The 'display-reload' QMP command had been introduced from QEMU 6.0.0: https://gitlab.com/qemu-project/qemu/-/commit/9cc07651655ee86eca41059f5ead8c4e5607c734 TO support the new QMP command, we added a new internal API 'virDrvDomainReloadTlsCertificates' to virHypervisorDriver, and implemented the qemu driver. Only QEMU VNC TLS certificates are supported currenly. Signed-off-by: Zheng Yan <yanzheng759@xxxxxxxxxx> --- src/driver-hypervisor.h | 8 ++++++++ src/qemu/qemu_driver.c | 40 ++++++++++++++++++++++++++++++++++++ src/qemu/qemu_hotplug.c | 17 +++++++++++++++ src/qemu/qemu_hotplug.h | 4 ++++ src/qemu/qemu_monitor.c | 27 ++++++++++++++++++++++++ src/qemu/qemu_monitor.h | 3 +++ src/qemu/qemu_monitor_json.c | 27 ++++++++++++++++++++++++ src/qemu/qemu_monitor_json.h | 4 ++++ 8 files changed, 130 insertions(+) diff --git a/src/driver-hypervisor.h b/src/driver-hypervisor.h index d642af8a37..d0d4976441 100644 --- a/src/driver-hypervisor.h +++ b/src/driver-hypervisor.h @@ -1410,6 +1410,13 @@ typedef int int seconds, unsigned int flags); +typedef int +(*virDrvDomainReloadTlsCertificates)(virDomainPtr domain, + unsigned int type, + virTypedParameterPtr params, + int nparams, + unsigned int flags); + typedef struct _virHypervisorDriver virHypervisorDriver; /** @@ -1676,4 +1683,5 @@ struct _virHypervisorDriver { virDrvDomainAuthorizedSSHKeysSet domainAuthorizedSSHKeysSet; virDrvDomainGetMessages domainGetMessages; virDrvDomainStartDirtyRateCalc domainStartDirtyRateCalc; + virDrvDomainReloadTlsCertificates domainReloadTlsCertificates; }; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c90d52edc0..422a350c65 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -20449,6 +20449,45 @@ qemuDomainStartDirtyRateCalc(virDomainPtr dom, return ret; } +static int +qemuDomainReloadTlsCertificates(virDomainPtr domain, + unsigned int type, + virTypedParameterPtr params, + int nparams, + unsigned int flags) +{ + int ret = -1; + virQEMUDriver *driver = domain->conn->privateData; + virDomainObj *vm = qemuDomObjFromDomain(domain); + + if (!vm) + goto cleanup; + + virCheckNonNullArgGoto(params, cleanup); + if (nparams != 0) { + virReportInvalidZeroArg(nparams); + goto cleanup; + } + virCheckFlagsGoto(0, cleanup); + + if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) + goto cleanup; + + if (!virDomainObjIsActive(vm)) { + virReportError(VIR_ERR_OPERATION_INVALID, + "%s", _("domain is not running")); + goto endjob; + } + + ret = qemuDomainReloadTLSCerts(driver, vm, type); + + endjob: + qemuDomainObjEndJob(driver, vm); + + cleanup: + virDomainObjEndAPI(&vm); + return ret; +} static virHypervisorDriver qemuHypervisorDriver = { .name = QEMU_DRIVER_NAME, @@ -20693,6 +20732,7 @@ static virHypervisorDriver qemuHypervisorDriver = { .domainAuthorizedSSHKeysSet = qemuDomainAuthorizedSSHKeysSet, /* 6.10.0 */ .domainGetMessages = qemuDomainGetMessages, /* 7.1.0 */ .domainStartDirtyRateCalc = qemuDomainStartDirtyRateCalc, /* 7.2.0 */ + .domainReloadTlsCertificates = qemuDomainReloadTlsCertificates, /* 7.4.0 */ }; diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index a64cddb9e7..34dc035d73 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -6704,3 +6704,20 @@ qemuDomainSetVcpuInternal(virQEMUDriver *driver, virBitmapFree(livevcpus); return