Bug 1486240

Summary: libvirt: tpm2 device passthrough fails
Product: [Fedora] Fedora Reporter: Javier Martinez Canillas <fmartine>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 26CC: agedosier, berrange, clalancette, crobinso, itamar, jforbes, laine, libvirt-maint, veillard
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-04 15:10:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
[PATCH] tpm: Use /dev/null for cancel path if none was found none

Description Javier Martinez Canillas 2017-08-29 09:53:39 UTC 
Created attachment 1319382 [details]
[PATCH] tpm: Use /dev/null for cancel path if none was found

Description of problem:

Trusted Platform Module 2.0 (TPM2) device passthrough is not working on Fedora 26.

Version-Release number of selected component (if applicable):

libvirt-3.2.1-5

How reproducible:

Easy to reproduce

Steps to Reproduce:
1. Create a new VM on a host with a TPM2 device
2. Add a new TPM hardware to the VM using the passthrough device backend

    <tpm model='tpm-tis'>
      <backend type='passthrough'>
        <device path='/dev/tpm0'/>
      </backend>
    </tpm>

3. Try to power on the VM

Actual results:

Starting the VM fails with:

Error starting domain: internal error: No usable sysfs TPM cancel file could be found

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 82, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1489, in startup
    self._backend.create()
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1039, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: No usable sysfs TPM cancel file could be found

Expected results:

The VM should start and the host TPM2 be accessible from the VM guest.

Additional info:

TPM passthrough works correctly with TPM1.2, it only fails with TPM2.

The bug it's also present in upstream libvirt. Stefan Berger posted a patch to the libvirt list some time ago but it hasn't been merged yet:

https://www.spinics.net/linux/fedora/libvir/msg150107.html

I'm attaching the patch here.
Comment 1 Javier Martinez Canillas 2017-08-29 10:23:49 UTC 
I've created a pull request to update the f26 package adding the mentioned patch:

https://src.fedoraproject.org/rpms/libvirt/pull-request/1

If the changes are accepted, I can also propose pull request for f27 and master branches.
Comment 2 Cole Robinson 2017-09-14 20:32:07 UTC 
The patch is upstream in libvirt now:

commit dfbb15b75433e520fb1b905c1c3e28753e53e4a5
Author: Stefan Berger <stefanb.ibm.com>
Date:   Thu Jun 29 14:01:11 2017 -0400

    tpm: Use /dev/null for cancel path if none was found


(In reply to Javier Martinez Canillas from comment #1)
> I've created a pull request to update the f26 package adding the mentioned
> patch:
> 
> https://src.fedoraproject.org/rpms/libvirt/pull-request/1

Thanks! But i'll be pushing a build with a few more patches so I won't be using that change directly, but I appreciate the the effort :)
Comment 3 Fedora Update System 2017-09-16 19:13:22 UTC 
libvirt-3.2.1-6.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d
Comment 4 Fedora Update System 2017-09-17 10:51:15 UTC 
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ff7b30a42d
Comment 5 Fedora Update System 2017-10-12 02:51:30 UTC 
libvirt-3.2.1-6.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.