Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
  1. 21 6月, 2018 4 次提交
  3. 19 6月, 2018 4 次提交
  5. 14 6月, 2018 2 次提交
  7. 13 6月, 2018 2 次提交
    • M
      qemuBuildSevCommandLine: fix buffer leak · 84e4046c
      Michal Privoznik 提交于 
      The buffer is not freed anywhere. Nor in the error paths. Also
the usage virCommand with respect to buffer is very odd.

==2504== 1,100 bytes in 1 blocks are definitely lost in loss record 167 of 175
==2504==    at 0x4C2CE3F: malloc (vg_replace_malloc.c:298)
==2504==    by 0x4C2F1BF: realloc (vg_replace_malloc.c:785)
==2504==    by 0x5D32EE2: virReallocN (viralloc.c:245)
==2504==    by 0x5D37278: virBufferGrow (virbuffer.c:150)
==2504==    by 0x5D3783E: virBufferVasprintf (virbuffer.c:408)
==2504==    by 0x5D377A9: virBufferAsprintf (virbuffer.c:381)
==2504==    by 0x57017C1: qemuBuildSevCommandLine (qemu_command.c:9707)
==2504==    by 0x57030F7: qemuBuildCommandLine (qemu_command.c:10324)
==2504==    by 0x575FA48: qemuProcessCreatePretendCmd (qemu_process.c:6644)
==2504==    by 0x11351A: testCompareXMLToArgv (qemuxml2argvtest.c:564)
==2504==    by 0x1392F7: virTestRun (testutils.c:180)
==2504==    by 0x137895: mymain (qemuxml2argvtest.c:2900)
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
      84e4046c
    • M
      qemuBuildSevCommandLine: s/obj/buf/ · c92c6cd2
      Michal Privoznik 提交于 
      The variable points to a buffer not a domain object therefore its
current name is misleading.
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
      c92c6cd2
  9. 12 6月, 2018 1 次提交
  11. 08 6月, 2018 2 次提交
  13. 06 6月, 2018 4 次提交
    • S
      qemu: Add support for external swtpm TPM emulator · 69122bc2
      Stefan Berger 提交于 
      This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model='tpm-tis'>
   <backend type='emulator'/>
 </tpm>

The XML will currently only start a TPM 1.2.

Upon first start, libvirt will run `swtpm_setup`, which will simulate the
manufacturing of a TPM and create certificates for it and write them into
NVRAM locations of the emulated TPM.

After that libvirt starts the swtpm TPM emulator using the `swtpm` executable.

Once the VM terminates, libvirt uses the swtpm_ioctl executable to gracefully
shut down the `swtpm` in case it is still running (QEMU did not send shutdown)
or clean up the socket file.

The above mentioned executables must be found in the PATH.

The executables can either be run as root or started as root and switch to
the tss user. The requirement for the tss user comes through 'tcsd', which
is used for the simulation of the manufacturing. Which user is used can be
configured through qemu.conf. By default 'tss' is used.

The swtpm writes out state into files. The state is kept in /var/lib/libvirt/swtpm:

[root@localhost libvirt]# ls -lZ | grep swtpm

drwx--x--x. 7 root root unconfined_u:object_r:virt_var_lib_t:s0 4096 Apr  5 16:22 swtpm

The directory /var/lib/libvirt/swtpm maintains per-TPM state directories.
(Using the uuid of the VM for that since the name can change per VM renaming but
 we need a stable directory name.)

[root@localhost swtpm]# ls -lZ
total 4
drwx------. 2 tss  tss  system_u:object_r:virt_var_lib_t:s0          4096 Apr  5 16:46 485d0004-a48f-436a-8457-8a3b73e28568

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28568]# ls -lZ
total 4
drwx------. 2 tss tss system_u:object_r:virt_var_lib_t:s0 4096 Apr 10 21:34 tpm1.2

[root@localhost tpm1.2]# ls -lZ
total 8
-rw-r--r--. 1 tss tss system_u:object_r:virt_var_lib_t:s0 3648 Apr  5 16:46 tpm-00.permall