ret; } + +int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver, + virDomainObjPtr vm, + unsigned int type) +{ + int ret = -1; + qemuDomainObjPrivate *priv = vm->privateData; + + qemuDomainObjEnterMonitor(driver, vm); + + ret = qemuMonitorDisplayReloadTLSCerts(priv->mon, type); + + if (qemuDomainObjExitMonitor(driver, vm) < 0) + ret = -1; + + return ret; +} diff --git a/src/qemu/qemu_hotplug.h b/src/qemu/qemu_hotplug.h index df8f76f8d6..411741a688 100644 --- a/src/qemu/qemu_hotplug.h +++ b/src/qemu/qemu_hotplug.h @@ -160,3 +160,7 @@ int qemuHotplugAttachDBusVMState(virQEMUDriver *driver, int qemuHotplugRemoveDBusVMState(virQEMUDriver *driver, virDomainObj *vm, qemuDomainAsyncJob asyncJob); + +int qemuDomainReloadTLSCerts(virQEMUDriverPtr driver, + virDomainObjPtr vm, + unsigned int type); diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c index 1e6f892e08..11f8cc8670 100644 --- a/src/qemu/qemu_monitor.c +++ b/src/qemu/qemu_monitor.c @@ -4746,3 +4746,30 @@ qemuMonitorQueryDirtyRate(qemuMonitor *mon, return qemuMonitorJSONQueryDirtyRate(mon, info); } + +static const char * +qemuMonitorTLSCertificateTypeToString(unsigned int type) +{ + switch (type) { + /* for now, only VNC is supported */ + case VIR_DOMAIN_TLS_CERT_GRAPHICS_VNC: + return "vnc"; + default: + virReportError(VIR_ERR_INVALID_ARG, + _("unsupported qemu certificate type %u"), + type); + return NULL; + } +} + +int +qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon, unsigned int type) +{ + const char *certType = qemuMonitorTLSCertificateTypeToString(type); + if (!certType) + return -1; + + QEMU_CHECK_MONITOR(mon); + + return qemuMonitorJSONDisplayReload(mon, certType, true); +} diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h index 6a25def78b..f26f92fb51 100644 --- a/src/qemu/qemu_monitor.h +++ b/src/qemu/qemu_monitor.h @@ -1496,3 +1496,6 @@ struct _qemuMonitorDirtyRateInfo { int qemuMonitorQueryDirtyRate(qemuMonitor *mon, qemuMonitorDirtyRateInfo *info); + +int qemuMonitorDisplayReloadTLSCerts(qemuMonitorPtr mon, + unsigned int type); diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c index 46aa3330a8..9934613cc2 100644 --- a/src/qemu/qemu_monitor_json.c +++ b/src/qemu/qemu_monitor_json.c @@ -9446,3 +9446,30 @@ qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon, return qemuMonitorJSONExtractDirtyRateInfo(data, info); } + +int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon, + const char *type, + bool tlsCerts) +{ + int ret = -1; + virJSONValuePtr reply = NULL; + virJSONValuePtr cmd = qemuMonitorJSONMakeCommand("display-reload", + "s:type", type, + "b:tls-certs", tlsCerts, + NULL); + if (!cmd) + return -1; + + if (qemuMonitorJSONCommand(mon, cmd, &reply) < 0) + goto cleanup; + + if (qemuMonitorJSONCheckError(cmd, reply) < 0) + goto cleanup; + + ret = 0; + + cleanup: + virJSONValueFree(cmd); + virJSONValueFree(reply); + return ret; +} diff --git a/src/qemu/qemu_monitor_json.h b/src/qemu/qemu_monitor_json.h index 01a3ba25f1..73761d54f8 100644 --- a/src/qemu/qemu_monitor_json.h +++ b/src/qemu/qemu_monitor_json.h @@ -706,3 +706,7 @@ qemuMonitorJSONStartDirtyRateCalc(qemuMonitor *mon, int qemuMonitorJSONQueryDirtyRate(qemuMonitor *mon, qemuMonitorDirtyRateInfo *info); + +int qemuMonitorJSONDisplayReload(qemuMonitorPtr mon, + const char *type, + bool tlsCerts); -- 2.25.1
