public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH qemu-server 3/3] ovmf: create temporary EFI disk below /run instead of /tmp to avoid migration issue
Date: Mon,  4 May 2026 15:03:48 +0200	[thread overview]
Message-ID: <20260504130751.226845-4-f.ebner@proxmox.com> (raw)
In-Reply-To: <20260504130751.226845-1-f.ebner@proxmox.com>

As reported in the enterprise support, QEMU might fail to inactivate
the block node for the temporary EFI disk during migration:

> kvm: migration_block_inactivate: bdrv_inactivate_all() failed: -1
> kvm: Error in migration completion: Bad address

The issue occurs when the file for the temporary EFI disk has been
removed from the file system. This happens on new installations since
Debian Trixie [0], where files in /tmp are regularly cleaned.

Requires mocking file_copy() since unprivileged users are not allowed
to actually do the copying of the EFI vars to create the temporary EFI
disk. But there is no need to create the temporary test for the test
anyways.

[0]: https://www.debian.org/releases/trixie/release-notes/issues.html#the-directories-tmp-and-var-tmp-are-now-regularly-cleaned

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
 debian/tmpfiles                                    |  5 +++--
 src/PVE/QemuServer/OVMF.pm                         |  6 ++++--
 src/test/cfg2cmd/efi-ovmf-without-efidisk.conf.cmd |  2 +-
 src/test/run_config2command_tests.pl               | 12 ++++++++++++
 4 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/debian/tmpfiles b/debian/tmpfiles
index 3bbe100c..978205f3 100644
--- a/debian/tmpfiles
+++ b/debian/tmpfiles
@@ -1,2 +1,3 @@
-#Type Path             Mode User Group     Age Argument
-d     /run/qemu-server 0750 root www-data  -   -
+#Type Path                     Mode User Group     Age Argument
+d     /run/qemu-server         0750 root www-data  -   -
+d     /run/qemu-server/efidisk 0750 root www-data  -   -
diff --git a/src/PVE/QemuServer/OVMF.pm b/src/PVE/QemuServer/OVMF.pm
index f2faeb27..7a765fad 100644
--- a/src/PVE/QemuServer/OVMF.pm
+++ b/src/PVE/QemuServer/OVMF.pm
@@ -55,6 +55,8 @@ my $OVMF = {
     },
 };
 
+my $temporary_efidisk_dir = '/run/qemu-server/efidisk';
+
 my sub get_ovmf_files($$$$) {
     my ($arch, $efidisk, $smm, $cvm_type) = @_;
 
