[PATCH v2 3/9] qemu: tpm: Conditionally create storage on incoming migration
Stefan Berger
stefanb at linux.ibm.com
Wed Oct 5 14:02:01 UTC 2022
Do not create storage if TPM_SHARED_STORAGE migration flag is set and on
incoming migration since in this case the storage directory must already
exist. Also do not run swtpm_setup in this case.
Pass the migration flag from migration related functions all the way down
to TPM related functions. If no migration flags exist on higher layers,
pass down '0'.
Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
---
src/qemu/qemu_driver.c | 4 ++--
src/qemu/qemu_extdevice.c | 5 +++--
src/qemu/qemu_extdevice.h | 3 ++-
src/qemu/qemu_migration.c | 2 +-
src/qemu/qemu_process.c | 10 ++++++----
src/qemu/qemu_process.h | 6 ++++--
src/qemu/qemu_saveimage.c | 2 +-
src/qemu/qemu_snapshot.c | 4 ++--
src/qemu/qemu_tpm.c | 27 +++++++++++++++++++++------
src/qemu/qemu_tpm.h | 3 ++-
10 files changed, 44 insertions(+), 22 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 40d23b5723..3f163a4664 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1633,7 +1633,7 @@ static virDomainPtr qemuDomainCreateXML(virConnectPtr conn,
if (qemuProcessStart(conn, driver, vm, NULL, VIR_ASYNC_JOB_START,
NULL, -1, NULL, NULL,
VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
- start_flags) < 0) {
+ start_flags, 0) < 0) {
virDomainAuditStart(vm, "booted", false);
qemuDomainRemoveInactive(driver, vm, 0);
qemuProcessEndJob(vm);
@@ -6555,7 +6555,7 @@ qemuDomainObjStart(virConnectPtr conn,
ret = qemuProcessStart(conn, driver, vm, NULL, asyncJob,
NULL, -1, NULL, NULL,
- VIR_NETDEV_VPORT_PROFILE_OP_CREATE, start_flags);
+ VIR_NETDEV_VPORT_PROFILE_OP_CREATE, start_flags, 0);
virDomainAuditStart(vm, "booted", ret >= 0);
if (ret >= 0) {
virObjectEvent *event =
diff --git a/src/qemu/qemu_extdevice.c b/src/qemu/qemu_extdevice.c
index 24a57b0f74..0bafe2b7b0 100644
--- a/src/qemu/qemu_extdevice.c
+++ b/src/qemu/qemu_extdevice.c
@@ -168,7 +168,8 @@ qemuExtDevicesCleanupHost(virQEMUDriver *driver,
int
qemuExtDevicesStart(virQEMUDriver *driver,
virDomainObj *vm,
- bool incomingMigration)
+ bool incomingMigration,
+ virDomainMigrateFlags flags)
{
virDomainDef *def = vm->def;
size_t i;
@@ -186,7 +187,7 @@ qemuExtDevicesStart(virQEMUDriver *driver,
virDomainTPMDef *tpm = def->tpms[i];
if (tpm->type == VIR_DOMAIN_TPM_TYPE_EMULATOR &&
- qemuExtTPMStart(driver, vm, tpm, incomingMigration) < 0)
+ qemuExtTPMStart(driver, vm, tpm, incomingMigration, flags) < 0)
return -1;
}
diff --git a/src/qemu/qemu_extdevice.h b/src/qemu/qemu_extdevice.h
index 6b05b59cd6..723e21d42c 100644
--- a/src/qemu/qemu_extdevice.h
+++ b/src/qemu/qemu_extdevice.h
@@ -47,7 +47,8 @@ void qemuExtDevicesCleanupHost(virQEMUDriver *driver,
int qemuExtDevicesStart(virQEMUDriver *driver,
virDomainObj *vm,
- bool incomingMigration)
+ bool incomingMigration,
+ virDomainMigrateFlags flags)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
G_GNUC_WARN_UNUSED_RESULT;
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 33105cf07b..efb27a24aa 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -3095,7 +3095,7 @@ qemuMigrationDstPrepareActive(virQEMUDriver *driver,
rv = qemuProcessLaunch(dconn, driver, vm, VIR_ASYNC_JOB_MIGRATION_IN,
incoming, NULL,
VIR_NETDEV_VPORT_PROFILE_OP_MIGRATE_IN_START,
- startFlags);
+ startFlags, flags);
