Bug 2064115
Summary: | Start encrypted tpm guest failed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Meina Li <meili> |
Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
libvirt sub component: | General | QA Contact: | Yanqiu Zhang <yanqzhan> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | high | CC: | jdenemar, jsuchane, lmen, marcandre.lureau, mpitt, mprivozn, qcheng, virt-maint, weizhan, xuwei, xuzhang, yanqzhan |
Version: | 9.1 | Keywords: | Automation, Regression, Triaged, Upstream |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-8.2.0-1.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-15 10:03:40 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Meina Li
2022-03-15 05:44:53 UTC
Michal, pls, have a look. Thanks. Patch proposed on the list: https://listman.redhat.com/archives/libvir-list/2022-March/229433.html Issue is not reproduced on rhel9.1 with: qemu-kvm-6.2.0-12.el9.x86_64 libvirt-8.2.0-1.el9.x86_64 swtpm-0.7.0-1.20211109gitb79fd91.el9.x86_64 libtpms-0.9.1-0.20211126git1ff6fe1f43.el9.x86_64 edk2-ovmf-20220126gitbb1bba3d77-4.el9.noarch openssl-3.0.1-21.el9.x86_64 Steps: # virsh start vm-ovmf Domain 'vm-ovmf' started # virsh dumpxml vm-ovmf |grep /tpm -B5 <tpm model='tpm-crb'> <backend type='emulator' version='2.0'> <encryption secret='40f4e01e-02d9-48e3-8b1d-b5985238d1e2'/> </backend> <alias name='tpm0'/> </tpm> In guest os: [root@localhost ~]# ls /dev/|grep tpm tpm0 tpmrm0 [root@localhost ~]# tpm2_getrandom --hex 16 d6837351b53a77315daee10a1414c784 Merged upstream as: commit 4d7bb0177a33c4e90fd001edfe27bc030354d875 Author: Michal Prívozník <mprivozn> AuthorDate: Mon Mar 21 13:33:06 2022 +0100 Commit: Michal Prívozník <mprivozn> CommitDate: Mon Mar 28 10:00:18 2022 +0200 qemu_tpm: Do async IO when starting swtpm emulator When vTPM is secured via virSecret libvirt passes the secret value via an FD when swtpm is started (arguments --key and --migration-key). The writing of the secret into the FDs is handled via virCommand, specifically qemu_tpm calls virCommandSetSendBuffer()) and then virCommandRunAsync() spawns a thread to handle writing into the FD via virCommandDoAsyncIOHelper. But the thread is not created unless VIR_EXEC_ASYNC_IO flag is set, which it isn't. In order to fix it, virCommandDoAsyncIO() must be called. The credit goes to Marc-André Lureau <marcandre.lureau> who has done all the debugging and proposed fix in the bugzilla. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2064115 Fixes: a9c500d2b50c5c041a1bb6ae9724402cf1cec8fe Signed-off-by: Michal Privoznik <mprivozn> Reviewed-by: Jiri Denemark <jdenemar> v8.1.0-229-g4d7bb0177a While there are more fixes in the patchset, those are more cleanup of an internal code than bugfixes: https://listman.redhat.com/archives/libvir-list/2022-March/229480.html Auto regression test passed: Pkgs info: libvirt libvirt-8.2.0-1.el9.x86_64 qemu-kvm qemu-kvm-6.2.0-12.el9.x86_64 kernel kernel-5.14.0-75.el9.x86_64 swtpm 0.7.0-1.20211109gitb79fd91.el9 libtpms 0.9.1-0.20211126git1ff6fe1f43.el9 edk2-ovmf 20220221gitb24306f15d-1.el9 Job url: https://libvirt-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/libvirt/view/RHEL-9.1%20x86_64/job/libvirt-RHEL-9.1-runtest-x86_64-function-tpm_emulator/6/testReport/ All cases passed except 2 skipped by existing bz2025520. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: libvirt security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8003 |