3:24 p.m.
To avoid passing TPM emulator parameters around individually, move them
into a structure and pass around the structure.
Reviewed-by: Marc-André Lureau <marcandre.lureau(a)redhat.com>
Signed-off-by: Stefan Berger <stefanb(a)linux.ibm.com>
---
v3:
- Made virDomainTPMEmulatorDef first parameter to functions
- Applied Marc-André's R-b
---
src/conf/domain_conf.h | 24 +++++++++--------
src/conf/virconftypes.h | 2 ++
src/qemu/qemu_tpm.c | 58 ++++++++++++++---------------------------
3 files changed, 35 insertions(+), 49 deletions(-)
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index a15af4fae3..e5aee3c2cf 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1465,6 +1465,18 @@ typedef enum {
#define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0"
+struct _virDomainTPMEmulatorDef {
+ virDomainTPMVersion version;
+ virDomainChrSourceDef *source;
+ char *storagepath;
+ char *logfile;
+ unsigned int debug;
+ unsigned char secretuuid[VIR_UUID_BUFLEN];
+ bool hassecretuuid;
+ bool persistent_state;
+ virBitmap *activePcrBanks;
+};
+
struct _virDomainTPMDef {
virObject *privateData;
@@ -1475,17 +1487,7 @@ struct _virDomainTPMDef {
struct {
virDomainChrSourceDef *source;
} passthrough;
- struct {
- virDomainTPMVersion version;
- virDomainChrSourceDef *source;
- char *storagepath;
- char *logfile;
- unsigned int debug;
- unsigned char secretuuid[VIR_UUID_BUFLEN];
- bool hassecretuuid;
- bool persistent_state;
- virBitmap *activePcrBanks;
- } emulator;
+ virDomainTPMEmulatorDef emulator;
struct {
virDomainChrSourceDef *source;
} external;
diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h
index f18ebcca10..59be61cea4 100644
--- a/src/conf/virconftypes.h
+++ b/src/conf/virconftypes.h
@@ -234,6 +234,8 @@ typedef struct _virDomainAudioDef virDomainAudioDef;
typedef struct _virDomainTPMDef virDomainTPMDef;
+typedef struct _virDomainTPMEmulatorDef virDomainTPMEmulatorDef;
+
typedef struct _virDomainThreadSchedParam virDomainThreadSchedParam;
typedef struct _virDomainTimerCatchupDef virDomainTimerCatchupDef;
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 749e4232b9..0a5643b42b 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -343,31 +343,26 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd,
/*
* qemuTPMEmulatorRunSetup
*
- * @storagepath: path to the directory for TPM state
+ * @emulator: emulator parameters
* @vmname: the name of the VM
* @vmuuid: the UUID of the VM
* @privileged: whether we are running in privileged mode
* @swtpm_user: The userid to switch to when setting up the TPM;
* typically this should be the uid of 'tss' or 'root'
* @swtpm_group: The group id to switch to
- * @logfile: The file to write the log into; it must be writable
- * for the user given by userid or 'tss'
- * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
- * @encryption: pointer to virStorageEncryption holding secret
+ * @secretuuid: UUID describing virStorageEncryption holding secret
* @incomingMigration: whether we have an incoming migration
*
* Setup the external swtpm by creating endorsement key and
* certificates for it.
