[PATCH 1/7] qemu_security: Rework qemuSecurityCleanupTPMEmulator()

Wednesday, 21 December 2022

Currently, qemuSecurityCleanupTPMEmulator() returns nothing which
means a caller (well, there's only one - qemuExtTPMStop()) can't
produce a warning when restoring seclabels on TPM state failed.
True, qemuSecurityCleanupTPMEmulator() does report a warning
itself, but only in one specific error path.

Make the function return an integer, just like the rest of
qemuSecurity*Restore() functions.

Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com&gt;
---
 src/qemu/qemu_security.c | 21 ++++++++++++---------
 src/qemu/qemu_security.h |  6 +++---
 src/qemu/qemu_tpm.c      |  3 ++-
 3 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index def4061488..a0b78764e5 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -576,26 +576,29 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
 }
 
 
-void
+int
 qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
                                virDomainObj *vm,
                                bool restoreTPMStateLabel)
 {
     qemuDomainObjPrivate *priv = vm->privateData;
-    bool transactionStarted = false;
+    int ret = -1;
 
-    if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
-        transactionStarted = true;
+    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
 
-    virSecurityManagerRestoreTPMLabels(driver->securityManager,
-                                       vm->def, restoreTPMStateLabel);
+    if (virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                           vm->def, restoreTPMStateLabel) < 0)
+        goto cleanup;
 
-    if (transactionStarted &&
-        virSecurityManagerTransactionCommit(driver->securityManager,
+    if (virSecurityManagerTransactionCommit(driver->securityManager,
                                             -1, priv->rememberOwner) < 0)
-        VIR_WARN("Unable to run security manager transaction");
+        goto cleanup;
 
+    ret = 0;
+ cleanup:
     virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
 }
 
 
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 969a47fc17..0b19f48ef2 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -94,9 +94,9 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                  int *exitstatus,
                                  int *cmdret);
 
-void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                                    virDomainObj *vm,
-                                    bool restoreTPMStateLabel);
+int qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
+                                   virDomainObj *vm,
+                                   bool restoreTPMStateLabel);
 
 int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
                                    virDomainObj *vm,
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f2edaf5eaa..8778d43913 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -1143,7 +1143,8 @@ qemuExtTPMStop(virQEMUDriver *driver,
     if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
         restoreTPMStateLabel = false;
 
-    qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel);
+    if (qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel) < 0)
+        VIR_WARN("Unable to restore labels on TPM state and/or log file");
 }
 
 
-- 
2.38.2


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[PATCH 1/7] qemu_security: Rework qemuSecurityCleanupTPMEmulator()