On 11/7/22 03:31, Michal Prívozník wrote:
On 10/24/22 12:28, Stefan Berger wrote:This series of patches adds support for migrating vTPMs across hosts whose storage has been set up to share the directory structure holding the state of the TPM (swtpm). The existence of share storage influences the management of the directory structure holding the TPM state, which for example is only removed when a domain is undefined and not when a VM is removed on the migration source host. Further, when shared storage is used then security labeling on the destination side is skipped assuming that the labeling was already done on the source side. I have tested this with an NFS setup where I had to turn SELinux off on the hosts since the SELinux MLS range labeling is not supported by NFS. For shared storage support to work properly both sides of the migration need to be clients of the shared storage setup, meaning that they both have to have /var/lib/libvirt/swtpm mounted as shared storage, because other- wise the virFileIsSharedFS() may not detect shared storage and in the worst case may cause the TPM emulator (swtpm) to malfunction if for example the source side removed the TPM state directory structure. Shared storage migration requires (upcoming) swtpm v0.8. Stefan v4: - Fixed long-standing bug regarding offline migration that now blocks if no shared storage is set up - Addressed Michal's concerns v3: - Relying entirely on virFileIsSharedFS() on migration source and destination sides to detect whether shared storage is set up between hosts; no more hint about shared storage from user via flag - Added support for virDomainTPMPrivate structure to store and persist TPM-related private data Stefan Berger (7): util: Add parsing support for swtpm's cmdarg-migration capability qemu: tpm: Allow offline migration with TPM_EMULATOR only with shared storage qemu: tpm: Conditionally create storage on incoming migration qemu: tpm: Add support for storing private TPM-related data qemu: tpm: Pass --migration option to swtpm if supported and needed qemu: tpm: Avoid security labels on incoming migration with shared storage qemu: tpm: Never remove state on outgoing migration and shared storage src/conf/domain_conf.c | 63 ++++++++++++++++++-- src/conf/domain_conf.h | 9 +++ src/qemu/qemu_domain.c | 85 ++++++++++++++++++++++++-- src/qemu/qemu_domain.h | 17 +++++- src/qemu/qemu_driver.c | 20 +++---- src/qemu/qemu_extdevice.c | 10 ++-- src/qemu/qemu_extdevice.h | 6 +- src/qemu/qemu_migration.c | 28 +++++++-- src/qemu/qemu_process.c | 9 ++- src/qemu/qemu_snapshot.c | 4 +- src/qemu/qemu_tpm.c | 122 ++++++++++++++++++++++++++++++++++---- src/qemu/qemu_tpm.h | 14 ++++- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 14 files changed, 339 insertions(+), 50 deletions(-)Hey, sorry for late review. I just have to small nits. I surely want to avoid making you send another version. My suggestions are trivial
How is it going to work without another version. I am fine with you making the changes but I can also send another version... Stefan
(moving a few lines of code into a different function or dropping it) and as such I can squash them in before pushing. Tentatively-ACKed-by: me Michal
