[PATCH 0/1] qemu_tpm: Start swtpm(8) daemon with --terminate switch

libvirt expects the swtpm(8) daemon to auto-terminate along with QEMU. While that's already the case, it's currently happening for the wrong reason: swtpm's documented way of achieving this behavior is via the --terminate switch (which causes the daemon to shut down when the data channel connection drops), but libvirt isn't currently using this switch--and it should. The reason this currently works anyway, even without the --terminate switch, is two-fold: (1) When QEMU terminates gracefully, it sends command CMD_SHUTDOWN to swtpm which triggers a shutdown. Nothing wrong with this one. (2) When QEMU dies abruptly (e.g. SIGKILL, SIGSEGV) without issuing CMD_SHUTDOWN, swtpm should (a) shut down if the --terminate switch was given OR (b) stay alive if --terminate wasn't given. At the moment this isn't being respected, and swtpm unconditionally shuts down (regardless of whether --terminate was given or not) due to a bug in swtpm's connection handling logic [1]. libvirt currently relies on this incorrect and undocumented upstream behavior, trusting swtpm to shut itself down even when --terminate wasn't given, which is wrong and bound to break. The discussion [1] between swtpm's author and I shows that --terminate (a) is the proper way to achieve--and guarantee--the current behavior, (b) is innocuous to add since it won't alter existing behavior, (c) should've been used by libvirt all along, and (d) should be enforced by swtpm going forward. Since libvirt presently relies on swtpm's current (incorrect) behavior and we don't want to break libvirt, we need libvirt to start invoking swtpm with the --terminate switch ASAP so that the upstream bug can be fixed as soon as it's safe. Fixing the bug is the first step toward eventually enabling non-libvirt swtpm users to optionally run swtpm as a persistent service, allowing a VM to connect to and disconnect from it without the daemon dying. Proxmox VE, to which I also contribute, is already using --terminate in its (WIP) swtpm implementation. [1] https://github.com/stefanberger/swtpm/pull/509 -- Note that this already-merged PR addresses only one half of the bug; the other half (which will actually effect the change) remains on hold until libvirt implements --terminate. Nick Chevsky (1): qemu_tpm: Start swtpm(8) daemon with --terminate switch src/qemu/qemu_tpm.c | 2 ++ 1 file changed, 2 insertions(+) -- 2.30.2