NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Handle locking of TPM state directory for incoming migration

Browse Source 
By not attempting to lock the lock file, which would fail.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Andrea Bolognani 2024-10-02 11:10:08 +02:00
parent 454219ad6c
commit 7d6759135e
3 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/qemu/qemu_security.c
View File

@ -551,7 +551,8 @@ qemuSecurityRestoreNetdevLabel(virQEMUDriver *driver,
int int
qemuSecuritySetTPMLabels(virQEMUDriver *driver, qemuSecuritySetTPMLabels(virQEMUDriver *driver,
virDomainObj *vm, virDomainObj *vm,
bool setTPMStateLabel) bool setTPMStateLabel,
bool lockMetadataException)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
@ -567,7 +568,7 @@ qemuSecuritySetTPMLabels(virQEMUDriver *driver,
if (virSecurityManagerTransactionCommit(driver->securityManager, if (virSecurityManagerTransactionCommit(driver->securityManager,
-1, priv->rememberOwner, -1, priv->rememberOwner,
false) < 0) lockMetadataException) < 0)
goto cleanup; goto cleanup;
ret = 0; ret = 0;
@ -580,7 +581,8 @@ qemuSecuritySetTPMLabels(virQEMUDriver *driver,
int int
qemuSecurityRestoreTPMLabels(virQEMUDriver *driver, qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
virDomainObj *vm, virDomainObj *vm,
bool restoreTPMStateLabel) bool restoreTPMStateLabel,
bool lockMetadataException)
{ {
qemuDomainObjPrivate *priv = vm->privateData; qemuDomainObjPrivate *priv = vm->privateData;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver); g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
@ -596,7 +598,7 @@ qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
if (virSecurityManagerTransactionCommit(driver->securityManager, if (virSecurityManagerTransactionCommit(driver->securityManager,
-1, priv->rememberOwner, -1, priv->rememberOwner,
false) < 0) lockMetadataException) < 0)
goto cleanup; goto cleanup;
ret = 0; ret = 0;

6
src/qemu/qemu_security.h
View File

@ -87,11 +87,13 @@ int qemuSecurityRestoreNetdevLabel(virQEMUDriver *driver,
int qemuSecuritySetTPMLabels(virQEMUDriver *driver, int qemuSecuritySetTPMLabels(virQEMUDriver *driver,
virDomainObj *vm, virDomainObj *vm,
bool setTPMStateLabel); bool setTPMStateLabel,
bool lockMetadataException);
int qemuSecurityRestoreTPMLabels(virQEMUDriver *driver, int qemuSecurityRestoreTPMLabels(virQEMUDriver *driver,
virDomainObj *vm, virDomainObj *vm,
bool restoreTPMStateLabel); bool restoreTPMStateLabel,
bool lockMetadataException);
int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver, int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
virDomainObj *vm, virDomainObj *vm,

21
src/qemu/qemu_tpm.c
View File

@ -934,6 +934,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virTimeBackOffVar timebackoff; virTimeBackOffVar timebackoff;
const unsigned long long timeout = 1000; /* ms */ const unsigned long long timeout = 1000; /* ms */
pid_t pid = -1; pid_t pid = -1;
bool lockMetadataException = false;
cfg = virQEMUDriverGetConfig(driver); cfg = virQEMUDriverGetConfig(driver);
@ -959,7 +960,21 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virCommandSetPidFile(cmd, pidfile); virCommandSetPidFile(cmd, pidfile);
virCommandSetErrorFD(cmd, &errfd); virCommandSetErrorFD(cmd, &errfd);
if (qemuSecuritySetTPMLabels(driver, vm, true) < 0) if (incomingMigration && qemuTPMHasSharedStorage(driver, vm->def)) {
/* If the TPM is being migrated over shared storage, we can't
* lock all files before labeling them: the source swtpm
* process is still holding on to the lock file, and it will
* only release it after negotiation with the target swtpm
* process, which we can't start until labeling has been
* performed.
*
* So we explicity request for the lock file not to be locked
* before labeling in this specific, narrow scenario in order
* to make migration possible at all */
lockMetadataException = true;
}
if (qemuSecuritySetTPMLabels(driver, vm, true, lockMetadataException) < 0)
return -1; return -1;
if (qemuSecurityCommandRun(driver, vm, cmd, cfg->swtpm_user, if (qemuSecurityCommandRun(driver, vm, cmd, cfg->swtpm_user,
@ -1008,7 +1023,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
virProcessKillPainfully(pid, true); virProcessKillPainfully(pid, true);
if (pidfile) if (pidfile)
unlink(pidfile); unlink(pidfile);
qemuSecurityRestoreTPMLabels(driver, vm, true); qemuSecurityRestoreTPMLabels(driver, vm, true, lockMetadataException);
return -1; return -1;
} }
@ -1144,7 +1159,7 @@ qemuExtTPMStop(virQEMUDriver *driver,
if (outgoingMigration && qemuTPMHasSharedStorage(driver, vm->def)) if (outgoingMigration && qemuTPMHasSharedStorage(driver, vm->def))
restoreTPMStateLabel = false; restoreTPMStateLabel = false;
if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel) < 0) if (qemuSecurityRestoreTPMLabels(driver, vm, restoreTPMStateLabel, false) < 0)
VIR_WARN("Unable to restore labels on TPM state and/or log file"); VIR_WARN("Unable to restore labels on TPM state and/or log file");
} }