Skip to content

Commit

Permalink
Add support for VM suspend/resume for TPM TIS
Browse files Browse the repository at this point in the history 
Extend the TPM TIS code to support suspend/resume. In case a command
is being processed by the external TPM when suspending, wait for the command
to complete to catch the result. In case the bottom half did not run,
run the one function the bottom half is supposed to run. This then
makes the resume operation work.

The passthrough backend does not support suspend/resume operation
and is therefore blocked from suspend/resume and migration.

The CUSE TPM's supported capabilities are tested and if sufficient
capabilities are implemented, suspend/resume, snapshotting and
migration are supported by the CUSE TPM.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
  • Loading branch information
@stefanberger
stefanberger committed Dec 31, 2016
1 parent b9ea09d commit 27d332d
Show file tree
Hide file tree
Showing 6 changed files with 503 additions and 8 deletions.
130 changes: 123 additions & 7 deletions hw/tpm/tpm_passthrough.c
View file
Expand Up @@ -34,6 +34,8 @@
#include "tpm_tis.h"
#include "tpm_util.h"
#include "tpm_ioctl.h"
#include "migration/migration.h"
#include "qapi/error.h"

#define DEBUG_TPM 0

Expand All @@ -49,6 +51,7 @@
#define TYPE_TPM_CUSE "tpm-cuse"

static const TPMDriverOps tpm_passthrough_driver;
static const VMStateDescription vmstate_tpm_cuse;

/* data structures */
typedef struct TPMPassthruThreadParams {
Expand Down Expand Up @@ -79,6 +82,10 @@ struct TPMPassthruState {
QemuMutex state_lock;
QemuCond cmd_complete; /* singnaled once tpm_busy is false */
bool tpm_busy;

Error *migration_blocker;

TPMBlobBuffers tpm_blobs;
};

typedef struct TPMPassthruState TPMPassthruState;
Expand Down Expand Up @@ -304,6 +311,10 @@ static void tpm_passthrough_shutdown(TPMPassthruState *tpm_pt)
strerror(errno));
}
}
if (tpm_pt->migration_blocker) {
migrate_del_blocker(tpm_pt->migration_blocker);
error_free(tpm_pt->migration_blocker);
}
}

/*
Expand Down Expand Up @@ -358,12 +369,14 @@ static int tpm_passthrough_cuse_check_caps(TPMPassthruState *tpm_pt)
/*
* Initialize the external CUSE TPM
*/
static int tpm_passthrough_cuse_init(TPMPassthruState *tpm_pt)
static int tpm_passthrough_cuse_init(TPMPassthruState *tpm_pt,
bool is_resume)
{
int rc = 0;
ptm_init init = {
.u.req.init_flags = PTM_INIT_FLAG_DELETE_VOLATILE,
};
ptm_init init;
if (is_resume) {
init.u.req.init_flags = PTM_INIT_FLAG_DELETE_VOLATILE;
}

if (TPM_PASSTHROUGH_USES_CUSE_TPM(tpm_pt)) {
if (ioctl(tpm_pt->tpm_fd, PTM_INIT, &init) < 0) {
Expand Down Expand Up @@ -392,7 +405,7 @@ static int tpm_passthrough_startup_tpm(TPMBackend *tb)
tpm_passthrough_worker_thread,
&tpm_pt->tpm_thread_params);

tpm_passthrough_cuse_init(tpm_pt);
tpm_passthrough_cuse_init(tpm_pt, false);

return 0;
}
Expand Down Expand Up @@ -464,6 +477,32 @@ static int tpm_passthrough_reset_tpm_established_flag(TPMBackend *tb,
return rc;
}

static int tpm_cuse_get_state_blobs(TPMBackend *tb,
bool decrypted_blobs,
TPMBlobBuffers *tpm_blobs)
{
TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

assert(TPM_PASSTHROUGH_USES_CUSE_TPM(tpm_pt));

return tpm_util_cuse_get_state_blobs(tpm_pt->tpm_fd, decrypted_blobs,
tpm_blobs);
}

static int tpm_cuse_set_state_blobs(TPMBackend *tb,
TPMBlobBuffers *tpm_blobs)
{
TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

assert(TPM_PASSTHROUGH_USES_CUSE_TPM(tpm_pt));

if (tpm_util_cuse_set_state_blobs(tpm_pt->tpm_fd, tpm_blobs)) {
return 1;
}

return tpm_passthrough_cuse_init(tpm_pt, true);
}

static bool tpm_passthrough_get_startup_error(TPMBackend *tb)
{
TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
Expand All @@ -486,7 +525,7 @@ static void tpm_passthrough_deliver_request(TPMBackend *tb)
{
TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);

/* TPM considered busy once TPM Request scheduled for processing */
/* TPM considered busy once TPM request scheduled for processing */
qemu_mutex_lock(&tpm_pt->state_lock);
tpm_pt->tpm_busy = true;
qemu_mutex_unlock(&tpm_pt->state_lock);
Expand Down Expand Up @@ -599,6 +638,25 @@ static int tpm_passthrough_open_sysfs_cancel(TPMBackend *tb)
return fd;
}

static void tpm_passthrough_block_migration(TPMPassthruState *tpm_pt)
{
ptm_cap caps;

if (TPM_PASSTHROUGH_USES_CUSE_TPM(tpm_pt)) {
caps = PTM_CAP_GET_STATEBLOB | PTM_CAP_SET_STATEBLOB |
PTM_CAP_STOP;
if (!TPM_CUSE_IMPLEMENTS_ALL(tpm_pt, caps)) {
error_setg(&tpm_pt->migration_blocker,
"Migration disabled: CUSE TPM lacks necessary capabilities");
migrate_add_blocker(tpm_pt->migration_blocker);
}
} else {
error_setg(&tpm_pt->migration_blocker,
"Migration disabled: Passthrough TPM does not support migration");
migrate_add_blocker(tpm_pt->migration_blocker);
}
}

static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
{
TPMPassthruState *tpm_pt = TPM_PASSTHROUGH(tb);
Expand Down Expand Up @@ -640,7 +698,7 @@ static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
goto err_close_tpmdev;
}
/* init TPM for probing */
if (tpm_passthrough_cuse_init(tpm_pt)) {
if (tpm_passthrough_cuse_init(tpm_pt, false)) {
goto err_close_tpmdev;
}
}
Expand All @@ -657,6 +715,7 @@ static int tpm_passthrough_handle_device_opts(QemuOpts *opts, TPMBackend *tb)
}
}

tpm_passthrough_block_migration(tpm_pt);

return 0;

Expand Down Expand Up @@ -764,10 +823,13 @@ static void tpm_passthrough_inst_init(Object *obj)

qemu_mutex_init(&tpm_pt->state_lock);
qemu_cond_init(&tpm_pt->cmd_complete);

vmstate_register(NULL, -1, &vmstate_tpm_cuse, obj);
}

static void tpm_passthrough_inst_finalize(Object *obj)
{
vmstate_unregister(NULL, &vmstate_tpm_cuse, obj);
}

static void tpm_passthrough_class_init(ObjectClass *klass, void *data)
Expand Down Expand Up @@ -800,6 +862,60 @@ static const char *tpm_passthrough_cuse_create_desc(void)
return "CUSE TPM backend driver";
}

static void tpm_cuse_pre_save(void *opaque)
{
TPMPassthruState *tpm_pt = opaque;
TPMBackend *tb = &tpm_pt->parent;

qemu_mutex_lock(&tpm_pt->state_lock);
/* wait for TPM to finish processing */
if (tpm_pt->tpm_busy) {
qemu_cond_wait(&tpm_pt->cmd_complete, &tpm_pt->state_lock);
}
qemu_mutex_unlock(&tpm_pt->state_lock);

/* get the decrypted state blobs from the TPM */
tpm_cuse_get_state_blobs(tb, TRUE, &tpm_pt->tpm_blobs);
}

static int tpm_cuse_post_load(void *opaque,
int version_id __attribute__((unused)))
{
TPMPassthruState *tpm_pt = opaque;
TPMBackend *tb = &tpm_pt->parent;

return tpm_cuse_set_state_blobs(tb, &tpm_pt->tpm_blobs);
}

static const VMStateDescription vmstate_tpm_cuse = {
.name = "cuse-tpm",
.version_id = 1,
.minimum_version_id = 0,
.minimum_version_id_old = 0,
.pre_save = tpm_cuse_pre_save,
.post_load = tpm_cuse_post_load,
.fields = (VMStateField[]) {
VMSTATE_UINT32(tpm_blobs.permanent_flags, TPMPassthruState),
VMSTATE_UINT32(tpm_blobs.permanent.size, TPMPassthruState),
VMSTATE_VBUFFER_ALLOC_UINT32(tpm_blobs.permanent.buffer,
TPMPassthruState, 1, NULL, 0,
tpm_blobs.permanent.size),

VMSTATE_UINT32(tpm_blobs.volatil_flags, TPMPassthruState),
VMSTATE_UINT32(tpm_blobs.volatil.size, TPMPassthruState),
VMSTATE_VBUFFER_ALLOC_UINT32(tpm_blobs.volatil.buffer,
TPMPassthruState, 1, NULL, 0,
tpm_blobs.volatil.size),

VMSTATE_UINT32(tpm_blobs.savestate_flags, TPMPassthruState),
VMSTATE_UINT32(tpm_blobs.savestate.size, TPMPassthruState),
VMSTATE_VBUFFER_ALLOC_UINT32(tpm_blobs.savestate.buffer,
TPMPassthruState, 1, NULL, 0,
tpm_blobs.savestate.size),
VMSTATE_END_OF_LIST()
}
};

static const TPMDriverOps tpm_cuse_driver = {
.type = TPM_TYPE_CUSE_TPM,
.opts = tpm_passthrough_cmdline_opts,
Expand Down
137 changes: 136 additions & 1 deletion hw/tpm/tpm_tis.c
View file
Expand Up @@ -367,6 +367,8 @@ static void tpm_tis_receive_bh(void *opaque)
TPMTISEmuState *tis = &s->s.tis;
uint8_t locty = s->locty_number;

tis->bh_scheduled = false;

qemu_mutex_lock(&s->state_lock);

tpm_tis_sts_set(&tis->loc[locty],
Expand Down Expand Up @@ -414,6 +416,8 @@ static void tpm_tis_receive_cb(TPMState *s, uint8_t locty,
qemu_mutex_unlock(&s->state_lock);

qemu_bh_schedule(tis->bh);

tis->bh_scheduled = true;
}

/*
Expand Down Expand Up @@ -1029,9 +1033,140 @@ static void tpm_tis_reset(DeviceState *dev)
tpm_tis_do_startup_tpm(s);
}


/* persistent state handling */

static void tpm_tis_pre_save(void *opaque)
{
TPMState *s = opaque;
TPMTISEmuState *tis = &s->s.tis;
uint8_t locty = tis->active_locty;

DPRINTF("tpm_tis: suspend: locty = %d : r_offset = %d, w_offset = %d\n",
locty, tis->loc[0].r_offset, tis->loc[0].w_offset);
#ifdef DEBUG_TIS
tpm_tis_dump_state(opaque, 0);
#endif

qemu_mutex_lock(&s->state_lock);

/* wait for outstanding request to complete */
if (TPM_TIS_IS_VALID_LOCTY(locty) &&
tis->loc[locty].state == TPM_TIS_STATE_EXECUTION) {
/*
* If we get here when the bh is scheduled but did not run,
* we won't get notified...
*/
if (!tis->bh_scheduled) {
/* backend thread to notify us */
qemu_cond_wait(&s->cmd_complete, &s->state_lock);
}
if (tis->loc[locty].state == TPM_TIS_STATE_EXECUTION) {
/* bottom half did not run - run its function */
qemu_mutex_unlock(&s->state_lock);
tpm_tis_receive_bh(opaque);
qemu_mutex_lock(&s->state_lock);
}
}

qemu_mutex_unlock(&s->state_lock);

/* copy current active read or write buffer into the buffer
written to disk */
if (TPM_TIS_IS_VALID_LOCTY(locty)) {
switch (tis->loc[locty].state) {
case TPM_TIS_STATE_RECEPTION:
memcpy(tis->buf,
tis->loc[locty].w_buffer.buffer,
MIN(sizeof(tis->buf),
tis->loc[locty].w_buffer.size));
tis->offset = tis->loc[locty].w_offset;
break;
case TPM_TIS_STATE_COMPLETION:
memcpy(tis->buf,
tis->loc[locty].r_buffer.buffer,
MIN(sizeof(tis->buf),
tis->loc[locty].r_buffer.size));
tis->offset = tis->loc[locty].r_offset;
break;
default:
/* leak nothing */
memset(tis->buf, 0x0, sizeof(tis->buf));
break;
}
}
}

static int tpm_tis_post_load(void *opaque,
int version_id __attribute__((unused)))
{
TPMState *s = opaque;
TPMTISEmuState *tis = &s->s.tis;

uint8_t locty = tis->active_locty;

if (TPM_TIS_IS_VALID_LOCTY(locty)) {
switch (tis->loc[locty].state) {
case TPM_TIS_STATE_RECEPTION:
memcpy(tis->loc[locty].w_buffer.buffer,
tis->buf,
MIN(sizeof(tis->buf),
tis->loc[locty].w_buffer.size));
tis->loc[locty].w_offset = tis->offset;
break;
case TPM_TIS_STATE_COMPLETION:
memcpy(tis->loc[locty].r_buffer.buffer,
tis->buf,
MIN(sizeof(tis->buf),
tis->loc[locty].r_buffer.size));
tis->loc[locty].r_offset = tis->offset;
break;
default:
break;
}
}

DPRINTF("tpm_tis: resume : locty = %d : r_offset = %d, w_offset = %d\n",
locty, tis->loc[0].r_offset, tis->loc[0].w_offset);

return 0;
}

static const VMStateDescription vmstate_locty = {
.name = "loc",
.version_id = 1,
.minimum_version_id = 0,
.minimum_version_id_old = 0,
.fields = (VMStateField[]) {
VMSTATE_UINT32(state, TPMLocality),
VMSTATE_UINT32(inte, TPMLocality),
VMSTATE_UINT32(ints, TPMLocality),
VMSTATE_UINT8(access, TPMLocality),
VMSTATE_UINT32(sts, TPMLocality),
VMSTATE_UINT32(iface_id, TPMLocality),
VMSTATE_END_OF_LIST(),
}
};

static const VMStateDescription vmstate_tpm_tis = {
.name = "tpm",
.unmigratable = 1,
.version_id = 1,
.minimum_version_id = 0,
.minimum_version_id_old = 0,
.pre_save = tpm_tis_pre_save,
.post_load = tpm_tis_post_load,
.fields = (VMStateField[]) {
VMSTATE_UINT32(s.tis.offset, TPMState),
VMSTATE_BUFFER(s.tis.buf, TPMState),
VMSTATE_UINT8(s.tis.active_locty, TPMState),
VMSTATE_UINT8(s.tis.aborting_locty, TPMState),
VMSTATE_UINT8(s.tis.next_locty, TPMState),

VMSTATE_STRUCT_ARRAY(s.tis.loc, TPMState, TPM_TIS_NUM_LOCALITIES, 1,
vmstate_locty, TPMLocality),

VMSTATE_END_OF_LIST()
}
};

static Property tpm_tis_properties[] = {
Expand Down
2 changes: 2 additions & 0 deletions hw/tpm/tpm_tis.h
View file
Expand Up @@ -54,6 +54,8 @@ typedef struct TPMLocality {

typedef struct TPMTISEmuState {
QEMUBH *bh;
bool bh_scheduled; /* bh scheduled but did not run yet */

uint32_t offset;
uint8_t buf[TPM_TIS_BUFFER_MAX];

Expand Down

0 comments on commit 27d332d

Please sign in to comment.