1. Patchew
  2. Libvirt
  3. [RFC PATCH v2 0/8] swtpm: Add support for profiles
  4. View patch

[RFC PATCH v2 2/8] qemu: Pass virQEMUDriverConfig rather than some of its fields

Stefan Berger posted 8 patches 1 year, 4 months ago
There is a newer version of this series
[RFC PATCH v2 2/8] qemu: Pass virQEMUDriverConfig rather than some of its fields
Posted by Stefan Berger 1 year, 4 months ago 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_tpm.c | 47 +++++++++++++++++----------------------------
 1 file changed, 18 insertions(+), 29 deletions(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 592fcc62fa..e8e7e8b5c1 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -347,9 +347,7 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
  * @vmname: the name of the VM
  * @vmuuid: the UUID of the VM
  * @privileged: whether we are running in privileged mode
- * @swtpm_user: The userid to switch to when setting up the TPM;
- *              typically this should be the uid of 'tss' or 'root'
- * @swtpm_group: The group id to switch to
+ * @cfg: virQEMUDriverConfig
  * @emulator: emulator parameters
  * @secretuuid: UUID describing virStorageEncryption holding secret
  * @incomingMigration: whether we have an incoming migration
@@ -362,8 +360,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
                         const char *vmname,
                         const unsigned char *vmuuid,
                         bool privileged,
-                        uid_t swtpm_user,
-                        gid_t swtpm_group,
+                        const virQEMUDriverConfig *cfg,
                         const virDomainTPMEmulatorDef *emulator,
                         const unsigned char *secretuuid,
                         bool incomingMigration)
@@ -391,8 +388,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
     virUUIDFormat(vmuuid, uuid);
     vmid = g_strdup_printf("%s:%s", vmname, uuid);
 
-    virCommandSetUID(cmd, swtpm_user);
-    virCommandSetGID(cmd, swtpm_group);
+    virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or 'root' */
+    virCommandSetGID(cmd, cfg->swtpm_group);
 
     switch (emulator->version) {
     case VIR_DOMAIN_TPM_VERSION_1_2:
@@ -463,9 +460,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
  *
  *
  * @storagepath: path to the directory for TPM state
- * @swtpm_user: The userid to switch to when setting up the TPM;
- *              typically this should be the uid of 'tss' or 'root'
- * @swtpm_group: The group id to switch to
+ * @cfg: virQEMUDriverConfig
  * @emulator: emulator parameters
  * @secretuuid: The secret's UUID needed for state encryption
  *
@@ -473,8 +468,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
  */
 static int
 qemuTPMEmulatorReconfigure(const char *storagepath,
-                           uid_t swtpm_user,
-                           gid_t swtpm_group,
+                           const virQEMUDriverConfig *cfg,
                            const virDomainTPMEmulatorDef *emulator,
                            const unsigned char *secretuuid)
 {
@@ -493,8 +487,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
 
     cmd = virCommandNew(swtpm_setup);
 
-    virCommandSetUID(cmd, swtpm_user);
-    virCommandSetGID(cmd, swtpm_group);
+    virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or 'root' */
+    virCommandSetGID(cmd, cfg->swtpm_group);
 
     virCommandAddArgList(cmd, "--tpm2", NULL);
 
@@ -528,8 +522,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
  * @vmname: The name of the VM
  * @vmuuid: The UUID of the VM
  * @privileged: whether we are running in privileged mode
- * @swtpm_user: The uid for the swtpm to run as (drop privileges to from root)
- * @swtpm_group: The gid for the swtpm to run as
+ * @cfg: virQEMUDriverConfig
  * @incomingMigration: whether we have an incoming migration
  *
  * Create the virCommand use for starting the emulator
@@ -541,8 +534,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
                             const char *vmname,
                             const unsigned char *vmuuid,
                             bool privileged,
-                            uid_t swtpm_user,
-                            gid_t swtpm_group,
+                            const virQEMUDriverConfig *cfg,
                             bool incomingMigration)
 {
     g_autoptr(virCommand) cmd = NULL;
@@ -565,7 +557,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
         create_storage = false;
 
