* [pve-devel] [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd
@ 2021-10-14 9:28 Stefan Reiter
2021-10-14 9:28 ` [pve-devel] [PATCH qemu-server 2/2] swtpm: wait for pidfile Stefan Reiter
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Stefan Reiter @ 2021-10-14 9:28 UTC (permalink / raw)
To: pve-devel
QEMU doesn't know about the tpmstate, so 'do_snapshots_with_qemu' should
never return true in that case. Note that inconsistencies related to
snapshot timing do not matter much, as the actual TPM data is exported
together with other device state by QEMU anyway.
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
---
As reported in the forum: https://forum.proxmox.com/threads/vtpm-support-do-we-have-guide-to-add-the-vtpm-support.56982/post-423381
PVE/QemuServer.pm | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 6fc28e8..d5dfdbb 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -4542,7 +4542,7 @@ sub qemu_volume_snapshot {
my $running = check_running($vmid);
- if ($running && do_snapshots_with_qemu($storecfg, $volid)){
+ if ($running && do_snapshots_with_qemu($storecfg, $volid, $deviceid)) {
mon_cmd($vmid, 'blockdev-snapshot-internal-sync', device => $deviceid, name => $snap);
} else {
PVE::Storage::volume_snapshot($storecfg, $volid, $snap);
@@ -4564,7 +4564,7 @@ sub qemu_volume_snapshot_delete {
});
}
- if ($running && do_snapshots_with_qemu($storecfg, $volid)){
+ if ($running && do_snapshots_with_qemu($storecfg, $volid, $deviceid)) {
mon_cmd($vmid, 'blockdev-snapshot-delete-internal-sync', device => $deviceid, name => $snap);
} else {
PVE::Storage::volume_snapshot_delete($storecfg, $volid, $snap, $running);
@@ -7017,7 +7017,9 @@ my $qemu_snap_storage = {
rbd => 1,
};
sub do_snapshots_with_qemu {
- my ($storecfg, $volid) = @_;
+ my ($storecfg, $volid, $deviceid) = @_;
+
+ return if $deviceid =~ m/tpmstate0/;
my $storage_name = PVE::Storage::parse_volume_id($volid);
my $scfg = $storecfg->{ids}->{$storage_name};
--
2.30.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] [PATCH qemu-server 2/2] swtpm: wait for pidfile
2021-10-14 9:28 [pve-devel] [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd Stefan Reiter
@ 2021-10-14 9:28 ` Stefan Reiter
2021-10-18 7:48 ` Thomas Lamprecht
2021-10-18 7:46 ` [pve-devel] applied: [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd Thomas Lamprecht
2021-10-18 7:49 ` Thomas Lamprecht
2 siblings, 1 reply; 5+ messages in thread
From: Stefan Reiter @ 2021-10-14 9:28 UTC (permalink / raw)
To: pve-devel
swtpm may take a little bit to daemonize, so the pidfile might not be
available right after run_command. Causes an ugly warning about using an
undefined value in a match, so wait up to 5s for it to appear.
Note that in testing this loop only ever got to the first or second
iteration, so I believe the timeout duration should be more than enough.
Also add a missing 'usleep' import, 'usleep' was used before but never
imported, apparently the other case never got triggered...
Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
---
Triggered during rollback testing, potentially due to extra load. Didn't cause
any failure (as long as the VM starts fine it's all good), but looks ugly in the
log and may cause lingering instances if QEMU fails afterward.
PVE/QemuServer.pm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index d5dfdbb..7a7cdb0 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -22,7 +22,7 @@ use JSON;
use MIME::Base64;
use POSIX;
use Storable qw(dclone);
-use Time::HiRes qw(gettimeofday);
+use Time::HiRes qw(gettimeofday usleep);
use URI::Escape;
use UUID;
@@ -3059,6 +3059,14 @@ sub start_swtpm {
push @$emulator_cmd, "--tpm2" if $tpm->{version} eq 'v2.0';
run_command($emulator_cmd, outfunc => sub { print $1; });
+ # swtpm may take a bit to start before daemonizing, wait up to 5s for pid
+ my $tries = 100;
+ while (! -e $paths->{pid}) {
+ usleep(50000);
+ die "failed to start swtpm: pid file '$paths->{pid}' wasn't created.\n"
+ if --$tries == 0;
+ }
+
# return untainted PID of swtpm daemon so it can be killed on error
file_read_firstline($paths->{pid}) =~ m/(\d+)/;
return $1;
--
2.30.2
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] applied: [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd
2021-10-14 9:28 [pve-devel] [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd Stefan Reiter
2021-10-14 9:28 ` [pve-devel] [PATCH qemu-server 2/2] swtpm: wait for pidfile Stefan Reiter
@ 2021-10-18 7:46 ` Thomas Lamprecht
2021-10-18 7:49 ` Thomas Lamprecht
2 siblings, 0 replies; 5+ messages in thread
From: Thomas Lamprecht @ 2021-10-18 7:46 UTC (permalink / raw)
To: Proxmox VE development discussion, Stefan Reiter
On 14.10.21 11:28, Stefan Reiter wrote:
> QEMU doesn't know about the tpmstate, so 'do_snapshots_with_qemu' should
> never return true in that case. Note that inconsistencies related to
> snapshot timing do not matter much, as the actual TPM data is exported
> together with other device state by QEMU anyway.
>
> Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
> ---
>
> As reported in the forum: https://forum.proxmox.com/threads/vtpm-support-do-we-have-guide-to-add-the-vtpm-support.56982/post-423381
>
> PVE/QemuServer.pm | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
>
applied, thanks! But, ...
> return if $deviceid =~ m/tpmstate0/;
... isn't there a better word boundary we could check for in the match to avoid
(rare but as you used a match vs. equal probably not impossible) false positives?
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [pve-devel] [PATCH qemu-server 2/2] swtpm: wait for pidfile
2021-10-14 9:28 ` [pve-devel] [PATCH qemu-server 2/2] swtpm: wait for pidfile Stefan Reiter
@ 2021-10-18 7:48 ` Thomas Lamprecht
0 siblings, 0 replies; 5+ messages in thread
From: Thomas Lamprecht @ 2021-10-18 7:48 UTC (permalink / raw)
To: Proxmox VE development discussion, Stefan Reiter
On 14.10.21 11:28, Stefan Reiter wrote:
> swtpm may take a little bit to daemonize, so the pidfile might not be
> available right after run_command. Causes an ugly warning about using an
> undefined value in a match, so wait up to 5s for it to appear.
>
> Note that in testing this loop only ever got to the first or second
> iteration, so I believe the timeout duration should be more than enough.
>
> Also add a missing 'usleep' import, 'usleep' was used before but never
> imported, apparently the other case never got triggered...
>
> Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
> ---
>
> Triggered during rollback testing, potentially due to extra load. Didn't cause
> any failure (as long as the VM starts fine it's all good), but looks ugly in the
> log and may cause lingering instances if QEMU fails afterward.
>
> PVE/QemuServer.pm | 10 +++++++++-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index d5dfdbb..7a7cdb0 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -22,7 +22,7 @@ use JSON;
> use MIME::Base64;
> use POSIX;
> use Storable qw(dclone);
> -use Time::HiRes qw(gettimeofday);
> +use Time::HiRes qw(gettimeofday usleep);
> use URI::Escape;
> use UUID;
>
> @@ -3059,6 +3059,14 @@ sub start_swtpm {
> push @$emulator_cmd, "--tpm2" if $tpm->{version} eq 'v2.0';
> run_command($emulator_cmd, outfunc => sub { print $1; });
>
> + # swtpm may take a bit to start before daemonizing, wait up to 5s for pid
> + my $tries = 100;
> + while (! -e $paths->{pid}) {
> + usleep(50000);
> + die "failed to start swtpm: pid file '$paths->{pid}' wasn't created.\n"
> + if --$tries == 0;
I moved the die before the sleep, as else we'd wait extra 50 ms if we'd die anyway.
> + }
> +
> # return untainted PID of swtpm daemon so it can be killed on error
> file_read_firstline($paths->{pid}) =~ m/(\d+)/;
> return $1;
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* [pve-devel] applied: [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd
2021-10-14 9:28 [pve-devel] [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd Stefan Reiter
2021-10-14 9:28 ` [pve-devel] [PATCH qemu-server 2/2] swtpm: wait for pidfile Stefan Reiter
2021-10-18 7:46 ` [pve-devel] applied: [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd Thomas Lamprecht
@ 2021-10-18 7:49 ` Thomas Lamprecht
2 siblings, 0 replies; 5+ messages in thread
From: Thomas Lamprecht @ 2021-10-18 7:49 UTC (permalink / raw)
To: Proxmox VE development discussion, Stefan Reiter
On 14.10.21 11:28, Stefan Reiter wrote:
> QEMU doesn't know about the tpmstate, so 'do_snapshots_with_qemu' should
> never return true in that case. Note that inconsistencies related to
> snapshot timing do not matter much, as the actual TPM data is exported
> together with other device state by QEMU anyway.
>
> Signed-off-by: Stefan Reiter <s.reiter@proxmox.com>
> ---
>
> As reported in the forum: https://forum.proxmox.com/threads/vtpm-support-do-we-have-guide-to-add-the-vtpm-support.56982/post-423381
>
> PVE/QemuServer.pm | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
>
applied, thanks!
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-18 7:49 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-14 9:28 [pve-devel] [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd Stefan Reiter
2021-10-14 9:28 ` [pve-devel] [PATCH qemu-server 2/2] swtpm: wait for pidfile Stefan Reiter
2021-10-18 7:48 ` Thomas Lamprecht
2021-10-18 7:46 ` [pve-devel] applied: [PATCH qemu-server 1/2] snapshot: fix tpmstate with rbd Thomas Lamprecht
2021-10-18 7:49 ` Thomas Lamprecht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox