vTPM communication and error handling refactoring #4400
+1,889
−318
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
shjala
requested review from
OhmSpectator,
rene,
rouming and
milan-zededa
as code owners
github-actions
bot
requested review from
eriknordmark,
jsfakian,
rucoder and
uncleDecart
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
shjala
changed the title
shjala
force-pushed
the
vtpm.server
branch
2 times, most recently
from
c0960cb
to
e39c549
Compare
This changes refactors the control socket communication and error handling in the vTPM (server) and KVM (client). The control socket communication is now handled by HTTP over UDS, and the error handling is improved, since the vTPM server now returns an error message when an error occurs. Signed-off-by: Shahriyar Jalayeri <[email protected]>
Use a defer function to ensure that the virtual TPM is always terminated when the domain manager hits an error during the setup process or boot process. Signed-off-by: Shahriyar Jalayeri <[email protected]>
When server gets a launch request, it checks if the the requested instance is already running, but it only checks the internal list and not actually the running instances. This can lead to server thinking the instance is running but client fails to get the PID with error "failed to get pid from file ...". Signed-off-by: Shahriyar Jalayeri <[email protected]>
Validate ID before using it in, it must be in form of a UUID. Signed-off-by: Shahriyar Jalayeri <[email protected]>
Kick watchdog more often when waiting, better be safe than sorry. Signed-off-by: Shahriyar Jalayeri <[email protected]>
shjala
force-pushed
the
vtpm.server
branch
3 times, most recently
from
36e4d69
to
16be694
Compare
shjala
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #4400 +/- ##
=======================================
Coverage 20.93% 20.93%
=======================================
Files 13 13
Lines 2895 2895
=======================================
Hits 606 606
Misses 2163 2163
Partials 126 126 ☔ View full report in Codecov by Sentry. |
|
@shjala. could you please add |
sure can do. |
|
I'm looking into PR, but I'm frequently interrupted, so it will take time. However, it's not abandoned! |
| status.VirtualTPM = true | ||
| defer func(status *types.DomainStatus) { | ||
| if status.BootFailed || status.HasError() { |
There was a problem hiding this comment.
We have discussed these conditions with @shjala, and it looks like a more reliable way to check that we do not need to terminate the vTMP is status.Activated set to true, as it guarantees that ActivateTails finished successfully.
shjala
force-pushed
the
vtpm.server
branch
2 times, most recently
from
d51a9fa
to
141ff1b
Compare
Refactor vTPM setup/term/teardown functions to call the vTPM server endpoints asynchronously, this remove the timeout guessworks and make the vTPM setup more reliable. Refactor vTPM setup functions to accept all watchdog related parameters as struct. Signed-off-by: Shahriyar Jalayeri <[email protected]>
The domainmanager calls vTPM server asynchronously, so we dont need to worry and set the wait time too low to return quicly to prevent a watchdog kill on pillar. Signed-off-by: Shahriyar Jalayeri <[email protected]>
shjala
force-pushed
the
vtpm.server
branch
2 times, most recently
from
624a4e5
to
4fd6d20
Compare
Add vtpm vendor directory to .spdxignore. Signed-off-by: Shahriyar Jalayeri <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request includes changes to the
vtpm,domainmgrandkvmcomponents to improve the handling of virtual TPM (vTPM) instances. The changes enhance error handling, refactor the vTPM launch and termination processes, and introduce HTTP-based communication for vTPM commands.vTPM : refactor control socket communication and error handling
This changes refactors the control socket communication and error handling
in the vTPM (server) and KVM (client). The control socket communication
is now handled by HTTP over UDS, and the error handling is improved,
since the vTPM server now returns an error message when an error occurs.
Domainmgr : refactor virtual TPM setup and termination
Use a defer function to ensure that the virtual TPM is always terminated
when the domain manager hits an error during the setup process or boot
process.
vTPM : fix bug when getting launch request
When server gets a launch request, it checks if the the requested
instance is already running, but it only checks the internal list and
not actually the running instances. This can lead to server thinking
the instance is running but client fails to get the PID with error
"failed to get pid from file ...".
domainmgr : call vTPM asynchronously
Refactor vTPM setup/term/teardown functions to call the vTPM server
endpoints asynchronously, this remove the timeout guessworks and make the
vTPM setup more reliable.