150 lines
5.9 KiB
Diff
150 lines
5.9 KiB
Diff
From 85a1643f583a46b1fc3a01d5c2e87ba6262be586 Mon Sep 17 00:00:00 2001
|
|
From: Michal Privoznik <mprivozn@redhat.com>
|
|
Date: Wed, 24 Feb 2021 17:28:42 +0100
|
|
Subject: [PATCH 5/6] qemu_tpm: Generate log file path among with storage path
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
When starting a guest with TPM of type='emulator' an external
|
|
process is started with it (swtpm) to emulate TPM. This external
|
|
process is passed path to a log file via --logfile. The path to
|
|
the log file is generated in qemuTPMEmulatorPrepareHost() which
|
|
works, until the daemon is restarted. The problem is that the
|
|
path is not stored in private data or anywhere inside live XML
|
|
and thus later, when qemuExtTPMStop() is called (when shutting
|
|
off the guest) the stored logpath is NULL and thus its seclabel
|
|
is not cleaned up (see virSecuritySELinuxRestoreTPMLabels()).
|
|
|
|
Fortunately, qemuExtDevicesStop() (which calls qemuExtTPMStop()
|
|
eventually) does call qemuExtDevicesInitPaths() where the log
|
|
path can be generated again.
|
|
|
|
Basically, tpm->data.emulator.storagepath is generated in
|
|
qemuExtTPMInitPaths() and its seclabels are restored properly,
|
|
and this commit move logfile onto the same level.
|
|
|
|
This means, that the log path doesn't have to be generated in
|
|
qemuExtDevicesStart() because it was already done in
|
|
qemuExtDevicesPrepareHost().
|
|
|
|
This change also renders @vmname argument of
|
|
qemuTPMEmulatorPrepareHost() unused and thus is removed.
|
|
|
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1769196
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
Signed-off-by: yezengruan <yezengruan@huawei.com>
|
|
---
|
|
src/qemu/qemu_extdevice.c | 6 +++---
|
|
src/qemu/qemu_tpm.c | 22 ++++++++++++++--------
|
|
2 files changed, 17 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
|
|
index 5a31b4d66e..025929cbcc 100644
|
|
--- a/src/qemu/qemu_extdevice.c
|
|
+++ b/src/qemu/qemu_extdevice.c
|
|
@@ -133,6 +133,9 @@ qemuExtDevicesPrepareHost(virQEMUDriverPtr driver,
|
|
virDomainDefPtr def = vm->def;
|
|
size_t i;
|
|
|
|
+ if (qemuExtDevicesInitPaths(driver, def) < 0)
|
|
+ return -1;
|
|
+
|
|
if (def->tpm &&
|
|
qemuExtTPMPrepareHost(driver, def) < 0)
|
|
return -1;
|
|
@@ -170,9 +173,6 @@ qemuExtDevicesStart(virQEMUDriverPtr driver,
|
|
virDomainDefPtr def = vm->def;
|
|
size_t i;
|
|
|
|
- if (qemuExtDevicesInitPaths(driver, def) < 0)
|
|
- return -1;
|
|
-
|
|
for (i = 0; i < def->nvideos; i++) {
|
|
virDomainVideoDefPtr video = def->videos[i];
|
|
|
|
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
|
|
index eb155b92b0..601d5cf4e9 100644
|
|
--- a/src/qemu/qemu_tpm.c
|
|
+++ b/src/qemu/qemu_tpm.c
|
|
@@ -200,11 +200,15 @@ qemuTPMCreateEmulatorSocket(const char *swtpmStateDir,
|
|
* @tpm: TPM definition for an emulator type
|
|
* @swtpmStorageDir: the general swtpm storage dir which is used as a base
|
|
* directory for creating VM specific directories
|
|
+ * @logDir: directory where swtpm writes its logs into
|
|
+ * @vmname: name of the VM
|
|
* @uuid: the UUID of the VM
|
|
*/
|
|
static int
|
|
qemuTPMEmulatorInitPaths(virDomainTPMDefPtr tpm,
|
|
const char *swtpmStorageDir,
|
|
+ const char *logDir,
|
|
+ const char *vmname,
|
|
const unsigned char *uuid)
|
|
{
|
|
char uuidstr[VIR_UUID_STRING_BUFLEN];
|
|
@@ -217,6 +221,11 @@ qemuTPMEmulatorInitPaths(virDomainTPMDefPtr tpm,
|
|
tpm->version)))
|
|
return -1;
|
|
|
|
+ if (!tpm->data.emulator.logfile) {
|
|
+ tpm->data.emulator.logfile = qemuTPMCreateEmulatorLogPath(logDir,
|
|
+ vmname);
|
|
+ }
|
|
+
|
|
return 0;
|
|
}
|
|
|
|
@@ -273,7 +282,6 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir,
|
|
*
|
|
* @tpm: tpm definition
|
|
* @logDir: directory where swtpm writes its logs into
|
|
- * @vmname: name of the VM
|
|
* @swtpm_user: uid to run the swtpm with
|
|
* @swtpm_group: gid to run the swtpm with
|
|
* @swtpmStateDir: directory for swtpm's persistent state
|
|
@@ -287,7 +295,6 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir,
|
|
static int
|
|
qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
|
|
const char *logDir,
|
|
- const char *vmname,
|
|
uid_t swtpm_user,
|
|
gid_t swtpm_group,
|
|
const char *swtpmStateDir,
|
|
@@ -306,10 +313,6 @@ qemuTPMEmulatorPrepareHost(virDomainTPMDefPtr tpm,
|
|
VIR_DIR_CREATE_ALLOW_EXIST) < 0)
|
|
return -1;
|
|
|
|
- /* create logfile name ... */
|
|
- if (!tpm->data.emulator.logfile)
|
|
- tpm->data.emulator.logfile = qemuTPMCreateEmulatorLogPath(logDir, vmname);
|
|
-
|
|
if (!virFileExists(tpm->data.emulator.logfile) &&
|
|
virFileTouch(tpm->data.emulator.logfile, 0644) < 0) {
|
|
return -1;
|
|
@@ -704,7 +707,10 @@ qemuExtTPMInitPaths(virQEMUDriverPtr driver,
|
|
|
|
switch (def->tpm->type) {
|
|
case VIR_DOMAIN_TPM_TYPE_EMULATOR:
|
|
- return qemuTPMEmulatorInitPaths(def->tpm, cfg->swtpmStorageDir,
|
|
+ return qemuTPMEmulatorInitPaths(def->tpm,
|
|
+ cfg->swtpmStorageDir,
|
|
+ cfg->swtpmLogDir,
|
|
+ def->name,
|
|
def->uuid);
|
|
case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
|
|
case VIR_DOMAIN_TPM_TYPE_LAST:
|
|
@@ -729,7 +735,7 @@ qemuExtTPMPrepareHost(virQEMUDriverPtr driver,
|
|
return -1;
|
|
|
|
return qemuTPMEmulatorPrepareHost(def->tpm, cfg->swtpmLogDir,
|
|
- def->name, cfg->swtpm_user,
|
|
+ cfg->swtpm_user,
|
|
cfg->swtpm_group,
|
|
cfg->swtpmStateDir, cfg->user,
|
|
shortName);
|
|
--
|
|
2.27.0
|
|
|