Hi
On Mon, Mar 21, 2022 at 6:59 PM Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
When vTPM is secured via virSecret libvirt passes the secret
value via an FD when swtpm is started (arguments --key and
--migration-key). The writing of the secret into the FDs is
handled via virCommand, specifically qemu_tpm calls
virCommandSetSendBuffer()) and then virCommandRunAsync() spawns a
thread to handle writing into the FD via
virCommandDoAsyncIOHelper. But the thread is not created unless
VIR_EXEC_ASYNC_IO flag is set, which it isn't. In order to fix
it, virCommandDoAsyncIO() must be called.
The credit goes to Marc-André Lureau
<marcandre.lureau@xxxxxxxxxx> who has done all the debugging and
proposed fix in the bugzilla.
(thanks for the credit :)
Wouldn't it make sense to return an error if SendBuffers is used without AsyncIO then? Or just enable AsyncIO as necessary? (beware, I am not very familiar with virCommand API. I don't know what this would imply)
Also it would be nice to cover that "behaviour" in a test (even better if we could cover the swtpm setup & start handling too, although I realize this is more work!)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2064115
Fixes: a9c500d2b50c5c041a1bb6ae9724402cf1cec8fe
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
src/qemu/qemu_tpm.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 50f9caabf3..56bccee128 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -899,6 +899,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
if (!(pidfile = qemuTPMEmulatorPidFileBuildPath(cfg->swtpmStateDir, shortName)))
return -1;
+ virCommandDoAsyncIO(cmd);
virCommandDaemonize(cmd);
virCommandSetPidFile(cmd, pidfile);
virCommandSetErrorFD(cmd, &errfd);
--
2.34.1
--
Marc-André Lureau