conf: Don't lose <active_pcr_banks/> when no TPM version is provided

When no TPM version is provided in the input XML we may default
to version 2.0 (see qemuDomainTPMDefPostParse()). However,
<active_pcr_banks/> are parsed iff a version 2.0 was specified.
This means that this piece of information might be lost.

It's better to parse everything we've been given and then
validate that the configuration is valid.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2084046
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index c60c4d3d6cc0e707951e39ee58cd914eadd31069..c765aea8326ae809bc47f48d8539fe8e4edb8a64 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -10439,18 +10439,17 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
                 goto error;
             }
         }
-        if (def->data.emulator.version == VIR_DOMAIN_TPM_VERSION_2_0) {
-            if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
-                break;
-            for (i = 0; i < nnodes; i++) {
-                if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
-                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                                   _("Unsupported PCR banks '%s'"),
-                                   nodes[i]->name);
-                    goto error;
-                }
-                def->data.emulator.activePcrBanks |= (1 << bank);
+
+        if ((nnodes = virXPathNodeSet("./backend/active_pcr_banks/*", ctxt, &nodes)) < 0)
+            break;
+        for (i = 0; i < nnodes; i++) {
+            if ((bank = virDomainTPMPcrBankTypeFromString((const char *)nodes[i]->name)) < 0) {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+                               _("Unsupported PCR banks '%s'"),
+                               nodes[i]->name);
+                goto error;
             }
+            def->data.emulator.activePcrBanks |= (1 << bank);
         }
         break;
     case VIR_DOMAIN_TPM_TYPE_LAST:

diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index e673e4b81ad5e8c4fb252102feed945057f54ab7..d4d72037d5147f5393076ab4c551f551b1004dd3 100644 (file)
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -2650,6 +2650,30 @@ virDomainIOMMUDefValidate(const virDomainIOMMUDef *iommu)
     return 0;
 }
 
+
+static int
+virDomainTPMDevValidate(const virDomainTPMDef *tpm)
+{
+    switch (tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        if (tpm->data.emulator.activePcrBanks &&
+            tpm->data.emulator.version != VIR_DOMAIN_TPM_VERSION_2_0) {
+            virReportError(VIR_ERR_XML_ERROR,
+                           _("<active_pcr_banks/> requires TPM version '%s'"),
+                           virDomainTPMVersionTypeToString(VIR_DOMAIN_TPM_VERSION_2_0));
+            return -1;
+        }
+        break;
+
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+        break;
+    }
+
+    return 0;
+}
+
+
 static int
 virDomainDeviceInfoValidate(const virDomainDeviceDef *dev)
 {
@@ -2754,12 +2778,14 @@ virDomainDeviceDefValidateInternal(const virDomainDeviceDef *dev,
     case VIR_DOMAIN_DEVICE_IOMMU:
         return virDomainIOMMUDefValidate(dev->data.iommu);
 
+    case VIR_DOMAIN_DEVICE_TPM:
+        return virDomainTPMDevValidate(dev->data.tpm);
+
     case VIR_DOMAIN_DEVICE_LEASE:
     case VIR_DOMAIN_DEVICE_WATCHDOG:
     case VIR_DOMAIN_DEVICE_HUB:
     case VIR_DOMAIN_DEVICE_MEMBALLOON:
     case VIR_DOMAIN_DEVICE_NVRAM:
-    case VIR_DOMAIN_DEVICE_TPM:
     case VIR_DOMAIN_DEVICE_PANIC:
     case VIR_DOMAIN_DEVICE_NONE:
     case VIR_DOMAIN_DEVICE_LAST: