1. Patchew
  2. Libvirt
  3. View series

[PATCH v2 0/9] qemu: tpm: Add support for migration across shared storage

Stefan Berger posted 9 patches 1 year, 6 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20221005140207.3599989-1-stefanb@linux.ibm.com
There is a newer version of this series
docs/manpages/virsh.rst          |  6 +++
include/libvirt/libvirt-domain.h |  8 +++
src/conf/domain_conf.h           |  1 +
src/qemu/qemu_driver.c           |  4 +-
src/qemu/qemu_extdevice.c        |  5 +-
src/qemu/qemu_extdevice.h        |  3 +-
src/qemu/qemu_migration.c        | 23 +++++++--
src/qemu/qemu_migration.h        |  1 +
src/qemu/qemu_process.c          | 10 ++--
src/qemu/qemu_process.h          |  6 ++-
src/qemu/qemu_saveimage.c        |  2 +-
src/qemu/qemu_snapshot.c         |  4 +-
src/qemu/qemu_tpm.c              | 87 ++++++++++++++++++++++++++++----
src/qemu/qemu_tpm.h              | 24 ++++++++-
src/util/virtpm.c                |  1 +
src/util/virtpm.h                |  1 +
tools/virsh-domain.c             |  7 +++
17 files changed, 164 insertions(+), 29 deletions(-)
[PATCH v2 0/9] qemu: tpm: Add support for migration across shared storage
Posted by Stefan Berger 1 year, 6 months ago 
This series of patches adds support for migrating vTPMs across hosts whose
storage has been set up to share the directory structure holding the state
of the TPM (swtpm). A new migration flag VIR_MIGRATE_TPM_SHARED_STORAGE is
added to enable this. This flag influences the management of the directory
structure holding the TPM state, which for example is only removed when a
domain is undefined and not when a VM is removed on the migration source
host. Further, when shared storage is used then security labeling on the
destination side is skipped assuming that the labeling was already done on
the source side.

I have tested this with an NFS setup where I had to turn SELinux off on
the hosts since the SELinux MLS range labeling is not supported by NFS.

Shared storage migration requires (upcoming) swtpm v0.8.

   Stefan

Stefan Berger (9):
  util: Add parsing support for swtpm's cmdarg-migration capability
  qemu: Introduced VIR_MIGRATE_TPM_SHARED_STORAGE for TPM migration
  qemu: tpm: Conditionally create storage on incoming migration
  qemu: tpm: Pass --migration option to swtpm if supported
  qemu: tpm: Avoid security labels on incoming migration with shared
    storage
  qemu: tpm: Require UNDEFINE_TPM to be set to remove TPM state
  qemu: tpm: Determine whether to remove TPM state during migration
  qemu: tpm: Enable migration with VIR_MIGRATE_TPM_SHARED_STORAGE
  virsh: Add support for --tpm-shared-storage flag for migration

 docs/manpages/virsh.rst          |  6 +++
 include/libvirt/libvirt-domain.h |  8 +++
 src/conf/domain_conf.h           |  1 +
 src/qemu/qemu_driver.c           |  4 +-
 src/qemu/qemu_extdevice.c        |  5 +-
 src/qemu/qemu_extdevice.h        |  3 +-
 src/qemu/qemu_migration.c        | 23 +++++++--
 src/qemu/qemu_migration.h        |  1 +
 src/qemu/qemu_process.c          | 10 ++--
 src/qemu/qemu_process.h          |  6 ++-
 src/qemu/qemu_saveimage.c        |  2 +-
 src/qemu/qemu_snapshot.c         |  4 +-
 src/qemu/qemu_tpm.c              | 87 ++++++++++++++++++++++++++++----
 src/qemu/qemu_tpm.h              | 24 ++++++++-
 src/util/virtpm.c                |  1 +
 src/util/virtpm.h                |  1 +
 tools/virsh-domain.c             |  7 +++
 17 files changed, 164 insertions(+), 29 deletions(-)

-- 
2.37.3
Re: [PATCH v2 0/9] qemu: tpm: Add support for migration across shared storage
Posted by Michal Prívozník 1 year, 6 months ago 
On 10/5/22 16:01, Stefan Berger wrote:
> This series of patches adds support for migrating vTPMs across hosts whose
> storage has been set up to share the directory structure holding the state
> of the TPM (swtpm). A new migration flag VIR_MIGRATE_TPM_SHARED_STORAGE is
> added to enable this. This flag influences the management of the directory
> structure holding the TPM state, which for example is only removed when a
> domain is undefined and not when a VM is removed on the migration source
> host. Further, when shared storage is used then security labeling on the
> destination side is skipped assuming that the labeling was already done on
> the source side.
> 
> I have tested this with an NFS setup where I had to turn SELinux off on
> the hosts since the SELinux MLS range labeling is not supported by NFS.
> 
> Shared storage migration requires (upcoming) swtpm v0.8.
> 
>    Stefan
> 
> Stefan Berger (9):
>   util: Add parsing support for swtpm's cmdarg-migration capability
>   qemu: Introduced VIR_MIGRATE_TPM_SHARED_STORAGE for TPM migration
>   qemu: tpm: Conditionally create storage on incoming migration
>   qemu: tpm: Pass --migration option to swtpm if supported
>   qemu: tpm: Avoid security labels on incoming migration with shared
>     storage
>   qemu: tpm: Require UNDEFINE_TPM to be set to remove TPM state
>   qemu: tpm: Determine whether to remove TPM state during migration
>   qemu: tpm: Enable migration with VIR_MIGRATE_TPM_SHARED_STORAGE
>   virsh: Add support for --tpm-shared-storage flag for migration
> 
>  docs/manpages/virsh.rst          |  6 +++
>  include/libvirt/libvirt-domain.h |  8 +++
>  src/conf/domain_conf.h           |  1 +
>  src/qemu/qemu_driver.c           |  4 +-
>  src/qemu/qemu_extdevice.c        |  5 +-
>  src/qemu/qemu_extdevice.h        |  3 +-
>  src/qemu/qemu_migration.c        | 23 +++++++--
>  src/qemu/qemu_migration.h        |  1 +
>  src/qemu/qemu_process.c          | 10 ++--
>  src/qemu/qemu_process.h          |  6 ++-
>  src/qemu/qemu_saveimage.c        |  2 +-
>  src/qemu/qemu_snapshot.c         |  4 +-
>  src/qemu/qemu_tpm.c              | 87 ++++++++++++++++++++++++++++----
>  src/qemu/qemu_tpm.h              | 24 ++++++++-
>  src/util/virtpm.c                |  1 +
>  src/util/virtpm.h                |  1 +
>  tools/virsh-domain.c             |  7 +++
>  17 files changed, 164 insertions(+), 29 deletions(-)
> 

