From 3b2c2794496e3e83187e8e2f0435ca2a003f2f1d Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 4 Feb 2014 16:42:13 +0100
Subject: [PATCH] qemu: Implement VIR_DOMAIN_TAINT_HOOK

Currently, there's just one place where we care if hook script is
changing the domain XML: migration hook for incoming migration. In
all other places where a hook script is executed, we don't read the
XML back from the script.

Anyway, the hook script can alter domain XML and hence we should taint
it if the script did.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_domain.c    |  4 ++++
 src/qemu/qemu_domain.h    |  2 ++
 src/qemu/qemu_migration.c | 10 ++++++++++
 3 files changed, 16 insertions(+)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index a6650612eb..addf3e9889 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1628,6 +1628,7 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
 {
     size_t i;
     virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
+    qemuDomainObjPrivatePtr priv = obj->privateData;
 
     if (cfg->privileged &&
         (!cfg->clearEmulatorCapabilities ||
@@ -1635,6 +1636,9 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
          cfg->group == 0))
         qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD);
 
+    if (priv->hookRun)
+        qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HOOK, logFD);
+
     if (obj->def->namespaceData) {
         qemuDomainCmdlineDefPtr qemucmd = obj->def->namespaceData;
         if (qemucmd->num_args || qemucmd->num_env)
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index 3826d0ba85..0bed50b11b 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -174,6 +174,8 @@ struct _qemuDomainObjPrivate {
     virCond unplugFinished; /* signals that unpluggingDevice was unplugged */
     const char *unpluggingDevice; /* alias of the device that is being unplugged */
     char **qemuDevices; /* NULL-terminated list of devices aliases known to QEMU */
+
+    bool hookRun;  /* true if there was a hook run over this domain */
 };
 
 typedef enum {
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 331e18acf1..54c6feccae 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2230,6 +2230,7 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
     virCapsPtr caps = NULL;
     char *migrateFrom = NULL;
     bool abort_on_error = !!(flags & VIR_MIGRATE_ABORT_ON_ERROR);
+    bool taint_hook = false;
 
     if (virTimeMillisNow(&now) < 0)
         return -1;
@@ -2300,6 +2301,10 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
 
                 virDomainDefFree(*def);
                 *def = newdef;
+                /* We should taint the domain here. However, @vm and therefore
+                 * privateData too are still NULL, so just notice the fact and
+                 * taint it later. */
+                taint_hook = true;
             }
         }
     }
@@ -2385,6 +2390,11 @@ qemuMigrationPrepareAny(virQEMUDriverPtr driver,
     if (VIR_STRDUP(priv->origname, origname) < 0)
         goto cleanup;
 
+    if (taint_hook) {
+        /* Domain XML has been altered by a hook script. */
+        priv->hookRun = true;
+    }
+
     if (!(mig = qemuMigrationEatCookie(driver, vm, cookiein, cookieinlen,
                                        QEMU_MIGRATION_COOKIE_LOCKSTATE |
                                        QEMU_MIGRATION_COOKIE_NBD)))
-- 
2.39.5