From 87ae5262a030199bde0a4ba44a15971eea9d4649 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 21 Jul 2020 14:29:09 +0200
Subject: [PATCH] qemuDomainBuildNamespace: Populate TPM from daemon's
 namespace
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain TPM into daemon's
namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: JÃ¡n Tomko <jtomko@redhat.com>
---
 src/qemu/qemu_namespace.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index a922afe985..f31aae281c 100644
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -663,12 +663,11 @@ qemuDomainSetupAllChardevs(virDomainObjPtr vm,
 
 static int
 qemuDomainSetupTPM(virDomainTPMDefPtr dev,
-                   const struct qemuDomainCreateDeviceData *data)
+                   char ***paths)
 {
     switch (dev->type) {
     case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
-        if (qemuDomainCreateDevice(dev->data.passthrough.source.data.file.path,
-                                   data, false) < 0)
+        if (virStringListAdd(paths, dev->data.passthrough.source.data.file.path) < 0)
             return -1;
         break;
 
@@ -684,14 +683,14 @@ qemuDomainSetupTPM(virDomainTPMDefPtr dev,
 
 static int
 qemuDomainSetupAllTPMs(virDomainObjPtr vm,
-                       const struct qemuDomainCreateDeviceData *data)
+                       char ***paths)
 {
     size_t i;
 
     VIR_DEBUG("Setting up TPMs");
 
     for (i = 0; i < vm->def->ntpms; i++) {
-        if (qemuDomainSetupTPM(vm->def->tpms[i], data) < 0)
+        if (qemuDomainSetupTPM(vm->def->tpms[i], paths) < 0)
             return -1;
     }
 
@@ -880,6 +879,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupAllChardevs(vm, &paths) < 0)
         return -1;
 
+    if (qemuDomainSetupAllTPMs(vm, &paths) < 0)
+        return -1;
+
     if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
         return -1;
 
@@ -931,9 +933,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
         goto cleanup;
 
-    if (qemuDomainSetupAllTPMs(vm, &data) < 0)
-        goto cleanup;
-
     if (qemuDomainSetupAllGraphics(vm, &data) < 0)
         goto cleanup;
 
-- 
2.47.2