From nobody Thu May 16 03:49:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1661169988; cv=none; d=zohomail.com; s=zohoarc; b=m3bgSnKtywEK5vmgSioRSb92jsufuFF6Xsv6L1tWUy0uG5MhVutRM/Fklz0aMlTPubA1Cci3rNk0jAIpzia4w5cDa9p99OvKzNThoJSHFZDwSN/ldZgQImRpE1OcNBRA93hp+U7WLhCfFV7AVjzw5fnmgCJsbyq+cwlzI0Jdz0M= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661169988; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=aELPy3R8bMEWhFzaAHYJ4DMZHgzWKhnOoLOR3Jt+mcQ=; b=NuyyEoSzNk4b3xXUutmAcWDrrvFbPLCeufvlCejMGpcXUnRdYV/YX5z/0EzIramP5UnvD3nRrI1yKf408KdZK83GSANZCt1tbNH8uemnzZTyZzCGytVETAgHPURZk3xNJR3tMwWzldjDsJcaiudERZO7qh//ISIZTVB3iXdBNaI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1661169988865751.8107126094576; Mon, 22 Aug 2022 05:06:28 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-344-zOli_k-cNGK3PREMP1KUlw-1; Mon, 22 Aug 2022 08:06:22 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B89DA85A596; Mon, 22 Aug 2022 12:06:17 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id A2A24945D9; Mon, 22 Aug 2022 12:06:17 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 962D21946A47; Mon, 22 Aug 2022 12:06:17 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 07EB51946A44 for ; Mon, 22 Aug 2022 12:06:13 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id D1362C15BBA; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast10.extmail.prod.ext.rdu2.redhat.com [10.11.55.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CCA10C15BB3 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B23041C1A942 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-184-rR93aOWrM16c2-SroWJNxg-1; Mon, 22 Aug 2022 08:06:10 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27MBwvHj005924 for ; Mon, 22 Aug 2022 12:06:09 GMT Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3j49der6bd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 27MBoOqJ016736 for ; Mon, 22 Aug 2022 12:06:08 GMT Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by ppma01dal.us.ibm.com with ESMTP id 3j2q89qn37-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:07 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 27MC66ai1573526 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Aug 2022 12:06:06 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B4170AC059; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 99826AC05E; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661169987; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=aELPy3R8bMEWhFzaAHYJ4DMZHgzWKhnOoLOR3Jt+mcQ=; b=DJ0+AMavGzcvDamxX/xq3zVtyvcTrQ+Cygo3LROCDVPlM4T5pzsugrGtjtj9rq5QsuEqT5 xztzX21G1NzvFxisoXWPYAQOxtFw44BjGzBPQxGp6IEueasT3Jc2W4PxbvDxgpUMYOPCsU fsBzDxyyuBp5WsWdkysz+/XITCIGzOk= X-MC-Unique: zOli_k-cNGK3PREMP1KUlw-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: rR93aOWrM16c2-SroWJNxg-1 From: Stefan Berger To: libvir-list@redhat.com Subject: [PATCH 1/7] qemu: tpm: Pass parameter indicating reason for domain removal Date: Mon, 22 Aug 2022 08:05:48 -0400 Message-Id: <20220822120554.3529999-2-stefanb@linux.ibm.com> In-Reply-To: <20220822120554.3529999-1-stefanb@linux.ibm.com> References: <20220822120554.3529999-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: zzBoq4IBVm6biMK5nPOXhjoHg8xsSa-Z X-Proofpoint-ORIG-GUID: zzBoq4IBVm6biMK5nPOXhjoHg8xsSa-Z X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-22_06,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 clxscore=1015 bulkscore=0 phishscore=0 impostorscore=0 spamscore=0 lowpriorityscore=0 mlxlogscore=999 adultscore=0 suspectscore=0 priorityscore=1501 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208220051 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661169990534100011 Content-Type: text/plain; charset="utf-8"; x-default="true" Pass a parameter indicating the reason for the removal of a domain so that the TPM driver can determine whether to delete the TPM state directory structure. It may only do this when a domain is undefined as part of a command like 'virsh undefine' and it must not do this when a VM is migrated across a shared storage setup for the TPM and it is removed from the source host. Therefore, the call locations that correspond to a 'virsh undefine' pass the value 'QEMU_DOMAIN_UNDEFINE_DOMAIN' while all other ones pass the unspecific value 'QEMU_DOMAIN_UNDEFINE_UNSPEC'. Signed-off-by: Stefan Berger --- src/qemu/qemu_domain.c | 12 +++++++----- src/qemu/qemu_domain.h | 8 +++++++- src/qemu/qemu_driver.c | 20 ++++++++++---------- src/qemu/qemu_extdevice.c | 5 +++-- src/qemu/qemu_extdevice.h | 3 ++- src/qemu/qemu_migration.c | 13 +++++++------ src/qemu/qemu_process.c | 4 ++-- src/qemu/qemu_snapshot.c | 4 ++-- src/qemu/qemu_tpm.c | 9 ++++++--- src/qemu/qemu_tpm.h | 3 ++- 10 files changed, 48 insertions(+), 33 deletions(-) diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 45f00e162d..ac8ab142b5 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -7143,7 +7143,8 @@ qemuDomainSnapshotDiscardAllMetadata(virQEMUDriver *d= river, =20 static void qemuDomainRemoveInactiveCommon(virQEMUDriver *driver, - virDomainObj *vm) + virDomainObj *vm, + qemuDomainUndefineReason undefReason) { g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); g_autofree char *snapDir =3D NULL; @@ -7169,7 +7170,7 @@ qemuDomainRemoveInactiveCommon(virQEMUDriver *driver, if (rmdir(chkDir) < 0 && errno !=3D ENOENT) VIR_WARN("unable to remove checkpoint directory %s", chkDir); } - qemuExtDevicesCleanupHost(driver, vm->def); + qemuExtDevicesCleanupHost(driver, vm->def, undefReason); } =20 =20 @@ -7180,14 +7181,15 @@ qemuDomainRemoveInactiveCommon(virQEMUDriver *drive= r, */ void qemuDomainRemoveInactive(virQEMUDriver *driver, - virDomainObj *vm) + virDomainObj *vm, + qemuDomainUndefineReason undefReason) { if (vm->persistent) { /* Short-circuit, we don't want to remove a persistent domain */ return; } =20 - qemuDomainRemoveInactiveCommon(driver, vm); + qemuDomainRemoveInactiveCommon(driver, vm, undefReason); =20 virDomainObjListRemove(driver->domains, vm); } @@ -7209,7 +7211,7 @@ qemuDomainRemoveInactiveLocked(virQEMUDriver *driver, return; } =20 - qemuDomainRemoveInactiveCommon(driver, vm); + qemuDomainRemoveInactiveCommon(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC= ); =20 virDomainObjListRemoveLocked(driver->domains, vm); } diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h index 592ee9805b..8e5dacf624 100644 --- a/src/qemu/qemu_domain.h +++ b/src/qemu/qemu_domain.h @@ -682,8 +682,14 @@ int qemuDomainMomentDiscardAll(void *payload, int qemuDomainSnapshotDiscardAllMetadata(virQEMUDriver *driver, virDomainObj *vm); =20 +typedef enum { + QEMU_DOMAIN_UNDEFINE_UNSPEC =3D 0, + QEMU_DOMAIN_UNDEFINE_DOMAIN, /* virsh undefine type of command */ +} qemuDomainUndefineReason; + void qemuDomainRemoveInactive(virQEMUDriver *driver, - virDomainObj *vm); + virDomainObj *vm, + qemuDomainUndefineReason undefReason); =20 void qemuDomainRemoveInactiveLocked(virQEMUDriver *driver, diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 637a748c85..fe5bbe2216 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -1624,7 +1624,7 @@ static virDomainPtr qemuDomainCreateXML(virConnectPtr= conn, goto cleanup; =20 if (qemuProcessBeginJob(vm, VIR_DOMAIN_JOB_OPERATION_START, flags) < 0= ) { - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); goto cleanup; } =20 @@ -1633,7 +1633,7 @@ static virDomainPtr qemuDomainCreateXML(virConnectPtr= conn, VIR_NETDEV_VPORT_PROFILE_OP_CREATE, start_flags) < 0) { virDomainAuditStart(vm, "booted", false); - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); qemuProcessEndJob(vm); goto cleanup; } @@ -2119,7 +2119,7 @@ qemuDomainDestroyFlags(virDomainPtr dom, ret =3D 0; endjob: if (ret =3D=3D 0) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_DOMAIN); qemuDomainObjEndJob(vm); =20 cleanup: @@ -2738,7 +2738,7 @@ qemuDomainSaveInternal(virQEMUDriver *driver, } qemuDomainObjEndAsyncJob(vm); if (ret =3D=3D 0) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); =20 cleanup: virQEMUSaveDataFree(data); @@ -3285,7 +3285,7 @@ qemuDomainCoreDumpWithFormat(virDomainPtr dom, =20 qemuDomainObjEndAsyncJob(vm); if (ret =3D=3D 0 && flags & VIR_DUMP_CRASH) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); =20 cleanup: virDomainObjEndAPI(&vm); @@ -3597,7 +3597,7 @@ processGuestPanicEvent(virQEMUDriver *driver, endjob: qemuDomainObjEndAsyncJob(vm); if (removeInactive) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); } =20 =20 @@ -4075,7 +4075,7 @@ processMonitorEOFEvent(virQEMUDriver *driver, virObjectEventStateQueue(driver->domainEventState, event); =20 endjob: - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); qemuDomainObjEndJob(vm); } =20 @@ -6005,7 +6005,7 @@ qemuDomainRestoreInternal(virConnectPtr conn, virFileWrapperFdFree(wrapperFd); virQEMUSaveDataFree(data); if (vm && ret < 0) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); virDomainObjEndAPI(&vm); return ret; } @@ -6696,7 +6696,7 @@ qemuDomainDefineXMLFlags(virConnectPtr conn, } else { /* Brand new domain. Remove it */ VIR_INFO("Deleting domain '%s'", vm->def->name); - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSP= EC); } } =20 @@ -6836,7 +6836,7 @@ qemuDomainUndefineFlags(virDomainPtr dom, */ vm->persistent =3D 0; if (!virDomainObjIsActive(vm)) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_DOMAIN); =20 ret =3D 0; endjob: diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c index b8e3c1000a..b5bfd6cfd2 100644 --- a/src/qemu/qemu_extdevice.c +++ b/src/qemu/qemu_extdevice.c @@ -151,7 +151,8 @@ qemuExtDevicesPrepareHost(virQEMUDriver *driver, =20 void qemuExtDevicesCleanupHost(virQEMUDriver *driver, - virDomainDef *def) + virDomainDef *def, + qemuDomainUndefineReason undefReason) { size_t i; =20 @@ -159,7 +160,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver, return; =20 for (i =3D 0; i < def->ntpms; i++) { - qemuExtTPMCleanupHost(def->tpms[i]); + qemuExtTPMCleanupHost(def->tpms[i], undefReason); } } =20 diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h index 43d2a4dfff..252238c47f 100644 --- a/src/qemu/qemu_extdevice.h +++ b/src/qemu/qemu_extdevice.h @@ -41,7 +41,8 @@ int qemuExtDevicesPrepareHost(virQEMUDriver *driver, G_GNUC_WARN_UNUSED_RESULT; =20 void qemuExtDevicesCleanupHost(virQEMUDriver *driver, - virDomainDef *def) + virDomainDef *def, + qemuDomainUndefineReason undefReason) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2); =20 int qemuExtDevicesStart(virQEMUDriver *driver, diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c index b3b25d78b4..b15c1ccc22 100644 --- a/src/qemu/qemu_migration.c +++ b/src/qemu/qemu_migration.c @@ -3408,7 +3408,7 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver, * and there is no 'goto cleanup;' in the middle of those */ VIR_FREE(priv->origname); virDomainObjRemoveTransientDef(vm); - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); } virDomainObjEndAPI(&vm); virErrorRestore(&origErr); @@ -4054,7 +4054,8 @@ qemuMigrationSrcConfirm(virQEMUDriver *driver, virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm); vm->persistent =3D 0; } - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, + QEMU_DOMAIN_UNDEFINE_UNSPEC); } =20 cleanup: @@ -6003,7 +6004,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver, virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm); vm->persistent =3D 0; } - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); } =20 virErrorRestore(&orig_err); @@ -6130,7 +6131,7 @@ qemuMigrationSrcPerformPhase(virQEMUDriver *driver, } =20 if (!virDomainObjIsActive(vm)) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); =20 return ret; } @@ -6667,7 +6668,7 @@ qemuMigrationDstFinishActive(virQEMUDriver *driver, } =20 if (!virDomainObjIsActive(vm)) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); =20 virErrorRestore(&orig_err); return NULL; @@ -6805,7 +6806,7 @@ qemuMigrationProcessUnattended(virQEMUDriver *driver, qemuMigrationJobFinish(vm); =20 