@@ -128,7 +130,7 @@ my sub print_ovmf_drive_commandlines {
         $var_drive_str .= ',readonly=on' if $readonly;
     } else {
         log_warn("no efidisk configured! Using temporary efivars disk.");
-        my $path = "/tmp/$vmid-ovmf.fd";
+        my $path = "${temporary_efidisk_dir}/${vmid}-ovmf.fd";
         PVE::File::file_copy($ovmf_vars, $path, $ovmf_vars_size);
         $var_drive_str .= ",format=raw,file=$path";
         $var_drive_str .= ",size=" . $ovmf_vars_size if $version_guard->(4, 1, 2);
@@ -220,7 +222,7 @@ my sub generate_ovmf_blockdev {
         }
     } else {
         log_warn("no efidisk configured! Using temporary efivars disk.");
-        my $path = "/tmp/$vmid-ovmf.fd";
+        my $path = "${temporary_efidisk_dir}/${vmid}-ovmf.fd";
         PVE::File::file_copy($ovmf_vars, $path, file_get_size($ovmf_vars));
         $drive = { file => $path, interface => 'efidisk', index => 0 };
         $format = 'raw';
diff --git a/src/test/cfg2cmd/efi-ovmf-without-efidisk.conf.cmd b/src/test/cfg2cmd/efi-ovmf-without-efidisk.conf.cmd
index 44362710..fdeb8ba5 100644
--- a/src/test/cfg2cmd/efi-ovmf-without-efidisk.conf.cmd
+++ b/src/test/cfg2cmd/efi-ovmf-without-efidisk.conf.cmd
@@ -11,7 +11,7 @@
   -smbios 'type=1,uuid=7b10d7af-b932-4c66-b2c3-3996152ec465' \
   -object '{"id":"throttle-drive-efidisk0","limits":{},"qom-type":"throttle-group"}' \
   -blockdev '{"driver":"raw","file":{"driver":"file","filename":"/usr/share/pve-edk2-firmware//OVMF_CODE.fd"},"node-name":"pflash0","read-only":true}' \
-  -blockdev '{"detect-zeroes":"on","discard":"ignore","driver":"throttle","file":{"cache":{"direct":false,"no-flush":false},"detect-zeroes":"on","discard":"ignore","driver":"raw","file":{"aio":"io_uring","cache":{"direct":false,"no-flush":false},"detect-zeroes":"on","discard":"ignore","driver":"file","filename":"/tmp/8006-ovmf.fd","node-name":"e5b5f7a29888341a35f0f1428e70ba5","read-only":false},"node-name":"f5b5f7a29888341a35f0f1428e70ba5","read-only":false,"size":131072},"node-name":"drive-efidisk0","read-only":false,"throttle-group":"throttle-drive-efidisk0"}' \
+  -blockdev '{"detect-zeroes":"on","discard":"ignore","driver":"throttle","file":{"cache":{"direct":false,"no-flush":false},"detect-zeroes":"on","discard":"ignore","driver":"raw","file":{"aio":"io_uring","cache":{"direct":false,"no-flush":false},"detect-zeroes":"on","discard":"ignore","driver":"file","filename":"/run/qemu-server/efidisk/8006-ovmf.fd","node-name":"e5ecb54a3863bf2f22d662c53f49ac4","read-only":false},"node-name":"f5ecb54a3863bf2f22d662c53f49ac4","read-only":false,"size":131072},"node-name":"drive-efidisk0","read-only":false,"throttle-group":"throttle-drive-efidisk0"}' \
   -smp '1,sockets=1,cores=1,maxcpus=1' \
   -nodefaults \
   -boot 'menu=on,strict=on,reboot-timeout=1000,splash=/usr/share/qemu-server/bootsplash.jpg' \
diff --git a/src/test/run_config2command_tests.pl b/src/test/run_config2command_tests.pl
index 3c4a695c..ebe0dca1 100755
--- a/src/test/run_config2command_tests.pl
+++ b/src/test/run_config2command_tests.pl
@@ -420,6 +420,18 @@ $pve_common_tools->mock(
     },
 );
 
+my $pve_common_file;
+$pve_common_file = Test::MockModule->new('PVE::File');
+$pve_common_file->mock(
+    file_copy => sub {
+        my ($filename, $dst, $max, $perm) = @_;
+        if ($dst =~ m|^/run/qemu-server/efidisk|) {
+            return;
+        }
+        return $pve_common_file->original('file_copy')->($filename, $dst, $max, $perm);
+    },
+);
+
 my $pve_cpuconfig;
 $pve_cpuconfig = Test::MockModule->new('PVE::QemuServer::CPUConfig');
 $pve_cpuconfig->mock(
-- 
2.47.3





      parent reply	other threads:[~2026-05-04 13:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-05-04 13:03 [PATCH-SERIES qemu-server 0/3] ovmf: create temporary EFI disk below /run instead of /tmp to avoid migration issue Fiona Ebner
2026-05-04 13:03 ` [PATCH qemu-server 1/3] d/tmpfiles: add configuration to auto-create /run/qemu-server directory Fiona Ebner
2026-05-04 13:03 ` [PATCH qemu-server 2/3] ovmf: use file module directly for file_copy() Fiona Ebner
2026-05-04 13:03 ` Fiona Ebner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260504130751.226845-4-f.ebner@proxmox.com \
    --to=f.ebner@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal