qemu: Reject unsupported chardev backend protocols

QEMU supports only 'raw' and 'telnet' in the

 <protocol type='telnets'/>

element. Reject 'telnets' and 'tls'. TLS transport for qemu chardevs is
configured via "tls='yes'" attribute added to the "<source>" element
instead, so this prevents potential misconfig as the value would be
silently accepted.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/412
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 1954daea52549a4d3ad65965ce34cd719b3a3874..fa23c5f973818f4d31381ef28a593de9d204aa12 100644 (file)
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -2044,6 +2044,25 @@ qemuValidateDomainChrSourceDef(const virDomainChrSourceDef *def,
 {
     switch ((virDomainChrType)def->type) {
     case VIR_DOMAIN_CHR_TYPE_TCP:
+        switch (def->data.tcp.protocol) {
+        case VIR_DOMAIN_CHR_TCP_PROTOCOL_RAW:
+        case VIR_DOMAIN_CHR_TCP_PROTOCOL_TELNET:
+            break;
+
+        case VIR_DOMAIN_CHR_TCP_PROTOCOL_TELNETS:
+        case VIR_DOMAIN_CHR_TCP_PROTOCOL_TLS:
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                           _("tcp chardev protocol '%1$s' not supported"),
+                           virDomainChrTcpProtocolTypeToString(def->data.tcp.protocol));
+            return -1;
+
+        case VIR_DOMAIN_CHR_TCP_PROTOCOL_LAST:
+        default:
+            virReportEnumRangeError(virDomainChrTcpProtocol, def->data.tcp.protocol);
+            return -1;
+
+        }
+
         if (qemuValidateDomainChrSourceReconnectDef(&def->data.tcp.reconnect) < 0)
             return -1;
         break;

diff --git a/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err
new file mode 100644 (file)
index 0000000..6447c96
--- /dev/null
+++ b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.x86_64-latest.err
@@ -0,0 +1 @@
+unsupported configuration: tcp chardev protocol 'tls' not supported

diff --git a/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml
new file mode 100644 (file)
index 0000000..07c36e0
--- /dev/null
+++ b/tests/qemuxmlconfdata/serial-tcp-chardev-telnets.xml
@@ -0,0 +1,23 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <vcpu placement='static'>1</vcpu>
+  <os>
+    <type arch='x86_64' machine='pc'>hvm</type>
+  </os>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <serial type='tcp'>
+      <source mode='connect' host='127.0.0.1' service='9999'/>
+      <protocol type='tls'/>
+      <target port='0'/>
+    </serial>
+    <console type='tcp'>
+      <source mode='connect' host='127.0.0.1' service='9999'/>
+      <protocol type='telnets'/>
+      <target port='0'/>
+    </console>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>

diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index 08dc8a10e35aa3fba6b5525a6b7b370cb87e27c2..61eb4cda75af01e11df1b3aa8a5c8b29cfa68f0a 100644 (file)
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -1845,6 +1845,7 @@ mymain(void)
     DO_TEST_CAPS_LATEST("serial-unix-chardev");
     DO_TEST_CAPS_LATEST_PARSE_ERROR("serial-unix-missing-source");
     DO_TEST_CAPS_LATEST("serial-tcp-chardev");
+    DO_TEST_CAPS_LATEST_PARSE_ERROR("serial-tcp-chardev-telnets");
     DO_TEST_CAPS_LATEST("serial-udp-chardev");
     DO_TEST_CAPS_LATEST("serial-tcp-telnet-chardev");
     driver.config->chardevTLS = 1;