SHA256
1
0
forked from pool/libvirt

Accepting request 871282 from home:jfehlig:branches:Virtualization

- qemu: Fix swtpm device with aarch64
  7cf60006-qemu-swtpm-aarch64.patch,
  afb823fc-qemu-validate-swtpm.patch
  bsc#1181893

- build: Fix generation of virtproxyd socket files
  e3d60f76-fix-socket-file-gen.patch
  boo#1181838

OBS-URL: https://build.opensuse.org/request/show/871282
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=874
This commit is contained in:
James Fehlig 2021-02-11 19:20:19 +00:00 committed by Git OBS Bridge
parent b23d6f9e93
commit 550774c418
5 changed files with 204 additions and 0 deletions

View File

@ -0,0 +1,122 @@
commit 7cf60006ce1e9898b960d7810f146ac6c89f6bb0
Author: Jim Fehlig <jfehlig@suse.com>
Date: Tue Feb 9 14:57:22 2021 -0700
qemu: Fix swtpm device with aarch64
Starting a VM with swtpm device fails with qemu-system-aarch64.
E.g. with TPM device config
<tpm model='tpm-tis'>
<backend type='emulator' version='2.0'/>
</tpm>
QEMU reports the following error
error: internal error: process exited while connecting to monitor:
2021-02-07T05:15:35.378927Z qemu-system-aarch64: -device
tpm-tis,tpmdev=tpm-tpm0,id=tpm0: 'tpm-tis' is not a valid device model name
Indeed the TPM device name is 'tpm-tis-device' [1][2] for aarch64,
versus the shorter 'tpm-tis' for x86. The devices are the same from
a functional POV, i.e. they both emulate a TPM device conforming to
the TIS specification. Account for the unfortunate name difference
when building the TPM device option in qemuBuildTPMDevStr(). Also
include a test case for 'tpm-tis-device'.
[1] https://qemu.readthedocs.io/en/latest/specs/tpm.html
[2] https://github.com/qemu/qemu/commit/c294ac327ca99342b90bd3a83d2cef9b447afaa7
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index d27d5eb55b..5fe4e618fe 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9230,6 +9230,9 @@ qemuBuildTPMDevStr(const virDomainDef *def,
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
const char *model = virDomainTPMModelTypeToString(tpm->model);
+ if (tpm->model == VIR_DOMAIN_TPM_MODEL_TIS && def->os.arch == VIR_ARCH_AARCH64)
+ model = "tpm-tis-device";
+
virBufferAsprintf(&buf, "%s,tpmdev=tpm-%s,id=%s",
model, tpm->info.alias, tpm->info.alias);
diff --git a/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args
new file mode 100644
index 0000000000..94a083d816
--- /dev/null
+++ b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args
@@ -0,0 +1,37 @@
+LC_ALL=C \
+PATH=/bin \
+HOME=/tmp/lib/domain--1-aarch64test \
+USER=test \
+LOGNAME=test \
+XDG_DATA_HOME=/tmp/lib/domain--1-aarch64test/.local/share \
+XDG_CACHE_HOME=/tmp/lib/domain--1-aarch64test/.cache \
+XDG_CONFIG_HOME=/tmp/lib/domain--1-aarch64test/.config \
+QEMU_AUDIO_DRV=none \
+/usr/bin/qemu-system-aarch64 \
+-name guest=aarch64test,debug-threads=on \
+-S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-aarch64test/master-key.aes \
+-machine virt,accel=tcg,usb=off,dump-guest-core=off,gic-version=2,\
+memory-backend=mach-virt.ram \
+-cpu cortex-a15 \
+-m 1024 \
+-object memory-backend-ram,id=mach-virt.ram,size=1073741824 \
+-overcommit mem-lock=off \
+-smp 1,sockets=1,cores=1,threads=1 \
+-uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \
+-display none \
+-no-user-config \
+-nodefaults \
+-chardev socket,id=charmonitor,fd=1729,server,nowait \
+-mon chardev=charmonitor,id=monitor,mode=control \
+-rtc base=utc \
+-no-shutdown \
+-no-acpi \
+-boot strict=on \
+-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \
+-chardev socket,id=chrtpm,path=/dev/test \
+-device tpm-tis-device,tpmdev=tpm-tpm0,id=tpm0 \
+-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
+resourcecontrol=deny \
+-msg timestamp=on
diff --git a/tests/qemuxml2argvdata/aarch64-tpm.xml b/tests/qemuxml2argvdata/aarch64-tpm.xml
new file mode 100644
index 0000000000..d338a20f17
--- /dev/null
+++ b/tests/qemuxml2argvdata/aarch64-tpm.xml
@@ -0,0 +1,15 @@
+<domain type="qemu">
+ <name>aarch64test</name>
+ <uuid>496d7ea8-9739-544b-4ebd-ef08be936e8b</uuid>
+ <memory>1048576</memory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch="aarch64" machine="virt">hvm</type>
+ </os>
+ <devices>
+ <emulator>/usr/bin/qemu-system-aarch64</emulator>
+ <tpm model='tpm-tis'>
+ <backend type='emulator' version='2.0'/>
+ </tpm>
+ </devices>
+</domain>
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index d324921271..82cf503dd0 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -2478,6 +2478,7 @@ mymain(void)
DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-enc");
DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-pstate");
DO_TEST_CAPS_LATEST_PPC64("tpm-emulator-spapr");
+ DO_TEST_CAPS_ARCH_LATEST("aarch64-tpm", "aarch64");
DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE);
DO_TEST_PARSE_ERROR("pci-bus-invalid", NONE);

