Re: [PATCH v2 4/9] qemu: tpm: Pass --migration option to swtpm if supported

On 10/5/22 10:02, Stefan Berger wrote: Always pass the --migration option to swtpm, if swptm supports it (staring with v0.8). Always apply the 'release-lock-outgoing' parameter with this option and apply the 'incoming' parameter for incoming migration so that swtpm releases the file lock on

[PATCH v2 1/9] util: Add parsing support for swtpm's cmdarg-migration capability

Add support for parsing swtpm 'cmdarg-migration' capability (since v0.8). Signed-off-by: Stefan Berger --- src/util/virtpm.c | 1 + src/util/virtpm.h | 1 + 2 files changed, 2 insertions(+) diff --git a/src/util/virtpm.c b/src/util/virtpm.c index 91db0f31eb..19850de1c8 100644 ---

[PATCH v2 3/9] qemu: tpm: Conditionally create storage on incoming migration

Do not create storage if TPM_SHARED_STORAGE migration flag is set and on incoming migration since in this case the storage directory must already exist. Also do not run swtpm_setup in this case. Pass the migration flag from migration related functions all the way down to TPM related functions. If

[PATCH v2 6/9] qemu: tpm: Require UNDEFINE_TPM to be set to remove TPM state

When migrating the TPM in a setup that has shared storage for the TPM state files setup between hosts we never remove the state. Signed-off-by: Stefan Berger --- src/qemu/qemu_tpm.c | 4 1 file changed, 4 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index

[PATCH v2 9/9] virsh: Add support for --tpm-shared-storage flag for migration

Add support for --tpm-shared-storage flag for migration across hosts that have shared storage set up for storing the state. Add documentation to the virsh man page. Signed-off-by: Stefan Berger --- docs/manpages/virsh.rst | 6 ++ tools/virsh-domain.c| 7 +++ 2 files changed, 13

[PATCH v2 7/9] qemu: tpm: Determine whether to remove TPM state during migration

Implement functions to determine whether to remove the TPM state upon migration failure on the destination side or migration success on the source side. In both cases always keep the state when shared storage is used and always remove the state if no shared storage is used. Signed-off-by: Stefan

[PATCH v2 0/9] qemu: tpm: Add support for migration across shared storage

This series of patches adds support for migrating vTPMs across hosts whose storage has been set up to share the directory structure holding the state of the TPM (swtpm). A new migration flag VIR_MIGRATE_TPM_SHARED_STORAGE is added to enable this. This flag influences the management of the

[PATCH v2 2/9] qemu: Introduced VIR_MIGRATE_TPM_SHARED_STORAGE for TPM migration

Introduced VIR_MIGRATE_TPM_SHARED_STORAGE for migrating a TPM across shared storage. At this point do not support this flag in 'virsh', yet. Signed-off-by: Stefan Berger --- include/libvirt/libvirt-domain.h | 8 1 file changed, 8 insertions(+) diff --git

[PATCH v2 8/9] qemu: tpm: Enable migration with VIR_MIGRATE_TPM_SHARED_STORAGE

Add the flag VIR_MIGRATE_TPM_SHARED_STORAGE to the collection of supported flags for QEMU VM migration. Signed-off-by: Stefan Berger --- src/qemu/qemu_migration.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/qemu/qemu_migration.h b/src/qemu/qemu_migration.h index

[PATCH v2 4/9] qemu: tpm: Pass --migration option to swtpm if supported

Always pass the --migration option to swtpm, if swptm supports it (staring with v0.8). Always apply the 'release-lock-outgoing' parameter with this option and apply the 'incoming' parameter for incoming migration so that swtpm releases the file lock on the source side when the state is migrated

[PATCH v2 5/9] qemu: tpm: Avoid security labels on incoming migration with shared storage

When using shared storage there is no need to apply security labels on the storage since the files have to have been labeled already on the source side and we must assume that the source and destination side have been setup to use the same uid and gid for running swtpm as well as share the same

RE: [PATCH] Fix race condition when detaching a device

Hello guys, I will very happy if you have time to give me feedback about this patch. It's the first time for me about libvirt project so don't hesitate to say me if I have missed something. I have pushed this change on my side internally and it's resolved my issue. Pierre

[libvirt PATCH v3] tools: add virt-qemu-qmp-proxy for proxying QMP via libvirt QEMU guests

Libvirt provides QMP passthrough APIs for the QEMU driver and these are exposed in virsh. It is not especially pleasant, however, using the raw QMP JSON syntax. QEMU has a tool 'qmp-shell' which can speak QMP and exposes a human friendly interactive shell. It is not possible to use this with

Re: [libvirt PATCH 10/11] domain_capabilities: Add blockers attribute for CPU models

On Wed, Oct 05, 2022 at 09:07:55 +0100, Daniel P. Berrangé wrote: > On Tue, Oct 04, 2022 at 10:17:18PM +0200, Jiri Denemark wrote: > > > On Tue, Oct 04, 2022 at 07:35:31PM +0200, Jiri Denemark wrote: > > > > On Tue, Oct 04, 2022 at 17:34:34 +0100, Daniel P. Berrangé wrote: > > > > > On Tue, Oct

Re: [libvirt PATCH 10/11] domain_capabilities: Add blockers attribute for CPU models

On Tue, Oct 04, 2022 at 10:17:18PM +0200, Jiri Denemark wrote: > > On Tue, Oct 04, 2022 at 07:35:31PM +0200, Jiri Denemark wrote: > > > On Tue, Oct 04, 2022 at 17:34:34 +0100, Daniel P. Berrangé wrote: > > > > On Tue, Oct 04, 2022 at 04:28:53PM +0200, Jiri Denemark wrote: > > > > > We already show