From nobody Mon Feb 9 05:37:19 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1639053250; cv=none; d=zohomail.com; s=zohoarc; b=X8h0L4i0+9a9yFWEmn4cDr7mgkjGGLM4gH3yXpuTDKplm4DLizjpVBNzgbl3H3JpAqQMdmALkNzUgpgIaDZE8F3CPkAXCA2VVIU5py5o+Y+RceHrFX5BPUrcZcnAl34RZMw3PiRjCOJsIr1cZxE6qHohlNDVPQs6s3Ks3TZdQo0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1639053250; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aTWrbm0X2EtZmz72NVx/L9TE6HzP9qSWvTu+iWxPZyQ=; b=LhB/7hRF9eWmvxJ8UuQMwS90t8AnDSQg+hbeQyuGwcT/dXXyjSbGszJV790OqsgSmVDjZICG8iWe9HBUswgGBAcRuTnOU7HIbhV2Hhq+Kwuld6H3Od5pTCk6x5LvAcpa1YOLNElWQcdegQ1b6JDuEsNj/SRTzRZ815Rz9+M/n04= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 163905325066985.90782938463258; Thu, 9 Dec 2021 04:34:10 -0800 (PST) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-451-89ltI45hM9--xED0yCPwiA-1; Thu, 09 Dec 2021 07:34:08 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id BA11E9393A; Thu, 9 Dec 2021 12:34:00 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 915025BE0E; Thu, 9 Dec 2021 12:34:00 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 5D6A24A706; Thu, 9 Dec 2021 12:34:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 1B9CVJdc017815 for ; Thu, 9 Dec 2021 07:31:19 -0500 Received: by smtp.corp.redhat.com (Postfix) id E10D5694C0; Thu, 9 Dec 2021 12:31:19 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.10]) by smtp.corp.redhat.com (Postfix) with ESMTP id 444D660C25 for ; Thu, 9 Dec 2021 12:31:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639053249; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=aTWrbm0X2EtZmz72NVx/L9TE6HzP9qSWvTu+iWxPZyQ=; b=a38gX8qCKFO+w4I5B5LwjWvl0O259nViRdxaKMnfy2ojWQs087eRZUSe5VvYX7WCB1RnCs +OoGozK8a1gr2ZkgkMUwwf5oX4c/dwfBUYigOM3PqYuboWhHkMUmNXEI5mEmy3Oin4KFcD 3sBLymWkOiOKKl/jzsG+LAOux58ZnSQ= X-MC-Unique: 89ltI45hM9--xED0yCPwiA-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 17/24] qemu: Store TLS config options for chardevs in qemuDomainChrSourcePrivate Date: Thu, 9 Dec 2021 13:30:52 +0100 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1639053253010100001 Content-Type: text/plain; charset="utf-8" When setting up TLS options from config in qemuDomainPrepareChardevSourceOne we can also extract the x509 certificate path and default tlsVerify setting so that 'qemuBuildChardevCommand' doesn't need to access the config object any more. Signed-off-by: Peter Krempa --- src/qemu/qemu_command.c | 6 +++--- src/qemu/qemu_domain.c | 7 +++++++ src/qemu/qemu_domain.h | 3 +++ 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index 910508e725..583e311008 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -1476,7 +1476,7 @@ qemuBuildChardevStr(const virDomainChrSourceDef *dev, static int qemuBuildChardevCommand(virCommand *cmd, - virQEMUDriverConfig *cfg, + virQEMUDriverConfig *cfg G_GNUC_UNUSED, const virDomainChrSourceDef *dev, const char *charAlias, virQEMUCaps *qemuCaps) @@ -1506,9 +1506,9 @@ qemuBuildChardevCommand(virCommand *cmd, if (!(objalias =3D qemuAliasTLSObjFromSrcAlias(charAlias))) return -1; - if (qemuBuildTLSx509CommandLine(cmd, cfg->chardevTLSx509certdi= r, + if (qemuBuildTLSx509CommandLine(cmd, chrSourcePriv->tlsCertPat= h, dev->data.tcp.listen, - cfg->chardevTLSx509verify, + chrSourcePriv->tlsVerify, tlsCertEncSecAlias, objalias, qemuCaps) < 0) { return -1; diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index a2ee160128..d7751f731d 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -867,6 +867,8 @@ qemuDomainChrSourcePrivateDispose(void *obj) VIR_FORCE_CLOSE(priv->fd); VIR_FORCE_CLOSE(priv->logfd); + g_free(priv->tlsCertPath); + g_free(priv->fdset); g_free(priv->logFdset); g_free(priv->tlsCredsAlias); @@ -9754,6 +9756,11 @@ qemuDomainPrepareChardevSourceOne(virDomainDeviceDef= *dev, charsrc->data.tcp.haveTLS =3D virTristateBoolFromBool(data= ->cfg->chardevTLS); charsrc->data.tcp.tlsFromConfig =3D true; } + + if (charsrc->data.tcp.haveTLS =3D=3D VIR_TRISTATE_BOOL_YES) { + charpriv->tlsCertPath =3D g_strdup(data->cfg->chardevTLSx5= 09certdir); + charpriv->tlsVerify =3D data->cfg->chardevTLSx509verify; + } } break; diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index d07def3d85..5474d1dccc 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -346,6 +346,9 @@ struct _qemuDomainChrSourcePrivate { int logfd; /* file descriptor of the logging source */ bool wait; /* wait for incomming connections on chardev */ + char *tlsCertPath; /* path to certificates if TLS is requested */ + bool tlsVerify; /* whether server should verify client certificates */ + char *fdset; /* fdset path corresponding to the passed filedescriptor = */ char *logFdset; /* fdset path corresponding to the passed filedescript= or for logfile */ int passedFD; /* filedescriptor number when fdset passing it directly = */ --=20 2.31.1