if (!virDomainObjIsActive(vm)) - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); } =20 =20 diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 5c8413a6b6..cd038195d3 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -8460,7 +8460,7 @@ qemuProcessAutoDestroy(virDomainObj *dom, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_DESTROYED); =20 - qemuDomainRemoveInactive(driver, dom); + qemuDomainRemoveInactive(driver, dom, QEMU_DOMAIN_UNDEFINE_UNSPEC); =20 qemuDomainObjEndJob(dom); =20 @@ -8926,7 +8926,7 @@ qemuProcessReconnect(void *opaque) if (jobStarted) qemuDomainObjEndJob(obj); if (!virDomainObjIsActive(obj)) - qemuDomainRemoveInactive(driver, obj); + qemuDomainRemoveInactive(driver, obj, QEMU_DOMAIN_UNDEFINE_UNSPEC); virDomainObjEndAPI(&obj); virIdentitySetCurrent(NULL); return; diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c index 6033deafed..2a4d2a9d9e 100644 --- a/src/qemu/qemu_snapshot.c +++ b/src/qemu/qemu_snapshot.c @@ -2103,7 +2103,7 @@ qemuSnapshotRevertInactive(virDomainObj *vm, } =20 if (qemuSnapshotInternalRevertInactive(driver, vm, snap) < 0) { - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSPEC); return -1; } =20 @@ -2125,7 +2125,7 @@ qemuSnapshotRevertInactive(virDomainObj *vm, start_flags); virDomainAuditStart(vm, "from-snapshot", rc >=3D 0); if (rc < 0) { - qemuDomainRemoveInactive(driver, vm); + qemuDomainRemoveInactive(driver, vm, QEMU_DOMAIN_UNDEFINE_UNSP= EC); return -1; } detail =3D VIR_DOMAIN_EVENT_STARTED_FROM_SNAPSHOT; diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 584c787b70..d2ae3b9824 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -701,11 +701,13 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, /** * qemuTPMEmulatorCleanupHost: * @tpm: TPM definition + * @undefReason: The reason why the domain is removed * * Clean up persistent storage for the swtpm. */ static void -qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm) +qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm, + qemuDomainUndefineReason undefReason G_GNUC_UNU= SED) { if (!tpm->data.emulator.persistent_state) qemuTPMEmulatorDeleteStorage(tpm); @@ -1003,9 +1005,10 @@ qemuExtTPMPrepareHost(virQEMUDriver *driver, =20 =20 void -qemuExtTPMCleanupHost(virDomainTPMDef *tpm) +qemuExtTPMCleanupHost(virDomainTPMDef *tpm, + qemuDomainUndefineReason undefReason) { - qemuTPMEmulatorCleanupHost(tpm); + qemuTPMEmulatorCleanupHost(tpm, undefReason); } =20 =20 diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h index 9951f025a6..37c8e080d7 100644 --- a/src/qemu/qemu_tpm.h +++ b/src/qemu/qemu_tpm.h @@ -35,7 +35,8 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver, ATTRIBUTE_NONNULL(3) G_GNUC_WARN_UNUSED_RESULT; =20 -void qemuExtTPMCleanupHost(virDomainTPMDef *tpm) +void qemuExtTPMCleanupHost(virDomainTPMDef *tpm, + qemuDomainUndefineReason undefReason) ATTRIBUTE_NONNULL(1); =20 int qemuExtTPMStart(virQEMUDriver *driver, --=20 2.37.1 From nobody Thu May 16 03:49:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1661169990; cv=none; d=zohomail.com; s=zohoarc; b=DJwmRtXYogrBp5mtQq31skbPd0YqPqE4uPnU5Xl9arLgVbaokeVq/JghRWICvywZrEcvfhYQ1/vdo+GvIvDVBDA43zUYWSO7O5wXtgJiQkGjoitXyQGMd1DtVOALpetOCpMCaALHJqAQ/5/xlGBBLcjY4fLwz3g3zmjmox3ZtMI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661169990; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/Rt1EcbiYBDi5CvNw9kRibHqdFv+Il0U10qiB0YErzE=; b=D7sIJSnodb3BBVowkZ/GsZ3F39nyhajalhHO35XKFXJhASb3r/B6Wf47PY+kbr7t/eL1bLcamzwtAWwlTbSIbigTlme20/HbV6fAy7WKHIcLY8JgG3kdP9bpFhtfn5mItasixYBb8BI02loG8tPkRxJE9JA0/UseXwqcYBcA+Pk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1661169990930839.8276800764402; Mon, 22 Aug 2022 05:06:30 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-614-ifn6NSP_OduF02Tpvjj2ew-1; Mon, 22 Aug 2022 08:06:22 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 166A880253F; Mon, 22 Aug 2022 12:06:17 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id F2B331121325; Mon, 22 Aug 2022 12:06:16 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 33CFC1946A4B; Mon, 22 Aug 2022 12:06:16 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 5707F1946A52 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 47F222166B29; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast07.extmail.prod.ext.rdu2.redhat.com [10.11.55.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 441642166B26 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2DC333C11E60 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-288-segj6f6_M3ySPSx2PPD_AA-1; Mon, 22 Aug 2022 08:06:10 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27MBdBCu024772 for ; Mon, 22 Aug 2022 12:06:09 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3j477nuvhw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:09 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 27MC5nfR009868 for ; Mon, 22 Aug 2022 12:06:08 GMT Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by ppma03dal.us.ibm.com with ESMTP id 3j2q89fkmv-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 27MC66n043909564 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Aug 2022 12:06:07 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CB0B5AC05E; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B58FAAC05F; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661169989; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=/Rt1EcbiYBDi5CvNw9kRibHqdFv+Il0U10qiB0YErzE=; b=WNz3Nh6N2MUUYnP9L7/8c01t4F+hut6fQJFcR9oayWZLD5dG94t9mfs8QKiiuy9taKVoUw xy4RPIpawqKKHwCqjLcoDHMM8k/4T8vLATZ3bTVoIJiKTw39OELyAq3NU2OH3ybqcyUSM3 CHXHuAL8WTsaa4+kg1BM2lh3cBSX2zc= X-MC-Unique: ifn6NSP_OduF02Tpvjj2ew-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: segj6f6_M3ySPSx2PPD_AA-1 From: Stefan Berger To: libvir-list@redhat.com Subject: [PATCH 2/7] util: Add parsing support for swtpm's cmdarg-migration capability Date: Mon, 22 Aug 2022 08:05:49 -0400 Message-Id: <20220822120554.3529999-3-stefanb@linux.ibm.com> In-Reply-To: <20220822120554.3529999-1-stefanb@linux.ibm.com> References: <20220822120554.3529999-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: ZOSloOkRr1QBWaOllCdKoDV2UNKO16nn X-Proofpoint-GUID: ZOSloOkRr1QBWaOllCdKoDV2UNKO16nn X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-22_06,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 mlxlogscore=999 spamscore=0 impostorscore=0 suspectscore=0 adultscore=0 clxscore=1015 phishscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208220051 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661169992450100013 Content-Type: text/plain; charset="utf-8"; x-default="true" Add support for parsing swtpm 'cmdarg-migration' capability (since v0.8). Signed-off-by: Stefan Berger --- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 2 files changed, 2 insertions(+) diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 2f2b061fee..d85ab2bb97 100644 --- a/src/util/virtpm.c +++ b/src/util/virtpm.c @@ -39,6 +39,7 @@ VIR_LOG_INIT("util.tpm"); VIR_ENUM_IMPL(virTPMSwtpmFeature, VIR_TPM_SWTPM_FEATURE_LAST, "cmdarg-pwd-fd", + "cmdarg-migration", ); =20 VIR_ENUM_IMPL(virTPMSwtpmSetupFeature, diff --git a/src/util/virtpm.h b/src/util/virtpm.h index a873881b23..fb330effa8 100644 --- a/src/util/virtpm.h +++ b/src/util/virtpm.h @@ -30,6 +30,7 @@ bool virTPMHasSwtpm(void); =20 typedef enum { VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD, + VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION, =20 VIR_TPM_SWTPM_FEATURE_LAST } virTPMSwtpmFeature; --=20 2.37.1 From nobody Thu May 16 03:49:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1661169986; cv=none; d=zohomail.com; s=zohoarc; b=LJ+jaHkS85mwhFLV5lfVfA5GdpHDMcpfvsQwx6TAF4mzzJvQrSTUH6VVXvkG9D4QX3gz1ey7VoNfHAaTdsaLe6Oqm4tNsRP9tULRhZaLilN52PcbAG4DIF8E+kzC/pWUfavB0tf2KdPVBFtcKnswcxaJzXQNIswioPEH8dtfz+o= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661169986; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=PDKNZmuRHLEK69EuEC6fY+ziJLEbis5p6EWsiwOmtN8=; b=BCGAzD6cR3FHpdCrYknlCBFYdscehOICvN/lU/fSf6zFRvVyE5UgpB/7jtBYwF5fzPZtOsTfrBE7vmDm4tnJxB8x9Dh3KbwFUWw31JJ/tiHkIR6oCVQZzFgi7PZWcKPrlEVyStFvkKXb0CYJ4ditQ1OrPpK0KpxbbIJhb24K0iE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1661169986249795.7739599923566; Mon, 22 Aug 2022 05:06:26 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-622-5ijnAQ9wOEex_3pfTTG2ZA-1; Mon, 22 Aug 2022 08:06:18 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 193C2185A7A4; Mon, 22 Aug 2022 12:06:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 49E5DC15BB3; Mon, 22 Aug 2022 12:06:14 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 366C81946A6B; Mon, 22 Aug 2022 12:06:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 247611946A44 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 047B1492C3B; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 00642403348 for ; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 942DE858EEE for ; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-99-CyjydcFaNqK1Yo22SJWboQ-1; Mon, 22 Aug 2022 08:06:09 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27MBwtIH020703 for ; Mon, 22 Aug 2022 12:06:09 GMT Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3j49df08rg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 27MBoU3B016773 for ; Mon, 22 Aug 2022 12:06:08 GMT Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com [9.57.198.28]) by ppma01dal.us.ibm.com with ESMTP id 3j2q89qn3c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 27MC67Sd50069880 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Aug 2022 12:06:07 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E4F80AC05F; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CDA07AC05B; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661169985; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=PDKNZmuRHLEK69EuEC6fY+ziJLEbis5p6EWsiwOmtN8=; b=IxlUqMVqMCvR3wL8SwY/3Q1ujtgEir9znDS0gisH8C7X2QpF5AwSBmOAD8nwrfY44EJf4y gP0Il2B77/C5+IqiGt0xYWLPvVMnNmMs9jk66mF7gpz0fe0TL7pVWDHUSJNMmZnjUxciQr tvZDBHHYYLRqu8mKIOl97OnhXR4rGng= X-MC-Unique: 5ijnAQ9wOEex_3pfTTG2ZA-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: CyjydcFaNqK1Yo22SJWboQ-1 From: Stefan Berger To: libvir-list@redhat.com Subject: [PATCH 3/7] qemu: tpm: Conditionally create storage on incoming migration Date: Mon, 22 Aug 2022 08:05:50 -0400 Message-Id: <20220822120554.3529999-4-stefanb@linux.ibm.com> In-Reply-To: <20220822120554.3529999-1-stefanb@linux.ibm.com> References: <20220822120554.3529999-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: 0OiNZeOCklZg0jZaq0r0uVOYdhe8qy40 X-Proofpoint-ORIG-GUID: 0OiNZeOCklZg0jZaq0r0uVOYdhe8qy40 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-22_06,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 spamscore=0 mlxlogscore=750 impostorscore=0 clxscore=1015 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208220051 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.10 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661169988527100006 Content-Type: text/plain; charset="utf-8"; x-default="true" Add a shared_storage field to the emulator part of the virDomainTPMDef used for indicating whether shared storage for TPM state is setup between hosts. Do not create storage if shared_storage flag is set and there's an incoming migration since the storage directory in this case must already exist. As a consequence also do not run swtpm_setup in this case. Signed-off-by: Stefan Berger --- src/conf/domain_conf.h | 1 + src/qemu/qemu_tpm.c | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index a1f6cf7a6f..29dc17a299 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1459,6 +1459,7 @@ struct _virDomainTPMDef { unsigned char secretuuid[VIR_UUID_BUFLEN]; bool hassecretuuid; bool persistent_state; + bool shared_storage; virBitmap *activePcrBanks; } emulator; } data; diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index d2ae3b9824..280307a14e 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -562,11 +562,19 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, int pwdfile_fd =3D -1; int migpwdfile_fd =3D -1; const unsigned char *secretuuid =3D NULL; + bool create_storage =3D true; =20 if (!swtpm) return NULL; =20 - if (qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_grou= p) < 0) + /* Do not create storage and run swtpm_setup on incoming migration over + * shared storage + */ + if (incomingMigration && tpm->data.emulator.shared_storage) + create_storage =3D false; + + if (create_storage && + qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_grou= p) < 0) return NULL; =20 if (tpm->data.emulator.hassecretuuid) --=20 2.37.1 From nobody Thu May 16 03:49:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1661169986; cv=none; d=zohomail.com; s=zohoarc; b=UFh/t2TksoE97hxyyd955eI+rBT1ohU2iePhe98mYxulq9Zqq0f9xrvOZ6YrCsT7kK3jZ5A/oaGQVXJtFM9PZEWcolS9kTBZyjrCsziGNUfqdR+7J7wE02FCMgeNOfU1KBi1uiYXzRZ4P+G+vf9vzuRPWClZnYwF596HWcxdjZ8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661169986; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Hwgvvw8kc/gzOiu345UWZ1ZjeNEP2A36Qblbg66U11A=; b=BwGoioTM0PB/9rhj7mBqAMbJ5o7GxVHDM0y1TYy47miK/zT6uXL39yXBgWXZNms6JRIVmoEiXhy5F8MPbIVRWxdCMGxTy/18WJ75Nel01gtTkD//zLYMWZ26km9C0rh9P4sDHRS5MFZXGJ0L+++oButxzBvEc5zVaLXaSuV/olk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1661169986359229.70028778069172; Mon, 22 Aug 2022 05:06:26 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-257-3MwuN11WPeKomc0iaG-paQ-1; Mon, 22 Aug 2022 08:06:21 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 77121858EFE; Mon, 22 Aug 2022 12:06:16 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 6242E1121325; Mon, 22 Aug 2022 12:06:16 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B824B1947043; Mon, 22 Aug 2022 12:06:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C40991946A65 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id AA8B6C15BBA; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id A613DC15BB3 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8DAB7299E745 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-189-t0UeMovsNSq8ouYlbfILJw-1; Mon, 22 Aug 2022 08:06:10 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27MBdBHX024806 for ; Mon, 22 Aug 2022 12:06:09 GMT Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3j477nuvj4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:09 +0000 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 27MBoPbP016750 for ; Mon, 22 Aug 2022 12:06:08 GMT Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma01dal.us.ibm.com with ESMTP id 3j2q89qn3a-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 27MC67Rs65012218 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Aug 2022 12:06:07 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E8FAFAC065; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id E663BAC062; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661169985; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Hwgvvw8kc/gzOiu345UWZ1ZjeNEP2A36Qblbg66U11A=; b=Y6Z5IaK1TZXfpRxtWspbT2Q6C2YtnIrHNYA+ioHWB3eBoo9EiptQekLUMBCeG+gb4btgaT yCOOOrHmkP3ajTFA5MfxddMNcXW4LqfAU84jOmhSAbwEMpVm9wDniX3fWyDdpXfy77XJUm IOhRodnD+nCdqHuFS3hVYHt9dPIZnJw= X-MC-Unique: 3MwuN11WPeKomc0iaG-paQ-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: t0UeMovsNSq8ouYlbfILJw-1 From: Stefan Berger To: libvir-list@redhat.com Subject: [PATCH 4/7] qemu: tpm: Pass --migration option to swtpm when using shared storage Date: Mon, 22 Aug 2022 08:05:51 -0400 Message-Id: <20220822120554.3529999-5-stefanb@linux.ibm.com> In-Reply-To: <20220822120554.3529999-1-stefanb@linux.ibm.com> References: <20220822120554.3529999-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: 4wgzWo2UpI9yqqx-TOnv-JeC5RdFyMb2 X-Proofpoint-GUID: 4wgzWo2UpI9yqqx-TOnv-JeC5RdFyMb2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-22_06,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 bulkscore=0 mlxlogscore=999 spamscore=0 impostorscore=0 suspectscore=0 adultscore=1 clxscore=1015 phishscore=0 mlxscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208220051 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661169988533100007 Content-Type: text/plain; charset="utf-8"; x-default="true" when using shared storage pass the --migration option to swtpm, if swptm supports it (staring with v0.8). Always apply the 'release-lock-outgoing' parameter with this option and apply the 'incoming' parameter for incoming migration so that swtpm releases the file lock on the source side when the state is migrated and locks the file on the destination side when the state is received. Signed-off-by: Stefan Berger --- src/qemu/qemu_tpm.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 280307a14e..8b3ef4e34e 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -650,6 +650,19 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", migpw= dfile_fd); } =20 + if (tpm->data.emulator.shared_storage) { + if (!virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION)) { + virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, + _("%s does not support the --migration option needed for= shared storage"), + swtpm); + goto error; + } + + virCommandAddArg(cmd, "--migration"); + virCommandAddArgFormat(cmd, "release-lock-outgoing%s", + incomingMigration ? ",incoming": ""); + } + return g_steal_pointer(&cmd); =20 error: --=20 2.37.1 From nobody Thu May 16 03:49:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1661169986; cv=none; d=zohomail.com; s=zohoarc; b=MBTTqTc4W03wBirrp8JJhNqDjQ420mddqnQfEWOf5U8doU4pOIJqDR9NteDCdC55z8NPDB24+31mOMxmaPIOqGJsGEZu8Tx9KaFNwvDr2qT3UG2B7W/GaIYk6p01D+9GImoXWGHpHQtXy/5L0bggBlV5YLMI2axiHFs7XZu5VGg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661169986; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=qlPdw/AZts/T2Pwrv2k5R7Nw7FYkKGshnRqe7cE6iQA=; b=XySNvQv5+kWMAz7pofnb2by28IcTaJgA/swJ+rb8Qeiwa7ipt50VwUoFYtigfAMUEIk8xNr/sAmD4EFMuZXXgdfHrWYhmP+sjHMFHzOZPEmX76aJqj1SqpIxYpq7X8B+cFf2rrsEwbheVp1KEa0TtNAqmOIPAZWsaNoDww7atP8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 