Accepting request 871282 from home:jfehlig:branches:Virtualization

- qemu: Fix swtpm device with aarch64
  7cf60006-qemu-swtpm-aarch64.patch,
  afb823fc-qemu-validate-swtpm.patch
  bsc#1181893

- build: Fix generation of virtproxyd socket files
  e3d60f76-fix-socket-file-gen.patch
  boo#1181838

OBS-URL: https://build.opensuse.org/request/show/871282
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=874

7cf60006-qemu-swtpm-aarch64.patch

@@ -0,0 +1,122 @@
+commit 7cf60006ce1e9898b960d7810f146ac6c89f6bb0
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Tue Feb 9 14:57:22 2021 -0700
+
+    qemu: Fix swtpm device with aarch64
+    
+    Starting a VM with swtpm device fails with qemu-system-aarch64.
+    E.g. with TPM device config
+    
+         <tpm model='tpm-tis'>
+           <backend type='emulator' version='2.0'/>
+          </tpm>
+    
+    QEMU reports the following error
+    
+    error: internal error: process exited while connecting to monitor:
+    2021-02-07T05:15:35.378927Z qemu-system-aarch64: -device
+    tpm-tis,tpmdev=tpm-tpm0,id=tpm0: 'tpm-tis' is not a valid device model name
+    
+    Indeed the TPM device name is 'tpm-tis-device' [1][2] for aarch64,
+    versus the shorter 'tpm-tis' for x86. The devices are the same from
+    a functional POV, i.e. they both emulate a TPM device conforming to
+    the TIS specification. Account for the unfortunate name difference
+    when building the TPM device option in qemuBuildTPMDevStr(). Also
+    include a test case for 'tpm-tis-device'.
+    
+    [1] https://qemu.readthedocs.io/en/latest/specs/tpm.html
+    [2] https://github.com/qemu/qemu/commit/c294ac327ca99342b90bd3a83d2cef9b447afaa7
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+    Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index d27d5eb55b..5fe4e618fe 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -9230,6 +9230,9 @@ qemuBuildTPMDevStr(const virDomainDef *def,
+     g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+     const char *model = virDomainTPMModelTypeToString(tpm->model);
+ 
++    if (tpm->model == VIR_DOMAIN_TPM_MODEL_TIS && def->os.arch == VIR_ARCH_AARCH64)
++        model = "tpm-tis-device";
++
+     virBufferAsprintf(&buf, "%s,tpmdev=tpm-%s,id=%s",
+                       model, tpm->info.alias, tpm->info.alias);
+ 
+diff --git a/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args
+new file mode 100644
+index 0000000000..94a083d816
+--- /dev/null
++++ b/tests/qemuxml2argvdata/aarch64-tpm.aarch64-latest.args
+@@ -0,0 +1,37 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/tmp/lib/domain--1-aarch64test \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/tmp/lib/domain--1-aarch64test/.local/share \
++XDG_CACHE_HOME=/tmp/lib/domain--1-aarch64test/.cache \
++XDG_CONFIG_HOME=/tmp/lib/domain--1-aarch64test/.config \
++QEMU_AUDIO_DRV=none \
++/usr/bin/qemu-system-aarch64 \
++-name guest=aarch64test,debug-threads=on \
++-S \
++-object secret,id=masterKey0,format=raw,\
++file=/tmp/lib/domain--1-aarch64test/master-key.aes \
++-machine virt,accel=tcg,usb=off,dump-guest-core=off,gic-version=2,\
++memory-backend=mach-virt.ram \
++-cpu cortex-a15 \
++-m 1024 \
++-object memory-backend-ram,id=mach-virt.ram,size=1073741824 \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 496d7ea8-9739-544b-4ebd-ef08be936e8b \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server,nowait \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-no-acpi \
++-boot strict=on \
++-tpmdev emulator,id=tpm-tpm0,chardev=chrtpm \
++-chardev socket,id=chrtpm,path=/dev/test \
++-device tpm-tis-device,tpmdev=tpm-tpm0,id=tpm0 \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
++resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxml2argvdata/aarch64-tpm.xml b/tests/qemuxml2argvdata/aarch64-tpm.xml
+new file mode 100644
+index 0000000000..d338a20f17
+--- /dev/null
++++ b/tests/qemuxml2argvdata/aarch64-tpm.xml
+@@ -0,0 +1,15 @@
++<domain type="qemu">
++  <name>aarch64test</name>
++  <uuid>496d7ea8-9739-544b-4ebd-ef08be936e8b</uuid>
++  <memory>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch="aarch64" machine="virt">hvm</type>
++  </os>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <tpm model='tpm-tis'>
++      <backend type='emulator' version='2.0'/>
++    </tpm>
++  </devices>
++</domain>
+diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
+index d324921271..82cf503dd0 100644
+--- a/tests/qemuxml2argvtest.c
++++ b/tests/qemuxml2argvtest.c
+@@ -2478,6 +2478,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-enc");
+     DO_TEST_CAPS_LATEST("tpm-emulator-tpm2-pstate");
+     DO_TEST_CAPS_LATEST_PPC64("tpm-emulator-spapr");
++    DO_TEST_CAPS_ARCH_LATEST("aarch64-tpm", "aarch64");
+ 
+     DO_TEST_PARSE_ERROR("pci-domain-invalid", NONE);
+     DO_TEST_PARSE_ERROR("pci-bus-invalid", NONE);

