From nobody Sat May  4 18:57:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1666112718; cv=none;
	d=zohomail.com; s=zohoarc;
	b=XpvD6F3wwxMHMsAD4s4EWyztJ2I0LSkAEj1lMTpGLqm/CwFhS6N/yLC1uQAmuX2RHSplfBOksSa6Vj5MFdhqNYIOGGw3fvNctjCAQ0iJbRIe9NtMl4eyUcOnDwbHy+x/7Kz79skxZDB1hNvMCFatWk/ml1khrTBgMBhO/TevACM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1666112718;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=N7wBg8e1ZXfsg92PZaP6aNwT6vRoaZZfCJ6aBjr+C6g=;
	b=SLVZYjJc1Pc3cwIuuOYei5aIIolx/gG3sLuHWNwFl4Bdz9b6xxJEMoIpF7iifxC0SraAeCB8KWRdga0hCWTsZrvaGBwjvDCzZ4GNNB6rahFpUQgPib7ibBQ1bV+wPiSbormfF4jf8by1gvlL/yVSubKIrXj1avKKknAluNb6Qzs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1666112718981622.2250423979153;
 Tue, 18 Oct 2022 10:05:18 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-9-MIrvd-TXMuyhcjz4ZzV4Tg-1; Tue, 18 Oct 2022 13:05:11 -0400
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
 [10.11.54.10])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F0D25862FDF;
	Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3A040492B05;
	Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 064061946594;
	Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com
 [10.11.54.1])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 01664194658F for <libvir-list@listman.corp.redhat.com>;
 Tue, 18 Oct 2022 17:05:06 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id E970740C2086; Tue, 18 Oct 2022 17:05:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id E219640C2065
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:05 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com
 [205.139.110.61])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6DEB6858F17
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:05 +0000 (UTC)
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
 [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-344-ict2CEwNO7636Dk94tKDzw-1; Tue, 18 Oct 2022 13:05:01 -0400
Received: from pps.filterd (m0127361.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 29IH2Nsf016875;
 Tue, 18 Oct 2022 17:05:01 GMT
Received: from ppma04wdc.us.ibm.com (1a.90.2fa9.ip4.static.sl-reverse.com
 [169.47.144.26])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ka06pr2yw-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:00 +0000
Received: from pps.filterd (ppma04wdc.us.ibm.com [127.0.0.1])
 by ppma04wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 29IGpOog014558;
 Tue, 18 Oct 2022 17:05:00 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
 (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
 by ppma04wdc.us.ibm.com with ESMTP id 3k7mg9fp5g-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:00 +0000
Received: from smtpav02.dal12v.mail.ibm.com ([9.208.128.128])
 by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 29IH4xpB23265880
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Tue, 18 Oct 2022 17:04:59 GMT
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id E917F5805C;
 Tue, 18 Oct 2022 17:04:58 +0000 (GMT)
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 927FE58051;
 Tue, 18 Oct 2022 17:04:58 +0000 (GMT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
 by smtpav02.dal12v.mail.ibm.com (Postfix) with ESMTP;
 Tue, 18 Oct 2022 17:04:58 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1666112717;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=N7wBg8e1ZXfsg92PZaP6aNwT6vRoaZZfCJ6aBjr+C6g=;
	b=QLIp7Rd3BW33VN9BZttQjqDeY9SL7TCejrNv+FSu4gX/0+qX0M4M1y9B69Ed2hfQ3SwpMi
	PBf1rBjYDagtGLPdNnXIXISydeH17Bf2Fi/jR4KHYvIJSgCQ3ij8l56m4ps/RtKBUWKaO+
	fnkvLjZMhlCDtIOlPUJ02FSa7sJ2KuQ=
X-MC-Unique: MIrvd-TXMuyhcjz4ZzV4Tg-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: ict2CEwNO7636Dk94tKDzw-1
From: Stefan Berger <stefanb@linux.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 1/6] util: Add parsing support for swtpm's cmdarg-migration
 capability
Date: Tue, 18 Oct 2022 13:04:47 -0400
Message-Id: <20221018170452.241864-2-stefanb@linux.ibm.com>
In-Reply-To: <20221018170452.241864-1-stefanb@linux.ibm.com>
References: <20221018170452.241864-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: cLaPgEqZSKIDDdd_34YVqPXotTuzMzNM
X-Proofpoint-ORIG-GUID: cLaPgEqZSKIDDdd_34YVqPXotTuzMzNM
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-10-18_06,2022-10-18_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 clxscore=1015 adultscore=0
 mlxlogscore=999 impostorscore=0 malwarescore=0 spamscore=0 suspectscore=0
 priorityscore=1501 phishscore=0 bulkscore=0 lowpriorityscore=0 mlxscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000
 definitions=main-2210180097
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: mprivozn@redhat.com, Stefan Berger <stefanb@linux.ibm.com>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1666112720215100003
Content-Type: text/plain; charset="utf-8"; x-default="true"

Add support for parsing swtpm 'cmdarg-migration' capability (since v0.8).

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/util/virtpm.c | 1 +
 src/util/virtpm.h | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index 91db0f31eb..19850de1c8 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -39,6 +39,7 @@ VIR_LOG_INIT("util.tpm");
 VIR_ENUM_IMPL(virTPMSwtpmFeature,
               VIR_TPM_SWTPM_FEATURE_LAST,
               "cmdarg-pwd-fd",
+              "cmdarg-migration",
 );
=20
 VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index a873881b23..fb330effa8 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -30,6 +30,7 @@ bool virTPMHasSwtpm(void);
=20
 typedef enum {
     VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD,
+    VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION,
=20
     VIR_TPM_SWTPM_FEATURE_LAST
 } virTPMSwtpmFeature;
--=20
2.37.3
From nobody Sat May  4 18:57:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1666112718; cv=none;
	d=zohomail.com; s=zohoarc;
	b=kTALOABbBjp4t8oiEx9jYj+CHTbB6zZRl3uz8aR/9AtOMW4UEyryyAcsz4f9xpTSXY1iRXEsRkJ9JH3MBXvgamsBITUEJYTokJ5poEAWvkHSOAfeVqh43RSESy3dnxU3v4oRt4/CVzLrRjy68csjIwbdOWZWjUz8Ph53eNoQVeQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1666112718;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=pctcQLvSojAx9qSNe/pBuhxI5ang67+HTBkRkCv8M6M=;
	b=Q85yAH/WmLxmoLfpMf7VqM1S8xRmwRYpElMZyYhKfZo4EnNvC1IzYCxM6R7dh4AMtwRdTyZFHMAqNeEQsayllo8WVa2FSU+tp1sTW7PIDrgLuG8QVlEFAVMXzkPA6sNRgvPooZozbg1HP+MTTRDNKLiTnO2k5IWyaIWSUjGye/g=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1666112718801188.25927626722728;
 Tue, 18 Oct 2022 10:05:18 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-616-ogGb9Mo5MxOnXiqWRzlm3w-1; Tue, 18 Oct 2022 13:05:12 -0400
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3A5A61871BFF;
	Tue, 18 Oct 2022 17:05:09 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 252E2C23F70;
	Tue, 18 Oct 2022 17:05:09 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 7767019465A2;
	Tue, 18 Oct 2022 17:05:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 69A5A1946A44 for <libvir-list@listman.corp.redhat.com>;
 Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 599C4C15BB4; Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 520D5C15BAB
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 388B92999B30
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-315-hfXbGnB9Ncm-acM3X2Ph2g-1; Tue, 18 Oct 2022 13:05:04 -0400
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 29IGtZqL009516;
 Tue, 18 Oct 2022 17:05:02 GMT
Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com
 [169.53.41.122])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ka03erc9j-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:01 +0000
Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1])
 by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 29IGpOR8014248;
 Tue, 18 Oct 2022 17:05:00 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
 (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
 by ppma04dal.us.ibm.com with ESMTP id 3k7mgb2m1n-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:00 +0000
Received: from smtpav02.dal12v.mail.ibm.com ([9.208.128.128])
 by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 29IH4xdT21824208
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Tue, 18 Oct 2022 17:04:59 GMT
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 622425805C;
 Tue, 18 Oct 2022 17:04:59 +0000 (GMT)
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 0BF1658051;
 Tue, 18 Oct 2022 17:04:59 +0000 (GMT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
 by smtpav02.dal12v.mail.ibm.com (Postfix) with ESMTP;
 Tue, 18 Oct 2022 17:04:58 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1666112717;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=pctcQLvSojAx9qSNe/pBuhxI5ang67+HTBkRkCv8M6M=;
	b=gLwdCqglQXN9EYEdq+ZKZ1VVBY78rnoc3N1ER67N+gQf5bHTSvK5oE+32XiRjqskfSgK6l
	fx4uUIlhRvtHiqv6bTg/Zo3w8SZYxwqvflaKJeUVBhlOI4U2aqYPKOTc5dkF7xudM7I0ym
	MARCbJ9USQFaixFQwGDcHncRpjsDBu8=
X-MC-Unique: ogGb9Mo5MxOnXiqWRzlm3w-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: hfXbGnB9Ncm-acM3X2Ph2g-1
From: Stefan Berger <stefanb@linux.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 2/6] qemu: tpm: Conditionally create storage on incoming
 migration
Date: Tue, 18 Oct 2022 13:04:48 -0400
Message-Id: <20221018170452.241864-3-stefanb@linux.ibm.com>
In-Reply-To: <20221018170452.241864-1-stefanb@linux.ibm.com>
References: <20221018170452.241864-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: Hs8JP8hmdrm_lk8HcLZjobZUN-v4u41q
X-Proofpoint-GUID: Hs8JP8hmdrm_lk8HcLZjobZUN-v4u41q
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-10-18_06,2022-10-18_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=764 bulkscore=0
 spamscore=0 clxscore=1015 impostorscore=0 priorityscore=1501 mlxscore=0
 adultscore=0 suspectscore=0 phishscore=0 malwarescore=0 lowpriorityscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000
 definitions=main-2210180097
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: mprivozn@redhat.com, Stefan Berger <stefanb@linux.ibm.com>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1666112720227100004
Content-Type: text/plain; charset="utf-8"; x-default="true"

Do not create storage if the TPM state files are on shared storage and
there's an incoming migration since in this case the storage directory
must already exist. Also do not run swtpm_setup in this case.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_tpm.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index dc09c94a4d..a45ad599aa 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -556,11 +556,19 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
     int pwdfile_fd =3D -1;
     int migpwdfile_fd =3D -1;
     const unsigned char *secretuuid =3D NULL;
+    bool create_storage =3D true;
=20
     if (!swtpm)
         return NULL;
=20
-    if (qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_grou=
p) < 0)
+    /* Do not create storage and run swtpm_setup on incoming migration over
+     * shared storage
+     */
+    if (incomingMigration && virFileIsSharedFS(tpm->data.emulator.storagep=
ath))
+        create_storage =3D false;
+
+    if (create_storage &&
+        qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_grou=
p) < 0)
         return NULL;
=20
     if (tpm->data.emulator.hassecretuuid)
--=20
2.37.3
From nobody Sat May  4 18:57:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1666112721; cv=none;
	d=zohomail.com; s=zohoarc;
	b=SQpvrUOuscpoMcjvpKa95tn5HT0vwx/4tk0et52WDpofvnTFjDmqe+odCQLWWJp8Zc07lEmaa9Hfor+1HNZ73l4m6IV6EaVF1zRFhhuN5fXQq2RIg3nXbxMqLXwS9+ZIMf1QB6nDkL7/d7G9xyNiZVtssgUbgsXVVTxr5DLmlmU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1666112721;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=QCyX6OmRHDoRz48NwKmQJaqgSP78rWfISbqN2Kmusvw=;
	b=T8rscUTzI7XNEzJcvKUpnxEuBflgziMVSMXQSC/gobT7aN1tikxYsCXEaAfIU6/zNAJcA3b4mGL+EZk4p9ZnqAX1CBYu3UcLMciZZL8OBEwL3YD2pCvehwplEV9zPG4cakAVZItn2fdgwoSHN2NyieeH9TI8owA+Op11hXZJ5Yw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1666112721549835.983862608305;
 Tue, 18 Oct 2022 10:05:21 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-198-vJEuZiSiOJeMGcbkOIYhcQ-1; Tue, 18 Oct 2022 13:05:16 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
 [10.11.54.2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1EE28858F17;
	Tue, 18 Oct 2022 17:05:10 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 07BD0404CD9A;
	Tue, 18 Oct 2022 17:05:10 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id E0C121946594;
	Tue, 18 Oct 2022 17:05:09 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
 [10.11.54.2])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 124451946594 for <libvir-list@listman.corp.redhat.com>;
 Tue, 18 Oct 2022 17:05:08 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id ECD8F404CD9B; Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id E5B4E404CD9A
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C745338173D6
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-651-X5Bik2jGMnqOAUFRNsp2yQ-1; Tue, 18 Oct 2022 13:05:04 -0400
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 29IGsTO3031081;
 Tue, 18 Oct 2022 17:05:02 GMT
Received: from ppma01wdc.us.ibm.com (fd.55.37a9.ip4.static.sl-reverse.com
 [169.55.85.253])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ka030rbew-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:02 +0000
Received: from pps.filterd (ppma01wdc.us.ibm.com [127.0.0.1])
 by ppma01wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 29IH4vmB028634;
 Tue, 18 Oct 2022 17:05:01 GMT
Received: from b03cxnp07027.gho.boulder.ibm.com
 (b03cxnp07027.gho.boulder.ibm.com [9.17.130.14])
 by ppma01wdc.us.ibm.com with ESMTP id 3k9be2a84g-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:01 +0000
Received: from smtpav02.dal12v.mail.ibm.com ([9.208.128.128])
 by b03cxnp07027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 29IH50or21824210
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Tue, 18 Oct 2022 17:05:00 GMT
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id D244D5805F;
 Tue, 18 Oct 2022 17:04:59 +0000 (GMT)
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 79C5C5805E;
 Tue, 18 Oct 2022 17:04:59 +0000 (GMT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
 by smtpav02.dal12v.mail.ibm.com (Postfix) with ESMTP;
 Tue, 18 Oct 2022 17:04:59 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1666112720;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=QCyX6OmRHDoRz48NwKmQJaqgSP78rWfISbqN2Kmusvw=;
	b=Zs4tgUZPtqElzZ/SOKz0sLTKl5HD4yxHYxsu3+QPsSTUoKEQqY4wFRTIttPA5mBPte1qqy
	XPme1xUM+3LhReoAf/dqfn4SKrUUAW33WdpStexverSgldnCAm2jRRRCC7z+xaU6IokQLy
	dJINf2snBqqcquszaqH7fiCrddYqP98=
X-MC-Unique: vJEuZiSiOJeMGcbkOIYhcQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: X5Bik2jGMnqOAUFRNsp2yQ-1
From: Stefan Berger <stefanb@linux.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 3/6] qemu: tpm: Add support for storing private TPM-related
 data
Date: Tue, 18 Oct 2022 13:04:49 -0400
Message-Id: <20221018170452.241864-4-stefanb@linux.ibm.com>
In-Reply-To: <20221018170452.241864-1-stefanb@linux.ibm.com>
References: <20221018170452.241864-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: ldz0LQ2hwJ6t5bvBXnQySBTIMjNAdALW
X-Proofpoint-GUID: ldz0LQ2hwJ6t5bvBXnQySBTIMjNAdALW
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-10-18_06,2022-10-18_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=999
 suspectscore=0 adultscore=0 malwarescore=0 priorityscore=1501
 impostorscore=0 mlxscore=0 spamscore=0 phishscore=0 clxscore=1015
 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2209130000 definitions=main-2210180097
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: mprivozn@redhat.com, Stefan Berger <stefanb@linux.ibm.com>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1666112722266100009
Content-Type: text/plain; charset="utf-8"; x-default="true"

Add support for storing private TPM-related data. The first private data
will be related to the capability of the started swtpm indicating whether
it is capable of migration with a shared storage setup since that requires
support for certain command line flags that were only becoming available
in v0.8.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/conf/domain_conf.c | 63 +++++++++++++++++++++++++++++++++---
 src/conf/domain_conf.h |  9 ++++++
 src/qemu/qemu_domain.c | 73 ++++++++++++++++++++++++++++++++++++++++++
 src/qemu/qemu_domain.h | 14 ++++++++
 4 files changed, 154 insertions(+), 5 deletions(-)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 7dba65cfeb..4178583950 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3276,6 +3276,22 @@ void virDomainHostdevDefClear(virDomainHostdevDef *d=
ef)
     }
 }
=20
+static virDomainTPMDef *
+virDomainTPMDefNew(virDomainXMLOption *xmlopt)
+{
+    virDomainTPMDef *def;
+
+    def =3D g_new0(virDomainTPMDef, 1);
+
+    if (xmlopt && xmlopt->privateData.tpmNew &&
+        !(def->privateData =3D xmlopt->privateData.tpmNew())) {
+        VIR_FREE(def);
+        return NULL;
+    }
+
+    return def;
+}
+
 void virDomainTPMDefFree(virDomainTPMDef *def)
 {
     if (!def)
@@ -3296,6 +3312,7 @@ void virDomainTPMDefFree(virDomainTPMDef *def)
     }
=20
     virDomainDeviceInfoClear(&def->info);
+    virObjectUnref(def->privateData);
     g_free(def);
 }
=20
@@ -10238,7 +10255,8 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
     g_autofree xmlNodePtr *nodes =3D NULL;
     int bank;
=20
-    def =3D g_new0(virDomainTPMDef, 1);
+    if (!(def =3D virDomainTPMDefNew(xmlopt)))
+        return NULL;
=20
     if (virXMLPropEnum(node, "model",
                        virDomainTPMModelTypeFromString,
@@ -10329,6 +10347,14 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt,
     if (virDomainDeviceInfoParseXML(xmlopt, node, ctxt, &def->info, flags)=
 < 0)
         goto error;
=20
+    if (flags & VIR_DOMAIN_DEF_PARSE_STATUS &&
+        xmlopt && xmlopt->privateData.tpmParse) {
+        if ((ctxt->node =3D virXPathNode("./privateData", ctxt))) {
+            if (xmlopt->privateData.tpmParse(ctxt, def) < 0)
+                goto error;
+        }
+    }
+
     return def;
=20
  error:
@@ -24049,10 +24075,32 @@ virDomainSoundCodecDefFormat(virBuffer *buf,
     return 0;
 }
=20
-static void
+static int
+virDomainTPMDefFormatPrivateData(virBuffer *buf,
+                                 const virDomainTPMDef *tpm,
+                                 unsigned int flags,
+                                 virDomainXMLOption *xmlopt)
+{
+    g_auto(virBuffer) childBuf =3D VIR_BUFFER_INIT_CHILD(buf);
+
+    if (!(flags & VIR_DOMAIN_DEF_FORMAT_STATUS) ||
+        !xmlopt ||
+        !xmlopt->privateData.tpmFormat)
+        return 0;
+
+    if (xmlopt->privateData.tpmFormat(tpm, &childBuf) < 0)
+        return -1;
+
+    virXMLFormatElement(buf, "privateData", NULL, &childBuf);
+    return 0;
+}
+
+
+static int
 virDomainTPMDefFormat(virBuffer *buf,
                       const virDomainTPMDef *def,
-                      unsigned int flags)
+                      unsigned int flags,
+                      virDomainXMLOption *xmlopt)
 {
     g_auto(virBuffer) attrBuf =3D VIR_BUFFER_INITIALIZER;
     g_auto(virBuffer) childBuf =3D VIR_BUFFER_INIT_CHILD(buf);
@@ -24101,8 +24149,12 @@ virDomainTPMDefFormat(virBuffer *buf,
=20
     virXMLFormatElement(&childBuf, "backend", &backendAttrBuf, &backendChi=
ldBuf);
     virDomainDeviceInfoFormat(&childBuf, &def->info, flags);
+    if (virDomainTPMDefFormatPrivateData(&childBuf, def, flags, xmlopt) < =
0)
+        return -1;
=20
     virXMLFormatElement(buf, "tpm", &attrBuf, &childBuf);
+
+    return 0;
 }
=20
=20
@@ -27188,7 +27240,8 @@ virDomainDefFormatInternalSetRootName(virDomainDef =
*def,
     }
=20
     for (n =3D 0; n < def->ntpms; n++) {
-        virDomainTPMDefFormat(buf, def->tpms[n], flags);
+        if (virDomainTPMDefFormat(buf, def->tpms[n], flags, xmlopt) < 0)
+            return -1;
     }
=20
     for (n =3D 0; n < def->ngraphics; n++) {
@@ -28454,7 +28507,7 @@ virDomainDeviceDefCopy(virDomainDeviceDef *src,
         rc =3D virDomainChrDefFormat(&buf, src->data.chr, flags);
         break;
     case VIR_DOMAIN_DEVICE_TPM:
-        virDomainTPMDefFormat(&buf, src->data.tpm, flags);
+        virDomainTPMDefFormat(&buf, src->data.tpm, flags, xmlopt);
         rc =3D 0;
         break;
     case VIR_DOMAIN_DEVICE_PANIC:
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 8f8a54bc41..82f71f8853 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -1445,6 +1445,8 @@ typedef enum {
 #define VIR_DOMAIN_TPM_DEFAULT_DEVICE "/dev/tpm0"
=20
 struct _virDomainTPMDef {
+    virObject *privateData;
+
     virDomainTPMModel model;
     virDomainTPMBackendType type;
     virDomainDeviceInfo info;
@@ -3248,6 +3250,10 @@ typedef int (*virDomainXMLPrivateDataStorageSourcePa=
rseFunc)(xmlXPathContextPtr
 typedef int (*virDomainXMLPrivateDataStorageSourceFormatFunc)(virStorageSo=
urce *src,
                                                               virBuffer *b=
uf);
=20
+typedef int (*virDomainXMLPrivateDataTPMParseFunc)(xmlXPathContextPtr ctxt,
+                                                   virDomainTPMDef *disk);
+typedef int (*virDomainXMLPrivateDataTPMFormatFunc)(const virDomainTPMDef =
*tpm,
+                                                    virBuffer *buf);
=20
 struct _virDomainXMLPrivateDataCallbacks {
     virDomainXMLPrivateDataAllocFunc  alloc;
@@ -3264,6 +3270,9 @@ struct _virDomainXMLPrivateDataCallbacks {
     virDomainXMLPrivateDataNewFunc    networkNew;
     virDomainXMLPrivateDataNewFunc    videoNew;
     virDomainXMLPrivateDataNewFunc    fsNew;
+    virDomainXMLPrivateDataTPMParseFunc tpmParse;
+    virDomainXMLPrivateDataTPMFormatFunc tpmFormat;
+    virDomainXMLPrivateDataNewFunc    tpmNew;
     virDomainXMLPrivateDataFormatFunc format;
     virDomainXMLPrivateDataParseFunc  parse;
     /* following function shall return a pointer which will be used as the
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 4c14fc2aef..97c62e2c9e 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1139,6 +1139,76 @@ qemuDomainVideoPrivateDispose(void *obj)
 }
=20
=20
+static virClass *qemuDomainTPMPrivateClass;
+static void qemuDomainTPMPrivateDispose(void *obj);
+
+
+static int
+qemuDomainTPMPrivateOnceInit(void)
+{
+    if (!VIR_CLASS_NEW(qemuDomainTPMPrivate, virClassForObject()))
+        return -1;
+
+    return 0;
+}
+
+VIR_ONCE_GLOBAL_INIT(qemuDomainTPMPrivate);
+
+
+static virObject *
+qemuDomainTPMPrivateNew(void)
+{
+    qemuDomainTPMPrivate *priv;
+
+    if (qemuDomainTPMPrivateInitialize() < 0)
+        return NULL;
+
+    if (!(priv =3D virObjectNew(qemuDomainTPMPrivateClass)))
+        return NULL;
+
+    return (virObject *) priv;
+}
+
+
+static void
+qemuDomainTPMPrivateDispose(void *obj G_GNUC_UNUSED)
+{
+}
+
+
+static int
+qemuDomainTPMPrivateParse(xmlXPathContextPtr ctxt,
+                          virDomainTPMDef *tpm)
+{
+    qemuDomainTPMPrivate *priv =3D QEMU_DOMAIN_TPM_PRIVATE(tpm);
+
+    priv->swtpm.can_migrate_shared_storage =3D
+        virXPathBoolean("string(./swtpm/@can_migrate_shared_storage)", ctx=
t);
+
+    return 0;
+}
+
+
+static int
+qemuDomainTPMPrivateFormat(const virDomainTPMDef *tpm,
+                           virBuffer *buf)
+{
+    qemuDomainTPMPrivate *priv =3D QEMU_DOMAIN_TPM_PRIVATE(tpm);
+
+    switch (tpm->type) {
+    case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+        if (priv->swtpm.can_migrate_shared_storage)
+            virBufferAddLit(buf, "<swtpm can_migrate_shared_storage=3D'yes=
'/>\n");
+        break;
+
+    case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+    case VIR_DOMAIN_TPM_TYPE_LAST:
+    }
+
+    return 0;
+}
+
+
 /* qemuDomainSecretInfoSetup:
  * @priv: pointer to domain private object
  * @alias: alias of the secret
@@ -3203,6 +3273,9 @@ virDomainXMLPrivateDataCallbacks virQEMUDriverPrivate=
DataCallbacks =3D {
     .graphicsNew =3D qemuDomainGraphicsPrivateNew,
     .networkNew =3D qemuDomainNetworkPrivateNew,
     .videoNew =3D qemuDomainVideoPrivateNew,
+    .tpmNew =3D qemuDomainTPMPrivateNew,
+    .tpmParse =3D qemuDomainTPMPrivateParse,
+    .tpmFormat =3D qemuDomainTPMPrivateFormat,
     .parse =3D qemuDomainObjPrivateXMLParse,
     .format =3D qemuDomainObjPrivateXMLFormat,
     .getParseOpaque =3D qemuDomainObjPrivateXMLGetParseOpaque,
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index a22deaf113..e7d3e1be40 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -407,6 +407,20 @@ struct _qemuDomainNetworkPrivate {
     qemuFDPass *vdpafd;
 };
=20
+
+#define QEMU_DOMAIN_TPM_PRIVATE(dev) \
+    ((qemuDomainTPMPrivate *) (dev)->privateData)
+
+typedef struct _qemuDomainTPMPrivate qemuDomainTPMPrivate;
+struct _qemuDomainTPMPrivate {
+    virObject parent;
+
+    struct {
+        bool can_migrate_shared_storage;
+    } swtpm;
+};
+
+
 void
 qemuDomainNetworkPrivateClearFDs(qemuDomainNetworkPrivate *priv);
=20
--=20
2.37.3
From nobody Sat May  4 18:57:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.129.124 as permitted sender) client-ip=170.10.129.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1666112716; cv=none;
	d=zohomail.com; s=zohoarc;
	b=iyAANUcpcgcS2zo/zKRRwCjkpCzNL5bwd+B8XcfRQ59wuCAQXgoNUB4f7W5du3EUQU/5tFJF3+Ogqtgv/GoLVm94tiyPjz+4OUU+/jF2peDb+UjZW1sd/lUiVVOzqynwCYttxQMQZFZO95XVqhzloWeY3ZJsO6HPzMX++FyI2qY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1666112716;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=wW5yJq9ZBwWf1L/eDSk7Xh+iNrZj64rX0J9d7wHf2ak=;
	b=bP29vSXaInhZ+owwczNi6EUFld5Brt6kzeyri3V4t0a1580TEiaUc5Z8LWKkrp94ZXEr4gP5iEc+iNzvmNp9UYB7VGSottD6u68K4dFMNPiv6sNq4xxlv66IHcyVb8GQ3kCI/IuSlx9LNqc3CJ4N82lrhPGHk2hx6BdguuMUMIE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com
	with SMTPS id 1666112716945835.4784290439771;
 Tue, 18 Oct 2022 10:05:16 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-397-u647QXGnPPWgpOaBgLOdXA-1; Tue, 18 Oct 2022 13:05:11 -0400
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F1C26858F13;
	Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 9291E49BB62;
	Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 17C4719465A2;
	Tue, 18 Oct 2022 17:05:07 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id CB6DA194658F for <libvir-list@listman.corp.redhat.com>;
 Tue, 18 Oct 2022 17:05:05 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id AF2F4C15BAB; Tue, 18 Oct 2022 17:05:05 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id A7E17C15BA5
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:05 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com
 [205.139.110.61])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8BBDD299E778
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:05 +0000 (UTC)
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
 [148.163.158.5]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-2-O_cerWs-PceOvFbFhZhK9g-1; Tue, 18 Oct 2022 13:05:03 -0400
Received: from pps.filterd (m0098417.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 29IH0qqt009566;
 Tue, 18 Oct 2022 17:05:03 GMT
Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com
 [169.63.121.186])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ka05q05vf-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:02 +0000
Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1])
 by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 29IGplpj013517;
 Tue, 18 Oct 2022 17:05:01 GMT
Received: from b03cxnp07029.gho.boulder.ibm.com
 (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16])
 by ppma03wdc.us.ibm.com with ESMTP id 3k7mg9fnw6-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:01 +0000
Received: from smtpav02.dal12v.mail.ibm.com ([9.208.128.128])
 by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 29IH4x7Z7602690
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Tue, 18 Oct 2022 17:05:00 GMT
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 433AD58066;
 Tue, 18 Oct 2022 17:05:00 +0000 (GMT)
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id EA3E75805E;
 Tue, 18 Oct 2022 17:04:59 +0000 (GMT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
 by smtpav02.dal12v.mail.ibm.com (Postfix) with ESMTP;
 Tue, 18 Oct 2022 17:04:59 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1666112714;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=wW5yJq9ZBwWf1L/eDSk7Xh+iNrZj64rX0J9d7wHf2ak=;
	b=YhtebMxWgT+GomIG5modV4rz4DWK6KyONR4bGDzV8MT1RxzzNY2UHdgY8M5pcMvD+RP6nC
	zaljsi2HkPPkAKci1A4VlMSq+yVpRWne3wYpO1SoIEyRv/mk0rlCWmTkdq3FeziGTqaYAt
	C9orH20StwY9Xw2mIdXJP04noGLi52w=
X-MC-Unique: u647QXGnPPWgpOaBgLOdXA-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: O_cerWs-PceOvFbFhZhK9g-1
From: Stefan Berger <stefanb@linux.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 4/6] qemu: tpm: Pass --migration option to swtpm if
 supported and needed
Date: Tue, 18 Oct 2022 13:04:50 -0400
Message-Id: <20221018170452.241864-5-stefanb@linux.ibm.com>
In-Reply-To: <20221018170452.241864-1-stefanb@linux.ibm.com>
References: <20221018170452.241864-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-GUID: hkou5YnXSJVyCg9kS1YtL8ATfMi8fUG1
X-Proofpoint-ORIG-GUID: hkou5YnXSJVyCg9kS1YtL8ATfMi8fUG1
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-10-18_06,2022-10-18_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 lowpriorityscore=0 malwarescore=0 impostorscore=0 suspectscore=0
 adultscore=0 spamscore=0 phishscore=0 mlxscore=0 clxscore=1015
 mlxlogscore=961 bulkscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2209130000 definitions=main-2210180097
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: mprivozn@redhat.com, Stefan Berger <stefanb@linux.ibm.com>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1666112718283100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Pass the --migration option to swtpm if swptm supports it (starting
with v0.8) and if the TPM's state is written on shared storage. If this
is the case apply the 'release-lock-outgoing' parameter with this
option and apply the 'incoming' parameter for incoming migration so that
swtpm releases the file lock on the source side when the state is migrated
and locks the file on the destination side when the state is received.

If a started swtpm instance is running with the necessary options of
migrating with share storage then remember this with a flag in the
virDomainTPMPrivateDef.

Report an error if swtpm does not support the --migration option and an
incoming migration across shared storage is requested.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_migration.c |  8 +++++
 src/qemu/qemu_tpm.c       | 66 ++++++++++++++++++++++++++++++++++++++-
 src/qemu/qemu_tpm.h       |  6 ++++
 3 files changed, 79 insertions(+), 1 deletion(-)

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 33105cf07b..5b4f4615ee 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -38,6 +38,7 @@
 #include "qemu_security.h"
 #include "qemu_slirp.h"
 #include "qemu_block.h"
+#include "qemu_tpm.h"
=20
 #include "domain_audit.h"
 #include "virlog.h"
@@ -2789,6 +2790,13 @@ qemuMigrationSrcBegin(virConnectPtr conn,
         goto cleanup;
     }
=20
+    if (qemuTPMHasSharedStorage(vm->def) &&
+        !qemuTPMCanMigrateSharedStorage(vm->def)) {
+        virReportError(VIR_ERR_NO_SUPPORT, "%s",
+                       _("the running swtpm does not support migration wit=
h shared storage"));
+        goto cleanup;
+    }
+
     if (flags & VIR_MIGRATE_POSTCOPY_RESUME) {
         ret =3D qemuMigrationSrcBeginResumePhase(conn, driver, vm, xmlin,
                                                cookieout, cookieoutlen, fl=
ags);
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index a45ad599aa..7b0afe94ec 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -557,6 +557,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
     int migpwdfile_fd =3D -1;
     const unsigned char *secretuuid =3D NULL;
     bool create_storage =3D true;
+    bool on_shared_storage;
=20
     if (!swtpm)
         return NULL;
@@ -564,7 +565,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
     /* Do not create storage and run swtpm_setup on incoming migration over
      * shared storage
      */
-    if (incomingMigration && virFileIsSharedFS(tpm->data.emulator.storagep=
ath))
+    on_shared_storage =3D virFileIsSharedFS(tpm->data.emulator.storagepath=
);
+    if (incomingMigration && on_shared_storage)
         create_storage =3D false;
=20
     if (create_storage &&
@@ -642,6 +644,31 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
         virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", migpw=
dfile_fd);
     }
=20
+    /* If swtpm supports it and the TPM state is stored on shared storage,
+     * start swtpm with --migration release-lock-outgoing so it can migrate
+     * across shared storage if needed.
+     */
+    QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage =3D fal=
se;
+    if (on_shared_storage &&
+        virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION)) {
+
+        virCommandAddArg(cmd, "--migration");
+        virCommandAddArgFormat(cmd, "release-lock-outgoing%s",
+                               incomingMigration ? ",incoming": "");
+        QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage =3D=
 true;
+    } else {
+        /* Report an error if there's an incoming migration across shared
+         * storage and swtpm does not support the --migration option.
+         */
+        if (incomingMigration && on_shared_storage) {
+            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+                _("%s (on destination side) does not support the --migrati=
on option "
+                  "needed for migration with shared storage"),
+                   swtpm);
+            goto error;
+        }
+    }
+
     return g_steal_pointer(&cmd);
=20
  error:
@@ -962,6 +989,43 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
 }
=20
=20
+bool
+qemuTPMHasSharedStorage(virDomainDef *def)
+{
+    size_t i;
+
+    for (i =3D 0; i < def->ntpms; i++) {
+        virDomainTPMDef *tpm =3D def->tpms[i];
+        switch (tpm->type) {
+        case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+            return virFileIsSharedFS(tpm->data.emulator.storagepath);
+        case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+        case VIR_DOMAIN_TPM_TYPE_LAST:
+        }
+    }
+
+    return false;
+}
+
+
+bool
+qemuTPMCanMigrateSharedStorage(virDomainDef *def)
+{
+    size_t i;
+
+    for (i =3D 0; i < def->ntpms; i++) {
+        virDomainTPMDef *tpm =3D def->tpms[i];
+        switch (tpm->type) {
+        case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+            return QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_=
storage;
+        case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+        case VIR_DOMAIN_TPM_TYPE_LAST:
+        }
+    }
+    return true;
+}
+
+
 /* ---------------------
  *  Module entry points
  * ---------------------
diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h
index f068f3ca5a..9daa3e14df 100644
--- a/src/qemu/qemu_tpm.h
+++ b/src/qemu/qemu_tpm.h
@@ -56,3 +56,9 @@ int qemuExtTPMSetupCgroup(virQEMUDriver *driver,
                           virCgroup *cgroup)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
     G_GNUC_WARN_UNUSED_RESULT;
+
+bool qemuTPMHasSharedStorage(virDomainDef *def)
+    ATTRIBUTE_NONNULL(1);
+
+bool qemuTPMCanMigrateSharedStorage(virDomainDef *def)
+    ATTRIBUTE_NONNULL(1);
--=20
2.37.3
From nobody Sat May  4 18:57:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1666112732; cv=none;
	d=zohomail.com; s=zohoarc;
	b=fLX8oUD/mOo/ZFIMOKM5aYT9DgcgtZrtjgWtSHmFpfsH0nt9XfSWQn40vUWeliCGLlM4c5YlnGTGXHvjmOjuibq218R4jaJ+0JMNjntIZfAx9DAOV6/VkB+OBNErKnlaxc3toBBtemqU7GcADWV98UQJZRAiuaO11uVNJF2OoFA=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1666112732;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=e6Cmd49q5hQE4XYoqEWyckmgiCABsqYNuqoypz2XcFQ=;
	b=iI6FnfuZoukOoAWa0i7bgD+ETP5AOnFdgoqmZA2cCv3C8kTocN6DE0FYoUNYnvZKnxoia/A/A+/3Txy1aOhoeGGxR03EbkjNbZAo/fAritd0humdSEeQpNiyakfdGW6lusKAaBAB9Q58Pa9Rs+Osgtvewg79mQfF7tD3+HCBP6o=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1666112732480602.0634236235962;
 Tue, 18 Oct 2022 10:05:32 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-662-Hu4NGQ_5N96SD8xi4pmJ5g-1; Tue, 18 Oct 2022 13:05:27 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com
 [10.11.54.2])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F26B0857D17;
	Tue, 18 Oct 2022 17:05:22 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id DD7D6404CD80;
	Tue, 18 Oct 2022 17:05:22 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id B1A5D1946597;
	Tue, 18 Oct 2022 17:05:22 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com
 [10.11.54.10])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id A1328194658F for <libvir-list@listman.corp.redhat.com>;
 Tue, 18 Oct 2022 17:05:21 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 91D41492B12; Tue, 18 Oct 2022 17:05:21 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 63235492B0A
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:21 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [207.211.31.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1ABD085A5B6
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:21 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-225-c7BJdvwwMKah0G7GNRPkRw-1; Tue, 18 Oct 2022 13:05:15 -0400
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 29IGtXR9009261;
 Tue, 18 Oct 2022 17:05:04 GMT
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com
 [169.47.144.27])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ka03ercax-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:04 +0000
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
 by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 29IGo7mc003847;
 Tue, 18 Oct 2022 17:05:01 GMT
Received: from b03cxnp07029.gho.boulder.ibm.com
 (b03cxnp07029.gho.boulder.ibm.com [9.17.130.16])
 by ppma05wdc.us.ibm.com with ESMTP id 3k7mg9qp9p-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:01 +0000
Received: from smtpav02.dal12v.mail.ibm.com ([9.208.128.128])
 by b03cxnp07029.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 29IH4xhi23003802
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Tue, 18 Oct 2022 17:05:00 GMT
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id A6DA35805F;
 Tue, 18 Oct 2022 17:05:00 +0000 (GMT)
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 5A13A5805E;
 Tue, 18 Oct 2022 17:05:00 +0000 (GMT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
 by smtpav02.dal12v.mail.ibm.com (Postfix) with ESMTP;
 Tue, 18 Oct 2022 17:05:00 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1666112730;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=e6Cmd49q5hQE4XYoqEWyckmgiCABsqYNuqoypz2XcFQ=;
	b=Sd6nUxKOcvYdAb3suq2u0twteJ1U/2KVCXRPWZOw39+wH8rTAW9YU0q8EXmcqzZhiSHRLp
	2JEmE2QrpzEVeqsgb1HtVT9kxl5LtqlWyoTJFjzkP+/9B5FaVgAaGTlxSy81sreF9FIbeq
	kp+62uLZX53wYMvLTrDVY5QCZPCYVrs=
X-MC-Unique: Hu4NGQ_5N96SD8xi4pmJ5g-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: c7BJdvwwMKah0G7GNRPkRw-1
From: Stefan Berger <stefanb@linux.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 5/6] qemu: tpm: Avoid security labels on incoming migration
 with shared storage
Date: Tue, 18 Oct 2022 13:04:51 -0400
Message-Id: <20221018170452.241864-6-stefanb@linux.ibm.com>
In-Reply-To: <20221018170452.241864-1-stefanb@linux.ibm.com>
References: <20221018170452.241864-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: FaVwSBJtlLUT0SlU1f0yh4bZpjPwLpDd
X-Proofpoint-GUID: FaVwSBJtlLUT0SlU1f0yh4bZpjPwLpDd
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-10-18_06,2022-10-18_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=999 bulkscore=0
 spamscore=0 clxscore=1015 impostorscore=0 priorityscore=1501 mlxscore=0
 adultscore=0 suspectscore=0 phishscore=0 malwarescore=0 lowpriorityscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000
 definitions=main-2210180097
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: mprivozn@redhat.com, Stefan Berger <stefanb@linux.ibm.com>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1666112734414100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

When using shared storage there is no need to apply security labels on the
storage since the files have to have been labeled already on the source
side and we must assume that the source and destination side have been
setup to use the same uid and gid for running swtpm as well as share the
same security labels. Whether the security labels can be used at all
depends on the shared storage and whether and how it supports them.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_tpm.c | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 7b0afe94ec..69410e36ff 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -933,10 +933,18 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
     virCommandSetPidFile(cmd, pidfile);
     virCommandSetErrorFD(cmd, &errfd);
=20
-    if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
-                                     cfg->swtpm_user, cfg->swtpm_group,
-                                     NULL, &cmdret) < 0)
-        return -1;
+    if (incomingMigration && virFileIsSharedFS(tpm->data.emulator.storagep=
ath)) {
+        /* security labels must have been set up on source already */
+        if (qemuSecurityCommandRun(driver, vm, cmd,
+                                   cfg->swtpm_user, cfg->swtpm_group,
+                                   NULL, &cmdret) < 0) {
+            goto error;
+        }
+    } else if (qemuSecurityStartTPMEmulator(driver, vm, cmd,
+                                            cfg->swtpm_user, cfg->swtpm_gr=
oup,
+                                            NULL, &cmdret) < 0) {
+        goto error;
+    }
=20
     if (cmdret < 0) {
         /* virCommandRun() hidden in qemuSecurityStartTPMEmulator()
--=20
2.37.3
From nobody Sat May  4 18:57:05 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=linux.ibm.com
ARC-Seal: i=1; a=rsa-sha256; t=1666112764; cv=none;
	d=zohomail.com; s=zohoarc;
	b=SgrjxWp95EUuUGmjFwdfH3eKM6jHGIYUQ0k75lRvSX4LKpKnmnubpe/p52erZc9SKV031alkJ8y+ZJJjHFJV86wLxOUzxeJnDPIi/3grleYnY9OHNXhhpebM+h+DH1XF085zE4xUwDScdHaoe6uC1sOKM/14gzd0/0rsCStB3Bc=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1666112764;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=71FYurK1a1X5BFEmmS5OenY4m7PNQoj4gmPvqhQ6I90=;
	b=m0md/1XdNsOomNw91QGpZ1G22grdZPTlYcf146Y45CoOg9PaL8n1t/CL6ofTaSe5kWe1AF+6NjKRnCfQ4gkBPby90Ujt1ei5atjiQzX8ajeJgzBdONLztX5+R3IGNo/lkzvEkoK7CBQ2kp43PYi56wnh3mNBL+mMK3TnzpFVb2U=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<stefanb@linux.ibm.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1666112764894240.50712964129468;
 Tue, 18 Oct 2022 10:06:04 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-649-4tBUCyb2NGSzL0d4SaZHoQ-1; Tue, 18 Oct 2022 13:05:16 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5DAEC86EB23;
	Tue, 18 Oct 2022 17:05:12 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 470141460F8A;
	Tue, 18 Oct 2022 17:05:12 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 36FA81946595;
	Tue, 18 Oct 2022 17:05:12 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 858F61946A50 for <libvir-list@listman.corp.redhat.com>;
 Tue, 18 Oct 2022 17:05:08 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 79174402F0D; Tue, 18 Oct 2022 17:05:08 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast07.extmail.prod.ext.rdu2.redhat.com [10.11.55.23])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 716E04030D1
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:08 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [207.211.31.120])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 525583C0DDB1
 for <libvir-list@redhat.com>; Tue, 18 Oct 2022 17:05:08 +0000 (UTC)
Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com
 [148.163.156.1]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-505-a01HvyahPB-xlusbGTUf9Q-1; Tue, 18 Oct 2022 13:05:06 -0400
Received: from pps.filterd (m0098399.ppops.net [127.0.0.1])
 by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 29IGsTTX031086;
 Tue, 18 Oct 2022 17:05:04 GMT
Received: from ppma05wdc.us.ibm.com (1b.90.2fa9.ip4.static.sl-reverse.com
 [169.47.144.27])
 by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3ka030rbgt-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:04 +0000
Received: from pps.filterd (ppma05wdc.us.ibm.com [127.0.0.1])
 by ppma05wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 29IGo7oK003866;
 Tue, 18 Oct 2022 17:05:02 GMT
Received: from b03cxnp08025.gho.boulder.ibm.com
 (b03cxnp08025.gho.boulder.ibm.com [9.17.130.17])
 by ppma05wdc.us.ibm.com with ESMTP id 3k7mg9qp9q-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Tue, 18 Oct 2022 17:05:02 +0000
Received: from smtpav02.dal12v.mail.ibm.com ([9.208.128.128])
 by b03cxnp08025.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 29IH4xgG8323770
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
 Tue, 18 Oct 2022 17:05:00 GMT
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id 233DE58066;
 Tue, 18 Oct 2022 17:05:01 +0000 (GMT)
Received: from smtpav02.dal12v.mail.ibm.com (unknown [127.0.0.1])
 by IMSVA (Postfix) with ESMTP id BEE645805C;
 Tue, 18 Oct 2022 17:05:00 +0000 (GMT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
 by smtpav02.dal12v.mail.ibm.com (Postfix) with ESMTP;
 Tue, 18 Oct 2022 17:05:00 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1666112763;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=71FYurK1a1X5BFEmmS5OenY4m7PNQoj4gmPvqhQ6I90=;
	b=ClEjhrsNHUrkSB+m2NDY6u5/hohNbzPb1FMsZPm5ME5H/8t7IB25RoNMtS3CHwd/TDk66g
	P5rjeEfBYKaTmIhcy0OqCQcu0jSxx1oYbQvVINixnXfW7cRsnhJeFvZuyA8vpJ/NsT+N8+
	lD4dlOThkJRhKINpMbEaJe42bVFmEa4=
X-MC-Unique: 4tBUCyb2NGSzL0d4SaZHoQ-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: a01HvyahPB-xlusbGTUf9Q-1
From: Stefan Berger <stefanb@linux.ibm.com>
To: libvir-list@redhat.com
Subject: [PATCH v3 6/6] qemu: tpm: Never remove state on outgoing migration
 and shared storage
Date: Tue, 18 Oct 2022 13:04:52 -0400
Message-Id: <20221018170452.241864-7-stefanb@linux.ibm.com>
In-Reply-To: <20221018170452.241864-1-stefanb@linux.ibm.com>
References: <20221018170452.241864-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: xYP0neg7zplJeptlVP3wjbILgrp7TjFA
X-Proofpoint-GUID: xYP0neg7zplJeptlVP3wjbILgrp7TjFA
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1
 definitions=2022-10-18_06,2022-10-18_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 mlxlogscore=999
 suspectscore=0 adultscore=0 malwarescore=0 priorityscore=1501
 impostorscore=0 mlxscore=0 spamscore=0 phishscore=0 clxscore=1015
 lowpriorityscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.12.0-2209130000 definitions=main-2210180097
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Cc: mprivozn@redhat.com, Stefan Berger <stefanb@linux.ibm.com>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1666112765852100001
Content-Type: text/plain; charset="utf-8"; x-default="true"

Never remove the TPM state on outgoing migration if the storage setup
has shared storage for the TPM state files. Also, do not do the security
cleanup on outgoing migration if shared storage is detected.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_domain.c    | 12 +++++++-----
 src/qemu/qemu_domain.h    |  3 ++-
 src/qemu/qemu_driver.c    | 20 ++++++++++----------
 src/qemu/qemu_extdevice.c | 10 ++++++----
 src/qemu/qemu_extdevice.h |  6 ++++--
 src/qemu/qemu_migration.c | 12 ++++++------
 src/qemu/qemu_process.c   |  9 ++++++---
 src/qemu/qemu_snapshot.c  |  4 ++--
 src/qemu/qemu_tpm.c       | 21 ++++++++++++++++-----
 src/qemu/qemu_tpm.h       |  6 ++++--
 10 files changed, 63 insertions(+), 40 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 97c62e2c9e..20cc2409fc 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7245,7 +7245,8 @@ qemuDomainSnapshotDiscardAllMetadata(virQEMUDriver *d=
river,
 static void
 qemuDomainRemoveInactiveCommon(virQEMUDriver *driver,
                                virDomainObj *vm,
-                               virDomainUndefineFlagsValues flags)
+                               virDomainUndefineFlagsValues flags,
+                               bool outgoingMigration)
 {
     g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver);
     g_autofree char *snapDir =3D NULL;
@@ -7271,7 +7272,7 @@ qemuDomainRemoveInactiveCommon(virQEMUDriver *driver,
         if (rmdir(chkDir) < 0 && errno !=3D ENOENT)
             VIR_WARN("unable to remove checkpoint directory %s", chkDir);
     }
-    qemuExtDevicesCleanupHost(driver, vm->def, flags);
+    qemuExtDevicesCleanupHost(driver, vm->def, flags, outgoingMigration);
 }
=20
=20
@@ -7283,14 +7284,15 @@ qemuDomainRemoveInactiveCommon(virQEMUDriver *drive=
r,
 void
 qemuDomainRemoveInactive(virQEMUDriver *driver,
                          virDomainObj *vm,
-                         virDomainUndefineFlagsValues flags)
+                         virDomainUndefineFlagsValues flags,
+                         bool outgoingMigration)
 {
     if (vm->persistent) {
         /* Short-circuit, we don't want to remove a persistent domain */
         return;
     }
=20
-    qemuDomainRemoveInactiveCommon(driver, vm, flags);
+    qemuDomainRemoveInactiveCommon(driver, vm, flags, outgoingMigration);
=20
     virDomainObjListRemove(driver->domains, vm);
 }
@@ -7312,7 +7314,7 @@ qemuDomainRemoveInactiveLocked(virQEMUDriver *driver,
         return;
     }
=20
-    qemuDomainRemoveInactiveCommon(driver, vm, 0);
+    qemuDomainRemoveInactiveCommon(driver, vm, 0, false);
=20
     virDomainObjListRemoveLocked(driver->domains, vm);
 }
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
index e7d3e1be40..11ea52c32d 100644
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -696,7 +696,8 @@ int qemuDomainSnapshotDiscardAllMetadata(virQEMUDriver =
*driver,
=20
 void qemuDomainRemoveInactive(virQEMUDriver *driver,
                               virDomainObj *vm,
-                              virDomainUndefineFlagsValues flags);
+                              virDomainUndefineFlagsValues flags,
+                              bool outgoingMigration);
=20
 void
 qemuDomainRemoveInactiveLocked(virQEMUDriver *driver,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 5c75000742..017cda2a9c 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1611,7 +1611,7 @@ static virDomainPtr qemuDomainCreateXML(virConnectPtr=
 conn,
         goto cleanup;
=20
     if (qemuProcessBeginJob(vm, VIR_DOMAIN_JOB_OPERATION_START, flags) < 0=
) {
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
         goto cleanup;
     }
=20
@@ -1620,7 +1620,7 @@ static virDomainPtr qemuDomainCreateXML(virConnectPtr=
 conn,
                          VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
                          start_flags) < 0) {
         virDomainAuditStart(vm, "booted", false);
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
         qemuProcessEndJob(vm);
         goto cleanup;
     }
@@ -2103,7 +2103,7 @@ qemuDomainDestroyFlags(virDomainPtr dom,
     ret =3D 0;
  endjob:
     if (ret =3D=3D 0)
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
     virDomainObjEndJob(vm);
=20
  cleanup:
@@ -2723,7 +2723,7 @@ qemuDomainSaveInternal(virQEMUDriver *driver,
     }
     virDomainObjEndAsyncJob(vm);
     if (ret =3D=3D 0)
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
=20
  cleanup:
     virQEMUSaveDataFree(data);
@@ -3263,7 +3263,7 @@ qemuDomainCoreDumpWithFormat(virDomainPtr dom,
=20
     virDomainObjEndAsyncJob(vm);
     if (ret =3D=3D 0 && flags & VIR_DUMP_CRASH)
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
=20
  cleanup:
     virDomainObjEndAPI(&vm);
@@ -3575,7 +3575,7 @@ processGuestPanicEvent(virQEMUDriver *driver,
  endjob:
     virDomainObjEndAsyncJob(vm);
     if (removeInactive)
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
 }
=20
=20
@@ -4053,7 +4053,7 @@ processMonitorEOFEvent(virQEMUDriver *driver,
     virObjectEventStateQueue(driver->domainEventState, event);
=20
  endjob:
-    qemuDomainRemoveInactive(driver, vm, 0);
+    qemuDomainRemoveInactive(driver, vm, 0, false);
     virDomainObjEndJob(vm);
 }
=20
@@ -5985,7 +5985,7 @@ qemuDomainRestoreInternal(virConnectPtr conn,
     virFileWrapperFdFree(wrapperFd);
     virQEMUSaveDataFree(data);
     if (vm && ret < 0)
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
     virDomainObjEndAPI(&vm);
     return ret;
 }
@@ -6675,7 +6675,7 @@ qemuDomainDefineXMLFlags(virConnectPtr conn,
         } else {
             /* Brand new domain. Remove it */
             VIR_INFO("Deleting domain '%s'", vm->def->name);
-            qemuDomainRemoveInactive(driver, vm, 0);
+            qemuDomainRemoveInactive(driver, vm, 0, false);
         }
     }
=20
@@ -6824,7 +6824,7 @@ qemuDomainUndefineFlags(virDomainPtr dom,
      */
     vm->persistent =3D 0;
     if (!virDomainObjIsActive(vm))
-        qemuDomainRemoveInactive(driver, vm, flags);
+        qemuDomainRemoveInactive(driver, vm, flags, false);
=20
     ret =3D 0;
  endjob:
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index 24a57b0f74..3eaf6571a2 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -152,7 +152,8 @@ qemuExtDevicesPrepareHost(virQEMUDriver *driver,
 void
 qemuExtDevicesCleanupHost(virQEMUDriver *driver,
                           virDomainDef *def,
-                          virDomainUndefineFlagsValues flags)
+                          virDomainUndefineFlagsValues flags,
+                          bool outgoingMigration)
 {
     size_t i;
=20
@@ -160,7 +161,7 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver,
         return;
=20
     for (i =3D 0; i < def->ntpms; i++) {
-        qemuExtTPMCleanupHost(def->tpms[i], flags);
+        qemuExtTPMCleanupHost(def->tpms[i], flags, outgoingMigration);
     }
 }
=20
@@ -225,7 +226,8 @@ qemuExtDevicesStart(virQEMUDriver *driver,
=20
 void
 qemuExtDevicesStop(virQEMUDriver *driver,
-                   virDomainObj *vm)
+                   virDomainObj *vm,
+                   bool outgoingMigration)
 {
     virDomainDef *def =3D vm->def;
     size_t i;
@@ -242,7 +244,7 @@ qemuExtDevicesStop(virQEMUDriver *driver,
=20
     for (i =3D 0; i < def->ntpms; i++) {
         if (def->tpms[i]->type =3D=3D VIR_DOMAIN_TPM_TYPE_EMULATOR)
-            qemuExtTPMStop(driver, vm);
+            qemuExtTPMStop(driver, vm, outgoingMigration);
     }
=20
     for (i =3D 0; i < def->nnets; i++) {
diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h
index 6b05b59cd6..86e7133a2a 100644
--- a/src/qemu/qemu_extdevice.h
+++ b/src/qemu/qemu_extdevice.h
@@ -42,7 +42,8 @@ int qemuExtDevicesPrepareHost(virQEMUDriver *driver,
=20
 void qemuExtDevicesCleanupHost(virQEMUDriver *driver,
                                virDomainDef *def,
-                               virDomainUndefineFlagsValues flags)
+                               virDomainUndefineFlagsValues flags,
+                               bool outgoingMigration)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
=20
 int qemuExtDevicesStart(virQEMUDriver *driver,
@@ -52,7 +53,8 @@ int qemuExtDevicesStart(virQEMUDriver *driver,
     G_GNUC_WARN_UNUSED_RESULT;
=20
 void qemuExtDevicesStop(virQEMUDriver *driver,
-                        virDomainObj *vm)
+                        virDomainObj *vm,
+                        bool outgoingMigration)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
=20
 bool qemuExtDevicesHasDevice(virDomainDef *def);
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 5b4f4615ee..990c7e6829 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3399,7 +3399,7 @@ qemuMigrationDstPrepareFresh(virQEMUDriver *driver,
          * and there is no 'goto cleanup;' in the middle of those */
         VIR_FREE(priv->origname);
         virDomainObjRemoveTransientDef(vm);
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
     }
     virDomainObjEndAPI(&vm);
     virErrorRestore(&origErr);
@@ -4044,7 +4044,7 @@ qemuMigrationSrcConfirm(virQEMUDriver *driver,
             virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm);
             vm->persistent =3D 0;
         }
-        qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM);
+        qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM, true=
);
     }
=20
  cleanup:
@@ -6047,7 +6047,7 @@ qemuMigrationSrcPerformJob(virQEMUDriver *driver,
             virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm);
             vm->persistent =3D 0;
         }
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, true);
     }
=20
     virErrorRestore(&orig_err);
@@ -6174,7 +6174,7 @@ qemuMigrationSrcPerformPhase(virQEMUDriver *driver,
     }
=20
     if (!virDomainObjIsActive(vm))
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, true);
=20
     return ret;
 }
@@ -6710,7 +6710,7 @@ qemuMigrationDstFinishActive(virQEMUDriver *driver,
     }
=20
     if (!virDomainObjIsActive(vm))
-        qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM);
+        qemuDomainRemoveInactive(driver, vm, VIR_DOMAIN_UNDEFINE_TPM, fals=
e);
=20
     virErrorRestore(&orig_err);
     return NULL;
@@ -6847,7 +6847,7 @@ qemuMigrationProcessUnattended(virQEMUDriver *driver,
     qemuMigrationJobFinish(vm);
=20
     if (!virDomainObjIsActive(vm))
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
 }
=20
=20
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 1a9175f40f..26b2edb05f 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -8073,6 +8073,7 @@ void qemuProcessStop(virQEMUDriver *driver,
     g_autofree char *timestamp =3D NULL;
     g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver);
     g_autoptr(virConnect) conn =3D NULL;
+    bool outgoingMigration;
=20
     VIR_DEBUG("Shutting down vm=3D%p name=3D%s id=3D%d pid=3D%lld, "
               "reason=3D%s, asyncJob=3D%s, flags=3D0x%x",
@@ -8170,7 +8171,9 @@ void qemuProcessStop(virQEMUDriver *driver,
=20
     qemuDomainCleanupRun(driver, vm);
=20
-    qemuExtDevicesStop(driver, vm);
+    outgoingMigration =3D (flags & VIR_QEMU_PROCESS_STOP_MIGRATED) &&
+        (asyncJob !=3D VIR_ASYNC_JOB_MIGRATION_IN);
+    qemuExtDevicesStop(driver, vm, outgoingMigration);
=20
     qemuDBusStop(driver, vm);
=20
@@ -8436,7 +8439,7 @@ qemuProcessAutoDestroy(virDomainObj *dom,
                                      VIR_DOMAIN_EVENT_STOPPED,
                                      VIR_DOMAIN_EVENT_STOPPED_DESTROYED);
=20
-    qemuDomainRemoveInactive(driver, dom, 0);
+    qemuDomainRemoveInactive(driver, dom, 0, false);
=20
     virDomainObjEndJob(dom);
=20
@@ -8899,7 +8902,7 @@ qemuProcessReconnect(void *opaque)
     if (jobStarted)
         virDomainObjEndJob(obj);
     if (!virDomainObjIsActive(obj))
-        qemuDomainRemoveInactive(driver, obj, 0);
+        qemuDomainRemoveInactive(driver, obj, 0, false);
     virDomainObjEndAPI(&obj);
     virIdentitySetCurrent(NULL);
     return;
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 06b5c180ff..d7983c134f 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -2103,7 +2103,7 @@ qemuSnapshotRevertInactive(virDomainObj *vm,
     }
=20
     if (qemuSnapshotInternalRevertInactive(driver, vm, snap) < 0) {
-        qemuDomainRemoveInactive(driver, vm, 0);
+        qemuDomainRemoveInactive(driver, vm, 0, false);
         return -1;
     }
=20
@@ -2125,7 +2125,7 @@ qemuSnapshotRevertInactive(virDomainObj *vm,
                               start_flags);
         virDomainAuditStart(vm, "from-snapshot", rc >=3D 0);
         if (rc < 0) {
-            qemuDomainRemoveInactive(driver, vm, 0);
+            qemuDomainRemoveInactive(driver, vm, 0, false);
             return -1;
         }
         detail =3D VIR_DOMAIN_EVENT_STARTED_FROM_SNAPSHOT;
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 69410e36ff..f7d1487111 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -729,13 +729,21 @@ qemuTPMEmulatorInitPaths(virDomainTPMDef *tpm,
  * qemuTPMEmulatorCleanupHost:
  * @tpm: TPM definition
  * @flags: flags indicating whether to keep or remove TPM persistent state
+ * @outgoingMigration: whether cleanup due to an outgoing migration
  *
  * Clean up persistent storage for the swtpm.
  */
 static void
 qemuTPMEmulatorCleanupHost(virDomainTPMDef *tpm,
-                           virDomainUndefineFlagsValues flags)
+                           virDomainUndefineFlagsValues flags,
+                           bool outgoingMigration)
 {
+    /* Never remove the state in case of outgoing migration with shared
+     * storage.
+     */
+    if (outgoingMigration && virFileIsSharedFS(tpm->data.emulator.storagep=
ath))
+        return;
+
     /*
      * remove TPM state if:
      * - persistent_state flag is set and the UNDEFINE_TPM flag is set
@@ -1081,9 +1089,10 @@ qemuExtTPMPrepareHost(virQEMUDriver *driver,
=20
 void
 qemuExtTPMCleanupHost(virDomainTPMDef *tpm,
-                      virDomainUndefineFlagsValues flags)
+                      virDomainUndefineFlagsValues flags,
+                      bool outgoingMigration)
 {
-    qemuTPMEmulatorCleanupHost(tpm, flags);
+    qemuTPMEmulatorCleanupHost(tpm, flags, outgoingMigration);
 }
=20
=20
@@ -1104,7 +1113,8 @@ qemuExtTPMStart(virQEMUDriver *driver,
=20
 void
 qemuExtTPMStop(virQEMUDriver *driver,
-               virDomainObj *vm)
+               virDomainObj *vm,
+               bool outgoingMigration)
 {
     g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver);
     g_autofree char *shortName =3D virDomainDefGetShortName(vm->def);
@@ -1113,7 +1123,8 @@ qemuExtTPMStop(virQEMUDriver *driver,
         return;
=20
     qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
-    qemuSecurityCleanupTPMEmulator(driver, vm);
+    if (!(outgoingMigration && qemuTPMHasSharedStorage(vm->def)))
+        qemuSecurityCleanupTPMEmulator(driver, vm);
 }
=20
=20
diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h
index 9daa3e14df..53ff51f1d0 100644
--- a/src/qemu/qemu_tpm.h
+++ b/src/qemu/qemu_tpm.h
@@ -36,7 +36,8 @@ int qemuExtTPMPrepareHost(virQEMUDriver *driver,
     G_GNUC_WARN_UNUSED_RESULT;
=20
 void qemuExtTPMCleanupHost(virDomainTPMDef *tpm,
-                           virDomainUndefineFlagsValues flags)
+                           virDomainUndefineFlagsValues flags,
+                           bool outgoingMigration)
     ATTRIBUTE_NONNULL(1);
=20
 int qemuExtTPMStart(virQEMUDriver *driver,
@@ -48,7 +49,8 @@ int qemuExtTPMStart(virQEMUDriver *driver,
     G_GNUC_WARN_UNUSED_RESULT;
=20
 void qemuExtTPMStop(virQEMUDriver *driver,
-                    virDomainObj *vm)
+                    virDomainObj *vm,
+                    bool outgoingMigration)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2);
=20
 int qemuExtTPMSetupCgroup(virQEMUDriver *driver,
--=20
2.37.3