166116998670234.87009405134211; Mon, 22 Aug 2022 05:06:26 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-582-hW2H3BzRNh69K7tulPhm0A-1; Mon, 22 Aug 2022 08:06:21 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E239580A0BC; Mon, 22 Aug 2022 12:06:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id C807A111F3B6; Mon, 22 Aug 2022 12:06:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 50C081946A62; Mon, 22 Aug 2022 12:06:14 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 34CD51946A48 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 15C889458A; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 11EC0945D0 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E677B801585 for ; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-625-wCXYREH1O_K50G_YZgbFyg-1; Mon, 22 Aug 2022 08:06:09 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27MBwtII020703 for ; Mon, 22 Aug 2022 12:06:09 GMT Received: from ppma01dal.us.ibm.com (83.d6.3fa9.ip4.static.sl-reverse.com [169.63.214.131]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3j49df08rj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:09 +0000 Received: from pps.filterd (ppma01dal.us.ibm.com [127.0.0.1]) by ppma01dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 27MBoOTs016732 for ; Mon, 22 Aug 2022 12:06:08 GMT Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma01dal.us.ibm.com with ESMTP id 3j2q89qn3d-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 27MC67TX65012220 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Aug 2022 12:06:07 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 02CD0AC067; Mon, 22 Aug 2022 12:06:07 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F4073AC05B; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 22 Aug 2022 12:06:06 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661169985; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=qlPdw/AZts/T2Pwrv2k5R7Nw7FYkKGshnRqe7cE6iQA=; b=JWwSicdXwBjmTsDa/wPPhwoISX0X2iFBqKRIHi/XB9Bsvd59kZHXAoymdE0E145NZ2bn3A HMp/2GkHTyLmECCXqvbkMgE/fg5M5L4HDWWklMQbRqeEnrb9DihJj+3QFX54L6Eac2FhuL Pc3yPOIfV7VeJTJrwTeKSY0AUR61J+8= X-MC-Unique: hW2H3BzRNh69K7tulPhm0A-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: wCXYREH1O_K50G_YZgbFyg-1 From: Stefan Berger To: libvir-list@redhat.com Subject: [PATCH 5/7] qemu: tpm: Avoid security labels on incoming migration with shared storage Date: Mon, 22 Aug 2022 08:05:52 -0400 Message-Id: <20220822120554.3529999-6-stefanb@linux.ibm.com> In-Reply-To: <20220822120554.3529999-1-stefanb@linux.ibm.com> References: <20220822120554.3529999-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: HE25Ky83oqcZaEgIH4JSBVdaXBF7fkqY X-Proofpoint-ORIG-GUID: HE25Ky83oqcZaEgIH4JSBVdaXBF7fkqY X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-22_06,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 bulkscore=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 impostorscore=0 clxscore=1015 mlxscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208220051 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.79 on 10.11.54.5 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661169988508100005 Content-Type: text/plain; charset="utf-8"; x-default="true" When using shared storage there is no need to apply security labels on the storage since the files have to have been labeled already on the source side and we must assume that the source and destination side have been setup to use the same uid and gid for running swtpm as well as share the same security labels. whether the security labels can be used at all depends on the shared storage and whether and how it supports them. Signed-off-by: Stefan Berger --- src/qemu/qemu_tpm.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 8b3ef4e34e..20c7e92766 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -924,10 +924,19 @@ qemuTPMEmulatorStart(virQEMUDriver *driver, virCommandSetPidFile(cmd, pidfile); virCommandSetErrorFD(cmd, &errfd); =20 - if (qemuSecurityStartTPMEmulator(driver, vm, cmd, - cfg->swtpm_user, cfg->swtpm_group, - NULL, &cmdret) < 0) - return -1; + if (incomingMigration && + tpm->data.emulator.shared_storage) { + /* security labels must have been set up on source already */ + if (qemuSecurityCommandRun(driver, vm, cmd, + cfg->swtpm_user, cfg->swtpm_group, + NULL, &cmdret) < 0) { + goto error; + } + } else if (qemuSecurityStartTPMEmulator(driver, vm, cmd, + cfg->swtpm_user, cfg->swtpm_gr= oup, + NULL, &cmdret) < 0) { + goto error; + } =20 if (cmdret < 0) { /* virCommandRun() hidden in qemuSecurityStartTPMEmulator() --=20 2.37.1 From nobody Thu May 16 03:49:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1661169986; cv=none; d=zohomail.com; s=zohoarc; b=bRezlmysrRkxplVaZCLglNgDPqFbkfgkDOrspwy+Kdr4umOAhMshv1E2Wur9EOCZ8ZnmG+JJP6PUQSNDtZH93bBqMrB6GszSejfWlLYXl3fVJ7ckxqJnfYVwXwVj1hwAHuHHQFfutcYyg4as8mZv1Nu+cEl9eBrQJlMfL0PSza8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661169986; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=cgTWcsEGnfmdT/r9jxWVFRDBHQYTUpIsyOZEwHh/dVI=; b=XMQ9CAQ6L20C881OoFbkPBsvP/DORii142cznsZ7RheFumwQs7dSV6J+tXI0QiWfZnICHBdyGbHFMkpKfkg64I1LT3OMk/4IeYruO0bTD5s/TAN8+xLjEnAVPpSZMLciSG26RRDDz/B7mPR5EH9sc0/e6ed4UKKjWf4vZyPjd7I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1661169986139727.8793979826555; Mon, 22 Aug 2022 05:06:26 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-209-vyF6sPQTP7uAeHfe7033xg-1; Mon, 22 Aug 2022 08:06:20 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 18E703C11E66; Mon, 22 Aug 2022 12:06:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7D0844010D2A; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 499601946A47; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 37BBA1946A44 for ; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 