View File

@ -0,0 +1,30 @@
commit afb823fc501cf5b17d2d2b555487abf67c225a7c
Author: Jim Fehlig <jfehlig@suse.com>
Date: Tue Feb 9 15:47:30 2021 -0700
qemu: Validate TPM TIS device
TPM devices with model='tpm-tis' are only valid with x86 and aarch64
virt machines. Add a check to qemuValidateDomainDeviceDefTPM() to
ensure VIR_DOMAIN_TPM_MODEL_TIS is only used with these architectures.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index a70737327e..bf4901bf89 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -4299,6 +4299,12 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
switch (tpm->model) {
case VIR_DOMAIN_TPM_MODEL_TIS:
+ if (!ARCH_IS_X86(def->os.arch) && (def->os.arch != VIR_ARCH_AARCH64)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("TPM model '%s' is only available for x86 and aarch64 guests"),
+ virDomainTPMModelTypeToString(tpm->model));
+ return -1;
+ }
flag = QEMU_CAPS_DEVICE_TPM_TIS;
break;
case VIR_DOMAIN_TPM_MODEL_CRB:

View File

@ -0,0 +1,34 @@
commit e3d60f761c7fc1c254e39ea8e42161698c0ee7b5
Author: Jim Fehlig <jfehlig@suse.com>
Date: Tue Feb 9 08:55:41 2021 -0700
build: Fix generation of virtproxyd socket files
The various virtproxyd socket files are generated with invalid syntax,
e.g. from virtproxyd.socket
[Unit]
Description=Libvirt proxy local socket
Before=virtproxyd.service
libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
Note the missing 'Conflicts=' in the last line. Fix it by prepending
'Conflicts=' to libvirtd_socket_conflicts when adding virtproxyd
to virt_daemon_units.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Index: libvirt-7.0.0/src/remote/meson.build
===================================================================
--- libvirt-7.0.0.orig/src/remote/meson.build
+++ libvirt-7.0.0/src/remote/meson.build
@@ -230,7 +230,7 @@ if conf.has('WITH_REMOTE')
'name': 'Libvirt proxy',
'sockprefix': 'libvirt',
'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ],
- 'deps': libvirtd_socket_conflicts,
+ 'deps': 'Conflicts=' + libvirtd_socket_conflicts,
}
openrc_init_files += {

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Thu Feb 11 17:21:23 UTC 2021 - James Fehlig <jfehlig@suse.com>
- qemu: Fix swtpm device with aarch64
7cf60006-qemu-swtpm-aarch64.patch,
afb823fc-qemu-validate-swtpm.patch
bsc#1181893
-------------------------------------------------------------------
Tue Feb 9 18:49:11 UTC 2021 - James Fehlig <jfehlig@suse.com>
- build: Fix generation of virtproxyd socket files
e3d60f76-fix-socket-file-gen.patch
boo#1181838
-------------------------------------------------------------------
Fri Jan 29 17:54:25 UTC 2021 - James Fehlig <jfehlig@suse.com>

View File

@ -292,6 +292,9 @@ Source99: baselibs.conf
Source100: %{name}-rpmlintrc
# Upstream patches
Patch0: 32c5e432-revert-f035f53b.patch
Patch1: e3d60f76-fix-socket-file-gen.patch
Patch2: 7cf60006-qemu-swtpm-aarch64.patch
Patch3: afb823fc-qemu-validate-swtpm.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch