Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-82826

Request better error message to be propagated via QMP when vtpm migration fails

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.1
    • qemu-kvm / QMP Monitor and CLI
    • None
    • No
    • Low
    • rhel-virt-confidential-virt
    • ssg_virtualization
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      When migrate a VM with encrypted vtpm to a target host with different secret value, the error message does not show exact error.

      Request from RHEL-7041

      What is the impact of this issue to you?

      Please provide the package NVR for which the bug is seen:

      qemu-kvm-9.1.0-15.el10.x86_64

      libvirt-11.1.0-1.el10.x86_64:
      swtpm-0.9.0-5.el10.x86_64
      libtpms-0.9.6-10.el10.x86_64
      kernel-6.12.0-55.el10.x86_64

      How reproducible is this bug?:

      100%

      Steps to reproduce

      1. Create vtpm secret with same uuid but different values on both hosts.

      refer to https://libvirt.org/formatsecret.html#usage-type-vtpm

       

       

      2. Start guest with encrypted vtpm on source host.
      <tpm model='tpm-crb'>
      <backend type='emulator' version='2.0'>
      <encryption secret='1498c26a-fead-4b2f-8071-94f2aa6ca0c0'/>
      </backend>
      <alias name='tpm0'/>
      </tpm>

      3. Migrate guest to target host.

       

      Even with the new qemu feature:
# grep exit-on-error  /var/cache/libvirt/qemu/capabilities/ -Rin
/var/cache/libvirt/qemu/capabilities/3c76bc41d59c0c7314b1ae8e63f4f765d2cf16abaeea081b3ca1f5d8732f7bb1.xml:174:  <flag name='migrate-incoming.exit-on-error'/>

Error msg is still not as expected:
# virsh migrate rhel10-0 qemu+ssh://target_host/system --live --verboseMigration: [100.00 %]error: operation failed: migration failed. Message from the source host: operation failed: job 'migration out' failed: Sibling indicated error 1. Message from the destination host: operation failed: job 'migration in' failed: load of migration failed: Input/output error

       

       

      In target virtqemud log, qemu-kvm apparently knows the exact error: "TPM error 0x21 decryption error".

      2025-03-05T03:46:45.040350Z qemu-kvm: error while loading state for instance 0x0 of device 'tpm-emulator'
      2025-03-05T03:46:45.043988Z qemu-kvm: load of migration failed: Input/output error
      2025-03-05 03:46:45.044+0000: 42291: debug : qemuMonitorIO:517 : Error on monitor internal error: QEMU unexpectedly closed the monitor (vm='rhel10-0'): 2025-03-05T03:46:45.040299Z qemu-kvm: tpm-emulator: Setting the stateblob (type 1) failed with a TPM error 0x21 decryption error
      2025-03-05T03:46:45.040350Z qemu-kvm: error while loading state for instance 0x0 of device 'tpm-emulator'
      2025-03-05T03:46:45.043988Z qemu-kvm: load of migration failed: Input/output error mon=0x7f8a5402c430 vm=0x7f8a5400af70 name=rhel10-0

      Expected results

      Following exact error should also be propagated:

      0'): 2025-03-05T03:46:45.040299Z qemu-kvm: tpm-emulator: Setting the stateblob (type 1) failed with a TPM error 0x21 decryption error 2025-03-05T03:46:45.040350Z qemu-kvm: error while loading state for instance 0x0 of device 'tpm-emulator'

      Actual results

       

              rh-ee-armenon Arun Menon
              yanqzhan1@redhat.com Yanqiu Zhang
              virt-maint virt-maint
              Yiqian Wei Yiqian Wei
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated: