From nobody Sun Feb  8 05:40:22 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=reject dis=none)  header.from=linux.ibm.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1729283307867310.9635880143543;
 Fri, 18 Oct 2024 13:28:27 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id C6493162C; Fri, 18 Oct 2024 16:28:26 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id DC69E1540;
	Fri, 18 Oct 2024 16:24:45 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 5B19814F6; Fri, 18 Oct 2024 16:24:25 -0400 (EDT)
Received: from mx0b-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com
 [148.163.158.5])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 9069BDEE
	for <devel@lists.libvirt.org>; Fri, 18 Oct 2024 16:24:24 -0400 (EDT)
Received: from pps.filterd (m0356516.ppops.net [127.0.0.1])
	by mx0a-001b2d01.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id
 49IA0vOo014451;
	Fri, 18 Oct 2024 20:24:24 GMT
Received: from ppma12.dal12v.mail.ibm.com
 (dc.9e.1632.ip4.static.sl-reverse.com [50.22.158.220])
	by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 42aqgrb132-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 18 Oct 2024 20:24:23 +0000 (GMT)
Received: from pps.filterd (ppma12.dal12v.mail.ibm.com [127.0.0.1])
	by ppma12.dal12v.mail.ibm.com (8.18.1.2/8.18.1.2) with ESMTP id
 49IGvVM6006690;
	Fri, 18 Oct 2024 20:24:23 GMT
Received: from smtprelay02.dal12v.mail.ibm.com ([172.16.1.4])
	by ppma12.dal12v.mail.ibm.com (PPS) with ESMTPS id 4283esetar-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Fri, 18 Oct 2024 20:24:23 +0000
Received: from smtpav04.dal12v.mail.ibm.com (smtpav04.dal12v.mail.ibm.com
 [10.241.53.103])
	by smtprelay02.dal12v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id
 49IKOMRS48496958
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 18 Oct 2024 20:24:23 GMT
Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id DB90D5805E;
	Fri, 18 Oct 2024 20:24:22 +0000 (GMT)
Received: from smtpav04.dal12v.mail.ibm.com (unknown [127.0.0.1])
	by IMSVA (Postfix) with ESMTP id 92D8658056;
	Fri, 18 Oct 2024 20:24:22 +0000 (GMT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
	by smtpav04.dal12v.mail.ibm.com (Postfix) with ESMTP;
	Fri, 18 Oct 2024 20:24:22 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.2 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_LOW,
	RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=cc
	:content-transfer-encoding:date:from:in-reply-to:message-id
	:mime-version:references:subject:to; s=pp1; bh=NuGuwZpZmYsSRmFWu
	g1p4FA6YYToMW/4DpGW6YbAB1U=; b=MZw/NSQe0HfmughMwz1S4m3RPqkhaNY0t
	Dy3NsbPOepED4bSyG+HTdI4brYOmHnjqoErtBYblDa0tsqPtdrgcecuy3yTk17R2
	wWncjisFy5TDlcXZS0ZQloSUZWP51kl2tlVnZyluK7Za8IK8Z5W6CNOhy6HmJEHF
	0PMtA8mRTL6YKykPc5IkexE6pFVm5Zbydd4NXLXYJmsuXkTP3ijoHa9qTfZWbaPk
	lBy7+HJuRiMACTVhw51ISKgHpoPE45zxGPzYzAq8RTuFaV2uR+RGRAuEGf+0s5Mc
	sZp1IWIbylkxe8INAwHizXAK83qo8Q2Pqv1nYrKQTL6DuTM4FDdAQ==
From: Stefan Berger <stefanb@linux.ibm.com>
To: devel@lists.libvirt.org
Subject: [PATCH v3 10/10] qemu: Read the profile name after creation of TPM
 instance
Date: Fri, 18 Oct 2024 16:24:14 -0400
Message-ID: <20241018202414.2430136-11-stefanb@linux.ibm.com>
X-Mailer: git-send-email 2.47.0
In-Reply-To: <20241018202414.2430136-1-stefanb@linux.ibm.com>
References: <20241018202414.2430136-1-stefanb@linux.ibm.com>
MIME-Version: 1.0
X-TM-AS-GCONF: 00
X-Proofpoint-ORIG-GUID: EVz4cS4znKUIurdtQrVmqKRkQloz30L-
X-Proofpoint-GUID: EVz4cS4znKUIurdtQrVmqKRkQloz30L-
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1051,Hydra:6.0.680,FMLib:17.12.62.30
 definitions=2024-10-15_01,2024-10-11_01,2024-09-30_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0
 priorityscore=1501
 phishscore=0 mlxlogscore=999 malwarescore=0 clxscore=1015
 lowpriorityscore=0 adultscore=0 spamscore=0 mlxscore=0 suspectscore=0
 impostorscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx
 scancount=1 engine=8.19.0-2409260000 definitions=main-2410180130
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: OZEGQPLBRPA5TFYRM7Z2UOXTTTPQIDGH
X-Message-ID-Hash: OZEGQPLBRPA5TFYRM7Z2UOXTTTPQIDGH
X-MailFrom: stefanb@linux.ibm.com
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0
CC: marcandre.lureau@redhat.com, Stefan Berger <stefanb@linux.ibm.com>
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/OZEGQPLBRPA5TFYRM7Z2UOXTTTPQIDGH/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1729283309455116600
Content-Type: text/plain; charset="utf-8"

Get the JSON profile that the swtpm instance was created with from the
output of 'swtpm socket --tpm2 --print-info 0x20 --tpmstate ...'. Get the
name of the profile from the JSON and if it differs from the original
profile name then update the profile name in the current and persistent
emulator descriptions and have the persistent stored with the update.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 src/qemu/qemu_extdevice.c |   5 +-
 src/qemu/qemu_tpm.c       | 105 ++++++++++++++++++++++++++++++++++++--
 src/qemu/qemu_tpm.h       |   3 +-
 src/util/virtpm.c         |   1 +
 src/util/virtpm.h         |   1 +
 5 files changed, 109 insertions(+), 6 deletions(-)

diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index dc1bb56237..a6f31f9773 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -175,6 +175,7 @@ qemuExtDevicesStart(virQEMUDriver *driver,
                     virDomainObj *vm,
                     bool incomingMigration)
 {
+    virDomainDef *persistentDef =3D vm->newDef;
     virDomainDef *def =3D vm->def;
     size_t i;
=20
@@ -189,9 +190,11 @@ qemuExtDevicesStart(virQEMUDriver *driver,
=20
     for (i =3D 0; i < def->ntpms; i++) {
         virDomainTPMDef *tpm =3D def->tpms[i];
+        virDomainTPMDef *persistentTPMDef =3D persistentDef->tpms[i];
=20
         if (tpm->type =3D=3D VIR_DOMAIN_TPM_TYPE_EMULATOR &&
-            qemuExtTPMStart(driver, vm, tpm, incomingMigration) < 0)
+            qemuExtTPMStart(driver, vm, tpm, persistentTPMDef,
+                            incomingMigration) < 0)
             return -1;
     }
=20
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 99473bba87..cbb6af8314 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -579,15 +579,94 @@ qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd,
     return 0;
 }
=20
+
+/* qemuTPMEmulatorUpdateProfileName:
+ *
+ * @emulator: TPM emulator definition
+ * @persistentTPMDef: TPM definition from the persistent domain definition
+ * @cfg: virQEMUDriverConfig
+ * @saveDef: whether caller should save the persistent domain def
+ */
+static int
+qemuTPMEmulatorUpdateProfileName(virDomainTPMEmulatorDef *emulator,
+                                 virDomainTPMDef *persistentTPMDef,
+                                 const virQEMUDriverConfig *cfg,
+                                 bool *saveDef)
+{
+    g_autoptr(virJSONValue) object =3D NULL;
+    g_autofree char *stderr_buf =3D NULL;
+    g_autofree char *stdout_buf =3D NULL;
+    g_autoptr(virCommand) cmd =3D NULL;
+    g_autofree char *swtpm =3D NULL;
+    virJSONValue *active_profile;
+    const char *profile_name;
+    int exitstatus;
+
+    if (emulator->version !=3D VIR_DOMAIN_TPM_VERSION_2_0 ||
+        !virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO))
+        return 0;
+
+    swtpm =3D virTPMGetSwtpm();
+    if (!swtpm)
+        return -1;
+
+    cmd =3D virCommandNew(swtpm);
+
+    virCommandSetUID(cmd, cfg->swtpm_user); /* should be uid of 'tss' or '=
root' */
+    virCommandSetGID(cmd, cfg->swtpm_group);
+
+    virCommandAddArgList(cmd, "socket", "--print-info", "0x20", "--tpm2", =
NULL);
+
+    virCommandAddArg(cmd, "--tpmstate");
+    virCommandAddArgFormat(cmd, "dir=3D%s",
+                           emulator->storagepath);
+
+    if (qemuTPMVirCommandSwtpmAddEncryption(cmd, emulator, swtpm) < 0)
+        return -1;
+
+    virCommandClearCaps(cmd);
+
+    virCommandSetOutputBuffer(cmd, &stdout_buf);
+    virCommandSetErrorBuffer(cmd, &stderr_buf);
+
+    if (virCommandRun(cmd, &exitstatus) < 0 || exitstatus !=3D 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("Could not run '%1$s --print-info'. exitstatus: %=
2$d; stderr: %3$s\n"),
+                          swtpm, exitstatus, stderr_buf);
+        return -1;
+    }
+
+    if (!(object =3D virJSONValueFromString(stdout_buf)))
+        return -1;
+
+    if (!(active_profile =3D virJSONValueObjectGetObject(object, "ActivePr=
ofile")))
+        return -1;
+
+    profile_name =3D g_strdup(virJSONValueObjectGetString(active_profile, =
"Name"));
+    if (STRNEQ_NULLABLE(emulator->profile_name, profile_name)) {
+        g_free(emulator->profile_name);
+        emulator->profile_name =3D g_strdup(profile_name);
+    }
+    if (STRNEQ_NULLABLE(persistentTPMDef->data.emulator.profile_name, prof=
ile_name)) {
+        *saveDef =3D true;
+        g_free(persistentTPMDef->data.emulator.profile_name);
+        persistentTPMDef->data.emulator.profile_name =3D g_strdup(profile_=
name);
+    }
+
+    return 0;
+}
+
 /*
  * qemuTPMEmulatorBuildCommand:
  *
  * @tpm: TPM definition
+ * @persistentTPMDef: TPM definition from the persistent domain definition
  * @vmname: The name of the VM
  * @vmuuid: The UUID of the VM
  * @privileged: whether we are running in privileged mode
  * @cfg: virQEMUDriverConfig
  * @incomingMigration: whether we have an incoming migration
+ * @saveDef: whether caller should save the persistent domain def
  *
  * Create the virCommand use for starting the emulator
  * Do some initializations on the way, such as creation of storage
@@ -595,11 +674,13 @@ qemuTPMVirCommandSwtpmAddEncryption(virCommand *cmd,
  */
 static virCommand *
 qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
+                            virDomainTPMDef *persistentTPMDef,
                             const char *vmname,
                             const unsigned char *vmuuid,
                             bool privileged,
                             const virQEMUDriverConfig *cfg,
-                            bool incomingMigration)
+                            bool incomingMigration,
+                            bool *saveDef)
 {
     g_autoptr(virCommand) cmd =3D NULL;
     bool created =3D false;
@@ -633,6 +714,11 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
                                 incomingMigration) < 0)
         goto error;
=20
+    if (created && !incomingMigration &&
+        qemuTPMEmulatorUpdateProfileName(&tpm->data.emulator, persistentTP=
MDef,
+                                         cfg, saveDef) < 0)
+        goto error;
+
     if (!incomingMigration &&
         qemuTPMEmulatorReconfigure(&tpm->data.emulator, cfg, secretuuid) <=
 0)
         goto error;
@@ -934,6 +1020,7 @@ qemuExtTPMEmulatorSetupCgroup(const char *swtpmStateDi=
r,
  * @driver: QEMU driver
  * @vm: the domain object
  * @tpm: TPM definition
+ * @persistentTPMDef: TPM definition from persistent domain definition
  * @shortName: short and unique name of the domain
  * @incomingMigration: whether we have an incoming migration
  *
