Re: [PATCH 1/8] conf: Report an error when default TPM model is provided
On Mon, Jul 18, 2022 at 11:30:43 +0200, Michal Privoznik wrote:
When "default" model of a TPM was provided, our parses
accepts it
happily even though the value is forbidden by our RNG and not
documented as accepted value. This is because of < 0 vs <= 0
comparison of virDomainTPMModelTypeFromString() retval.
Make the parser error out explicitly in this case. Users can
always chose to not specify the attribute in which case we pick a
sane default (in qemuDomainTPMDefPostParse()).
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/conf/domain_conf.c | 2 +-
src/conf/domain_conf.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 4c7a5a044c..b7147945da 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -10360,7 +10360,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
model = virXMLPropString(node, "model");
if (model != NULL &&
- (def->model = virDomainTPMModelTypeFromString(model)) < 0) {
+ (def->model = virDomainTPMModelTypeFromString(model)) <= 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("Unknown TPM frontend model '%s'"), model);
goto error;
'virDomainTPMDefFormat' happily formats 'default' as supported type:
virBufferAsprintf(&attrBuf, " model='%s'",
virDomainTPMModelTypeToString(def->model));
Is there any other code path which would forbid 'default'? If no, then
we might run into a situation where libvirt's parser would reject
parsing a XML formatted by libvirt itself, which is not acceptable.
In such case we'd need to leave the parser as-is and add just validation
where 'defau't will be forbidden, which is acceptable.