qemu: tpm: Pass --migration option to swtpm if supported and needed

Pass the --migration option to swtpm if swptm supports it (starting
with v0.8) and if the TPM's state is written on shared storage. If this
is the case apply the 'release-lock-outgoing' parameter with this
option and apply the 'incoming' parameter for incoming migration so that
swtpm releases the file lock on the source side when the state is migrated
and locks the file on the destination side when the state is received.

If a started swtpm instance is running with the necessary options of
migrating with share storage then remember this with a flag in the
virDomainTPMPrivateDef.

Report an error if swtpm does not support the --migration option and an
incoming migration across shared storage is requested.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 6f6c2c9e35ba9dda8ca8e0ef8952bfedd1244cfe..02816169cb120af138bc728cb4b371e2871986ee 100644 (file)
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1555,6 +1555,13 @@ qemuMigrationSrcIsAllowed(virQEMUDriver *driver,
                 return false;
             }
         }
+
+        if (qemuTPMHasSharedStorage(vm->def)&&
+            !qemuTPMCanMigrateSharedStorage(vm->def)) {
+            virReportError(VIR_ERR_NO_SUPPORT, "%s",
+                           _("the running swtpm does not support migration with shared storage"));
+            return false;
+        }
     }
 
     return true;

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 2d86e13b2ac448b905e976f10144311d7724a789..ae9b2c9fec16e5f85a2377295068f9bb3389c42d 100644 (file)
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -557,6 +557,7 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
     int migpwdfile_fd = -1;
     const unsigned char *secretuuid = NULL;
     bool create_storage = true;
+    bool on_shared_storage;
 
     if (!swtpm)
         return NULL;
@@ -564,8 +565,8 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
     /* Do not create storage and run swtpm_setup on incoming migration over
      * shared storage
      */
-    if (incomingMigration &&
-        virFileIsSharedFS(tpm->data.emulator.storagepath) == 1)
+    on_shared_storage = virFileIsSharedFS(tpm->data.emulator.storagepath) == 1;
+    if (incomingMigration && on_shared_storage)
         create_storage = false;
 
     if (create_storage &&
@@ -643,6 +644,30 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
         virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", migpwdfile_fd);
     }
 
+    /* If swtpm supports it and the TPM state is stored on shared storage,
+     * start swtpm with --migration release-lock-outgoing so it can migrate
+     * across shared storage if needed.
+     */
+    QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage = false;
+    if (on_shared_storage &&
+        virTPMSwtpmCapsGet(VIR_TPM_SWTPM_FEATURE_CMDARG_MIGRATION)) {
+
+        virCommandAddArg(cmd, "--migration");
+        virCommandAddArgFormat(cmd, "release-lock-outgoing%s",
+                               incomingMigration ? ",incoming": "");
+        QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage = true;
+    } else {
+        /* Report an error if there's an incoming migration across shared
+         * storage and swtpm does not support the --migration option.
+         */
+        if (incomingMigration && on_shared_storage) {
+            virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+                _("%s (on destination side) does not support the --migration option needed for migration with shared storage"),
+                   swtpm);
+            goto error;
+        }
+    }
+
     return g_steal_pointer(&cmd);
 
  error:
@@ -983,6 +1008,24 @@ qemuTPMHasSharedStorage(virDomainDef *def)
 }
 
 
+bool
+qemuTPMCanMigrateSharedStorage(virDomainDef *def)
+{
+    size_t i;
+
+    for (i = 0; i < def->ntpms; i++) {
+        virDomainTPMDef *tpm = def->tpms[i];
+        switch (tpm->type) {
+        case VIR_DOMAIN_TPM_TYPE_EMULATOR:
+            return QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage;
+        case VIR_DOMAIN_TPM_TYPE_PASSTHROUGH:
+        case VIR_DOMAIN_TPM_TYPE_LAST:
+        }
+    }
+    return true;
+}
+
+
 /* ---------------------
  *  Module entry points
  * ---------------------

diff --git a/src/qemu/qemu_tpm.h b/src/qemu/qemu_tpm.h
index d98f47b31806dc3f9f02f22d338f0297414bf84a..799ab62f581766b70c4e6cb6e7c7a0454d374316 100644 (file)
--- a/src/qemu/qemu_tpm.h
+++ b/src/qemu/qemu_tpm.h
@@ -60,3 +60,6 @@ int qemuExtTPMSetupCgroup(virQEMUDriver *driver,
 bool qemuTPMHasSharedStorage(virDomainDef *def)
     ATTRIBUTE_NONNULL(1)
     G_GNUC_WARN_UNUSED_RESULT;
+
+bool qemuTPMCanMigrateSharedStorage(virDomainDef *def)
+    ATTRIBUTE_NONNULL(1);