From nobody Sun May 19 08:30:52 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1663005127; cv=none; d=zohomail.com; s=zohoarc; b=VHRq+wQ6zPmqgswaGNEAhHM8+aME6fm6lYay0Kz/qM607fnKqTP+ARwW+tE6YUDJYOoA1GdbXx/iflmhO4NdgkevsNCTWAB99XaZ3qxs0cs+p5n4O7yUisAiUuUEuXsXBiq1odw/jotk3dRbzmQeyeTM+vvCFZPrsenOQ4I9wQ0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663005127; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=RqjJAzE1LGpQ5uizHh3x0YwWA12SySSG7bqVu+AzsJk=; b=UnLnKUKvxhRwuJm0zWdaufOTT9yarQOolvnC2+5VOJtCCvd7n5SnTRY3WZoFRmnRC/JMYK3mZWUaa6PDEc+2YORPgfySBd3rERpaaY1YXAvWyzgKRoTi4ZKyM7Bph8v0q3ENw9QSkrlDEBS70hg/ijHDf/E/t2kCikCWltzmPuw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1663005127634728.8901196804458; Mon, 12 Sep 2022 10:52:07 -0700 (PDT) Received: from localhost ([::1]:46786 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oXnbK-00061H-ME for importer@patchew.org; Mon, 12 Sep 2022 13:52:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40790) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oXnXE-0003S7-CP for qemu-devel@nongnu.org; Mon, 12 Sep 2022 13:47:53 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:32930) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oXnXC-0000fK-Jh for qemu-devel@nongnu.org; Mon, 12 Sep 2022 13:47:52 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28CHD7Cm001158 for ; Mon, 12 Sep 2022 17:47:47 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jj5m7gdwe-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 12 Sep 2022 17:47:47 +0000 Received: from m0098404.ppops.net (m0098404.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 28CHDNPv002964 for ; Mon, 12 Sep 2022 17:47:46 GMT Received: from ppma04dal.us.ibm.com (7a.29.35a9.ip4.static.sl-reverse.com [169.53.41.122]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jj5m7gdvn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Sep 2022 17:47:46 +0000 Received: from pps.filterd (ppma04dal.us.ibm.com [127.0.0.1]) by ppma04dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 28CHZp8g007688; Mon, 12 Sep 2022 17:47:45 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma04dal.us.ibm.com with ESMTP id 3jgj7a28qf-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Sep 2022 17:47:45 +0000 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 28CHljrY1966658 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 12 Sep 2022 17:47:45 GMT Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AF433136053; Mon, 12 Sep 2022 17:47:43 +0000 (GMT) Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6CDB613604F; Mon, 12 Sep 2022 17:47:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 12 Sep 2022 17:47:43 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=pp1; bh=RqjJAzE1LGpQ5uizHh3x0YwWA12SySSG7bqVu+AzsJk=; b=CJ04xPp0g/rszSUH+xd+icW+Zc/IAK95MoUfxBkoi4qKraaEQQ12oM6/b/FbjeeVRTDG r22sBkCEtvh97I4h49Fb7axJjv3RR7ppkKhZfwGGAcgKCpTIt3/QyU3pO84JRox5Lz3d ne4drGsgGnQCMWm+B5EIRDDFns3OqzR5OokmTFAhQKWi4YHxeQYWJj7c44LvxheHxsyj Qxn+ToldGHszHIoPkO4VW7I50jP2az/5ZxYHPT2+uxGQTEnnKCd+SiHVWOk2W1TkDLyW 1dHH6KOIBXRS48Dr/FqGgWctRMXIaed8oID1vnWtbBqZ/FXi9xCkA0nO0lu7rnjFfpIT FA== From: Stefan Berger To: qemu-devel@nongnu.org, marcandre.lureau@redhat.com Cc: Stefan Berger Subject: [PATCH 1/2] tpm_emulator: Use latest tpm_ioctl.h from swtpm project Date: Mon, 12 Sep 2022 13:47:40 -0400 Message-Id: <20220912174741.1542330-2-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220912174741.1542330-1-stefanb@linux.ibm.com> References: <20220912174741.1542330-1-stefanb@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: MuQCSUY3UHQwjBO0LxeSRsrIiKALsA-i X-Proofpoint-ORIG-GUID: 6-OTZ2vUhwo8LjDZ0x27LIdP92OjrhuC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-12_12,2022-09-12_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 bulkscore=0 phishscore=0 mlxlogscore=999 malwarescore=0 clxscore=1015 suspectscore=0 mlxscore=0 impostorscore=0 priorityscore=1501 spamscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2209120060 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=stefanb@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1663005128684100003 Use the latest tpm_ioctl.h from upstream swtpm project. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- backends/tpm/tpm_ioctl.h | 96 +++++++++++++++++++++++++++++++--------- 1 file changed, 76 insertions(+), 20 deletions(-) diff --git a/backends/tpm/tpm_ioctl.h b/backends/tpm/tpm_ioctl.h index d67bf0283b..e506ef5160 100644 --- a/backends/tpm/tpm_ioctl.h +++ b/backends/tpm/tpm_ioctl.h @@ -5,10 +5,15 @@ * * This file is licensed under the terms of the 3-clause BSD license */ +#ifndef _TPM_IOCTL_H_ +#define _TPM_IOCTL_H_ =20 -#ifndef TPM_IOCTL_H -#define TPM_IOCTL_H +#if defined(__CYGWIN__) +# define __USE_LINUX_IOCTL_DEFS +#endif =20 +#include +#include #ifndef _WIN32 #include #include @@ -196,6 +201,48 @@ struct ptm_setbuffersize { } u; }; =20 +#define PTM_GETINFO_SIZE (3 * 1024) +/* + * PTM_GET_INFO: Get info about the TPM implementation (from libtpms) + * + * This request allows to indirectly call TPMLIB_GetInfo(flags) and + * retrieve information from libtpms. + * Only one transaction is currently necessary for returning results + * to a client. Therefore, totlength and length will be the same if + * offset is 0. + */ +struct ptm_getinfo { + union { + struct { + uint64_t flags; + uint32_t offset; /* offset from where to read */ + uint32_t pad; /* 32 bit arch */ + } req; /* request */ + struct { + ptm_res tpm_result; + uint32_t totlength; + uint32_t length; + char buffer[PTM_GETINFO_SIZE]; + } resp; /* response */ + } u; +}; + +#define SWTPM_INFO_TPMSPECIFICATION ((uint64_t)1 << 0) +#define SWTPM_INFO_TPMATTRIBUTES ((uint64_t)1 << 1) + +/* + * PTM_LOCK_STORAGE: Lock the storage and retry n times + */ +struct ptm_lockstorage { + union { + struct { + uint32_t retries; /* number of retries */ + } req; /* request */ + struct { + ptm_res tpm_result; + } resp; /* reponse */ + } u; +}; =20 typedef uint64_t ptm_cap; typedef struct ptm_est ptm_est; @@ -207,6 +254,8 @@ typedef struct ptm_getstate ptm_getstate; typedef struct ptm_setstate ptm_setstate; typedef struct ptm_getconfig ptm_getconfig; typedef struct ptm_setbuffersize ptm_setbuffersize; +typedef struct ptm_getinfo ptm_getinfo; +typedef struct ptm_lockstorage ptm_lockstorage; =20 /* capability flags returned by PTM_GET_CAPABILITY */ #define PTM_CAP_INIT (1) @@ -223,6 +272,9 @@ typedef struct ptm_setbuffersize ptm_setbuffersize; #define PTM_CAP_GET_CONFIG (1 << 11) #define PTM_CAP_SET_DATAFD (1 << 12) #define PTM_CAP_SET_BUFFERSIZE (1 << 13) +#define PTM_CAP_GET_INFO (1 << 14) +#define PTM_CAP_SEND_COMMAND_HEADER (1 << 15) +#define PTM_CAP_LOCK_STORAGE (1 << 16) =20 #ifndef _WIN32 enum { @@ -243,6 +295,8 @@ enum { PTM_GET_CONFIG =3D _IOR('P', 14, ptm_getconfig), PTM_SET_DATAFD =3D _IOR('P', 15, ptm_res), PTM_SET_BUFFERSIZE =3D _IOWR('P', 16, ptm_setbuffersize), + PTM_GET_INFO =3D _IOWR('P', 17, ptm_getinfo), + PTM_LOCK_STORAGE =3D _IOWR('P', 18, ptm_lockstorage), }; #endif =20 @@ -257,23 +311,25 @@ enum { * and ptm_set_state:u.req.data) are 0xffffffff. */ enum { - CMD_GET_CAPABILITY =3D 