26883C15BBA; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 22777C15BB3 for ; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 082B9299E74D for ; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-108-OdXAaZo1PTmHuPp4WzEAFQ-1; Mon, 22 Aug 2022 08:06:09 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27MBxsLT012061 for ; Mon, 22 Aug 2022 12:06:08 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3j49dr05ft-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 27MC5Hlc016715 for ; Mon, 22 Aug 2022 12:06:07 GMT Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma03wdc.us.ibm.com with ESMTP id 3j2q894han-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:07 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 27MC67MZ65012222 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Aug 2022 12:06:07 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1201DAC05E; Mon, 22 Aug 2022 12:06:07 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0F52CAC059; Mon, 22 Aug 2022 12:06:07 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 22 Aug 2022 12:06:07 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661169985; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=cgTWcsEGnfmdT/r9jxWVFRDBHQYTUpIsyOZEwHh/dVI=; b=GOtXWkA1Q/okad/v9H/qpWnM7/GhEbcaYAjbl0UJZiEYofwXiRmwZqRisIqTBtAsW7yNUR JDYR5/bhEcxnGByhI+EQjZfWaOqXLG9jrkWLNYmghn2jACr+iUtdyiLeWFEmDgtA1lovC4 acBKHxdsvV4NIWXC8U1I2i6Unz/eS+w= X-MC-Unique: vyF6sPQTP7uAeHfe7033xg-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: OdXAaZo1PTmHuPp4WzEAFQ-1 From: Stefan Berger To: libvir-list@redhat.com Subject: [PATCH 6/7] qemu: tpm: Remove TPM state files and directory only when undefining a VM Date: Mon, 22 Aug 2022 08:05:53 -0400 Message-Id: <20220822120554.3529999-7-stefanb@linux.ibm.com> In-Reply-To: <20220822120554.3529999-1-stefanb@linux.ibm.com> References: <20220822120554.3529999-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: s8oqrxfu6v2swHi2D-z9cs99QL0hqs5w X-Proofpoint-ORIG-GUID: s8oqrxfu6v2swHi2D-z9cs99QL0hqs5w X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-22_06,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 malwarescore=0 mlxscore=0 mlxlogscore=896 impostorscore=0 clxscore=1011 suspectscore=0 bulkscore=0 lowpriorityscore=0 spamscore=0 priorityscore=1501 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208220051 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661169986578100003 Content-Type: text/plain; charset="utf-8"; x-default="true" When share storage for the TPM state files has been setup betwen hosts then remove the TPM state files and directory only when undefining a VM and only if the attribute persistent_state is not set. Avoid removing the TPM state files and directory structure when a VM is migrated and shared storage is used since this would also remove those files and directory structure on the destination side. Signed-off-by: Stefan Berger --- src/qemu/qemu_tpm.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 20c7e92766..d1639318e7 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -728,10 +728,20 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm, */ static void qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm, - qemuDomainUndefineReason undefReason G_GNUC_UNU= SED) + qemuDomainUndefineReason undefReason) { - if (!tpm->data.emulator.persistent_state) + if (tpm->data.emulator.shared_storage) { + /* When using shared storage remove the domain only if this is due= to + * a 'virsh undefine' type of command and only if persistent_state= =3D=3D + * false. Avoid removal of the state files/directory during migrat= ion. + */ + if (undefReason =3D=3D QEMU_DOMAIN_UNDEFINE_DOMAIN && + !tpm->data.emulator.persistent_state) { + qemuTPMEmulatorDeleteStorage(tpm); + } + } else if (!tpm->data.emulator.persistent_state) { qemuTPMEmulatorDeleteStorage(tpm); + } } =20 =20 --=20 2.37.1 From nobody Thu May 16 03:49:32 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) client-ip=170.10.133.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1661169992; cv=none; d=zohomail.com; s=zohoarc; b=Z1Lj/gGofr/NgphoOxniQwMcMQMHU5887vleepog+mk15YUgHyJq0RjjXxrsHXTaI8z2ncgsPSZa6Ay1F30NVNEl/6Rvy+Bv5FqDIPMmql3t/swkUVr5HdNMiD6+xwRLJv8/uxVgesEzk+tHnwPZkEzZ0r1oqk0iYLz3W9KEXEE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1661169992; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=pyKwCcsOTV1XlaYudl0fzjDwWIc08bRoUToXsnSNdGs=; b=cH0MNBt7/qwy6u3OuYKNfEHZQM+5kraZYV269F0raemDzWMfPRogjHxygsz5MshnhagvT6vxoYWGD7+IgMbGVDxsV5OZhqvmZpvAeO1lOob18yVBvbU+S3+VWWIJV493aUghZW3E38oGwwIRDZ2VFenECZV1XOW7EmemYarwNg4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com with SMTPS id 1661169992302162.09617292748965; Mon, 22 Aug 2022 05:06:32 -0700 (PDT) Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-540-Ah5iTvhUMmux7iFkcSO7sg-1; Mon, 22 Aug 2022 08:06:19 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 627BB1C1A94A; Mon, 22 Aug 2022 12:06:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 478EB4010FA1; Mon, 22 Aug 2022 12:06:15 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id B7F691946A77; Mon, 22 Aug 2022 12:06:13 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 2798D1946A47 for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 19DA22026D64; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 14AF42026D4C for ; Mon, 22 Aug 2022 12:06:12 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EC763299E750 for ; Mon, 22 Aug 2022 12:06:11 +0000 (UTC) Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-308-A7zlWUfpMCarX5gOD72Qow-1; Mon, 22 Aug 2022 08:06:10 -0400 Received: from pps.filterd (m0098409.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 27MC0EWd005435 for ; Mon, 22 Aug 2022 12:06:09 GMT Received: from ppma02dal.us.ibm.com (a.