     if (create_storage &&
-        qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_group) < 0)
+        qemuTPMEmulatorCreateStorage(tpm, &created,
+                                     cfg->swtpm_user, cfg->swtpm_group) < 0)
         return NULL;
 
     if (tpm->data.emulator.hassecretuuid)
@@ -573,16 +566,13 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
 
     if (created &&
         qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
-                                privileged, swtpm_user, swtpm_group,
-                                &tpm->data.emulator,
+                                privileged, cfg, &tpm->data.emulator,
                                 secretuuid, incomingMigration) < 0)
         goto error;
 
     if (!incomingMigration &&
-        qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath,
-                                   swtpm_user, swtpm_group,
-                                   &tpm->data.emulator,
-                                   secretuuid) < 0)
+        qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath, cfg,
+                                   &tpm->data.emulator, secretuuid) < 0)
         goto error;
 
     unlink(tpm->data.emulator.source->data.nix.path);
@@ -608,8 +598,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
 
     virCommandAddArg(cmd, "--terminate");
 
-    virCommandSetUID(cmd, swtpm_user);
-    virCommandSetGID(cmd, swtpm_group);
+    virCommandSetUID(cmd, cfg->swtpm_user);
+    virCommandSetGID(cmd, cfg->swtpm_group);
 
     switch (tpm->data.emulator.version) {
     case VIR_DOMAIN_TPM_VERSION_1_2:
@@ -926,8 +916,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
 
     if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def->uuid,
                                             driver->privileged,
-                                            cfg->swtpm_user,
-                                            cfg->swtpm_group,
+                                            cfg,
                                             incomingMigration)))
         return -1;
 
-- 
2.46.1
Re: [RFC PATCH v2 2/8] qemu: Pass virQEMUDriverConfig rather than some of its fields
Posted by Marc-André Lureau 1 year, 4 months ago 
On Thu, Sep 26, 2024 at 11:32 PM Stefan Berger <stefanb@linux.ibm.com> wrote:
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

> ---
>  src/qemu/qemu_tpm.c | 47 +++++++++++++++++----------------------------
>  1 file changed, 18 insertions(+), 29 deletions(-)
>
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index 592fcc62fa..e8e7e8b5c1 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -347,9 +347,7 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
>   * @vmname: the name of the VM
>   * @vmuuid: the UUID of the VM
>   * @privileged: whether we are running in privileged mode
> - * @swtpm_user: The userid to switch to when setting up the TPM;
> - *              typically this should be the uid of 'tss' or 'root'
> - * @swtpm_group: The group id to switch to
> + * @cfg: virQEMUDriverConfig
>   * @emulator: emulator parameters
>   * @secretuuid: UUID describing virStorageEncryption holding secret
>   * @incomingMigration: whether we have an incoming migration
> @@ -362,8 +360,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
>                          const char *vmname,
>                          const unsigned char *vmuuid,
>                          bool privileged,
> -                        uid_t swtpm_user,
> -                        gid_t swtpm_group,
> +                        const virQEMUDriverConfig *cfg,
>                          const virDomainTPMEmulatorDef *emulator,
>                          const unsigned char *secretuuid,
>                          bool incomingMigration)
> @@ -391,8 +388,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
>      virUUIDFormat(vmuuid, uuid);
>      vmid = g_strdup_printf("%s:%s", vmname, uuid);
>
> -    virCommandSetUID(cmd, swtpm_user);
> -    virCommandSetGID(cmd, swtpm_group);
> +    virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or 'root' */
> +    virCommandSetGID(cmd, cfg->swtpm_group);
>
>      switch (emulator->version) {
>      case VIR_DOMAIN_TPM_VERSION_1_2:
> @@ -463,9 +460,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
>   *
>   *
>   * @storagepath: path to the directory for TPM state
> - * @swtpm_user: The userid to switch to when setting up the TPM;
> - *              typically this should be the uid of 'tss' or 'root'
> - * @swtpm_group: The group id to switch to
> + * @cfg: virQEMUDriverConfig
>   * @emulator: emulator parameters
>   * @secretuuid: The secret's UUID needed for state encryption
>   *
> @@ -473,8 +468,7 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
>   */
>  static int
>  qemuTPMEmulatorReconfigure(const char *storagepath,
> -                           uid_t swtpm_user,
> -                           gid_t swtpm_group,
> +                           const virQEMUDriverConfig *cfg,
>                             const virDomainTPMEmulatorDef *emulator,
>                             const unsigned char *secretuuid)
>  {
> @@ -493,8 +487,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
>
>      cmd = virCommandNew(swtpm_setup);
>
> -    virCommandSetUID(cmd, swtpm_user);
> -    virCommandSetGID(cmd, swtpm_group);
> +    virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or 'root' */
> +    virCommandSetGID(cmd, cfg->swtpm_group);
>
>      virCommandAddArgList(cmd, "--tpm2", NULL);
>
> @@ -528,8 +522,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
>   * @vmname: The name of the VM
>   * @vmuuid: The UUID of the VM
>   * @privileged: whether we are running in privileged mode
> - * @swtpm_user: The uid for the swtpm to run as (drop privileges to from root)
> - * @swtpm_group: The gid for the swtpm to run as
> + * @cfg: virQEMUDriverConfig
>   * @incomingMigration: whether we have an incoming migration
>   *
>   * Create the virCommand use for starting the emulator
> @@ -541,8 +534,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
>                              const char *vmname,
>                              const unsigned char *vmuuid,
>                              bool privileged,
> -                            uid_t swtpm_user,
> -                            gid_t swtpm_group,
> +                            const virQEMUDriverConfig *cfg,
>                              bool incomingMigration)
>  {
>      g_autoptr(virCommand) cmd = NULL;
> @@ -565,7 +557,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
>          create_storage = false;
>
>      if (create_storage &&
> -        qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_group) < 0)
> +        qemuTPMEmulatorCreateStorage(tpm, &created,
> +                                     cfg->swtpm_user, cfg->swtpm_group) < 0)
>          return NULL;
>
>      if (tpm->data.emulator.hassecretuuid)
> @@ -573,16 +566,13 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
>
>      if (created &&
>          qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
> -                                privileged, swtpm_user, swtpm_group,
> -                                &tpm->data.emulator,
> +                                privileged, cfg, &tpm->data.emulator,
>                                  secretuuid, incomingMigration) < 0)
>          goto error;
>
>      if (!incomingMigration &&
> -        qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath,
> -                                   swtpm_user, swtpm_group,
> -                                   &tpm->data.emulator,
> -                                   secretuuid) < 0)
> +        qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath, cfg,
> +                                   &tpm->data.emulator, secretuuid) < 0)
>          goto error;
>
>      unlink(tpm->data.emulator.source->data.nix.path);
> @@ -608,8 +598,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
>
>      virCommandAddArg(cmd, "--terminate");
>
> -    virCommandSetUID(cmd, swtpm_user);
> -    virCommandSetGID(cmd, swtpm_group);
> +    virCommandSetUID(cmd, cfg->swtpm_user);
> +    virCommandSetGID(cmd, cfg->swtpm_group);
>
>      switch (tpm->data.emulator.version) {
>      case VIR_DOMAIN_TPM_VERSION_1_2:
> @@ -926,8 +916,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
>
>      if (!(cmd = qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def->uuid,
>                                              driver->privileged,
> -                                            cfg->swtpm_user,
> -                                            cfg->swtpm_group,
> +                                            cfg,
>                                              incomingMigration)))
>          return -1;
>
> --
> 2.46.1
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.