[PATCH 0/2] qemu: support logging config for swtpm
When debugging guest problems with TPMs it is helpful to be able to have full swtpm logging. This isn't possible currently and manually restarting the swtpm process of a running guest is disruptive. Daniel P. Berrangé (2): conf: add support for 'debug' parameter on TPM emulator qemu: set swtpm log level parameter docs/formatdomain.rst | 6 ++++-- src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 1 + src/conf/schemas/domaincommon.rng | 5 +++++ src/qemu/qemu_tpm.c | 6 +++++- tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 2 +- 6 files changed, 23 insertions(+), 4 deletions(-) -- 2.45.1
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- docs/formatdomain.rst | 6 ++++-- src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 1 + src/conf/schemas/domaincommon.rng | 5 +++++ tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 2 +- 5 files changed, 18 insertions(+), 3 deletions(-) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 5c09b87d2b..fbd05e089d 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -8097,7 +8097,7 @@ Example: usage of the TPM Emulator ... <devices> <tpm model='tpm-tis'> - <backend type='emulator' version='2.0'> + <backend type='emulator' version='2.0' debug='5'> <encryption secret='6dd3e4a5-1d76-44ce-961f-f119f5aad935'/> <active_pcr_banks> <sha256/> @@ -8141,7 +8141,9 @@ Example: usage of the TPM Emulator ``emulator`` For this backend type the 'swtpm' TPM Emulator must be installed on the host. Libvirt will automatically start an independent TPM emulator for - each QEMU guest requesting access to it. + each QEMU guest requesting access to it. :since:`10.6.0`, the ``debug`` + parameter can be used to enable logging in the emulator backend, and + accepts non-zero integer values. ``version`` The ``version`` attribute indicates the version of the TPM. This attribute diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index cb1154b23f..ab313adf6e 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -10783,6 +10783,10 @@ virDomainTPMDefParseXML(virDomainXMLOption *xmlopt, &def->data.emulator.version) < 0) goto error; + if (virXMLPropUInt(backends[0], "debug", 10, VIR_XML_PROP_NONE, + &def->data.emulator.debug) < 0) + goto error; + if (!(def->data.emulator.source = virDomainChrSourceDefNew(xmlopt))) goto error; secretuuid = virXPathString("string(./backend/encryption/@secret)", ctxt); @@ -24865,6 +24869,9 @@ virDomainTPMDefFormat(virBuffer *buf, } if (def->data.emulator.persistent_state) virBufferAddLit(&backendAttrBuf, " persistent_state='yes'"); + if (def->data.emulator.debug != 0) + virBufferAsprintf(&backendAttrBuf, " debug='%u'", + def->data.emulator.debug); if (def->data.emulator.hassecretuuid) { char uuidstr[VIR_UUID_STRING_BUFLEN]; diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 2818a9f1f5..1b9d07f1a4 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -1476,6 +1476,7 @@ struct _virDomainTPMDef { virDomainChrSourceDef *source; char *storagepath; char *logfile; + unsigned int debug; unsigned char secretuuid[VIR_UUID_BUFLEN]; bool hassecretuuid; bool persistent_state; diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng index 844a931deb..981ad10a37 100644 --- a/src/conf/schemas/domaincommon.rng +++ b/src/conf/schemas/domaincommon.rng @@ -5913,6 +5913,11 @@ <ref name="virYesNo"/> </attribute> </optional> + <optional> + <attribute name="debug"> + <ref name="uint8"/> + </attribute> + </optional> </group> <group> <attribute name="type"> diff --git a/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml b/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml index 79acde218b..8a613db456 100644 --- a/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml +++ b/tests/qemuxmlconfdata/tpm-emulator-tpm2.xml @@ -28,7 +28,7 @@ <input type='mouse' bus='ps2'/> <input type='keyboard' bus='ps2'/> <tpm model='tpm-tis'> - <backend type='emulator' version='2.0'> + <backend type='emulator' version='2.0' debug='3'> <encryption secret='b4a117f1-8af2-44a4-91b8-7f0d2d4d68a3'/> <active_pcr_banks> <sha256/> -- 2.45.1
This wires up the emulator 'debug' parameter to control the /usr/bin/swtpm 'level' parameter for logging. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- src/qemu/qemu_tpm.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index bf0c6bcb0d..2f17918cbb 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -611,7 +611,11 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, tpm->data.emulator.storagepath); virCommandAddArg(cmd, "--log"); - virCommandAddArgFormat(cmd, "file=%s", tpm->data.emulator.logfile); + if (tpm->data.emulator.debug != 0) + virCommandAddArgFormat(cmd, "file=%s,level=%u", tpm->data.emulator.logfile, + tpm->data.emulator.debug); + else + virCommandAddArgFormat(cmd, "file=%s", tpm->data.emulator.logfile); virCommandAddArg(cmd, "--terminate"); -- 2.45.1
On 7/4/24 13:47, Daniel P. Berrangé wrote:
When debugging guest problems with TPMs it is helpful to be able to have full swtpm logging. This isn't possible currently and manually restarting the swtpm process of a running guest is disruptive.
Daniel P. Berrangé (2): conf: add support for 'debug' parameter on TPM emulator qemu: set swtpm log level parameter
docs/formatdomain.rst | 6 ++++-- src/conf/domain_conf.c | 7 +++++++ src/conf/domain_conf.h | 1 + src/conf/schemas/domaincommon.rng | 5 +++++ src/qemu/qemu_tpm.c | 6 +++++- tests/qemuxmlconfdata/tpm-emulator-tpm2.xml | 2 +- 6 files changed, 23 insertions(+), 4 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
participants (2)
-
Daniel P. Berrangé -
Michal Prívozník