[PATCH 0/2] qemu: Reject unsupported chardev '<protocol' settings
See 2/2 Peter Krempa (2): conf: Convert 'protocol' field of TCP char device backend to proper type qemu: Reject unsupported chardev backend protocols src/conf/domain_conf.c | 11 +++------ src/conf/domain_conf.h | 2 +- src/qemu/qemu_validate.c | 19 +++++++++++++++ src/vmx/vmx.c | 7 +++--- ...rial-tcp-chardev-telnets.x86_64-latest.err | 1 + .../serial-tcp-chardev-telnets.xml | 23 +++++++++++++++++++ tests/qemuxmlconftest.c | 1 + 7 files changed, 51 insertions(+), 13 deletions(-) create mode 100644 tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml -- 2.46.0
Use virDomainChrTcpProtocol as type, convert the parser to use virXMLPropEnum and fix one switch statement in the VMX driver. Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/conf/domain_conf.c | 11 +++-------- src/conf/domain_conf.h | 2 +- src/vmx/vmx.c | 7 +++---- 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index cf4b1b2aef..7f6a91c427 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -10282,18 +10282,13 @@ static int virDomainChrSourceDefParseProtocol(virDomainChrSourceDef *def, xmlNodePtr protocol) { - g_autofree char *prot = NULL; - if (def->type != VIR_DOMAIN_CHR_TYPE_TCP) return 0; - if ((prot = virXMLPropString(protocol, "type")) && - (def->data.tcp.protocol = - virDomainChrTcpProtocolTypeFromString(prot)) < 0) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unknown protocol '%1$s'"), prot); + if (virXMLPropEnum(protocol, "type", + virDomainChrTcpProtocolTypeFromString, + VIR_XML_PROP_NONE, &def->data.tcp.protocol) < 0) return -1; - } return 0; } diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 659299bdd1..a15af4fae3 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1339,7 +1339,7 @@ struct _virDomainChrSourceDef { char *host; char *service; bool listen; - int protocol; + virDomainChrTcpProtocol protocol; bool tlscreds; virTristateBool haveTLS; bool tlsFromConfig; diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c index de16c1f634..132e54e15f 100644 --- a/src/vmx/vmx.c +++ b/src/vmx/vmx.c @@ -4203,10 +4203,9 @@ virVMXFormatSerial(virVMXContext *ctx, virDomainChrDef *def, break; default: - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unsupported character device TCP protocol '%1$s'"), - virDomainChrTcpProtocolTypeToString( - def->source->data.tcp.protocol)); + case VIR_DOMAIN_CHR_TCP_PROTOCOL_LAST: + virReportEnumRangeError(virDomainChrTcpProtocol, + def->source->data.tcp.protocol); return -1; } -- 2.46.0
QEMU supports only 'raw' and 'telnet' in the <protocol type='telnets'/> element. Reject 'telnets' and 'tls'. TLS transport for qemu chardevs is configured via "tls='yes'" attribute added to the "<source>" element instead, so this prevents potential misconfig as the value would be silently accepted. Closes: https://gitlab.com/libvirt/libvirt/-/issues/412 Signed-off-by: Peter Krempa <pkrempa@redhat.com> --- src/qemu/qemu_validate.c | 19 +++++++++++++++ ...rial-tcp-chardev-telnets.x86_64-latest.err | 1 + .../serial-tcp-chardev-telnets.xml | 23 +++++++++++++++++++ tests/qemuxmlconftest.c | 1 + 4 files changed, 44 insertions(+) create mode 100644 tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 1954daea52..fa23c5f973 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -2044,6 +2044,25 @@ qemuValidateDomainChrSourceDef(const virDomainChrSourceDef *def, { switch ((virDomainChrType)def->type) { case VIR_DOMAIN_CHR_TYPE_TCP: + switch (def->data.tcp.protocol) { + case VIR_DOMAIN_CHR_TCP_PROTOCOL_RAW: + case VIR_DOMAIN_CHR_TCP_PROTOCOL_TELNET: + break; + + case VIR_DOMAIN_CHR_TCP_PROTOCOL_TELNETS: + case VIR_DOMAIN_CHR_TCP_PROTOCOL_TLS: + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, + _("tcp chardev protocol '%1$s' not supported"), + virDomainChrTcpProtocolTypeToString(def->data.tcp.protocol)); + return -1; + + case VIR_DOMAIN_CHR_TCP_PROTOCOL_LAST: + default: + virReportEnumRangeError(virDomainChrTcpProtocol, def->data.tcp.protocol); + return -1; + + } + if (qemuValidateDomainChrSourceReconnectDef(&def->data.tcp.reconnect) < 0) return -1; break; diff --git a/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err new file mode 100644 index 0000000000..6447c96cd9 --- /dev/null +++ b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err @@ -0,0 +1 @@ +unsupported configuration: tcp chardev protocol 'tls' not supported diff --git a/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml new file mode 100644 index 0000000000..07c36e0fa0 --- /dev/null +++ b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml @@ -0,0 +1,23 @@ +<domain type='qemu'> + <name>QEMUGuest1</name> + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> + <memory unit='KiB'>219136</memory> + <vcpu placement='static'>1</vcpu> + <os> + <type arch='x86_64' machine='pc'>hvm</type> + </os> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <serial type='tcp'> + <source mode='connect' host='127.0.0.1' service='9999'/> + <protocol type='tls'/> + <target port='0'/> + </serial> + <console type='tcp'> + <source mode='connect' host='127.0.0.1' service='9999'/> + <protocol type='telnets'/> + <target port='0'/> + </console> + <memballoon model='virtio'/> + </devices> +</domain> diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c index 323fd9d721..821b8da25a 100644 --- a/tests/qemuxmlconftest.c +++ b/tests/qemuxmlconftest.c @@ -1838,6 +1838,7 @@ mymain(void) DO_TEST_CAPS_LATEST("serial-unix-chardev"); DO_TEST_CAPS_LATEST_PARSE_ERROR("serial-unix-missing-source"); DO_TEST_CAPS_LATEST("serial-tcp-chardev"); + DO_TEST_CAPS_LATEST_PARSE_ERROR("serial-tcp-chardev-telnets"); DO_TEST_CAPS_LATEST("serial-udp-chardev"); DO_TEST_CAPS_LATEST("serial-tcp-telnet-chardev"); driver.config->chardevTLS = 1; -- 2.46.0
On a Wednesday in 2024, Peter Krempa wrote:
See 2/2
Peter Krempa (2): conf: Convert 'protocol' field of TCP char device backend to proper type qemu: Reject unsupported chardev backend protocols
src/conf/domain_conf.c | 11 +++------ src/conf/domain_conf.h | 2 +- src/qemu/qemu_validate.c | 19 +++++++++++++++ src/vmx/vmx.c | 7 +++--- ...rial-tcp-chardev-telnets.x86_64-latest.err | 1 + .../serial-tcp-chardev-telnets.xml | 23 +++++++++++++++++++ tests/qemuxmlconftest.c | 1 + 7 files changed, 51 insertions(+), 13 deletions(-) create mode 100644 tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err create mode 100644 tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Ján Tomko -
Peter Krempa