Hi
On Sat, Jul 27, 2019 at 12:41 AM Stefan Berger <stefanb@xxxxxxxxxxxxx> wrote:
>
> In case of an incoming migration we do not need to run swtpm_setup
> with all the parameters but only want to get the benefit of it
> creating a TPM state file for us that we can then label with an
> SELinux label. The actual state will be overwritten by the in-
> coming state. So we have to pass an indicator for incomingMigration
> all the way to the command line parameter generation for swtpm_setup.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
iirc, I needed to pass it down as well in my slirp-helper series.
Reviewed-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
> ---
> src/qemu/qemu_extdevice.c | 5 ++--
> src/qemu/qemu_extdevice.h | 3 ++-
> src/qemu/qemu_process.c | 2 +-
> src/qemu/qemu_tpm.c | 49 +++++++++++++++++++++++++--------------
> src/qemu/qemu_tpm.h | 3 ++-
> 5 files changed, 40 insertions(+), 22 deletions(-)
>
> diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
> index e576bca165..af52466421 100644
> --- a/src/qemu/qemu_extdevice.c
> +++ b/src/qemu/qemu_extdevice.c
> @@ -128,7 +128,8 @@ qemuExtDevicesCleanupHost(virQEMUDriverPtr driver,
> int
> qemuExtDevicesStart(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> - qemuDomainLogContextPtr logCtxt)
> + qemuDomainLogContextPtr logCtxt,
> + bool incomingMigration)
> {
> int ret = 0;
>
> @@ -136,7 +137,7 @@ qemuExtDevicesStart(virQEMUDriverPtr driver,
> return -1;
>
> if (vm->def->tpm)
> - ret = qemuExtTPMStart(driver, vm, logCtxt);
> + ret = qemuExtTPMStart(driver, vm, logCtxt, incomingMigration);
>
> return ret;
> }
> diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h
> index bbdb9a1cc2..5a53c79f38 100644
> --- a/src/qemu/qemu_extdevice.h
> +++ b/src/qemu/qemu_extdevice.h
> @@ -40,7 +40,8 @@ void qemuExtDevicesCleanupHost(virQEMUDriverPtr driver,
>
> int qemuExtDevicesStart(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> - qemuDomainLogContextPtr logCtxt)
> + qemuDomainLogContextPtr logCtxt,
> + bool incomingMigration)
> ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
> ATTRIBUTE_RETURN_CHECK;
>
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 75205bc121..fae18824ba 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -6774,7 +6774,7 @@ qemuProcessLaunch(virConnectPtr conn,
> if (qemuProcessGenID(vm, flags) < 0)
> goto cleanup;
>
> - if (qemuExtDevicesStart(driver, vm, logCtxt) < 0)
> + if (qemuExtDevicesStart(driver, vm, logCtxt, incoming != NULL) < 0)
> goto cleanup;
>
> VIR_DEBUG("Building emulator command line");
> diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
> index 77ef601f74..4174aa4c62 100644
> --- a/src/qemu/qemu_tpm.c
> +++ b/src/qemu/qemu_tpm.c
> @@ -453,6 +453,7 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid,
> * for the user given by userid or 'tss'
> * @tpmversion: The version of the TPM, either a TPM 1.2 or TPM 2
> * @encryption: pointer to virStorageEncryption holding secret
> + * @incomingMigration: whether we have an incoming migration
> *
> * Setup the external swtpm by creating endorsement key and
> * certificates for it.
> @@ -466,7 +467,8 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
> gid_t swtpm_group,
> const char *logfile,
> const virDomainTPMVersion tpmversion,
> - const unsigned char *secretuuid)
> + const unsigned char *secretuuid,
> + bool incomingMigration)
> {
> virCommandPtr cmd = NULL;
> int exitstatus;
> @@ -525,16 +527,23 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
> pwdfile_fd = -1;
> }
>
> - virCommandAddArgList(cmd,
> - "--tpm-state", storagepath,
> - "--vmid", vmid,
> - "--logfile", logfile,
> - "--createek",
> - "--create-ek-cert",
> - "--create-platform-cert",
> - "--lock-nvram",
> - "--not-overwrite",
> - NULL);
> + if (!incomingMigration) {
> + virCommandAddArgList(cmd,
> + "--tpm-state", storagepath,
> + "--vmid", vmid,
> + "--logfile", logfile,
> + "--createek",
> + "--create-ek-cert",
> + "--create-platform-cert",
> + "--lock-nvram",
> + "--not-overwrite",
> + NULL);
> + } else {
> + virCommandAddArgList(cmd,
> + "--tpm-state", storagepath,
> + "--overwrite",
> + NULL);
> + }
>
> virCommandClearCaps(cmd);
>
> @@ -568,6 +577,7 @@ qemuTPMEmulatorRunSetup(const char *storagepath,
> * @swtpmStateDir: the directory where swtpm writes the pid file and creates the
> * Unix socket
> * @shortName: the short name of the VM
> + * @incomingMigration: whether we have an incoming migration
> *
> * Create the virCommand use for starting the emulator
> * Do some initializations on the way, such as creation of storage
> @@ -581,7 +591,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
> uid_t swtpm_user,
> gid_t swtpm_group,
> const char *swtpmStateDir,
> - const char *shortName)
> + const char *shortName,
> + bool incomingMigration)
> {
> virCommandPtr cmd = NULL;
> bool created = false;
> @@ -605,7 +616,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDefPtr tpm,
> qemuTPMEmulatorRunSetup(tpm->data.emulator.storagepath, vmname, vmuuid,
> privileged, swtpm_user, swtpm_group,
> tpm->data.emulator.logfile, tpm->version,
> - secretuuid) < 0)
> + secretuuid, incomingMigration) < 0)
> goto error;
>
> unlink(tpm->data.emulator.source.data.nix.path);
> @@ -814,6 +825,7 @@ qemuExtTPMCleanupHost(virDomainDefPtr def)
> * @driver: QEMU driver
> * @vm: the domain object
> * @logCtxt: log context
> + * @incomingMigration: whether we have an incoming migration
> *
> * Start the external TPM Emulator:
> * - have the command line built
> @@ -822,7 +834,8 @@ qemuExtTPMCleanupHost(virDomainDefPtr def)
> static int
> qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> - qemuDomainLogContextPtr logCtxt)
> + qemuDomainLogContextPtr logCtxt,
> + bool incomingMigration)
> {
> int ret = -1;
> virCommandPtr cmd = NULL;
> @@ -846,7 +859,8 @@ qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
> driver->privileged,
> cfg->swtpm_user,
> cfg->swtpm_group,
> - cfg->swtpmStateDir, shortName)))
> + cfg->swtpmStateDir, shortName,
> + incomingMigration)))
> goto cleanup;
>
> if (qemuExtDeviceLogCommand(logCtxt, cmd, "TPM Emulator") < 0)
> @@ -903,14 +917,15 @@ qemuExtTPMStartEmulator(virQEMUDriverPtr driver,
> int
> qemuExtTPMStart(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> - qemuDomainLogContextPtr logCtxt)
> + qemuDomainLogContextPtr logCtxt,
> + bool incomingMigration)
> {
> int ret = 0;
> virDomainTPMDefPtr tpm = vm->def->tpm;
>
> switch (tpm->type) {
> case VIR_DOMAIN_TPM_TYPE_EMULATOR:
> - ret = qemuExtTPMStartEmulator(driver, vm, logCtxt);
> + ret = qemuExtTPMStartEmulator(driver, vm, logCtxt, incomingMigration);
> break;
> case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
> case VIR_DOMAIN_TPM_TYPE_LAST:
> diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h
> index 74c9924d68..5f454d3580 100644
> --- a/src/qemu/qemu_tpm.h
> +++ b/src/qemu/qemu_tpm.h
> @@ -37,7 +37,8 @@ void qemuExtTPMCleanupHost(virDomainDefPtr def)
>
> int qemuExtTPMStart(virQEMUDriverPtr driver,
> virDomainObjPtr vm,
> - qemuDomainLogContextPtr logCtxt)
> + qemuDomainLogContextPtr logCtxt,
> + bool incomingMigration)
> ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3)
> ATTRIBUTE_RETURN_CHECK;
>
> --
> 2.21.0
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
