From nobody Tue Sep 9 03:38:38 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1749732830; cv=none; d=zohomail.com; s=zohoarc; b=F5OlqqMXXBjJf9gNPIMYZfAjGwvPgci/5F3z/V+vzfHd9diGOcuvsgkRhm/vjDSvFOkWsuN4yIcoOS9VnLDuCLcKQ0/DzX4UVp7TEY3du5yMQFmyvJrh54NtN2AQLyT3XSuc1e/ShdAOMf1KB6/VROeSMOjASc9emAPKAq/PVUU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1749732830; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=iXHhJfURwP5WWy2BSh+S+DdgLsJbR2d0OoTKxIEqUgU=; b=Vd5XEzQAXseIwbDTbZXNdGx8aItzZxQ5jbAOcywiFJSm8JzDqLNBn67EmFUbw6RhF/smGrP8Wmum64k9/JPyeaqGWCcihSkO1clGTMkgGluSntpWsp6lWK8GhB3GV5h/qDyHDmrm0i2r96//VFPddiofhAK99XIOsSebSYeYi8c= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1749732830345397.9591283516952; Thu, 12 Jun 2025 05:53:50 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 31DFE149E; Thu, 12 Jun 2025 08:53:49 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 4435411F4; Thu, 12 Jun 2025 08:49:31 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 63DD2DEE; Thu, 12 Jun 2025 08:49:24 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 556D41124 for ; Thu, 12 Jun 2025 08:49:07 -0400 (EDT) Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-591-3pOCy_utNrm2dCSpC3mF0g-1; Thu, 12 Jun 2025 08:49:03 -0400 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 99E0A19560BA for ; Thu, 12 Jun 2025 12:49:02 +0000 (UTC) Received: from localhost.localdomain (unknown [10.43.3.236]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id DEB9B195609D for ; Thu, 12 Jun 2025 12:49:01 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1749732547; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=OROthnZuCo48zOWjsz/Q8oBZICLnidk7ZlZwQGVk0EQ=; b=hMFkPbIJvViF7PUrkOPEDQYXi1LXKY3PwhA/vJ+ZsdFO94AC5O/I7EN9cWxvGND1nf9Hwb bMHk8axAw/5lRvCGqeIPeoWKH7TN5sOQY0z8JlrDUFBVMPW8/GjE88uJc+32C18qaFXGQZ 0TXA+Wvs8G6Lc/ORba1W+Hus74wiYfc= X-MC-Unique: 3pOCy_utNrm2dCSpC3mF0g-1 X-Mimecast-MFC-AGG-ID: 3pOCy_utNrm2dCSpC3mF0g_1749732542 To: devel@lists.libvirt.org Subject: [PATCH 10/15] virt-aa-helper: Simplify paths collection Date: Thu, 12 Jun 2025 14:48:42 +0200 Message-ID: <7df3ab076aae048fc782e4b7f5bd07b89194c8c8.1749732372.git.mprivozn@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: ZALu9hy3DTJF3lM3VmHFALdMf_jIkqELEwnT9HZs6HE_1749732542 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: CWCGO2GU77U672PGHSWEVPL4D2XXCKDF X-Message-ID-Hash: CWCGO2GU77U672PGHSWEVPL4D2XXCKDF X-MailFrom: mprivozn@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Michal Privoznik via Devel Reply-To: Michal Privoznik X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1749732831885116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Michal Privoznik The way virt-aa-helper works is the following: the apparmor secdriver formats domain XML, spawns virt-aa-helper process and feeds it with domain XML (through stdin). The helper process then parses the XML and iterates over devices, appending paths in each loop. These loops usually are in the following form: for (i =3D 0; i < ctl->def->nserials; i++) { if (ctl->def->serials[i] && ... } While we are probably honourable members of tautology club, those NULL checks are redundant. Our XML parses would never append NULL into def->devices array. If it did, we're in way bigger problems anyway. Then, constantly dereferencing ctl->def just to get to a path that's hidden a couple of structures deep gets hard to read. Just introduce temporary variables. Signed-off-by: Michal Privoznik --- src/security/virt-aa-helper.c | 329 ++++++++++++++++++---------------- 1 file changed, 173 insertions(+), 156 deletions(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index a56d7e9062..2fac65f108 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -904,63 +904,79 @@ get_files(vahControl * ctl) goto cleanup; } =20 - for (i =3D 0; i < ctl->def->nserials; i++) - if (ctl->def->serials[i] && - (ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _PTY || - ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _DEV || - ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _FILE || - ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _UNIX || - ctl->def->serials[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYPE= _PIPE) && - ctl->def->serials[i]->source->data.file.path && - ctl->def->serials[i]->source->data.file.path[0] !=3D '\0') + for (i =3D 0; i < ctl->def->nserials; i++) { + virDomainChrDef *chr =3D ctl->def->serials[i]; + + if ((chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PTY || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_DEV || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_FILE || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNIX || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PIPE) && + chr->source->data.file.path && + chr->source->data.file.path[0] !=3D '\0') { if (vah_add_file_chardev(&buf, - ctl->def->serials[i]->source->data.fi= le.path, + chr->source->data.file.path, "rw", - ctl->def->serials[i]->source->type) != =3D 0) + chr->source->type) !=3D 0) { goto cleanup; + } + } + } =20 - for (i =3D 0; i < ctl->def->nconsoles; i++) - if (ctl->def->consoles[i] && - (ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PTY || - ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_DEV || - ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_FILE || - ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_UNIX || - ctl->def->consoles[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PIPE) && - ctl->def->consoles[i]->source->data.file.path && - ctl->def->consoles[i]->source->data.file.path[0] !=3D '\0') + for (i =3D 0; i < ctl->def->nconsoles; i++) { + virDomainChrDef *chr =3D ctl->def->consoles[i]; + + if ((chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PTY || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_DEV || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_FILE || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNIX || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PIPE) && + chr->source->data.file.path && + chr->source->data.file.path[0] !=3D '\0') { if (vah_add_file(&buf, - ctl->def->consoles[i]->source->data.file.path= , "rw") !=3D 0) + chr->source->data.file.path, "rw") !=3D 0) { goto cleanup; + } + } + } =20 - for (i =3D 0; i < ctl->def->nparallels; i++) - if (ctl->def->parallels[i] && - (ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_PTY || - ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_DEV || - ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_FILE || - ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_UNIX || - ctl->def->parallels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TY= PE_PIPE) && - ctl->def->parallels[i]->source->data.file.path && - ctl->def->parallels[i]->source->data.file.path[0] !=3D '\0') + for (i =3D 0; i < ctl->def->nparallels; i++) { + virDomainChrDef *chr =3D ctl->def->parallels[i]; + + if ((chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PTY || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_DEV || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_FILE || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNIX || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PIPE) && + chr->source->data.file.path && + chr->source->data.file.path[0] !=3D '\0') { if (vah_add_file_chardev(&buf, - ctl->def->parallels[i]->source->data.= file.path, + chr->source->data.file.path, "rw", - ctl->def->parallels[i]->source->type)= !=3D 0) + chr->source->type) !=3D 0) { goto cleanup; + } + } + } + + for (i =3D 0; i < ctl->def->nchannels; i++) { + virDomainChrDef *chr =3D ctl->def->channels[i]; =20 - for (i =3D 0; i < ctl->def->nchannels; i++) - if (ctl->def->channels[i] && - (ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PTY || - ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_DEV || - ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_FILE || - ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_UNIX || - ctl->def->channels[i]->source->type =3D=3D VIR_DOMAIN_CHR_TYP= E_PIPE) && - ctl->def->channels[i]->source->data.file.path && - ctl->def->channels[i]->source->data.file.path[0] !=3D '\0') + if ((chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PTY || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_DEV || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_FILE || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_UNIX || + chr->source->type =3D=3D VIR_DOMAIN_CHR_TYPE_PIPE) && + chr->source->data.file.path && + chr->source->data.file.path[0] !=3D '\0') { if (vah_add_file_chardev(&buf, - ctl->def->channels[i]->source->data.f= ile.path, + chr->source->data.file.path, "rw", - ctl->def->channels[i]->source->type) = !=3D 0) + chr->source->type) !=3D 0) { goto cleanup; + } + } + } =20 if (ctl->def->os.kernel) if (vah_add_file(&buf, ctl->def->os.kernel, "r") !=3D 0) @@ -1037,81 +1053,80 @@ get_files(vahControl * ctl) "r") !=3D 0) goto cleanup; =20 - for (i =3D 0; i < ctl->def->nhostdevs; i++) - if (ctl->def->hostdevs[i]) { - virDomainHostdevDef *dev =3D ctl->def->hostdevs[i]; + for (i =3D 0; i < ctl->def->nhostdevs; i++) { + virDomainHostdevDef *dev =3D ctl->def->hostdevs[i]; =20 - if (dev->mode !=3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) - continue; - - switch (dev->source.subsys.type) { - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { - g_autoptr(virUSBDevice) usb =3D NULL; - - if (virHostdevFindUSBDevice(dev, true, &usb) < 0) - continue; - - if (dev->missing) - continue; + if (dev->mode !=3D VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) + continue; =20 - rc =3D virUSBDeviceFileIterate(usb, file_iterate_hostdev_c= b, &buf); - if (rc !=3D 0) - goto cleanup; - break; - } - - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: { - virDomainHostdevSubsysMediatedDev *mdevsrc =3D &dev->sourc= e.subsys.u.mdev; - switch (mdevsrc->model) { - case VIR_MDEV_MODEL_TYPE_VFIO_PCI: - case VIR_MDEV_MODEL_TYPE_VFIO_AP: - case VIR_MDEV_MODEL_TYPE_VFIO_CCW: - needsVfio =3D true; - break; - case VIR_MDEV_MODEL_TYPE_LAST: - default: - virReportEnumRangeError(virMediatedDeviceModelType, - mdevsrc->model); - break; - } - break; - } + switch (dev->source.subsys.type) { + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: { + g_autoptr(virUSBDevice) usb =3D NULL; =20 - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { - virPCIDevice *pci =3D virPCIDeviceNew(&dev->source.subsys.= u.pci.addr); - - virDeviceHostdevPCIDriverName driverName =3D dev->source.s= ubsys.u.pci.driver.name; - - if (driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_V= FIO || - driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_D= EFAULT) { - needsVfio =3D true; - } - - if (pci =3D=3D NULL) - continue; + if (virHostdevFindUSBDevice(dev, true, &usb) < 0) + continue; =20 - rc =3D virPCIDeviceFileIterate(pci, file_iterate_pci_cb, &= buf); - virPCIDeviceFree(pci); + if (dev->missing) + continue; =20 + rc =3D virUSBDeviceFileIterate(usb, file_iterate_hostdev_cb, &= buf); + if (rc !=3D 0) + goto cleanup; + break; + } + + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_MDEV: { + virDomainHostdevSubsysMediatedDev *mdevsrc =3D &dev->source.su= bsys.u.mdev; + switch (mdevsrc->model) { + case VIR_MDEV_MODEL_TYPE_VFIO_PCI: + case VIR_MDEV_MODEL_TYPE_VFIO_AP: + case VIR_MDEV_MODEL_TYPE_VFIO_CCW: + needsVfio =3D true; break; - } - - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: - case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: + case VIR_MDEV_MODEL_TYPE_LAST: default: - rc =3D 0; + virReportEnumRangeError(virMediatedDeviceModelType, + mdevsrc->model); break; - } /* switch */ + } + break; } =20 + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: { + virPCIDevice *pci =3D virPCIDeviceNew(&dev->source.subsys.u.pc= i.addr); + + virDeviceHostdevPCIDriverName driverName =3D dev->source.subsy= s.u.pci.driver.name; + + if (driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO = || + driverName =3D=3D VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_DEFAU= LT) { + needsVfio =3D true; + } + + if (pci =3D=3D NULL) + continue; + + rc =3D virPCIDeviceFileIterate(pci, file_iterate_pci_cb, &buf); + virPCIDeviceFree(pci); + + break; + } + + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI: + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_SCSI_HOST: + case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_LAST: + default: + rc =3D 0; + break; + } /* switch */ + } + for (i =3D 0; i < ctl->def->nfss; i++) { - if (ctl->def->fss[i] && - ctl->def->fss[i]->type =3D=3D VIR_DOMAIN_FS_TYPE_MOUNT && - (ctl->def->fss[i]->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TY= PE_PATH || - ctl->def->fss[i]->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TY= PE_DEFAULT) && - ctl->def->fss[i]->src) { - virDomainFSDef *fs =3D ctl->def->fss[i]; + virDomainFSDef *fs =3D ctl->def->fss[i]; + + if (fs->type =3D=3D VIR_DOMAIN_FS_TYPE_MOUNT && + (fs->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TYPE_PATH || + fs->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TYPE_DEFAULT) && + fs->src) { =20 /* We don't need to add deny rw rules for readonly mounts, * this can only lead to troubles when mounting / readonly. @@ -1122,22 +1137,24 @@ get_files(vahControl * ctl) } =20 for (i =3D 0; i < ctl->def->ninputs; i++) { - if (ctl->def->inputs[i] && - (ctl->def->inputs[i]->type =3D=3D VIR_DOMAIN_INPUT_TYPE_PA= SSTHROUGH || - ctl->def->inputs[i]->type =3D=3D VIR_DOMAIN_INPUT_TYPE_EV= DEV)) { + virDomainInputDef *input =3D ctl->def->inputs[i]; + + if (input->type =3D=3D VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH || + input->type =3D=3D VIR_DOMAIN_INPUT_TYPE_EVDEV) { if (vah_add_file(&buf, ctl->def->inputs[i]->source.evdev, "rw"= ) !=3D 0) goto cleanup; } } =20 for (i =3D 0; i < ctl->def->nnets; i++) { - if (ctl->def->nets[i] && - ctl->def->nets[i]->type =3D=3D VIR_DOMAIN_NET_TYPE_VHOSTUS= ER && - ctl->def->nets[i]->data.vhostuser) { + virDomainNetDef *net =3D ctl->def->nets[i]; + + if (net->type =3D=3D VIR_DOMAIN_NET_TYPE_VHOSTUSER && + net->data.vhostuser) { virDomainChrSourceDef *vhu =3D ctl->def->nets[i]->data.vhostus= er; =20 if (vah_add_file_chardev(&buf, vhu->data.nix.path, "rw", - vhu->type) !=3D 0) + vhu->type) !=3D 0) goto cleanup; } } @@ -1170,10 +1187,11 @@ get_files(vahControl * ctl) } =20 for (i =3D 0; i < ctl->def->nsysinfo; i++) { + virSysinfoDef *sysinfo =3D ctl->def->sysinfo[i]; size_t j; =20 - for (j =3D 0; j < ctl->def->sysinfo[i]->nfw_cfgs; j++) { - virSysinfoFWCfgDef *f =3D &ctl->def->sysinfo[i]->fw_cfgs[j]; + for (j =3D 0; j < sysinfo->nfw_cfgs; j++) { + virSysinfoFWCfgDef *f =3D &sysinfo->fw_cfgs[j]; =20 if (f->file && vah_add_file(&buf, f->file, "r") !=3D 0) @@ -1216,50 +1234,49 @@ get_files(vahControl * ctl) } =20 =20 - if (ctl->def->ntpms > 0) { + for (i =3D 0; i < ctl->def->ntpms; i++) { + virDomainTPMDef *tpm =3D ctl->def->tpms[i]; char *shortName =3D NULL; const char *tpmpath =3D NULL; =20 - for (i =3D 0; i < ctl->def->ntpms; i++) { - if (ctl->def->tpms[i]->type !=3D VIR_DOMAIN_TPM_TYPE_EMULATOR) - continue; - - shortName =3D virDomainDefGetShortName(ctl->def); - - switch (ctl->def->tpms[i]->data.emulator.version) { - case VIR_DOMAIN_TPM_VERSION_1_2: - tpmpath =3D "tpm1.2"; - break; - case VIR_DOMAIN_TPM_VERSION_2_0: - tpmpath =3D "tpm2"; - break; - case VIR_DOMAIN_TPM_VERSION_DEFAULT: - case VIR_DOMAIN_TPM_VERSION_LAST: - break; - } - - /* Unix socket for QEMU and swtpm to use */ - virBufferAsprintf(&buf, - " \"%s/libvirt/qemu/swtpm/%s-swtpm.sock\" rw,\n", - RUNSTATEDIR, shortName); - /* Paths for swtpm to use: give it access to its state - * directory (state files and fsync on dir), log, and PID file= s. - */ - virBufferAsprintf(&buf, - " \"%s/lib/libvirt/swtpm/%s/%s/\" r,\n", - LOCALSTATEDIR, uuidstr, tpmpath); - virBufferAsprintf(&buf, - " \"%s/lib/libvirt/swtpm/%s/%s/**\" rwk,\n", - LOCALSTATEDIR, uuidstr, tpmpath); - virBufferAsprintf(&buf, - " \"%s/log/swtpm/libvirt/qemu/%s-swtpm.log\" w,\n", - LOCALSTATEDIR, ctl->def->name); - virBufferAsprintf(&buf, - " \"%s/libvirt/qemu/swtpm/%s-swtpm.pid\" rw,\n", - RUNSTATEDIR, shortName); - - VIR_FREE(shortName); + if (tpm->type !=3D VIR_DOMAIN_TPM_TYPE_EMULATOR) + continue; + + shortName =3D virDomainDefGetShortName(ctl->def); + + switch (tpm->data.emulator.version) { + case VIR_DOMAIN_TPM_VERSION_1_2: + tpmpath =3D "tpm1.2"; + break; + case VIR_DOMAIN_TPM_VERSION_2_0: + tpmpath =3D "tpm2"; + break; + case VIR_DOMAIN_TPM_VERSION_DEFAULT: + case VIR_DOMAIN_TPM_VERSION_LAST: + break; } + + /* Unix socket for QEMU and swtpm to use */ + virBufferAsprintf(&buf, + " \"%s/libvirt/qemu/swtpm/%s-swtpm.sock\" rw,\n= ", + RUNSTATEDIR, shortName); + /* Paths for swtpm to use: give it access to its state + * directory (state files and fsync on dir), log, and PID files. + */ + virBufferAsprintf(&buf, + " \"%s/lib/libvirt/swtpm/%s/%s/\" r,\n", + LOCALSTATEDIR, uuidstr, tpmpath); + virBufferAsprintf(&buf, + " \"%s/lib/libvirt/swtpm/%s/%s/**\" rwk,\n", + LOCALSTATEDIR, uuidstr, tpmpath); + virBufferAsprintf(&buf, + " \"%s/log/swtpm/libvirt/qemu/%s-swtpm.log\" w,= \n", + LOCALSTATEDIR, ctl->def->name); + virBufferAsprintf(&buf, + " \"%s/libvirt/qemu/swtpm/%s-swtpm.pid\" rw,\n", + RUNSTATEDIR, shortName); + + VIR_FREE(shortName); } =20 for (i =3D 0; i < ctl->def->nsmartcards; i++) { --=20 2.49.0