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.10]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3j49e306rt-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:09 +0000 Received: from pps.filterd (ppma02dal.us.ibm.com [127.0.0.1]) by ppma02dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 27MC5mIk020724 for ; Mon, 22 Aug 2022 12:06:08 GMT Received: from b01cxnp23034.gho.pok.ibm.com (b01cxnp23034.gho.pok.ibm.com [9.57.198.29]) by ppma02dal.us.ibm.com with ESMTP id 3j2q897k8x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 22 Aug 2022 12:06:08 +0000 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp23034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 27MC67RI3932902 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 22 Aug 2022 12:06:07 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 34346AC060; Mon, 22 Aug 2022 12:06:07 +0000 (GMT) Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1D71AAC05F; Mon, 22 Aug 2022 12:06:07 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP; Mon, 22 Aug 2022 12:06:07 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1661169990; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=pyKwCcsOTV1XlaYudl0fzjDwWIc08bRoUToXsnSNdGs=; b=QrBeEjGVa0CzSfzvstMq16AtIY+mjyt9SvgslFTTibMJ8GXrF3zgDsER9/C7+VkD19m+K4 K7PC7JXGkauj/fhgBTcUYIzPUfigRNNlFRSvW9KOmuz7H0QUX5Dhz2Ds8yCcbDxqlQgbUM Dya6952jrVokIGmygKudJBPJt5mxTfI= X-MC-Unique: Ah5iTvhUMmux7iFkcSO7sg-1 X-Original-To: libvir-list@listman.corp.redhat.com X-MC-Unique: A7zlWUfpMCarX5gOD72Qow-1 From: Stefan Berger To: libvir-list@redhat.com Subject: [PATCH 7/7] qemu: config: Extend TPM domain XML with shared storage support Date: Mon, 22 Aug 2022 08:05:54 -0400 Message-Id: <20220822120554.3529999-8-stefanb@linux.ibm.com> In-Reply-To: <20220822120554.3529999-1-stefanb@linux.ibm.com> References: <20220822120554.3529999-1-stefanb@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-ORIG-GUID: kFtDgu-NvbzHEax3CeKWc_mLs2iD7NxZ X-Proofpoint-GUID: kFtDgu-NvbzHEax3CeKWc_mLs2iD7NxZ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-22_06,2022-08-22_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 suspectscore=0 mlxlogscore=813 impostorscore=0 malwarescore=0 bulkscore=0 adultscore=0 phishscore=0 lowpriorityscore=0 mlxscore=0 clxscore=1015 priorityscore=1501 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208220051 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Stefan Berger Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1661169994474100015 Content-Type: text/plain; charset="utf-8"; x-default="true" Extend the domain XML with a 'shared_storage' attribute for the TPM to support migration when the TPM's state directory is setup as shared storage between hosts. Document the shared_storage attribute. For libvirt to be able to correctly handle migration and the removal and security-labeling of TPM state files, it is necessary that the domain XML indicates whether shared stored has been set up for TPM state files. If shared storage is used the TPM domain XML must indicate this as follows: Signed-off-by: Stefan Berger --- docs/formatdomain.rst | 16 ++++++++++++++++ src/conf/domain_conf.c | 13 +++++++++++++ src/conf/schemas/domaincommon.rng | 5 +++++ 3 files changed, 34 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 212104fe1f..f6eb126617 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -7775,6 +7775,22 @@ Example: usage of the TPM Emulator This attribute only works with the ``emulator`` backend. The accepted v= alues are ``yes`` and ``no``. :since:`Since 7.0.0` =20 +``shared_storage`` + The ``shared_storage`` attribute indicates whether shared storage is + setup for storing 'swtpm' TPM state. It must be set to ``yes`` if shared + storage is used and must be omitted or set to ``no`` otherwise. The + default value is ``no``. This attribute is important for migrating + 'swtpm' state between hosts and managing the TPM state files. + :since:`Since 8.8.0` + + Note: All hosts sharing the storage must be configured to run swtpm + with the same account (see ``swtpm_user`` and ``swtpm_group`` in qemu.c= onf). + Further, any Linux security module used for file labeling, such as SELi= nux, + must be supported by the shared storage technology and be the same on a= ll + hosts or otherwise may need to be turned off. For example, when NFS is = used + for shared storage, SELinux must be turned off or put into permissive m= ode + since sVirt's MLS range labeling is not supported by NFS. + ``active_pcr_banks`` The ``active_pcr_banks`` node is used to define which of the PCR banks of a TPM 2.0 to activate. Valid names are for example sha1, sha256, sha= 384, diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 2fc94b40ef..9de23d6530 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -10418,6 +10418,7 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, g_autofree char *path =3D NULL; g_autofree char *secretuuid =3D NULL; g_autofree char *persistent_state =3D NULL; + g_autofree char *shared_storage =3D NULL; g_autofree xmlNodePtr *backends =3D NULL; g_autofree xmlNodePtr *nodes =3D NULL; int bank; @@ -10492,6 +10493,16 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, } } =20 + shared_storage =3D virXMLPropString(backends[0], "shared_storage"); + if (shared_storage) { + if (virStringParseYesNo(shared_storage, + &def->data.emulator.shared_storage) < = 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("Invalid shared_storage value, either 'ye= s' or 'no'")); + goto error; + } + } + if ((nnodes =3D virXPathNodeSet("./backend/active_pcr_banks/*", ct= xt, &nodes)) < 0) break; if (nnodes > 0) @@ -24301,6 +24312,8 @@ virDomainTPMDefFormat(virBuffer *buf, } if (def->data.emulator.persistent_state) virBufferAddLit(&backendAttrBuf, " persistent_state=3D'yes'"); + if (def->data.emulator.shared_storage) + virBufferAddLit(&backendAttrBuf, " shared_storage=3D'yes'"); if (def->data.emulator.hassecretuuid) { char uuidstr[VIR_UUID_STRING_BUFLEN]; =20 diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincom= mon.rng index 7f6ea1d888..27000670b1 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -5541,6 +5541,11 @@ + + + + + --=20 2.37.1