Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2233310/?format=api
{ "id": 2233310, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2233310/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260506075813.120781-7-armenon@redhat.com/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/1.2/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260506075813.120781-7-armenon@redhat.com>", "list_archive_url": null, "date": "2026-05-06T07:58:13", "name": "[v7,6/6] hw/tpm: Add support for VM migration with TPM CRB chunking", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "790c2326505a82a31d7774ca57fde07fd37a7636", "submitter": { "id": 91136, "url": "http://patchwork.ozlabs.org/api/1.2/people/91136/?format=api", "name": "Arun Menon", "email": "armenon@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/20260506075813.120781-7-armenon@redhat.com/mbox/", "series": [ { "id": 502931, "url": "http://patchwork.ozlabs.org/api/1.2/series/502931/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=502931", "date": "2026-05-06T07:58:09", "name": "hw/tpm: CRB chunking capability to handle PQC", "version": 7, "mbox": "http://patchwork.ozlabs.org/series/502931/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2233310/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2233310/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=Ts488kS2;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=google header.b=hKs77L4H;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists1p.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g9SSx4qSHz1yJq\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 06 May 2026 17:59:13 +1000 (AEST)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists1p.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1wKX9p-0005ic-NQ; Wed, 06 May 2026 03:59:01 -0400", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <armenon@redhat.com>)\n id 1wKX9n-0005cn-N9\n for qemu-devel@nongnu.org; Wed, 06 May 2026 03:58:59 -0400", "from us-smtp-delivery-124.mimecast.com ([170.10.133.124])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <armenon@redhat.com>)\n id 1wKX9l-0000i6-Vr\n for qemu-devel@nongnu.org; Wed, 06 May 2026 03:58:59 -0400", "from mail-pl1-f200.google.com (mail-pl1-f200.google.com\n [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-232-g4dqA67-MQyXcbmDJe5eiA-1; Wed, 06 May 2026 03:58:56 -0400", "by mail-pl1-f200.google.com with SMTP id\n d9443c01a7336-2ba5f794825so9484185ad.0\n for <qemu-devel@nongnu.org>; Wed, 06 May 2026 00:58:56 -0700 (PDT)", "from fedora.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.106.26])\n by smtp.gmail.com with ESMTPSA id\n d9443c01a7336-2ba7ca29f9dsm15439865ad.78.2026.05.06.00.58.48\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 06 May 2026 00:58:52 -0700 (PDT)" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1778054337;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:\n content-transfer-encoding:content-transfer-encoding:\n in-reply-to:in-reply-to:references:references;\n bh=wLOTFeibi/SJQNjXUnMOcOvEOv6uYoUj8D8DXGCDyqY=;\n b=Ts488kS28JvvwD2nM/YTab4NJLkdI838rQ8Rhf9iJNgDD+qhKE6clKvVvyCVqBzmoForT4\n F/33m6Q7KO6Z4TSDo1xP0GnAxOaZDU18SJWD4dgv3v/zhpjVrC7A5cMpOvSwY8mMVdFoGG\n 4YbKoQ1gYalKEBLo1kYNEBgB3MfItwU=", "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=redhat.com; s=google; t=1778054335; x=1778659135; darn=nongnu.