On November 19, 2025 12:59 pm, Fiona Ebner wrote: > QSD and swtpm currently are not prepared for dealing with > blockdev-replace and rename operations that snapshot or snapshot > remove operations with a snapshot-as-volume-chain storage entail. > > Reported-by: Friedrich Weber <[email protected]> > Signed-off-by: Fiona Ebner <[email protected]>
Reviewed-by: Fabian Grünbichler <[email protected]> unfortunate, but we have to live with this limitation for now.. > --- > src/PVE/API2/Qemu.pm | 52 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 52 insertions(+) > > diff --git a/src/PVE/API2/Qemu.pm b/src/PVE/API2/Qemu.pm > index 5cdba4bb..c580bf63 100644 > --- a/src/PVE/API2/Qemu.pm > +++ b/src/PVE/API2/Qemu.pm > @@ -726,6 +726,36 @@ my $check_cpu_model_access = sub { > } > }; > > +# TODO switch to doing internal snapshots only for TPM? Need a way to tell > the storage. Also needs > +# handling for pre-existing as-volume-chain snapshots then. Or is there a > way to make QSD+swtpm > +# compatible with using volume-chain live? > +my sub assert_tpm_snapshot_compat { > + my ($vmid, $conf, $op, $snap_conf) = @_; > + > + return if !$conf->{tpmstate0}; > + return if !PVE::QemuServer::Helpers::vm_running_locally($vmid); > + > + my $drive = PVE::QemuServer::Drive::parse_drive('tpmstate0', > $conf->{tpmstate0}); > + my $volid = $drive->{file}; > + my $storecfg = PVE::Storage::config(); > + > + if ($snap_conf) { > + return if !$snap_conf->{tpmstate0}; > + my $snap_drive = PVE::QemuServer::Drive::parse_drive('tpmstate0', > $snap_conf->{tpmstate0}); > + return if $volid ne $snap_drive->{file}; > + } > + > + my $format = PVE::QemuServer::Drive::checked_volume_format($storecfg, > $volid); > + my ($storeid) = PVE::Storage::parse_volume_id($volid, 1); > + if ($storeid && $format eq 'qcow2') { > + my $scfg = PVE::Storage::storage_config($storecfg, $storeid); > + if ($scfg && $scfg->{'snapshot-as-volume-chain'}) { > + die "snapshot $op of TPM state '$volid' on storage with > 'snapshot-as-volume-chain' is" > + . " not yet supported while the VM is running.\n"; > + } > + } > +} > + > my $cpuoptions = { > 'cores' => 1, > 'cpu' => 1, > @@ -6040,6 +6070,14 @@ __PACKAGE__->register_method({ > 0); > > my $realcmd = sub { > + PVE::QemuConfig->lock_config( > + $vmid, > + sub { > + my $conf = PVE::QemuConfig->load_config($vmid); > + assert_tpm_snapshot_compat($vmid, $conf, 'create'); > + }, > + ); > + > PVE::Cluster::log_msg('info', $authuser, "snapshot VM $vmid: > $snapname"); > PVE::QemuConfig->snapshot_create( > $vmid, $snapname, $param->{vmstate}, $param->{description}, > @@ -6291,6 +6329,20 @@ __PACKAGE__->register_method({ > my $lock_obtained; > my $do_delete = sub { > $lock_obtained = 1; > + > + PVE::QemuConfig->lock_config( > + $vmid, > + sub { > + my $conf = PVE::QemuConfig->load_config($vmid); > + assert_tpm_snapshot_compat( > + $vmid, > + $conf, > + 'delete', > + $conf->{snapshots}->{$snapname}, > + ); > + }, > + ); > + > PVE::Cluster::log_msg('info', $authuser, "delete snapshot VM > $vmid: $snapname"); > PVE::QemuConfig->snapshot_delete($vmid, $snapname, > $param->{force}); > }; > -- > 2.47.3 > > > > _______________________________________________ > pve-devel mailing list > [email protected] > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel > > > _______________________________________________ pve-devel mailing list [email protected] https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