The directory /var/run/libvirt/qemu/swtpm/ hosts the swtpm.sock that
QEMU uses to communicate with the swtpm:

root@localhost domain-1-testvm]# ls -lZ
total 0
srw-------. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c597,c632  0 Apr  6 10:24 1-testvm-swtpm.sock

The logfile for the swtpm is in /var/log/swtpm/libvirt/qemu:

[root@localhost-3 qemu]# ls -lZ
total 4
-rw-------. 1 tss tss unconfined_u:object_r:var_log_t:s0 2199 Apr  6 14:01 testvm-swtpm.log

The processes are labeled as follows:

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep swtpm | grep socket | grep -v grep
system_u:system_r:virtd_t:s0-s0:c0.c1023 tss 18697 0.0  0.0 28172 3892 ?       Ss   16:46   0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/1-testvm-swtpm.sock,mode=0600 --tpmstate dir=/var/lib/libvirt/swtpm/485d0004-a48f-436a-8457-8a3b73e28568/tpm1.2 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log

[root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep qemu | grep tpm | grep -v grep
system_u:system_r:svirt_t:s0:c413,c430 qemu 18702 2.5  0.0 3036052 48676 ?     Sl   16:46   0:08 /bin/qemu-system-x86_64 [...]
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
      69122bc2
    • S
      conf: Add support for external swtpm TPM emulator to domain XML · 33af0b2b
      Stefan Berger 提交于 
      This patch adds support for an external swtpm TPM emulator. The XML for
this type of TPM looks as follows:

 <tpm model='tpm-tis'>
   <backend type='emulator'/>
 </tpm>

The XML will currently only define a TPM 1.2.

Extend the documentation.

Add a test case testing the XML parser and formatter.
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Reviewed-by: NJán Tomko <jtomko@redhat.com>
      33af0b2b
    • M
      qemuBuildNumaArgStr: Simplify @nodeBackends · 7d34949b
      Michal Privoznik 提交于 
      Instead of array of pointers to individual buffers it can be
array of buffers directly. This also fixes the following memleak:

==22516== 96 bytes in 4 blocks are definitely lost in loss record 166 of 195
==22516==    at 0x4C2EF26: calloc (vg_replace_malloc.c:711)
==22516==    by 0x5D2C7D5: virAlloc (viralloc.c:144)
==22516==    by 0x56FAABD: qemuBuildNumaArgStr (qemu_command.c:7543)
==22516==    by 0x5701835: qemuBuildCommandLine (qemu_command.c:10112)
==22516==    by 0x575D794: qemuProcessCreatePretendCmd (qemu_process.c:6568)
==22516==    by 0x113338: testCompareXMLToArgv (qemuxml2argvtest.c:549)
==22516==    by 0x138CA3: virTestRun (testutils.c:180)
==22516==    by 0x136CD1: mymain (qemuxml2argvtest.c:2825)
==22516==    by 0x13AD58: virTestMain (testutils.c:1118)
==22516==    by 0x137351: main (qemuxml2argvtest.c:2874)
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      7d34949b
    • D
      qemu: support passing pre-opened UNIX socket listen FD · 30fb2276
      Daniel P. Berrangé 提交于 
      There is a race condition when spawning QEMU where libvirt has spawned
QEMU but the monitor socket is not yet open. Libvirt has to repeatedly
try to connect() to QEMU's monitor until eventually it succeeds, or
times out. We use kill() to check if QEMU is still alive so we avoid
waiting a long time if QEMU exited, but having a timeout at all is still
unpleasant.

With QEMU 2.12 we can pass in a pre-opened FD for UNIX domain or TCP
sockets. If libvirt has called bind() and listen() on this FD, then we
have a guarantee that libvirt can immediately call connect() and
succeed without any race.

Although we only really care about this for the monitor socket and agent
socket, this patch does FD passing for all UNIX socket based character
devices since there appears to be no downside to it.

We don't do FD passing for TCP sockets, however, because it is only
possible to pass a single FD, while some hostnames may require listening
on multiple FDs to cover IPv4 and IPv6 concurrently.
Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      30fb2276
  15. 05 6月, 2018 21 次提交