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=wLOTFeibi/SJQNjXUnMOcOvEOv6uYoUj8D8DXGCDyqY=;\n b=hKs77L4HN4dx9nahucYjIUrZKptIpcJvG6UGHRre1HOMX4injrdQ3mWsbAqIrKyWIl\n SXs8UwiTaFj8C8cTYJ5cvA9TzY8xa7y/Ekbtb+Ek2NLqUBloAWx4fUgiBAmIz3VXcU3d\n UwVWh4PdRBaFvIZSZI3Q+O5/M0SAgd/vM1GGRuGyHce/4nPJ5C1oKnf4H1dFgP2Ezol6\n 2/bT7Or0L1PvOWX7hunRGX45QghrDGSjeBEC7IT4gJQ9qFgAIi6BiCgDRlKhd0z1lADN\n B4Y3ve+aGQMd/KdH385FSoldh3gjM2gzO/5831ZrDiW9HDYX+tclKbJwfY3AXXxrIJiX\n 4VnA==" ], "X-MC-Unique": "g4dqA67-MQyXcbmDJe5eiA-1", "X-Mimecast-MFC-AGG-ID": "g4dqA67-MQyXcbmDJe5eiA_1778054335", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1778054335; x=1778659135;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=wLOTFeibi/SJQNjXUnMOcOvEOv6uYoUj8D8DXGCDyqY=;\n b=V/5/22kEz6k8M4DBVDNfhX2FGta2iNSyCvYhpisDAmUlncu+oqa6O/8v4dCbVcIscO\n wIfdV1nNWkWkUzc81/86S3sha+IxsRtF54sHurz5mHQHvJ/fEZAPsfuoBtBO242X/Etr\n oUEz2t8dH/43/ePImqoYCUANCoLBJLA6uRrN0m+1B6IbZPEK8tviZUpjJNk4Ls7XItf+\n YFMyuFDwoYhl0bq1rcWsxcXkYusaJsrOsVqIA15z5I54sAhPOcW+AIZ4j84ZxYxdFgaA\n MjClo/0uwcLfIcJ2MD6ZOWKN148YGVxCl/9uG4qa0sgrRN6S8zBrrYnhMC7p43tHDTod\n tb6Q==", "X-Gm-Message-State": "AOJu0YygSYHTcl+TDSiMJjh9XQdcR0ybuNO4880MX94ONRWgGOh1/oo9\n jbZcEIdDO6QlUXGMRNcBnh2b2Nx+QABKA7XrAAfqtT3UXZE81lpLUJjekwNCg2gDW7/4mkrpySg\n m6Dm3toMjglFLmBUKKFLWSMcZAmkz+HLOthmfGh/bbea/mVdgQPmvCaNuW/XkBCXXntQNSlZAdT\n FvppKePeGTjBgZXYC66LWAMMPptz06MDZACxvF0oc=", "X-Gm-Gg": "AeBDieu97kwklrfvxP2dtyXjdRV7blBJncGEpRcrcm7lEW/oUuQq7ULWdQnOoxFWT0K\n dNHrStbZxnRdSC+Gd5YgwJ79QxvFmnf88K1Hy268EpkocdEdR21HFeCBnGf7nyI36tE254aMk9j\n HMAYzs+zRWUyiyGLVfQ/HRu5NfkaZMI8rTz6pJkWoFu/1UamOwnOObh5KkkdGKmCZs+l+MQKj5i\n mzL2yLN0tRfgF9/11uY/Ffb0e/4w87SEzoVvTGwkmQLArkic+StfJ+mnN5KjpNPveZc4RtSUgZo\n w7AdZ+82lhoODWv/5++J5B/VtqOI7lZHYg8W70oOqVbWzgMdYXXDhdOsbqqeg98uimTbwkRlK+q\n Qe/BGWMuiJE/8Cc2fnJUod8tTuY4doCN/w9tbiDNudLM8QOMOuiZGEERXxd7Ueb4/1HTDBITQ", "X-Received": [ "by 2002:a17:902:8487:b0:2b2:b117:1e1b with SMTP id\n d9443c01a7336-2ba78f72f68mr15876755ad.17.1778054334950;\n Wed, 06 May 2026 00:58:54 -0700 (PDT)", "by 2002:a17:902:8487:b0:2b2:b117:1e1b with SMTP id\n d9443c01a7336-2ba78f72f68mr15876255ad.17.1778054333651;\n Wed, 06 May 2026 00:58:53 -0700 (PDT)" ], "From": "Arun Menon <armenon@redhat.com>", "To": "qemu-devel@nongnu.org", "Cc": "Zhao Liu <zhao1.liu@intel.com>,\n Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,\n Ani Sinha <anisinha@redhat.com>, Fabiano Rosas <farosas@suse.de>,\n marcandre.lureau@redhat.com, Stefan Berger <stefanb@linux.vnet.ibm.com>,\n\t=?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= <philmd@linaro.org>,\n Yanan Wang <wangyanan55@huawei.com>, Paolo Bonzini <pbonzini@redhat.com>,\n Laurent Vivier <lvivier@redhat.com>, \"Michael S. Tsirkin\" <mst@redhat.com>,\n Igor Mammedov <imammedo@redhat.com>, Arun Menon <armenon@redhat.com>,\n Stefan Berger <stefanb@linux.ibm.com>", "Subject": "[PATCH v7 6/6] hw/tpm: Add support for VM migration with TPM CRB\n chunking", "Date": "Wed, 6 May 2026 13:28:13 +0530", "Message-ID": "<20260506075813.120781-7-armenon@redhat.com>", "X-Mailer": "git-send-email 2.54.0", "In-Reply-To": "<20260506075813.120781-1-armenon@redhat.com>", "References": "<20260506075813.120781-1-armenon@redhat.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "Received-SPF": "pass client-ip=170.10.133.124; envelope-from=armenon@redhat.com;\n helo=us-smtp-delivery-124.mimecast.com", "X-Spam_score_int": "-24", "X-Spam_score": "-2.5", "X-Spam_bar": "--", "X-Spam_report": "(-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.443,\n DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,\n RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001,\n SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "From: Arun Menon <armenon@redhat.com>\n\n- Add subsection in VMState for TPM CRB with the newly introduced\n command and response buffer GByteArrays, along with a needed callback,\n so that newer QEMU only sends the buffers if it is necessary.\n- Implement a migration blocker to prevent migration of the VM if the\n user manually enables chunking capability, cap-chunk, but the machine\n type does not support it, using a new hw_compat property called\n allow_chunk_migration.\n- Add a post_load_errp hook so that during a migration, the buffers are\n validated before destination VM is started.\n\nSigned-off-by: Arun Menon <armenon@redhat.com>\nReviewed-by: Stefan Berger <stefanb@linux.ibm.com>\n---\n hw/core/machine.c | 1 +\n hw/tpm/tpm_crb.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++\n 2 files changed, 68 insertions(+)", "diff": "diff --git a/hw/core/machine.c b/hw/core/machine.c\nindex 4e0a93e231..30464b21ac 100644\n--- a/hw/core/machine.c\n+++ b/hw/core/machine.c\n@@ -41,6 +41,7 @@\n \n GlobalProperty hw_compat_11_0[] = {\n { \"tpm-crb\", \"cap-chunk\", \"off\" },\n+ { \"tpm-crb\", \"x-allow-chunk-migration\", \"off\" },\n };\n const size_t hw_compat_11_0_len = G_N_ELEMENTS(hw_compat_11_0);\n \ndiff --git a/hw/tpm/tpm_crb.c b/hw/tpm/tpm_crb.c\nindex f85df08185..54fa2042b5 100644\n--- a/hw/tpm/tpm_crb.c\n+++ b/hw/tpm/tpm_crb.c\n@@ -24,6 +24,7 @@\n #include \"hw/pci/pci_ids.h\"\n #include \"hw/acpi/tpm.h\"\n #include \"migration/vmstate.h\"\n+#include \"migration/blocker.h\"\n #include \"system/tpm_backend.h\"\n #include \"system/tpm_util.h\"\n #include \"system/reset.h\"\n@@ -50,6 +51,8 @@ struct CRBState {\n TPMPPI ppi;\n \n bool cap_chunk;\n+ bool allow_chunk_migration;\n+ Error *migration_blocker;\n };\n typedef struct CRBState CRBState;\n \n@@ -349,18 +352,68 @@ static int tpm_crb_pre_save(void *opaque)\n return 0;\n }\n \n+static bool tpm_crb_chunk_needed(void *opaque)\n+{\n+ CRBState *s = opaque;\n+\n+ if (!s->allow_chunk_migration) {\n+ return false;\n+ }\n+\n+ return ((s->command_buffer && s->command_buffer->len > 0) ||\n+ (s->response_buffer && s->response_buffer->len > 0));\n+}\n+\n+static bool tpm_crb_chunk_post_load(void *opaque, int version_id, Error **errp)\n+{\n+ CRBState *s = opaque;\n+\n+ /*\n+ * The external TPM emulator (example swtpm) determines the backend\n+ * buffer capacity (s->be_buffer_size). This check ensures that if we\n+ * migrate from a source with a PQC-enabled emulator that supports\n+ * larger buffers to a destination with a non-PQC emulator, the\n+ * migrated data does not exceed the destination's capacity.\n+ */\n+ if (s->response_buffer->len > s->be_buffer_size ||\n+ s->command_buffer->len > s->be_buffer_size) {\n+ error_setg(errp, \"tpm-crb: Buffer sizes exceed backend capacity\");\n+ return false;\n+ }\n+ return true;\n+}\n+\n+static const VMStateDescription vmstate_tpm_crb_chunk = {\n+ .name = \"tpm-crb/chunk\",\n+ .version_id = 0,\n+ .needed = tpm_crb_chunk_needed,\n+ .post_load_errp = tpm_crb_chunk_post_load,\n+ .fields = (const VMStateField[]) {\n+ VMSTATE_GBYTEARRAY(command_buffer, CRBState, 0),\n+ VMSTATE_GBYTEARRAY(response_buffer, CRBState, 0),\n+ VMSTATE_UINT32(response_offset, CRBState),\n+ VMSTATE_END_OF_LIST()\n+ }\n+};\n+\n static const VMStateDescription vmstate_tpm_crb = {\n .name = \"tpm-crb\",\n .pre_save = tpm_crb_pre_save,\n .fields = (const VMStateField[]) {\n VMSTATE_UINT32_ARRAY(regs, CRBState, TPM_CRB_R_MAX),\n VMSTATE_END_OF_LIST(),\n+ },\n+ .subsections = (const VMStateDescription * const []) {\n+ &vmstate_tpm_crb_chunk,\n+ NULL,\n }\n };\n \n static const Property tpm_crb_properties[] = {\n DEFINE_PROP_TPMBE(\"tpmdev\", CRBState, tpmbe),\n DEFINE_PROP_BOOL(\"cap-chunk\", CRBState, cap_chunk, true),\n+ DEFINE_PROP_BOOL(\"x-allow-chunk-migration\", CRBState,\n+ allow_chunk_migration, true),\n };\n \n static void tpm_crb_reset(void *dev)\n@@ -415,6 +468,7 @@ static void tpm_crb_reset(void *dev)\n static void tpm_crb_realize(DeviceState *dev, Error **errp)\n {\n CRBState *s = CRB(dev);\n+ int ret;\n \n if (!tpm_find()) {\n error_setg(errp, \"at most one TPM device is permitted\");\n@@ -424,6 +478,15 @@ static void tpm_crb_realize(DeviceState *dev, Error **errp)\n error_setg(errp, \"'tpmdev' property is required\");\n return;\n }\n+ if (s->cap_chunk && !s->allow_chunk_migration) {\n+ error_setg(&s->migration_blocker,\n+ \"The tpm-crb device does not support chunk migration with \"\n+ \"machine version less than 11.1\");\n+ ret = migrate_add_blocker_normal(&s->migration_blocker, errp);\n+ if (ret < 0) {\n+ return;\n+ }\n+ }\n \n memory_region_init_io(&s->mmio, OBJECT(s), &tpm_crb_memory_ops, s,\n \"tpm-crb-mmio\", sizeof(s->regs));\n@@ -454,6 +517,10 @@ static void tpm_crb_unrealize(DeviceState *dev)\n \n g_clear_pointer(&s->command_buffer, g_byte_array_unref);\n g_clear_pointer(&s->response_buffer, g_byte_array_unref);\n+\n+ if (s->migration_blocker) {\n+ migrate_del_blocker(&s->migration_blocker);\n+ }\n }\n \n static void tpm_crb_class_init(ObjectClass *klass, const void *data)\n", "prefixes": [ "v7", "6/6" ] }