afb823fc-qemu-validate-swtpm.patch

@@ -0,0 +1,30 @@
+commit afb823fc501cf5b17d2d2b555487abf67c225a7c
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Tue Feb 9 15:47:30 2021 -0700
+
+    qemu: Validate TPM TIS device
+    
+    TPM devices with model='tpm-tis' are only valid with x86 and aarch64
+    virt machines. Add a check to qemuValidateDomainDeviceDefTPM() to
+    ensure VIR_DOMAIN_TPM_MODEL_TIS is only used with these architectures.
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+    Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+
+diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
+index a70737327e..bf4901bf89 100644
+--- a/src/qemu/qemu_validate.c
++++ b/src/qemu/qemu_validate.c
+@@ -4299,6 +4299,12 @@ qemuValidateDomainDeviceDefTPM(virDomainTPMDef *tpm,
+ 
+     switch (tpm->model) {
+     case VIR_DOMAIN_TPM_MODEL_TIS:
++        if (!ARCH_IS_X86(def->os.arch) && (def->os.arch != VIR_ARCH_AARCH64)) {
++            virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
++                           _("TPM model '%s' is only available for x86 and aarch64 guests"),
++                          virDomainTPMModelTypeToString(tpm->model));
++            return -1;
++        }
+         flag = QEMU_CAPS_DEVICE_TPM_TIS;
+         break;
+     case VIR_DOMAIN_TPM_MODEL_CRB:

e3d60f76-fix-socket-file-gen.patch

@@ -0,0 +1,34 @@
+commit e3d60f761c7fc1c254e39ea8e42161698c0ee7b5
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Tue Feb 9 08:55:41 2021 -0700
+
+    build: Fix generation of virtproxyd socket files
+    
+    The various virtproxyd socket files are generated with invalid syntax,
+    e.g. from virtproxyd.socket
+    
+    [Unit]
+    Description=Libvirt proxy local socket
+    Before=virtproxyd.service
+    libvirtd.socket libvirtd-ro.socket libvirtd-admin.socket libvirtd-tcp.socket libvirtd-tls.socket
+    
+    Note the missing 'Conflicts=' in the last line. Fix it by prepending
+    'Conflicts=' to libvirtd_socket_conflicts when adding virtproxyd
+    to virt_daemon_units.
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-7.0.0/src/remote/meson.build
+===================================================================
+--- libvirt-7.0.0.orig/src/remote/meson.build
++++ libvirt-7.0.0/src/remote/meson.build
+@@ -230,7 +230,7 @@ if conf.has('WITH_REMOTE')
+       'name': 'Libvirt proxy',
+       'sockprefix': 'libvirt',
+       'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ],
+-      'deps': libvirtd_socket_conflicts,
++      'deps': 'Conflicts=' + libvirtd_socket_conflicts,
+     }
+ 
+     openrc_init_files += {

libvirt.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Thu Feb 11 17:21:23 UTC 2021 - James Fehlig <jfehlig@suse.com>
+
+- qemu: Fix swtpm device with aarch64
+  7cf60006-qemu-swtpm-aarch64.patch,
+  afb823fc-qemu-validate-swtpm.patch
+  bsc#1181893
+
+-------------------------------------------------------------------
+Tue Feb  9 18:49:11 UTC 2021 - James Fehlig <jfehlig@suse.com>
+
+- build: Fix generation of virtproxyd socket files
+  e3d60f76-fix-socket-file-gen.patch
+  boo#1181838
+
 -------------------------------------------------------------------
 Fri Jan 29 17:54:25 UTC 2021 - James Fehlig <jfehlig@suse.com>
 

libvirt.spec

@@ -292,6 +292,9 @@ Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
 Patch0:         32c5e432-revert-f035f53b.patch
+Patch1:         e3d60f76-fix-socket-file-gen.patch
+Patch2:         7cf60006-qemu-swtpm-aarch64.patch
+Patch3:         afb823fc-qemu-validate-swtpm.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch