[pve-devel] [PATCH qemu-server 08/31] backup: use blockdev for TPM state file

Fabian Grünbichler f.gruenbichler at proxmox.com
Mon Jun 30 12:15:08 CEST 2025 

On June 27, 2025 5:57 pm, Fiona Ebner wrote:
> Signed-off-by: Fiona Ebner <f.ebner at proxmox.com>
> ---
>  src/PVE/QemuServer/Blockdev.pm | 22 +++++++++++++++++++++-
>  src/PVE/VZDump/QemuServer.pm   | 19 ++++++++++---------
>  2 files changed, 31 insertions(+), 10 deletions(-)
> 
> diff --git a/src/PVE/QemuServer/Blockdev.pm b/src/PVE/QemuServer/Blockdev.pm
> index 28a759a8..85887ab7 100644
> --- a/src/PVE/QemuServer/Blockdev.pm
> +++ b/src/PVE/QemuServer/Blockdev.pm
> @@ -14,6 +14,18 @@ use PVE::Storage;
>  use PVE::QemuServer::Drive qw(drive_is_cdrom);
>  use PVE::QemuServer::Monitor qw(mon_cmd);
>  
> +my sub tpm_backup_node_name {
> +    my ($type, $drive_id) = @_;
> +
> +    if ($type eq 'fmt') {
> +        return "drive-$drive_id-backup"; # this is the top node
> +    } elsif ($type eq 'file') {
> +        return "$drive_id-backup-file"; # drop the "drive-" prefix to be sure, max length is 31
> +    }

similar question as with previous patch

> +
> +    die "unknown node type for fleecing '$type'";

s/fleecing/tpm backup node/ ?

> +}
> +
>  my sub fleecing_node_name {
>      my ($type, $drive_id) = @_;
>  
> @@ -36,6 +48,7 @@ my sub get_node_name {
>      my ($type, $drive_id, $volid, $options) = @_;
>  
>      return fleecing_node_name($type, $drive_id) if $options->{fleecing};
> +    return tpm_backup_node_name($type, $drive_id) if $options->{'tpm-backup'};
>  
>      my $snap = $options->{'snapshot-name'};
>  
> @@ -235,7 +248,8 @@ sub generate_drive_blockdev {
>      my $child = generate_file_blockdev($storecfg, $drive, $options);
>      $child = generate_format_blockdev($storecfg, $drive, $child, $options);
>  
> -    return $child if $options->{fleecing}; # for fleecing, this is already the top node
> +    # for fleecing and TPM backup, this is already the top node
> +    return $child if $options->{fleecing} || $options->{'tpm-backup'};
>  
>      # this is the top filter entry point, use $drive-drive_id as nodename
>      return {
> @@ -377,6 +391,12 @@ sub detach {
>      return;
>  }
>  
> +sub detach_tpm_backup_node {
> +    my ($vmid) = @_;
> +
> +    detach($vmid, "drive-tpmstate0-backup");
> +}
> +
>  sub detach_fleecing_block_nodes {
>      my ($vmid, $log_func) = @_;
>  
> diff --git a/src/PVE/VZDump/QemuServer.pm b/src/PVE/VZDump/QemuServer.pm
> index 8b643bc4..f3e292e7 100644
> --- a/src/PVE/VZDump/QemuServer.pm
> +++ b/src/PVE/VZDump/QemuServer.pm
> @@ -158,7 +158,7 @@ sub prepare {
>          if ($ds eq 'tpmstate0') {
>              # TPM drive only exists for backup, which is reflected in the name
>              $diskinfo->{qmdevice} = 'drive-tpmstate0-backup';
> -            $task->{tpmpath} = $path;
> +            $task->{'tpm-volid'} = $volid;
>          }
>  
>          if (-b $path) {
> @@ -474,24 +474,25 @@ my $query_backup_status_loop = sub {
>  my $attach_tpmstate_drive = sub {
>      my ($self, $task, $vmid) = @_;
>  
> -    return if !$task->{tpmpath};
> +    return if !$task->{'tpm-volid'};
>  
>      # unconditionally try to remove the tpmstate-named drive - it only exists
>      # for backing up, and avoids errors if left over from some previous event
> -    eval { PVE::QemuServer::qemu_drivedel($vmid, "tpmstate0-backup"); };
> +    eval { PVE::QemuServer::Blockdev::detach_tpm_backup_node($vmid); };
>  
>      $self->loginfo('attaching TPM drive to QEMU for backup');
>  
> -    my $drive = "file=$task->{tpmpath},if=none,read-only=on,id=drive-tpmstate0-backup";
> -    $drive =~ s/\\/\\\\/g;
> -    my $ret = PVE::QemuServer::Monitor::hmp_cmd($vmid, "drive_add auto \"$drive\"", 60);
> -    die "attaching TPM drive failed - $ret\n" if $ret !~ m/OK/s;
> +    my $drive = { file => $task->{'tpm-volid'}, interface => 'tpmstate', index => 0 };
> +    my $extra_options = { 'tpm-backup' => 1, 'read-only' => 1 };
> +    PVE::QemuServer::Blockdev::attach($self->{storecfg}, $vmid, $drive, $extra_options);
>  };
>  
>  my $detach_tpmstate_drive = sub {
>      my ($task, $vmid) = @_;
> -    return if !$task->{tpmpath} || !PVE::QemuServer::check_running($vmid);
> -    eval { PVE::QemuServer::qemu_drivedel($vmid, "tpmstate0-backup"); };
> +
> +    return if !$task->{'tpm-volid'} || !PVE::QemuServer::Helpers::vm_running_locally($vmid);
> +
> +    eval { PVE::QemuServer::Blockdev::detach_tpm_backup_node($vmid); };
>  };
>  
>  my sub add_backup_performance_options {
> -- 
> 2.47.2
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
>

More information about the pve-devel mailing list