From nobody Tue Sep 9 19:05:56 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1752683639145419.82180579435703; Wed, 16 Jul 2025 09:33:59 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 2AF4C1542; Wed, 16 Jul 2025 12:33:58 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id DF3B1151E; Wed, 16 Jul 2025 12:31:44 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id D5D451559; Wed, 16 Jul 2025 12:31:38 -0400 (EDT) Received: from mail-ej1-f47.google.com (mail-ej1-f47.google.com [209.85.218.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 5EA9114A6 for ; Wed, 16 Jul 2025 12:31:28 -0400 (EDT) Received: by mail-ej1-f47.google.com with SMTP id a640c23a62f3a-ae9c2754a00so4558666b.2 for ; Wed, 16 Jul 2025 09:31:28 -0700 (PDT) Received: from tulp.my.domain (80-115-115-199.cable.dynamic.v4.ziggo.nl. [80.115.115.199]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-ae6e82645fdsm1228404866b.97.2025.07.16.09.31.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jul 2025 09:31:25 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1752683487; x=1753288287; darn=lists.libvirt.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=5M9dpQbJJzSUJOxiJhIN1Xqcly0NpknDrz11s+qnnDc=; b=M03UTBqi1QM4AQ5FSXOSovjXeGABQBTQkSPtE8gaataQSILLpQFpCSLY+1klFMGTrw NKb3BBNj3w385mX8H0fjGbTIrYq13eRhkVE5wOJiote7OUksGaac2qZmHBeNsFOLeG1D 3R/RLAvctWK27+cE70bC4AO6EfW/K9TLBBFq+UJgQfRAaW0Kp+BaSWiiTA7GjSy9tZXZ jS9b+UrN0VE2H/EXZMHyA3fPsO+l17P/OqPtYqkOjeutCafm42QXUGFWYnYymNc44Qof PACYjxmu2ZfJPbFQK+6jY2We+dLgRVDwQaUO9c0dMCoEr5Pec8fu+YdUOf+5ZOZ3ugsI nxxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752683487; x=1753288287; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5M9dpQbJJzSUJOxiJhIN1Xqcly0NpknDrz11s+qnnDc=; b=lch74ZleJOYfvG0XiWDX8+AFub1rF2Z3XzwKTRpCFLJAClOSTMPGf3hA7j5cTJGFC6 6GSLE+aGVSHRVBifNDqxA/Rw8PvBXZKc1IfTFbzK5TbL1C/mHKqd3jRZ9GyrzMnE8QEw KOk+7x2W+WSNNTRP1jYNtF6c7B56mGOa69iz11092Gce7zNyJrfPr3ClpdOGR06ttPZI 3kmCLpdZj/BW2UXVCJhMGWbnV5zCroMmOdgpOfMlxzHXh44/as0y2/HRZAZlFaQM1Vm/ RCvixTDf++emSnVqMbdfP0Y/3UYmn5RKKwCc+amA6ra8D2+pEh0TFnw6BgNqhJAwtQ70 FAcw== X-Gm-Message-State: AOJu0YyfhkvQSdQObig+cAOGxnX7Dbwq7Vph6VeMDyxrPwCVzT1G9XV3 p4SoWGXDH9w4sbB3catRwU6KUsXkMVvtSdm6rwoAbF0wIP+Xv0dN0KM4MCMIRctEhHnLWQ== X-Gm-Gg: ASbGncsZrH6qmt1GmpRhdvI+CBWsFTZy/ZaQiyqluLNwcbkXagHOp3y8Mr+Oc3PY8i3 xmYA0xJ3LerblJJF/zVXY2wp8VldLfZt12tE74ey09ydCkmeJFySx55E7nh2QenPK5tSQpepl76 X8AUJBgg0hvzwf2pUQAoTiclObr+rpoab5RgYnzhh/DyD4LTdATCwkd72uPfSJQBq6Ao1EIB24P kXzLbNljTMSM8vg6+j0AioLWkm4D4d7wktXMZwtfRJCBAGxb/67X9hZLFNF+B2CyM5F3Hci1M9/ ftbcYnGgc6vbsO19JT8Etp/nIxKPQKFjEuF9ZqY2QJ2SKvHE50a79ljiAlHuCkyHMQt/2+tQQzI 3sdcv81tRw7zLwRZW1XU+x3/PGELaZ4IT5H+zRMCV72W5qfaKK1upIg+NoDOcnEM4Jmd78so= X-Google-Smtp-Source: AGHT+IGs6CkZroVAveVGVa0tsg9AvVWF55taBJSvJ6IUbHMJILdo1CohReKp7sR8TKf7Qeu8FgZ7sA== X-Received: by 2002:a17:907:1b13:b0:ae3:cac0:f47c with SMTP id a640c23a62f3a-ae9c99d7f44mr394686166b.26.1752683486346; Wed, 16 Jul 2025 09:31:26 -0700 (PDT) From: Roman Bogorodskiy To: devel@lists.libvirt.org Subject: [PATCH v2 4/5] bhyve: validate serial devices validation Date: Wed, 16 Jul 2025 18:28:46 +0200 Message-ID: <20250716162847.57145-5-bogorodskiy@gmail.com> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250716162847.57145-1-bogorodskiy@gmail.com> References: <20250716162847.57145-1-bogorodskiy@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 3LKBRW33HDTSM67OV3DYLHFKXWTES3EQ X-Message-ID-Hash: 3LKBRW33HDTSM67OV3DYLHFKXWTES3EQ X-MailFrom: bogorodskiy@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Roman Bogorodskiy X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1752683640596116600 Content-Type: text/plain; charset="utf-8" Extend bhyveDomainDeviceDefValidate() to check that: - only 'nmdm' or 'tcp' serial devices are used, - serial device count is not more than supported, - only listening raw TCP sockets are used. Signed-off-by: Roman Bogorodskiy Reviewed-by: Daniel P. Berrang=C3=A9 --- src/bhyve/bhyve_domain.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/bhyve/bhyve_domain.c b/src/bhyve/bhyve_domain.c index c9bbf27d83..9dec300a99 100644 --- a/src/bhyve/bhyve_domain.c +++ b/src/bhyve/bhyve_domain.c @@ -263,6 +263,33 @@ bhyveDomainDeviceDefValidate(const virDomainDeviceDef = *dev, _("Only 'virio' RNG device model is supported")= ); return -1; } + } else if (dev->type =3D=3D VIR_DOMAIN_DEVICE_CHR && + dev->data.chr->deviceType =3D=3D VIR_DOMAIN_CHR_DEVICE_TYPE= _SERIAL) { + virDomainChrDef *chr =3D dev->data.chr; + if (chr->source->type !=3D VIR_DOMAIN_CHR_TYPE_NMDM && + chr->source->type !=3D VIR_DOMAIN_CHR_TYPE_TCP) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Only 'nmdm' and 'tcp' console types are supp= orted")); + return -1; + } + if (chr->target.port > 3) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Only four serial ports are supported")); + return -1; + } + if (chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_TCP) { + if (chr->source->data.tcp.listen =3D=3D false) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Only listening TCP sockets are supported= ")); + return -1; + } + + if (chr->source->data.tcp.protocol !=3D VIR_DOMAIN_CHR_TCP_PRO= TOCOL_RAW) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Only 'raw' protocol is supported for TCP= sockets")); + return -1; + } + } } =20 return 0; --=20 2.49.0