shortName: short and unique name of the domain + * + * Prepare the log directory for the swtpm and adjust ownership of it and = the + * log file we will be using. Prepare the state directory where we will sh= are + * the socket between tss and qemu users. + */ +static int +qemuTPMEmulatorPrepareHost(virDomainTPMDef *tpm, + const char *logDir, + uid_t swtpm_user, + gid_t swtpm_group, + const char *swtpmStateDir, + uid_t qemu_user, + const char *shortName) +{ + /* create log dir ... allow 'tss' user to cd into it */ + if (g_mkdir_with_parents(logDir, 0711) < 0) + return -1; + + /* ... and adjust ownership */ + if (virDirCreate(logDir, 0730, swtpm_user, swtpm_group, + VIR_DIR_CREATE_ALLOW_EXIST) < 0) + return -1; + + if (!virFileExists(tpm->data.emulator.logfile) && + virFileTouch(tpm->data.emulator.logfile, 0644) < 0) { + return -1; + } + + /* ... and make sure it can be accessed by swtpm_user */ + if (chown(tpm->data.emulator.logfile, swtpm_user, swtpm_group) < 0) { + virReportSystemError(errno, + _("Could not chown on swtpm logfile %s"), + tpm->data.emulator.logfile); + return -1; + } + + /* + create our swtpm state dir ... + - QEMU user needs to be able to access the socket there + - swtpm group needs to be able to create files there + - in privileged mode 0570 would be enough, for non-privileged mode + we need 0770 + */ + if (virDirCreate(swtpmStateDir, 0770, qemu_user, swtpm_group, + VIR_DIR_CREATE_ALLOW_EXIST) < 0) + return -1; + + /* create the socket filename */ + if (!tpm->data.emulator.source->data.nix.path && + !(tpm->data.emulator.source->data.nix.path =3D + qemuTPMEmulatorSocketBuildPath(swtpmStateDir, shortName))) + return -1; + tpm->data.emulator.source->type =3D VIR_DOMAIN_CHR_TYPE_UNIX; + + return 0; +} + + /* * qemuTPMEmulatorStop * @swtpmStateDir: A directory where the socket is located --=20 2.34.1