1, - CMD_INIT, - CMD_SHUTDOWN, - CMD_GET_TPMESTABLISHED, - CMD_SET_LOCALITY, - CMD_HASH_START, - CMD_HASH_DATA, - CMD_HASH_END, - CMD_CANCEL_TPM_CMD, - CMD_STORE_VOLATILE, - CMD_RESET_TPMESTABLISHED, - CMD_GET_STATEBLOB, - CMD_SET_STATEBLOB, - CMD_STOP, - CMD_GET_CONFIG, - CMD_SET_DATAFD, - CMD_SET_BUFFERSIZE, + CMD_GET_CAPABILITY =3D 1, /* 0x01 */ + CMD_INIT, /* 0x02 */ + CMD_SHUTDOWN, /* 0x03 */ + CMD_GET_TPMESTABLISHED, /* 0x04 */ + CMD_SET_LOCALITY, /* 0x05 */ + CMD_HASH_START, /* 0x06 */ + CMD_HASH_DATA, /* 0x07 */ + CMD_HASH_END, /* 0x08 */ + CMD_CANCEL_TPM_CMD, /* 0x09 */ + CMD_STORE_VOLATILE, /* 0x0a */ + CMD_RESET_TPMESTABLISHED, /* 0x0b */ + CMD_GET_STATEBLOB, /* 0x0c */ + CMD_SET_STATEBLOB, /* 0x0d */ + CMD_STOP, /* 0x0e */ + CMD_GET_CONFIG, /* 0x0f */ + CMD_SET_DATAFD, /* 0x10 */ + CMD_SET_BUFFERSIZE, /* 0x11 */ + CMD_GET_INFO, /* 0x12 */ + CMD_LOCK_STORAGE, /* 0x13 */ }; =20 -#endif /* TPM_IOCTL_H */ +#endif /* _TPM_IOCTL_H_ */ --=20 2.37.2 From nobody Sun May 19 08:30:52 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linux.ibm.com ARC-Seal: i=1; a=rsa-sha256; t=1663005247; cv=none; d=zohomail.com; s=zohoarc; b=J5xS4smuXUdtwFFLxcwIen2AXKg37ZuMreBfQT17DOBLUVr8Cyp4cDL2c50bAtrrtDPRRh5u2lcXWcTb8yR92UHA0r2ktcY22BeJSDq2EvGTW4FP9B8tHzWAf1BlPgmIcYCXuGEc9kU4CdUCkXWKNX2zeluP7hE/etpUFNuYEVM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1663005247; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=j70KhJ/wah9iEjzH7ED8i+U30hI2mpYa0SOo8seoaWI=; b=JVL/27FHB9NsUcWQh3AZuaylYHy2sC4tFKgw4M93CG6VhbcRU4dJbrgGue7swj7X+PQa65dN9dhgxkrawKl5AZ6ekF9o04278dF7vGmSRI2XLyl5tjYWn5zPAVXL3cQv3umZThO5r5z/i9C06HYr8/ATwvppG7e1GUfexF2y3kE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1663005247406733.9709232655579; Mon, 12 Sep 2022 10:54:07 -0700 (PDT) Received: from localhost ([::1]:47750 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oXndG-0000aS-Eg for importer@patchew.org; Mon, 12 Sep 2022 13:54:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40792) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oXnXF-0003SE-Bc for qemu-devel@nongnu.org; Mon, 12 Sep 2022 13:47:53 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:28408) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oXnXC-0000fM-K3 for qemu-devel@nongnu.org; Mon, 12 Sep 2022 13:47:53 -0400 Received: from pps.filterd (m0187473.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28CHbdAo018019 for ; Mon, 12 Sep 2022 17:47:47 GMT Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jj8y2s0nq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 12 Sep 2022 17:47:47 +0000 Received: from m0187473.ppops.net (m0187473.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 28CHd21L023057 for ; Mon, 12 Sep 2022 17:47:46 GMT Received: from ppma03wdc.us.ibm.com (ba.79.3fa9.ip4.static.sl-reverse.com [169.63.121.186]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3jj8y2s0mw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Sep 2022 17:47:46 +0000 Received: from pps.filterd (ppma03wdc.us.ibm.com [127.0.0.1]) by ppma03wdc.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 28CHaB1J002047; Mon, 12 Sep 2022 17:47:45 GMT Received: from b03cxnp08027.gho.boulder.ibm.com (b03cxnp08027.gho.boulder.ibm.com [9.17.130.19]) by ppma03wdc.us.ibm.com with ESMTP id 3jgj796n6s-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 12 Sep 2022 17:47:45 +0000 Received: from b03ledav002.gho.boulder.ibm.com (b03ledav002.gho.boulder.ibm.com [9.17.130.233]) by b03cxnp08027.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 28CHlhhr34800194 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 12 Sep 2022 17:47:43 GMT Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 14BC2136053; Mon, 12 Sep 2022 17:47:44 +0000 (GMT) Received: from b03ledav002.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C6A9213604F; Mon, 12 Sep 2022 17:47:43 +0000 (GMT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b03ledav002.gho.boulder.ibm.com (Postfix) with ESMTP; Mon, 12 Sep 2022 17:47:43 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=pp1; bh=j70KhJ/wah9iEjzH7ED8i+U30hI2mpYa0SOo8seoaWI=; b=sstLD9P9TjVErXXIPZjJIiXEsALXsa9lgtEl5/fyYe7qvKyKTJaL2xgOJmVz42Z0bEx6 VTzeAjjlJ407lhDvNECxyCxSsManrO9Z0okvW/+d7UQ7wnJLhGPclTie6qcc590zeSK5 g+EuvS2BxZp9IM0pRvWnCvPOruCMoVqpNxl4iOq3pQm37udnsciTx83CNuoT2FFe6bJq +5ecu1CZ/+gHArOqdQEnB7LUiZGDmqOEMcwYj8+wWRymDOXDFjamB2PCBcrLuPFopEGd kWkZQz2tfhVD7r9KhnjUeaRPjEtXsSoIbwrna9Hr+HGhS7fVVZX4A0xkjPmbIpTp4YYo yQ== From: Stefan Berger To: qemu-devel@nongnu.org, marcandre.lureau@redhat.com Cc: Stefan Berger Subject: [PATCH 2/2] tpm_emulator: Have swtpm relock storage upon migration fall-back Date: Mon, 12 Sep 2022 13:47:41 -0400 Message-Id: <20220912174741.1542330-3-stefanb@linux.ibm.com> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220912174741.1542330-1-stefanb@linux.ibm.com> References: <20220912174741.1542330-1-stefanb@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-TM-AS-GCONF: 00 X-Proofpoint-GUID: r0PcmrV55bIQwK43hU5B3Fj4XvwEeh-A X-Proofpoint-ORIG-GUID: lRnu9S8m392LtcVLL5kn-8Ja1MPQLpb_ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-12_12,2022-09-12_02,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 lowpriorityscore=0 mlxlogscore=999 suspectscore=0 bulkscore=0 priorityscore=1501 adultscore=0 impostorscore=0 mlxscore=0 phishscore=0 spamscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2209120060 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=148.163.156.1; envelope-from=stefanb@linux.ibm.com; helo=mx0a-001b2d01.pphosted.com X-Spam_score_int: -19 X-Spam_score: -2.0 X-Spam_bar: -- X-Spam_report: (-2.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @ibm.com) X-ZM-MESSAGEID: 1663005249136100001 Swtpm may release the lock once the last one of its state blobs has been migrated out. In case of VM migration failure QEMU now needs to notify swtpm that it should again take the lock, which it can otherwise only do once it has received the first TPM command from the VM. Only try to send the lock command if swtpm supports it. It will not have released the lock (and support shared storage setups) if it doesn't support the locking command since the functionality of releasing the lock upon state blob reception and the lock command were added to swtpm 'together'. If QEMU sends the lock command and the storage has already been locked no error is reported. If swtpm does not receive the lock command (from older version of QEMU), it will lock the storage once the first TPM command has been received. So sending the lock command is an optimization. Signed-off-by: Stefan Berger Reviewed-by: Marc-Andr=C3=A9 Lureau --- backends/tpm/tpm_emulator.c | 60 ++++++++++++++++++++++++++++++++++++- backends/tpm/trace-events | 2 ++ 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/backends/tpm/tpm_emulator.c b/backends/tpm/tpm_emulator.c index 87d061e9bb..bb883fe7d2 100644 --- a/backends/tpm/tpm_emulator.c +++ b/backends/tpm/tpm_emulator.c @@ -34,6 +34,7 @@ #include "io/channel-socket.h" #include "sysemu/tpm_backend.h" #include "sysemu/tpm_util.h" +#include "sysemu/runstate.h" #include "tpm_int.h" #include "tpm_ioctl.h" #include "migration/blocker.h" @@ -81,6 +82,9 @@ struct TPMEmulator { unsigned