conf: Don't lose <active_pcr_banks/> when no TPM version is provided

When no TPM version is provided in the input XML we may default to version 2.0 (see qemuDomainTPMDefPostParse()). However, <active_pcr_banks/> are parsed iff a version 2.0 was specified. This means that this piece of information might be lost. It's better to parse everything we've been given and then validate that the configuration is valid. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2084046 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2025-03-20 06:50:22 +03:00 · 2022-07-15 18:04:30 +02:00 · 2022-07-15 18:04:30 +02:00 · bdd8ce02c4
commit bdd8ce02c4
parent 99e2b670fa
2 changed files with 37 additions and 12 deletions
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@ -10439,18 +10439,17 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
                goto error;
            }
        }
-        if (def->data.emulator.version == VIR_DOMAIN_TPM_VERSION_2_0) {
-            if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
-                break;
-            for (i = 0; i < nnodes; i++) {
-                if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                                   _("Unsupported PCR banks '%s'"),
-                                   nodes[i]->name);
-                    goto error;
-                }
-                def->data.emulator.activePcrBanks |= (1 << bank);
+
+        if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
+            break;
+        for (i = 0; i < nnodes; i++) {
+            if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("Unsupported PCR banks '%s'"),
+                               nodes[i]->name);
+                goto error;
            }
+            def->data.emulator.activePcrBanks |= (1 << bank);
        }
        break;
    case VIR_DOMAIN_TPM_TYPE_LAST:
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@ -2650,6 +2650,30 @@ virDomainIOMMUDefValidate(const virDomainIOMMUDef *iommu)
    return 0;
 }

+
+static int
+virDomainTPMDevValidate(const virDomainTPMDef *tpm)
+{
+    switch (tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        if (tpm->data.emulator.activePcrBanks &&
+            tpm->data.emulator.version != VIR_DOMAIN_TPM_VERSION_2_0) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           _("<active_pcr_banks/> requires TPM version '%s'"),
+                           virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_VERSION_2_0));
+            return -1;
+        }
+        break;
+
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
+    return 0;
+}
+
+
 static int
 virDomainDeviceInfoValidate(const virDomainDeviceDef *dev)
 {
@ -2754,12 +2778,14 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
    case VIR_DOMAIN_DEVICE_IOMMU:
        return virDomainIOMMUDefValidate(dev->data.iommu);

+    case VIR_DOMAIN_DEVICE_TPM:
+        return virDomainTPMDevValidate(dev->data.tpm);
+
    case VIR_DOMAIN_DEVICE_LEASE:
    case VIR_DOMAIN_DEVICE_WATCHDOG:
    case VIR_DOMAIN_DEVICE_HUB:
    case VIR_DOMAIN_DEVICE_MEMBALLOON:
    case VIR_DOMAIN_DEVICE_NVRAM:
-    case VIR_DOMAIN_DEVICE_TPM:
    case VIR_DOMAIN_DEVICE_PANIC:
    case VIR_DOMAIN_DEVICE_NONE:
    case VIR_DOMAIN_DEVICE_LAST: