From: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: Sun, 6 Apr 2025 14:29:55 +0000 (+0200)
Subject: bhyve: extend RNG device validation
X-Git-Tag: v11.3.0-rc1~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1ec1b765d67556638e6eaa31ee6f355ba58e0af0;p=thirdparty%2Flibvirt.git

bhyve: extend RNG device validation

Add a bunch of device def validation to catch unsupported RNG device
configurations early.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/src/bhyve/bhyve_domain.c b/src/bhyve/bhyve_domain.c
index 7d1ea7f1b1..ca5176885a 100644
--- a/src/bhyve/bhyve_domain.c
+++ b/src/bhyve/bhyve_domain.c
@@ -2,6 +2,7 @@
  * bhyve_domain.c: bhyve domain private state
  *
  * Copyright (C) 2014 Roman Bogorodskiy
+ * Copyright (C) 2025 The FreeBSD Foundation
  *
  * This library is free software; you can redistribute it and/or
  * modify it under the terms of the GNU Lesser General Public
@@ -243,6 +244,26 @@ bhyveDomainDeviceDefValidate(const virDomainDeviceDef *dev,
         return -1;
     }
 
+    if (dev->type == VIR_DOMAIN_DEVICE_RNG) {
+        if (dev->data.rng->model == VIR_DOMAIN_RNG_MODEL_VIRTIO) {
+            if (dev->data.rng->backend == VIR_DOMAIN_RNG_BACKEND_RANDOM) {
+                if (STRNEQ(dev->data.rng->source.file, "/dev/random")) {
+                    virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                                   _("Only /dev/random source is supported"));
+                    return -1;
+                }
+            } else {
+                virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                               _("Only 'random' backend model is supported"));
+                return -1;
+            }
+        } else {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("Only 'virio' RNG device model is supported"));
+            return -1;
+        }
+    }
+
     return 0;
 }
 
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-backend-builtin.xml b/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-backend-builtin.xml
new file mode 100644
index 0000000000..ffca72d120
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-backend-builtin.xml
@@ -0,0 +1,26 @@
+<domain type='bhyve'>
+  <name>bhyve</name>
+  <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+  <memory>219136</memory>
+  <vcpu>1</vcpu>
+  <os>
+    <type>hvm</type>
+  </os>
+  <devices>
+    <disk type='file'>
+      <driver name='file' type='raw'/>
+      <source file='/tmp/freebsd.img'/>
+      <target dev='hda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' target='2' unit='0'/>
+    </disk>
+    <interface type='bridge'>
+      <mac address='52:54:00:b9:94:02'/>
+      <model type='virtio'/>
+      <source bridge="virbr0"/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <rng model='virtio'>
+      <backend model='builtin'/>
+    </rng>
+  </devices>
+</domain>
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-backend-random-non-default-file.xml b/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-backend-random-non-default-file.xml
new file mode 100644
index 0000000000..08457df89a
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-backend-random-non-default-file.xml
@@ -0,0 +1,26 @@
+<domain type='bhyve'>
+  <name>bhyve</name>
+  <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+  <memory>219136</memory>
+  <vcpu>1</vcpu>
+  <os>
+    <type>hvm</type>
+  </os>
+  <devices>
+    <disk type='file'>
+      <driver name='file' type='raw'/>
+      <source file='/tmp/freebsd.img'/>
+      <target dev='hda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' target='2' unit='0'/>
+    </disk>
+    <interface type='bridge'>
+      <mac address='52:54:00:b9:94:02'/>
+      <model type='virtio'/>
+      <source bridge="virbr0"/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <rng model='virtio'>
+      <backend model='random'>/random/dev</backend>
+    </rng>
+  </devices>
+</domain>
diff --git a/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-transitional.xml b/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-transitional.xml
new file mode 100644
index 0000000000..abcb7182ed
--- /dev/null
+++ b/tests/bhyvexml2argvdata/bhyvexml2argv-virtio-rnd-transitional.xml
@@ -0,0 +1,26 @@
+<domain type='bhyve'>
+  <name>bhyve</name>
+  <uuid>df3be7e7-a104-11e3-aeb0-50e5492bd3dc</uuid>
+  <memory>219136</memory>
+  <vcpu>1</vcpu>
+  <os>
+    <type>hvm</type>
+  </os>
+  <devices>
+    <disk type='file'>
+      <driver name='file' type='raw'/>
+      <source file='/tmp/freebsd.img'/>
+      <target dev='hda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' target='2' unit='0'/>
+    </disk>
+    <interface type='bridge'>
+      <mac address='52:54:00:b9:94:02'/>
+      <model type='virtio'/>
+      <source bridge="virbr0"/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+    </interface>
+    <rng model='virtio-transitional'>
+      <backend model='random'/>
+    </rng>
+  </devices>
+</domain>
diff --git a/tests/bhyvexml2argvtest.c b/tests/bhyvexml2argvtest.c
index 74d9ba4f70..3831f0c65d 100644
--- a/tests/bhyvexml2argvtest.c
+++ b/tests/bhyvexml2argvtest.c
@@ -244,6 +244,9 @@ mymain(void)
     driver.bhyvecaps &= ~BHYVE_CAP_VIRTIO_9P;
     DO_TEST_FAILURE("fs-9p");
     DO_TEST("virtio-rnd");
+    DO_TEST_FAILURE("virtio-rnd-backend-random-non-default-file");
+    DO_TEST_FAILURE("virtio-rnd-backend-builtin");
+    DO_TEST_FAILURE("virtio-rnd-transitional");
     driver.bhyvecaps &= ~BHYVE_CAP_VIRTIO_RND;
     DO_TEST_FAILURE("virtio-rnd");