[PATCH v3 2/3] qemu: tpm: Get swtpm pid without binary validation

this is always the case the daemonization and pidfile handling of the swtpm command is now controlled by libvirt. Signed-off-by: Vasiliy Ulyanov --- src/qemu/qemu_tpm.c | 40 +--- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/src/qemu

[PATCH v3 3/3] qemu: gpu: Get pid without binary validation

The binary validation in virPidFileReadPathIfAlive may fail with EACCES if the calling process does not have CAP_SYS_PTRACE capability. Therefore instead do only the check that the pidfile is locked by the correct process. Fixes the same issue as with swtpm. Signed-off-by: Vasiliy Ulyanov

[PATCH v3 0/3] qemu_tpm: Get swtpm pid without binary validation

to lock the file; - introduced virPidFileReadPathIfLocked to preserve the existing behaviour of virPidFileReadPathIfAlive. Vasiliy Ulyanov (3): virpidfile: Add virPidFileReadPathIfLocked func qemu: tpm: Get swtpm pid without binary validation qemu: gpu: Get pid without binary validation src

[PATCH v3 1/3] virpidfile: Add virPidFileReadPathIfLocked func

The function will attempt to read a pid from @path, and store it in @pid. The @pid will only be set, however, if @path is locked by virFileLock() at byte 0 and the pid in @path is running. Signed-off-by: Vasiliy Ulyanov --- src/libvirt_private.syms | 1 + src/util/virpidfile.c| 34

[PATCH v2 2/4] virpidfile: Refactor virPidFileReadPathIfAlive

If the binary path is not provided check that the pid file is locked by the owner process. Signed-off-by: Vasiliy Ulyanov --- src/util/virpidfile.c | 20 1 file changed, 20 insertions(+) diff --git a/src/util/virpidfile.c b/src/util/virpidfile.c index 7069f8343d

[PATCH v2 3/4] qemu_tpm: Get swtpm pid without binary validation

this is always the case the daemonization and pidfile handling of the swtpm command is now controlled by libvirt. Signed-off-by: Vasiliy Ulyanov --- src/qemu/qemu_tpm.c | 26 +++--- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu

[PATCH v2 1/4] virfile: Add virFileGetLockOwner function

The function is used to retrieve the PID of the process holding an exclusive lock on the file. Signed-off-by: Vasiliy Ulyanov --- src/libvirt_private.syms | 1 + src/util/virfile.c | 45 src/util/virfile.h | 2 ++ 3 files changed, 48

[PATCH v2 4/4] qemu: gpu: Get pid without binary validation

-off-by: Vasiliy Ulyanov --- src/qemu/qemu_vhost_user_gpu.c | 9 +++-- 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/src/qemu/qemu_vhost_user_gpu.c b/src/qemu/qemu_vhost_user_gpu.c index ef198a4820..66d2f93b66 100644 --- a/src/qemu/qemu_vhost_user_gpu.c +++ b/src/qemu

[PATCH v2 0/4] qemu_tpm: Get swtpm pid without binary validation

of virPidFileReadPathIfAlive (i.e. whether to remove the binary path from there). For now decided to introduce the new lock check only if the path is not provided. But I am open for suggestions on how to better fit the new check. Vasiliy Ulyanov (4): virfile: Add virFileGetLockOwner function virpidfile

[PATCH 1/1] qemu_tpm: Get swtpm pid without binary validation

the symlink. Signed-off-by: Vasiliy Ulyanov --- src/qemu/qemu_tpm.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 7e7b01768e..9c80e15e9b 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -261,10 +261,17

[PATCH 0/1] qemu_tpm: Get swtpm pid without binary validation

e which would be more suitable? Would appreciate any feedback. Thanks. [1] https://github.com/moby/moby/issues/40713 Vasiliy Ulyanov (1): qemu_tpm: Get swtpm pid without binary validation src/qemu/qemu_tpm.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) -- 2.34.1

[PATCH] qemu: Fix the check of AMD secure guest support

The content of /sys/module/kvm_amd/parameters/sev may vary depending on the kernel version. Check also for 'Y' and 'y' in addition to '1' to cover several possible variants. The fix is similar to the one introduced in commit 3f9c1a4bb841. Signed-off-by: Vasiliy Ulyanov --- src/qemu