On Mon, Jul 18, 2022 at 11:30:50 +0200, Michal Privoznik wrote:
When no TPM version is provided in the input XML we may default to version 2.0 (see qemuDomainTPMDefPostParse()). However, <active_pcr_banks/> are parsed iff a version 2.0 was specified. This means that this piece of information might be lost.
It's better to parse everything we've been given and then validate that the configuration is valid.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2084046 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/conf/domain_conf.c | 21 ++++++++++----------- src/conf/domain_validate.c | 28 +++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 12 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 6263d90fdb..610fa5262b 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -10422,18 +10422,17 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, goto error; } } - if (def->data.emulator.version == VIR_DOMAIN_TPM_VERSION_2_0) { - if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0) - break; - for (i = 0; i < nnodes; i++) { - if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unsupported PCR banks '%s'"), - nodes[i]->name); - goto error; - } - def->data.emulator.activePcrBanks |= (1 << bank); + + if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0) + break; + for (i = 0; i < nnodes; i++) { + if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("Unsupported PCR banks '%s'"), + nodes[i]->name); + goto error; } + def->data.emulator.activePcrBanks |= (1 << bank);
Ewww. This is clearly a job for virBitmap. I'll post a patch to refactor it on top of this patch, so don't worry about it or conflicts. Reviewed-by: Peter Krempa <pkrempa@redhat.com>