*/
static int
-qemuTPMEmulatorRunSetup(const char *storagepath,
+qemuTPMEmulatorRunSetup(const virDomainTPMEmulatorDef *emulator,
const char *vmname,
const unsigned char *vmuuid,
bool privileged,
uid_t swtpm_user,
gid_t swtpm_group,
- const char *logfile,
- const virDomainTPMVersion tpmversion,
const unsigned char *secretuuid,
bool incomingMigration)
{
@@ -380,9 +375,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
if (!swtpm_setup)
return -1;
- if (!privileged && tpmversion == VIR_DOMAIN_TPM_VERSION_1_2 &&
+ if (!privileged && emulator->version == VIR_DOMAIN_TPM_VERSION_1_2
&&
!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_TPM12_NOT_NEED_ROOT)) {
- return virFileWriteStr(logfile,
+ return virFileWriteStr(emulator->logfile,
_("Did not create EK and certificates since this
requires privileged mode for a TPM 1.2\n"), 0600);
}
@@ -397,7 +392,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
virCommandSetUID(cmd, swtpm_user);
virCommandSetGID(cmd, swtpm_group);
- switch (tpmversion) {
+ switch (emulator->version) {
case VIR_DOMAIN_TPM_VERSION_1_2:
break;
case VIR_DOMAIN_TPM_VERSION_2_0:
@@ -413,9 +408,9 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
if (!incomingMigration) {
virCommandAddArgList(cmd,
- "--tpm-state", storagepath,
+ "--tpm-state", emulator->storagepath,
"--vmid", vmid,
- "--logfile", logfile,
+ "--logfile", emulator->logfile,
"--createek",
"--create-ek-cert",
"--create-platform-cert",
@@ -424,8 +419,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
NULL);
} else {
virCommandAddArgList(cmd,
- "--tpm-state", storagepath,
- "--logfile", logfile,
+ "--tpm-state", emulator->storagepath,
+ "--logfile", emulator->logfile,
"--overwrite",
NULL);
}
@@ -435,7 +430,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Could not run '%1$s'. exitstatus: %2$d; Check
error log '%3$s' for details."),
- swtpm_setup, exitstatus, logfile);
+ swtpm_setup, exitstatus, emulator->logfile);
return -1;
}
@@ -464,26 +459,18 @@ qemuTPMPcrBankBitmapToStr(virBitmap *activePcrBanks)
/*
* qemuTPMEmulatorReconfigure
*
- *
- * @storagepath: path to the directory for TPM state
+ * @emulator: emulator parameters
* @swtpm_user: The userid to switch to when setting up the TPM;
* typically this should be the uid of 'tss' or 'root'
* @swtpm_group: The group id to switch to
- * @activePcrBanks: The string describing the active PCR banks
- * @logfile: The file to write the log into; it must be writable
- * for the user given by userid or 'tss'
- * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
* @secretuuid: The secret's UUID needed for state encryption
*
* Reconfigure the active PCR banks of a TPM 2.
*/
static int
-qemuTPMEmulatorReconfigure(const char *storagepath,
+qemuTPMEmulatorReconfigure(const virDomainTPMEmulatorDef *emulator,
uid_t swtpm_user,
gid_t swtpm_group,
- virBitmap *activePcrBanks,
- const char *logfile,
- const virDomainTPMVersion tpmversion,
const unsigned char *secretuuid)
{
g_autoptr(virCommand) cmd = NULL;
@@ -494,8 +481,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
if (!swtpm_setup)
return -1;
- if (tpmversion != VIR_DOMAIN_TPM_VERSION_2_0 ||
- (activePcrBanksStr = qemuTPMPcrBankBitmapToStr(activePcrBanks)) == NULL ||
+ if (emulator->version != VIR_DOMAIN_TPM_VERSION_2_0 ||
+ (activePcrBanksStr = qemuTPMPcrBankBitmapToStr(emulator->activePcrBanks)) ==
NULL ||
!virTPMSwtpmSetupCapsGet(VIR_TPM_SWTPM_SETUP_FEATURE_CMDARG_RECONFIGURE_PCR_BANKS))
return 0;
@@ -510,8 +497,8 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
return -1;
virCommandAddArgList(cmd,
- "--tpm-state", storagepath,
- "--logfile", logfile,
+ "--tpm-state", emulator->storagepath,
+ "--logfile", emulator->logfile,
"--pcr-banks", activePcrBanksStr,
"--reconfigure",
NULL);
@@ -521,7 +508,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus != 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("Could not run '%1$s --reconfigure'. exitstatus:
%2$d; Check error log '%3$s' for details."),
- swtpm_setup, exitstatus, logfile);
+ swtpm_setup, exitstatus, emulator->logfile);
return -1;
}
@@ -582,19 +569,14 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
secretuuid = tpm->data.emulator.secretuuid;
if (created &&
- qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
+ qemuTPMEmulatorRunSetup(&tpm->data.emulator, vmname, vmuuid,
privileged, swtpm_user, swtpm_group,
- tpm->data.emulator.logfile,
- tpm->data.emulator.version,
secretuuid, incomingMigration) < 0)
goto error;
if (!incomingMigration &&
- qemuTPMEmulatorReconfigure(tpm->data.emulator.storagepath,
+ qemuTPMEmulatorReconfigure(&tpm->data.emulator,
swtpm_user, swtpm_group,
- tpm->data.emulator.activePcrBanks,
- tpm->data.emulator.logfile,
- tpm->data.emulator.version,
secretuuid) < 0)
goto error;
--
2.47.0