Overall, I like this. I've raised couple of points in my review. I've
made suggested changes as 'fixup' commits and pushed everything on my
gitlab:

https://gitlab.com/MichalPrivoznik/libvirt/-/commits/tpm_migration_v2

(except for private data for TPM which I'm suggesting somewhere in
review). Feel free to take them an squash them in. Or just parts of it.
I mean, I wasn't sure where exactly I should stop passing 'flags' and
set 'sharedStorage' bool argument. Maybe I was too aggressive and flags
can be passed all the way down.

Michal
Re: [PATCH v2 0/9] qemu: tpm: Add support for migration across shared storage
Posted by Stefan Berger 1 year, 6 months ago 

On 10/6/22 09:26, Michal Prívozník wrote:
> On 10/5/22 16:01, Stefan Berger wrote:
>> This series of patches adds support for migrating vTPMs across hosts whose
>> storage has been set up to share the directory structure holding the state
>> of the TPM (swtpm). A new migration flag VIR_MIGRATE_TPM_SHARED_STORAGE is
>> added to enable this. This flag influences the management of the directory
>> structure holding the TPM state, which for example is only removed when a
>> domain is undefined and not when a VM is removed on the migration source
>> host. Further, when shared storage is used then security labeling on the
>> destination side is skipped assuming that the labeling was already done on
>> the source side.
>>
>> I have tested this with an NFS setup where I had to turn SELinux off on
>> the hosts since the SELinux MLS range labeling is not supported by NFS.
>>
>> Shared storage migration requires (upcoming) swtpm v0.8.
>>
>>     Stefan
>>
>> Stefan Berger (9):
>>    util: Add parsing support for swtpm's cmdarg-migration capability
>>    qemu: Introduced VIR_MIGRATE_TPM_SHARED_STORAGE for TPM migration
>>    qemu: tpm: Conditionally create storage on incoming migration
>>    qemu: tpm: Pass --migration option to swtpm if supported
>>    qemu: tpm: Avoid security labels on incoming migration with shared
>>      storage
>>    qemu: tpm: Require UNDEFINE_TPM to be set to remove TPM state
>>    qemu: tpm: Determine whether to remove TPM state during migration
>>    qemu: tpm: Enable migration with VIR_MIGRATE_TPM_SHARED_STORAGE
>>    virsh: Add support for --tpm-shared-storage flag for migration
>>
>>   docs/manpages/virsh.rst          |  6 +++
>>   include/libvirt/libvirt-domain.h |  8 +++
>>   src/conf/domain_conf.h           |  1 +
>>   src/qemu/qemu_driver.c           |  4 +-
>>   src/qemu/qemu_extdevice.c        |  5 +-
>>   src/qemu/qemu_extdevice.h        |  3 +-
>>   src/qemu/qemu_migration.c        | 23 +++++++--
>>   src/qemu/qemu_migration.h        |  1 +
>>   src/qemu/qemu_process.c          | 10 ++--
>>   src/qemu/qemu_process.h          |  6 ++-
>>   src/qemu/qemu_saveimage.c        |  2 +-
>>   src/qemu/qemu_snapshot.c         |  4 +-
>>   src/qemu/qemu_tpm.c              | 87 ++++++++++++++++++++++++++++----
>>   src/qemu/qemu_tpm.h              | 24 ++++++++-
>>   src/util/virtpm.c                |  1 +
>>   src/util/virtpm.h                |  1 +
>>   tools/virsh-domain.c             |  7 +++
>>   17 files changed, 164 insertions(+), 29 deletions(-)
>>
> 
> Overall, I like this. I've raised couple of points in my review. I've
> made suggested changes as 'fixup' commits and pushed everything on my
> gitlab:
> 
> https://gitlab.com/MichalPrivoznik/libvirt/-/commits/tpm_migration_v2
> 
> (except for private data for TPM which I'm suggesting somewhere in
> review). Feel free to take them an squash them in. Or just parts of it.
> I mean, I wasn't sure where exactly I should stop passing 'flags' and
> set 'sharedStorage' bool argument. Maybe I was too aggressive and flags
> can be passed all the way down.
> 

I forgot about your series..  I put a v2 with fixes here now:

https://github.com/stefanberger/libvirt-tpm/tree/swtpm_shared_storage.v2.fixed

It has the private data support and a fix for post migration cleanup. The new flag is still in there...

    Stefan



> Michal
>

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.