Re: [libvirt] [PATCH v7 17/19] tpm: Check TPM XML device configuration changes after edit
On 7/25/19 2:22 PM, Stefan Berger wrote:
Since swtpm does not support getting started without password
once it was created with encryption enabled, we don't allow
encryption to be removed. Similarly, we do not allow encryption
to be added once swtpm has run. We also prevent chaning the type
of the TPM backend since the encrypted state is still around and
the next time one was to switch back to the emulator backend
and forgot the encryption the TPM would not work.
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
Reviewed-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/conf/domain_conf.c | 56 +++++++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 4 +++
src/libvirt_private.syms | 1 +
src/qemu/qemu_driver.c | 28 ++++++++++++++++++++
src/qemu/qemu_extdevice.c | 2 +-
src/qemu/qemu_extdevice.h | 3 +++
6 files changed, 93 insertions(+), 1 deletion(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 6673a323c6..d60ef81061 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
[...]
+
+int
+virDomainCheckDeviceChanges(virDomainDefPtr def,
+ virDomainDefPtr newDef)
+{
+ if (!def || !newDef)
Because !newDef is checked here...
+ return 0;
+
+ return virDomainCheckTPMChanges(def, newDef);
+}
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 8092893c2a..285fa6c496 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -3636,3 +3636,7 @@ virDomainGraphicsGetRenderNode(const virDomainGraphicsDef
*graphics);
bool
virDomainGraphicsNeedsAutoRenderNode(const virDomainGraphicsDef *graphics);
+
+int
+virDomainCheckDeviceChanges(virDomainDefPtr def, virDomainDefPtr newDef)
+ ATTRIBUTE_NONNULL(2);
This ATTRIBUTE_NONNULL(2) is unnecessary
Causes a Coverity (or whenever STATIC_ANALYSIS is set) build error.
John