@@ -946,6 +1033,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
                      virDomainObj *vm,
                      const char *shortName,
                      virDomainTPMDef *tpm,
+                     virDomainTPMDef *persistentTPMDef,
                      bool incomingMigration)
 {
     g_autoptr(virCommand) cmd =3D NULL;
@@ -954,6 +1042,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
     g_autofree char *pidfile =3D NULL;
     virTimeBackOffVar timebackoff;
     const unsigned long long timeout =3D 1000; /* ms */
+    bool saveDef =3D false;
     pid_t pid =3D -1;
     bool lockMetadataException =3D false;
=20
@@ -962,12 +1051,18 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
     /* stop any left-over TPM emulator for this VM */
     qemuTPMEmulatorStop(cfg->swtpmStateDir, shortName);
=20
-    if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, vm->def->name, vm->def-=
>uuid,
+    if (!(cmd =3D qemuTPMEmulatorBuildCommand(tpm, persistentTPMDef,
+                                            vm->def->name, vm->def->uuid,
                                             driver->privileged,
                                             cfg,
-                                            incomingMigration)))
+                                            incomingMigration,
+                                            &saveDef)))
         return -1;
=20
+    if (saveDef &&
+        virDomainDefSave(vm->newDef, driver->xmlopt, cfg->configDir) < 0)
+        goto error;
+
     if (qemuExtDeviceLogCommand(driver, vm, cmd, "TPM Emulator") < 0)
         return -1;
=20
@@ -1151,6 +1246,7 @@ int
 qemuExtTPMStart(virQEMUDriver *driver,
                 virDomainObj *vm,
                 virDomainTPMDef *tpm,
+                virDomainTPMDef *persistentTPMDef,
                 bool incomingMigration)
 {
     g_autofree char *shortName =3D virDomainDefGetShortName(vm->def);
@@ -1158,7 +1254,8 @@ qemuExtTPMStart(virQEMUDriver *driver,
     if (!shortName)
         return -1;
=20
-    return qemuTPMEmulatorStart(driver, vm, shortName, tpm, incomingMigrat=
ion);
+    return qemuTPMEmulatorStart(driver, vm, shortName, tpm, persistentTPMD=
ef,
+                                incomingMigration);
 }
=20
=20
diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h
index 3071dc3f71..7096060a2a 100644
--- a/src/qemu/qemu_tpm.h
+++ b/src/qemu/qemu_tpm.h
@@ -44,9 +44,10 @@ void qemuExtTPMCleanupHost(virQEMUDriver *driver,
 int qemuExtTPMStart(virQEMUDriver *driver,
                     virDomainObj *vm,
                     virDomainTPMDef *def,
+                    virDomainTPMDef *persistentDefTPM,
                     bool incomingMigration)
     ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
-    ATTRIBUTE_NONNULL(3)
+    ATTRIBUTE_NONNULL(3) ATTRIBUTE_NONNULL(4)
     G_GNUC_WARN_UNUSED_RESULT;
=20
 void qemuExtTPMStop(virQEMUDriver *driver,
diff --git a/src/util/virtpm.c b/src/util/virtpm.c
index d991657696..d639271b4f 100644
--- a/src/util/virtpm.c
+++ b/src/util/virtpm.c
@@ -40,6 +40,7 @@ VIR_ENUM_IMPL(virTPMSwtpmFeature,
               VIR_TPM_SWTPM_FEATURE_LAST,
               "cmdarg-pwd-fd",
               "cmdarg-migration",
+              "cmdarg-print-info",
 );
=20
 VIR_ENUM_IMPL(virTPMSwtpmSetupFeature,
diff --git a/src/util/virtpm.h b/src/util/virtpm.h
index 18c2877c03..a4ed9a3f95 100644
--- a/src/util/virtpm.h
+++ b/src/util/virtpm.h
@@ -31,6 +31,7 @@ bool virTPMHasSwtpm(void);
 typedef enum {
     VIR_TPM_SWTPM_FEATURE_CMDARG_PWD_FD,
     VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION,
+    VIR_TPM_SWTPM_FEATURE_CMDARG_PRINT_INFO,
=20
     VIR_TPM_SWTPM_FEATURE_LAST
 } virTPMSwtpmFeature;
--=20
2.47.0