if (rv < 0) {
if (rv == -2)
relabel = true;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 97336e2622..f278b73858 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -7421,7 +7421,8 @@ qemuProcessLaunch(virConnectPtr conn,
qemuProcessIncomingDef *incoming,
virDomainMomentObj *snapshot,
virNetDevVPortProfileOp vmop,
- unsigned int flags)
+ unsigned int flags,
+ virDomainMigrateFlags migFlags)
{
int ret = -1;
int rv;
@@ -7485,7 +7486,7 @@ qemuProcessLaunch(virConnectPtr conn,
if (qemuProcessGenID(vm, flags) < 0)
goto cleanup;
- if (qemuExtDevicesStart(driver, vm, incoming != NULL) < 0)
+ if (qemuExtDevicesStart(driver, vm, incoming != NULL, migFlags) < 0)
goto cleanup;
if (!(cmd = qemuBuildCommandLine(vm,
@@ -7849,7 +7850,8 @@ qemuProcessStart(virConnectPtr conn,
const char *migratePath,
virDomainMomentObj *snapshot,
virNetDevVPortProfileOp vmop,
- unsigned int flags)
+ unsigned int flags,
+ virDomainMigrateFlags migFlags)
{
qemuDomainObjPrivate *priv = vm->privateData;
qemuProcessIncomingDef *incoming = NULL;
@@ -7901,7 +7903,7 @@ qemuProcessStart(virConnectPtr conn,
}
if ((rv = qemuProcessLaunch(conn, driver, vm, asyncJob, incoming,
- snapshot, vmop, flags)) < 0) {
+ snapshot, vmop, flags, migFlags)) < 0) {
if (rv == -2)
relabel = true;
goto stop;
diff --git a/src/qemu/qemu_process.h b/src/qemu/qemu_process.h
index 421efc6016..76fcbd56e6 100644
--- a/src/qemu/qemu_process.h
+++ b/src/qemu/qemu_process.h
@@ -88,7 +88,8 @@ int qemuProcessStart(virConnectPtr conn,
const char *stdin_path,
virDomainMomentObj *snapshot,
virNetDevVPortProfileOp vmop,
- unsigned int flags);
+ unsigned int flags,
+ virDomainMigrateFlags migFlags);
int qemuProcessCreatePretendCmdPrepare(virQEMUDriver *driver,
virDomainObj *vm,
@@ -130,7 +131,8 @@ int qemuProcessLaunch(virConnectPtr conn,
qemuProcessIncomingDef *incoming,
virDomainMomentObj *snapshot,
virNetDevVPortProfileOp vmop,
- unsigned int flags);
+ unsigned int flags,
+ virDomainMigrateFlags migFlags);
int qemuProcessFinishStartup(virQEMUDriver *driver,
virDomainObj *vm,
diff --git a/src/qemu/qemu_saveimage.c b/src/qemu/qemu_saveimage.c
index 79567bf17d..af2394f829 100644
--- a/src/qemu/qemu_saveimage.c
+++ b/src/qemu/qemu_saveimage.c
@@ -632,7 +632,7 @@ qemuSaveImageStartVM(virConnectPtr conn,
if (qemuProcessStart(conn, driver, vm, cookie ? cookie->cpu : NULL,
asyncJob, "stdio", *fd, path, NULL,
VIR_NETDEV_VPORT_PROFILE_OP_RESTORE,
- start_flags) == 0)
+ start_flags, 0) == 0)
started = true;
if (intermediatefd != -1) {
diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c
index 06b5c180ff..471e14e22c 100644
--- a/src/qemu/qemu_snapshot.c
+++ b/src/qemu/qemu_snapshot.c
@@ -1999,7 +1999,7 @@ qemuSnapshotRevertActive(virDomainObj *vm,
cookie ? cookie->cpu : NULL,
VIR_ASYNC_JOB_START, NULL, -1, NULL, snap,
VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
- start_flags);
+ start_flags, 0);
virDomainAuditStart(vm, "from-snapshot", rc >= 0);
detail = VIR_DOMAIN_EVENT_STARTED_FROM_SNAPSHOT;
event = virDomainEventLifecycleNewFromObj(vm,
@@ -2122,7 +2122,7 @@ qemuSnapshotRevertInactive(virDomainObj *vm,
rc = qemuProcessStart(snapshot->domain->conn, driver, vm, NULL,
VIR_ASYNC_JOB_START, NULL, -1, NULL, NULL,
VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
- start_flags);
+ start_flags, 0);
virDomainAuditStart(vm, "from-snapshot", rc >= 0);
if (rc < 0) {
qemuDomainRemoveInactive(driver, vm, 0);
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index dc09c94a4d..07def3c840 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -536,6 +536,7 @@ qemuTPMEmulatorReconfigure(const char *storagepath,
* @swtpm_user: The uid for the swtpm to run as (drop privileges to from root)
* @swtpm_group: The gid for the swtpm to run as
* @incomingMigration: whether we have an incoming migration
+ * @flags: migration flags
*
* Create the virCommand use for starting the emulator
* Do some initializations on the way, such as creation of storage
@@ -548,7 +549,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
bool privileged,
uid_t swtpm_user,
gid_t swtpm_group,
- bool incomingMigration)
+ bool incomingMigration,
+ virDomainMigrateFlags flags)
{
g_autoptr(virCommand) cmd = NULL;
bool created = false;
@@ -556,11 +558,19 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
int pwdfile_fd = -1;
int migpwdfile_fd = -1;
const unsigned char *secretuuid = NULL;
+ bool create_storage = true;
if (!swtpm)
return NULL;
- if (qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_group) < 0)
+ /* Do not create storage and run swtpm_setup on incoming migration over
+ * shared storage
+ */
+ if (incomingMigration && (flags & VIR_MIGRATE_TPM_SHARED_STORAGE))
+ create_storage = false;
+
+ if (create_storage &&
+ qemuTPMEmulatorCreateStorage(tpm, &created, swtpm_user, swtpm_group) < 0)
return NULL;
if (tpm->data.emulator.hassecretuuid)
@@ -854,6 +864,7 @@ qemuExtTPMEmulatorSetupCgroup(const char *swtpmStateDir,
* @tpm: TPM definition
* @shortName: short and unique name of the domain
* @incomingMigration: whether we have an incoming migration
+ * @flags: migration flags
*
* Start the external TPM Emulator:
* - have the command line built
@@ -864,7 +875,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virDomainObj *vm,
const char *shortName,
virDomainTPMDef *tpm,
- bool incomingMigration)
+ bool incomingMigration,
+ virDomainMigrateFlags flags)
{
g_autoptr(virCommand) cmd = NULL;
VIR_AUTOCLOSE errfd = -1;
@@ -884,7 +896,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
driver->privileged,
cfg->swtpm_user,
cfg->swtpm_group,
- incomingMigration)))
+ incomingMigration,
+ flags)))
return -1;
if (qemuExtDeviceLogCommand(driver, vm, cmd, "TPM Emulator") < 0)
@@ -1011,14 +1024,16 @@ int
qemuExtTPMStart(virQEMUDriver *driver,
virDomainObj *vm,
virDomainTPMDef *tpm,
- bool incomingMigration)
+ bool incomingMigration,
+ virDomainMigrateFlags flags)
{
g_autofree char *shortName = virDomainDefGetShortName(vm->def);
if (!shortName)
return -1;
- return qemuTPMEmulatorStart(driver, vm, shortName, tpm, incomingMigration);
+ return qemuTPMEmulatorStart(driver, vm, shortName, tpm, incomingMigration,
+ flags);
}
diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h
index f068f3ca5a..410c9ec1c6 100644
--- a/src/qemu/qemu_tpm.h
+++ b/src/qemu/qemu_tpm.h
@@ -42,7 +42,8 @@ void qemuExtTPMCleanupHost(virDomainTPMDef *tpm,
int qemuExtTPMStart(virQEMUDriver *driver,
virDomainObj *vm,
virDomainTPMDef *def,
- bool incomingMigration)
+ bool incomingMigration,
+ virDomainMigrateFlags flags)
ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
ATTRIBUTE_NONNULL(3)
G_GNUC_WARN_UNUSED_RESULT;
--
2.37.3
More information about the libvir-list
mailing list