diff --git a/7cf60006-qemu-swtpm-aarch64.patch b/7cf60006-qemu-swtpm-aarch64.patch new file mode 100644 index 0000000..29ba1f9 --- /dev/null +++ b/7cf60006-qemu-swtpm-aarch64.patch @@ -0,0 +1,122 @@ +commit 7cf60006ce1e9898b960d7810f146ac6c89f6bb0 +Author: Jim Fehlig +Date: Tue Feb 9 14:57:22 2021 -0700 + + qemu: Fix swtpm device with aarch64 + + Starting a VM with swtpm device fails with qemu-system-aarch64. + E.g. with TPM device config + + + + + + QEMU reports the following error + + error: internal error: process exited while connecting to monitor: + 2021-02-07T05:15:35.378927Z qemu-system-aarch64: -device + tpm-tis,tpmdev=tpm-tpm0,id=tpm0: 'tpm-tis' is not a valid device model name + + Indeed the TPM device name is 'tpm-tis-device' [1][2] for aarch64, + versus the shorter 'tpm-tis' for x86. The devices are the same from + a functional POV, i.e. they both emulate a TPM device conforming to + the TIS specification. Account for the unfortunate name difference + when building the TPM device option in qemuBuildTPMDevStr(). Also + include a test case for 'tpm-tis-device'. + + [1] https://qemu.readthedocs.io/en/latest/specs/tpm.html + [2] https://github.com/qemu/qemu/commit/c294ac327ca99342b90bd3a83d2cef9b447afaa7 + + Signed-off-by: Jim Fehlig + Reviewed-by: Andrea Bolognani + +diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c +index d27d5eb55b..5fe4e618fe 100644 +--- a/src/qemu/qemu_command.c ++++ b/src/qemu/qemu_command.c +@@ -9230,6 +9230,9 @@ qemuBuildTPMDevStr(const virDomainDef *def, + g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; + const char *model = virDomainTPMModelTypeToString(tpm->model); + ++ if (tpm->model == VIR_DOMAIN_TPM_MODEL_TIS && def->os.arch == VIR_ARCH_AARCH64) ++ model = "tpm-tis-device"; ++ + virBufferAsprintf(&buf, "%s,tpmdev=tpm-%s,id=%s", + model, tpm->info.alias, tpm->info.alias); + +diff --git a/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args +new file mode 100644 +index 0000000000..94a083d816 +--- /dev/null ++++ b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args +@@ -0,0 +1,37 @@ ++LC_ALL=C \ ++PATH=/bin \ ++HOME=/tmp/lib/domain--1-aarch64test \ ++USER=test \ ++LOGNAME=test \ ++XDG_DATA_HOME=/tmp/lib/domain--1-aarch64test/.local/share \ ++XDG_CACHE_HOME=/tmp/lib/domain--1-aarch64test/.cache \ ++XDG_CONFIG_HOME=/tmp/lib/domain--1-aarch64test/.config \ ++QEMU_AUDIO_DRV=none \ ++/usr/bin/qemu-system-aarch64 \ ++-name guest=aarch64test,debug-threads=on \ ++-S \ ++-object secret,id=masterKey0,format=raw,\ ++file=/tmp/lib/domain--1-aarch64test/master-key.aes \ ++-machine virt,accel=tcg,usb=off,dump-guest-core=off,gic-version=2,\ ++memory-backend=mach-virt.ram \ ++-cpu cortex-a15 \ ++-m 1024 \ ++-object memory-backend-ram,id=mach-virt.ram,size=1073741824 \ ++-overcommit mem-lock=off \ ++-smp 1,sockets=1,cores=1,threads=1 \ ++-uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \ ++-display none \ ++-no-user-config \ ++-nodefaults \ ++-chardev socket,id=charmonitor,fd=1729,server,nowait \ ++-mon chardev=charmonitor,id=monitor,mode=control \ ++-rtc base=utc \ ++-no-shutdown \ ++-no-acpi \ ++-boot strict=on \ ++-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \ ++-chardev socket,id=chrtpm,path=/dev/test \ ++-device tpm-tis-device,tpmdev=tpm-tpm0,id=tpm0 \ ++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\ ++resourcecontrol=deny \ ++-msg timestamp=on +diff --git a/tests/qemuxml2argvdata/aarch64-tpm.xml b/tests/qemuxml2argvdata/aarch64-tpm.xml +new file mode 100644 +index 0000000000..d338a20f17 +--- /dev/null ++++ b/tests/qemuxml2argvdata/aarch64-tpm.xml +@@ -0,0 +1,15 @@ ++ ++ aarch64test ++ 496d7ea8-9739-544b-4ebd-ef08be936e8b ++ 1048576 ++ 1 ++ ++ hvm ++ ++ ++ /usr/bin/qemu-system-aarch64 ++ ++ ++ ++ ++ +diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c +index d324921271..82cf503dd0 100644 +--- a/tests/qemuxml2argvtest.c ++++ b/tests/qemuxml2argvtest.c +@@ -2478,6 +2478,7 @@ mymain(void) + DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-enc"); + DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-pstate"); + DO_TEST_CAPS_LATEST_PPC64("tpm-emulator-spapr"); ++ DO_TEST_CAPS_ARCH_LATEST("aarch64-tpm", "aarch64"); + + DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE); + DO_TEST_PARSE_ERROR("pci-bus-invalid", NONE); diff --git a/afb823fc-qemu-validate-swtpm.patch b/afb823fc-qemu-validate-swtpm.patch new file mode 100644 index 0000000..085465c --- /dev/null +++ b/afb823fc-qemu-validate-swtpm.patch @@ -0,0 +1,30 @@ +commit afb823fc501cf5b17d2d2b555487abf67c225a7c +Author: Jim Fehlig +Date: Tue Feb 9 15:47:30 2021 -0700 + + qemu: Validate TPM TIS device + + TPM devices with model='tpm-tis' are only valid with x86 and aarch64 + virt machines. Add a check to qemuValidateDomainDeviceDefTPM() to + ensure VIR_DOMAIN_TPM_MODEL_TIS is only used with these architectures. + + Signed-off-by: Jim Fehlig + Reviewed-by: Andrea Bolognani + +diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c +index a70737327e..bf4901bf89 100644 +--- a/src/qemu/qemu_validate.c ++++ b/src/qemu/qemu_validate.c +@@ -4299,6 +4299,12 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm, + + switch (tpm->model) { + case VIR_DOMAIN_TPM_MODEL_TIS: ++ if (!ARCH_IS_X86(def->os.arch) && (def->os.arch != VIR_ARCH_AARCH64)) { ++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, ++ _("TPM model '%s' is only available for x86 and aarch64 guests"), ++ virDomainTPMModelTypeToString(tpm->model)); ++ return -1; ++ } + flag = QEMU_CAPS_DEVICE_TPM_TIS; + break; + case VIR_DOMAIN_TPM_MODEL_CRB: diff --git a/e3d60f76-fix-socket-file-gen.patch b/e3d60f76-fix-socket-file-gen.patch new file mode 100644 index 0000000..2822ee0 --- /dev/null +++ b/e3d60f76-fix-socket-file-gen.patch @@ -0,0 +1,34 @@ +commit e3d60f761c7fc1c254e39ea8e42161698c0ee7b5 +Author: Jim Fehlig +Date: Tue Feb 9 08:55:41 2021 -0700 + + build: Fix generation of virtproxyd socket files + + The various virtproxyd socket files are generated with invalid syntax, + e.g. from virtproxyd.socket + + [Unit] + Description=Libvirt proxy local socket + Before=virtproxyd.service + libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket + + Note the missing 'Conflicts=' in the last line. Fix it by prepending + 'Conflicts=' to libvirtd_socket_conflicts when adding virtproxyd + to virt_daemon_units. + + Signed-off-by: Jim Fehlig + Reviewed-by: Daniel P. Berrangé + +Index: libvirt-7.0.0/src/remote/meson.build +=================================================================== +--- libvirt-7.0.0.orig/src/remote/meson.build ++++ libvirt-7.0.0/src/remote/meson.build +@@ -230,7 +230,7 @@ if conf.has('WITH_REMOTE') + 'name': 'Libvirt proxy', + 'sockprefix': 'libvirt', + 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], +- 'deps': libvirtd_socket_conflicts, ++ 'deps': 'Conflicts=' + libvirtd_socket_conflicts, + } + + openrc_init_files += { diff --git a/libvirt.changes b/libvirt.changes index 78e16c2..2154a58 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,18 @@ +------------------------------------------------------------------- +Thu Feb 11 17:21:23 UTC 2021 - James Fehlig + +- qemu: Fix swtpm device with aarch64 + 7cf60006-qemu-swtpm-aarch64.patch, + afb823fc-qemu-validate-swtpm.patch + bsc#1181893 + +------------------------------------------------------------------- +Tue Feb 9 18:49:11 UTC 2021 - James Fehlig + +- build: Fix generation of virtproxyd socket files + e3d60f76-fix-socket-file-gen.patch + boo#1181838 + ------------------------------------------------------------------- Fri Jan 29 17:54:25 UTC 2021 - James Fehlig diff --git a/libvirt.spec b/libvirt.spec index 53582cb..2abb1d3 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -292,6 +292,9 @@ Source99: baselibs.conf Source100: %{name}-rpmlintrc # Upstream patches Patch0: 32c5e432-revert-f035f53b.patch +Patch1: e3d60f76-fix-socket-file-gen.patch +Patch2: 7cf60006-qemu-swtpm-aarch64.patch +Patch3: afb823fc-qemu-validate-swtpm.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch