Description of problem: Version-Release number of selected component (if applicable): 1.2.1.1-1 How reproducible: map a physical TPM as passthrough to a virtual machine Steps to Reproduce: 1. 2. 3. Actual results: Error starting domain: internal error: early end of file from monitor: possible problem: 2015-07-20T17:32:36.870094Z qemu-system-x86_64: -tpmdev passthrough,id=tpm-tpm0,path=/dev/tpm0,cancel-path=/sys/class/misc/tpm0/device/cancel: Cannot access TPM device using '/dev/tpm0': Device or resource busy Expected results: cancel path for kernel >= 4.0 should be /sys/class/tpm/tpm0/device/cancel Additional info:
Thanks for the report. That path is set by libvirt, so that's where the bug is, so reassigning
qemu-system-x86_64 supports passing the TPM cancel path on the command line with -tpmdev passthrough,cancel-path=<path>, but it doesn't look like libvirt will recognize this when using virt-install. It might be worth supporting the cancel-path parameter.
When tpm dev is added through virtManager it displays the bellow error upon domain start. Error starting domain: unable to set security context 'system_u:object_r:svirt_image_t:s0:c121,c372' on '/sys/class/misc/tpm0/device/cancel': No such file or directory Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1423, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1007, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: unable to set security context 'system_u:object_r:svirt_image_t:s0:c121,c372' on '/sys/class/misc/tpm0/device/cancel': No such file or directory is that cancel-path hardcoded somewhere?
(In reply to Kamen M from comment #3) > > is that cancel-path hardcoded somewhere? Yes it seems to be hardcoded in libvirt. Seems like we need to extend the logic here to check for the newer path you mentioned: /sys/class/tpm/tpm0/device/cancel
I have used ghex /lib64/libvirt.so.0 to patch the file to the new path: search for /sys/class/misc/tpm0/device/cancel and replace it with /sys/class/tpm//tpm0/device/cancel note the 2 slashes after tpm, that is so that the string keeps the same lenght and no offsets in the file are destroyed. This works for me, but would be nice if it could be fixed in the package or upstream.
(In reply to Markus Heberling from comment #5) > I have used ghex /lib64/libvirt.so.0 to patch the file to the new path: Thanks for the idea Markus and I also would like to see this fixed one day!
stefan, this sounds like a simple libvirt fix for tpm support but I don't have any way to test. Can you take a look?
(In reply to Cole Robinson from comment #7) > stefan, this sounds like a simple libvirt fix for tpm support but I don't > have any way to test. Can you take a look? Patch(es) posted.
Fix is upstream now: commit 5ed7afa9de4e8d2b7e83fee334a0c3f2bddc6a48 Author: Stefan Berger <stefanb.com> Date: Tue Nov 17 19:44:13 2015 -0500 tpm: adapt sysfs cancel path for new TPM driver Moving back to Fedora since users have been hitting it
libvirt-1.2.18.2-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-30b347dff1
libvirt-1.2.18.2-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-30b347dff1
libvirt-1.2.18.2-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.