int established_flag_cached:1; =20 TPMBlobBuffers state_blobs; + + bool relock_storage; + VMChangeStateEntry *vmstate; }; =20 struct tpm_error { @@ -302,6 +306,35 @@ static int tpm_emulator_stop_tpm(TPMBackend *tb) return 0; } =20 +static int tpm_emulator_lock_storage(TPMEmulator *tpm_emu) +{ + ptm_lockstorage pls; + + if (!TPM_EMULATOR_IMPLEMENTS_ALL_CAPS(tpm_emu, PTM_CAP_LOCK_STORAGE)) { + trace_tpm_emulator_lock_storage_cmd_not_supt(); + return 0; + } + + /* give failing side 300 * 10ms time to release lock */ + pls.u.req.retries =3D cpu_to_be32(300); + if (tpm_emulator_ctrlcmd(tpm_emu, CMD_LOCK_STORAGE, &pls, + sizeof(pls.u.req), sizeof(pls.u.resp)) < 0) { + error_report("tpm-emulator: Could not lock storage within 3 second= s: " + "%s", strerror(errno)); + return -1; + } + + pls.u.resp.tpm_result =3D be32_to_cpu(pls.u.resp.tpm_result); + if (pls.u.resp.tpm_result !=3D 0) { + error_report("tpm-emulator: TPM result for CMD_LOCK_STORAGE: 0x%x = %s", + pls.u.resp.tpm_result, + tpm_emulator_strerror(pls.u.resp.tpm_result)); + return -1; + } + + return 0; +} + static int tpm_emulator_set_buffer_size(TPMBackend *tb, size_t wanted_size, size_t *actual_size) @@ -843,13 +876,34 @@ static int tpm_emulator_pre_save(void *opaque) { TPMBackend *tb =3D opaque; TPMEmulator *tpm_emu =3D TPM_EMULATOR(tb); + int ret; =20 trace_tpm_emulator_pre_save(); =20 tpm_backend_finish_sync(tb); =20 /* get the state blobs from the TPM */ - return tpm_emulator_get_state_blobs(tpm_emu); + ret =3D tpm_emulator_get_state_blobs(tpm_emu); + + tpm_emu->relock_storage =3D ret =3D=3D 0; + + return ret; +} + +static void tpm_emulator_vm_state_change(void *opaque, bool running, + RunState state) +{ + TPMBackend *tb =3D opaque; + TPMEmulator *tpm_emu =3D TPM_EMULATOR(tb); + + trace_tpm_emulator_vm_state_change(running, state); + + if (!running || state !=3D RUN_STATE_RUNNING || !tpm_emu->relock_stora= ge) { + return; + } + + /* lock storage after migration fall-back */ + tpm_emulator_lock_storage(tpm_emu); } =20 /* @@ -911,6 +965,9 @@ static void tpm_emulator_inst_init(Object *obj) tpm_emu->options =3D g_new0(TPMEmulatorOptions, 1); tpm_emu->cur_locty_number =3D ~0; qemu_mutex_init(&tpm_emu->mutex); + tpm_emu->vmstate =3D + qemu_add_vm_change_state_handler(tpm_emulator_vm_state_change, + tpm_emu); =20 vmstate_register(NULL, VMSTATE_INSTANCE_ID_ANY, &vmstate_tpm_emulator, obj); @@ -960,6 +1017,7 @@ static void tpm_emulator_inst_finalize(Object *obj) tpm_sized_buffer_reset(&state_blobs->savestate); =20 qemu_mutex_destroy(&tpm_emu->mutex); + qemu_del_vm_change_state_handler(tpm_emu->vmstate); =20 vmstate_unregister(NULL, &vmstate_tpm_emulator, obj); } diff --git a/backends/tpm/trace-events b/backends/tpm/trace-events index 3298766dd7..1ecef42a07 100644 --- a/backends/tpm/trace-events +++ b/backends/tpm/trace-events @@ -20,6 +20,8 @@ tpm_emulator_set_buffer_size(uint32_t buffersize, uint32_= t minsize, uint32_t max tpm_emulator_startup_tpm_resume(bool is_resume, size_t buffersize) "is_res= ume: %d, buffer size: %zu" tpm_emulator_get_tpm_established_flag(uint8_t flag) "got established flag:= %d" tpm_emulator_cancel_cmd_not_supt(void) "Backend does not support CANCEL_TP= M_CMD" +tpm_emulator_lock_storage_cmd_not_supt(void) "Backend does not support LOC= K_STORAGE" +tpm_emulator_vm_state_change(int running, int state) "state change to runn= ing %d state %d" tpm_emulator_handle_device_opts_tpm12(void) "TPM Version 1.2" tpm_emulator_handle_device_opts_tpm2(void) "TPM Version 2" tpm_emulator_handle_device_opts_unspec(void) "TPM Version Unspecified" --=20 2.37.2