[PATCH v4 5/7] qemu: tpm: Pass --migration option to swtpm if supported and needed

Michal Prívozník mprivozn at redhat.com
Mon Nov 7 08:31:22 UTC 2022 

On 10/24/22 12:28, Stefan Berger wrote:
> Pass the --migration option to swtpm if swptm supports it (starting
> with v0.8) and if the TPM's state is written on shared storage. If this
> is the case apply the 'release-lock-outgoing' parameter with this
> option and apply the 'incoming' parameter for incoming migration so that
> swtpm releases the file lock on the source side when the state is migrated
> and locks the file on the destination side when the state is received.
> 
> If a started swtpm instance is running with the necessary options of
> migrating with share storage then remember this with a flag in the
> virDomainTPMPrivateDef.
> 
> Report an error if swtpm does not support the --migration option and an
> incoming migration across shared storage is requested.
> 
> Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
> ---
>  src/qemu/qemu_migration.c | 10 ++++++++
>  src/qemu/qemu_tpm.c       | 48 +++++++++++++++++++++++++++++++++++++--
>  src/qemu/qemu_tpm.h       |  3 +++
>  3 files changed, 59 insertions(+), 2 deletions(-)
> 
> diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
> index 16bf7ac178..2aa0b6e89e 100644
> --- a/src/qemu/qemu_migration.c
> +++ b/src/qemu/qemu_migration.c
> @@ -2786,6 +2786,7 @@ qemuMigrationSrcBegin(virConnectPtr conn,
>      g_autofree char *xml = NULL;
>      char *ret = NULL;
>      virDomainAsyncJob asyncJob;
> +    int rc;
>  
>      if (cfg->migrateTLSForce &&
>          !(flags & VIR_MIGRATE_TUNNELLED) &&
> @@ -2795,6 +2796,15 @@ qemuMigrationSrcBegin(virConnectPtr conn,
>          goto cleanup;
>      }
>  
> +    rc = qemuTPMHasSharedStorage(driver, vm->def);
> +    if (rc < 0)
> +        goto cleanup;
> +    if (rc == 1 && !qemuTPMCanMigrateSharedStorage(vm->def)) {
> +        virReportError(VIR_ERR_NO_SUPPORT, "%s",
> +                       _("the running swtpm does not support migration with shared storage"));
> +        goto cleanup;
> +    }
> +

This check is correct, but as I said in my other reply, I think it
should live in qemuMigrationSrcIsAllowed().

Michal

More information about the libvir-list mailing list