[pve-devel] [PATCH qemu-server 0/3] fix tpmstate format issues

[pve-devel] [PATCH qemu-server 0/3] fix tpmstate format issues

[Fabian Grünbichler]

pre-existing bug exposed by our new format checks, reported on the forum:

https://forum.proxmox.com/threads/backup-vm-failed-after-upgrade-to-new-version.158926/

Fabian Grünbichler (3):
  api: clone: always do a full clone of tpmstate volumes
  swtpm: check that format of tpmstate volume is raw
  swtpm: drop unused $volname variable

 PVE/API2/Qemu.pm  | 2 +-
 PVE/QemuServer.pm | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH qemu-server 1/3] api: clone: always do a full clone of tpmstate volumes

[Fabian Grünbichler]

since there is no reliable way to check whether a linked clone would end up
being something other than a raw file, and the volumes are tiny anyway.

otherwise on directory storages, the following sequence of events could happen:
- linked clone using raw file as base and qcow2 as overlay
- swtpm_setup interprets qcow2 file as raw
- swtpm_setup fails to find TPM state and overwrites it with a new one
- file is now no longer a linked clone, but a raw file with a qcow2 extension
- move disk and migration fail because of the format mismatch

the downside is that storages that actually support raw linked clones (ZFS,
RBD, LVM-thin) now use more space for fully cloned TPM state volumes...

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
if we want to avoid the downside, I guess we could do the linked clone, if that
is not raw, remove it again, and then fallback to full clone?

 PVE/API2/Qemu.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 9d1127c0..c00f60d7 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -3912,7 +3912,7 @@ __PACKAGE__->register_method({
 			my $msg = "clone feature is not supported for";
 			$msg .= " a snapshot of" if $snapname;
 			$msg .= " '$volid' ($opt)";
-			if ($full || PVE::QemuServer::drive_is_cloudinit($drive)) {
+			if ($full || PVE::QemuServer::drive_is_cloudinit($drive) || $opt eq 'tpmstate0') {
 			    die "Full $msg\n"
 				if !PVE::Storage::volume_has_feature($storecfg, 'copy', $volid, $snapname, $running);
 			    $fullclone->{$opt} = 1;
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH qemu-server 2/3] swtpm: check that format of tpmstate volume is raw

[Fabian Grünbichler]

since swtpm currently doesn't support anything else, and might overwrite a file
using qcow2 or vmdk format by accident..

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 PVE/QemuServer.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index 8192599a..fe7984eb 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -3212,6 +3212,8 @@ sub start_swtpm {
     my $tpm = parse_drive("tpmstate0", $tpmdrive);
     my ($storeid, $volname) = PVE::Storage::parse_volume_id($tpm->{file}, 1);
     if ($storeid) {
+	my $format = checked_volume_format($storecfg, $tpm->{file});
+	die "swtpm currently only supports 'raw' state volumes" if $format ne 'raw';
 	$state = PVE::Storage::map_volume($storecfg, $tpm->{file});
     } else {
 	$state = $tpm->{file};
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH qemu-server 3/3] swtpm: drop unused $volname variable

[Fabian Grünbichler]

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 PVE/QemuServer.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
index fe7984eb..e1ee328c 100644
--- a/PVE/QemuServer.pm
+++ b/PVE/QemuServer.pm
@@ -3210,7 +3210,7 @@ sub start_swtpm {
 
     my $state;
     my $tpm = parse_drive("tpmstate0", $tpmdrive);
-    my ($storeid, $volname) = PVE::Storage::parse_volume_id($tpm->{file}, 1);
+    my ($storeid) = PVE::Storage::parse_volume_id($tpm->{file}, 1);
     if ($storeid) {
 	my $format = checked_volume_format($storecfg, $tpm->{file});
 	die "swtpm currently only supports 'raw' state volumes" if $format ne 'raw';
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH qemu-server 1/3] api: clone: always do a full clone of tpmstate volumes

[Fiona Ebner]

Am 12.12.24 um 09:51 schrieb Fabian Grünbichler:
> since there is no reliable way to check whether a linked clone would end up
> being something other than a raw file, and the volumes are tiny anyway.
> 
> otherwise on directory storages, the following sequence of events could happen:
> - linked clone using raw file as base and qcow2 as overlay
> - swtpm_setup interprets qcow2 file as raw
> - swtpm_setup fails to find TPM state and overwrites it with a new one
> - file is now no longer a linked clone, but a raw file with a qcow2 extension
> - move disk and migration fail because of the format mismatch
> 
> the downside is that storages that actually support raw linked clones (ZFS,
> RBD, LVM-thin) now use more space for fully cloned TPM state volumes...
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

Reviewed-by: Fiona Ebner <f.ebner@proxmox.com>

> ---
> if we want to avoid the downside, I guess we could do the linked clone, if that
> is not raw, remove it again, and then fallback to full clone?
> 

I prefer the approach in the patch. IMHO, the tpmstate is so small that
it doesn't matter.


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH qemu-server 2/3] swtpm: check that format of tpmstate volume is raw

[Fiona Ebner]

Am 12.12.24 um 09:51 schrieb Fabian Grünbichler:
> since swtpm currently doesn't support anything else, and might overwrite a file
> using qcow2 or vmdk format by accident..
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

Except the nit below

Reviewed-by: Fiona Ebner <f.ebner@proxmox.com>

> ---
>  PVE/QemuServer.pm | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/PVE/QemuServer.pm b/PVE/QemuServer.pm
> index 8192599a..fe7984eb 100644
> --- a/PVE/QemuServer.pm
> +++ b/PVE/QemuServer.pm
> @@ -3212,6 +3212,8 @@ sub start_swtpm {
>      my $tpm = parse_drive("tpmstate0", $tpmdrive);
>      my ($storeid, $volname) = PVE::Storage::parse_volume_id($tpm->{file}, 1);
>      if ($storeid) {
> +	my $format = checked_volume_format($storecfg, $tpm->{file});
> +	die "swtpm currently only supports 'raw' state volumes" if $format ne 'raw';

Missing newline after error message.

Can we add a format check in create_disks() when creating/adding the
volume as tpmstate0 too, please :)?

>  	$state = PVE::Storage::map_volume($storecfg, $tpm->{file});
>      } else {
>  	$state = $tpm->{file};



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH qemu-server 3/3] swtpm: drop unused $volname variable

[Fiona Ebner]

Am 12.12.24 um 09:51 schrieb Fabian Grünbichler:
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

Reviewed-by: Fiona Ebner <f.ebner@proxmox.com>


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH qemu-server 2/3] swtpm: check that format of tpmstate volume is raw

[Fiona Ebner]

Am 12.12.24 um 10:11 schrieb Fiona Ebner:
> 
> Can we add a format check in create_disks() when creating/adding the
> volume as tpmstate0 too, please :)?

I guess for creating we already force raw, so just adding ;)


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied-series: [PATCH qemu-server 0/3] fix tpmstate format issues

[Fabian Grünbichler]

with Fiona's R-B and the newline nit folded in, thanks!

> Fabian Grünbichler <f.gruenbichler@proxmox.com> hat am 12.12.2024 09:51 CET geschrieben:
> 
>  
> pre-existing bug exposed by our new format checks, reported on the forum:
> 
> https://forum.proxmox.com/threads/backup-vm-failed-after-upgrade-to-new-version.158926/
> 
> Fabian Grünbichler (3):
>   api: clone: always do a full clone of tpmstate volumes
>   swtpm: check that format of tpmstate volume is raw
>   swtpm: drop unused $volname variable
> 
>  PVE/API2/Qemu.pm  | 2 +-
>  PVE/QemuServer.pm | 4 +++-
>  2 files changed, 4 insertions(+), 2 deletions(-)
> 
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel