Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2064115
Summary: | Start encrypted tpm guest failed | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Meina Li <meili> |
Component: | libvirt | Assignee: | Michal Privoznik <mprivozn> |
libvirt sub component: | General | QA Contact: | Yanqiu Zhang <yanqzhan> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | high | CC: | jdenemar, jsuchane, lmen, marcandre.lureau, mpitt, mprivozn, qcheng, virt-maint, weizhan, xuwei, xuzhang, yanqzhan |
Version: | 9.1 | Keywords: | Automation, Regression, Triaged, Upstream |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libvirt-8.2.0-1.el9 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-11-15 10:03:40 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Meina Li
2022-03-15 05:44:53 UTC
Michal, pls, have a look. Thanks. Patch proposed on the list: https://listman.redhat.com/archives/libvir-list/2022-March/229433.html Issue is not reproduced on rhel9.1 with: qemu-kvm-6.2.0-12.el9.x86_64 libvirt-8.2.0-1.el9.x86_64 swtpm-0.7.0-1.20211109gitb79fd91.el9.x86_64 libtpms-0.9.1-0.20211126git1ff6fe1f43.el9.x86_64 edk2-ovmf-20220126gitbb1bba3d77-4.el9.noarch openssl-3.0.1-21.el9.x86_64 Steps: # virsh start vm-ovmf Domain 'vm-ovmf' started # virsh dumpxml vm-ovmf |grep /tpm -B5 <tpm model='tpm-crb'> <backend type='emulator' version='2.0'> <encryption secret='40f4e01e-02d9-48e3-8b1d-b5985238d1e2'/> </backend> <alias name='tpm0'/> </tpm> In guest os: [root@localhost ~]# ls /dev/|grep tpm tpm0 tpmrm0 [root@localhost ~]# tpm2_getrandom --hex 16 d6837351b53a77315daee10a1414c784 Merged upstream as: commit 4d7bb0177a33c4e90fd001edfe27bc030354d875 Author: Michal Prívozník <mprivozn> AuthorDate: Mon Mar 21 13:33:06 2022 +0100 Commit: Michal Prívozník <mprivozn> CommitDate: Mon Mar 28 10:00:18 2022 +0200 qemu_tpm: Do async IO when starting swtpm emulator When vTPM is secured via virSecret libvirt passes the secret value via an FD when swtpm is started (arguments --key and --migration-key). The writing of the secret into the FDs is handled via virCommand, specifically qemu_tpm calls virCommandSetSendBuffer()) and then virCommandRunAsync() spawns a thread to handle writing into the FD via virCommandDoAsyncIOHelper. But the thread is not created unless VIR_EXEC_ASYNC_IO flag is set, which it isn't. In order to fix it, virCommandDoAsyncIO() must be called. The credit goes to Marc-André Lureau <marcandre.lureau> who has done all the debugging and proposed fix in the bugzilla. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2064115 Fixes: a9c500d2b50c5c041a1bb6ae9724402cf1cec8fe Signed-off-by: Michal Privoznik <mprivozn> Reviewed-by: Jiri Denemark <jdenemar> v8.1.0-229-g4d7bb0177a While there are more fixes in the patchset, those are more cleanup of an internal code than bugfixes: https://listman.redhat.com/archives/libvir-list/2022-March/229480.html Auto regression test passed: Pkgs info: libvirt libvirt-8.2.0-1.el9.x86_64 qemu-kvm qemu-kvm-6.2.0-12.el9.x86_64 kernel kernel-5.14.0-75.el9.x86_64 swtpm 0.7.0-1.20211109gitb79fd91.el9 libtpms 0.9.1-0.20211126git1ff6fe1f43.el9 edk2-ovmf 20220221gitb24306f15d-1.el9 Job url: https://libvirt-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/libvirt/view/RHEL-9.1%20x86_64/job/libvirt-RHEL-9.1-runtest-x86_64-function-tpm_emulator/6/testReport/ All cases passed except 2 skipped by existing bz2025520. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Low: libvirt security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:8003 |