[PATCH] qemu_tpm: Check for qemuTPMSetupEncryption() errors
Inside of qemuTPMEmulatorBuildCommand() there are two calls to qemuTPMSetupEncryption() which simply ignore returned error. This is suboptimal because then we rely on swtpm binary reporting a generic error (something among invalid arguments) while an error reported by qemuTPMSetupEncryption() is more specific. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_tpm.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 15ee7db757..502a77b5b3 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -635,7 +635,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, } pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, cmd); + if (pwdfile_fd < 0) + goto error; + migpwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, cmd); + if (migpwdfile_fd < 0) + goto error; virCommandAddArg(cmd, "--key"); virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd); -- 2.37.4
On a Tuesday in 2022, Michal Privoznik wrote:
Inside of qemuTPMEmulatorBuildCommand() there are two calls to qemuTPMSetupEncryption() which simply ignore returned error. This is suboptimal because then we rely on swtpm binary reporting a generic error (something among invalid arguments) while an error reported by qemuTPMSetupEncryption() is more specific.
It seems like qemuTPMSetupEncryption does not report an error in all cases, specifically virCommandSetSendBuffer only sets an errno. So in that case, "no error message" would be a downgrade from "generic error message". Jano
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_tpm.c | 5 +++++ 1 file changed, 5 insertions(+)
participants (2)
-
Ján Tomko -
Michal Privoznik