[PATCH 1/7] qemu_security: Rework qemuSecurityCleanupTPMEmulator()
Michal Privoznik
mprivozn at redhat.com
Wed Dec 21 07:43:51 UTC 2022
Currently, qemuSecurityCleanupTPMEmulator() returns nothing which
means a caller (well, there's only one - qemuExtTPMStop()) can't
produce a warning when restoring seclabels on TPM state failed.
True, qemuSecurityCleanupTPMEmulator() does report a warning
itself, but only in one specific error path.
Make the function return an integer, just like the rest of
qemuSecurity*Restore() functions.
Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
src/qemu/qemu_security.c | 21 ++++++++++++---------
src/qemu/qemu_security.h | 6 +++---
src/qemu/qemu_tpm.c | 3 ++-
3 files changed, 17 insertions(+), 13 deletions(-)
diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index def4061488..a0b78764e5 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -576,26 +576,29 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
}
-void
+int
qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
virDomainObj *vm,
bool restoreTPMStateLabel)
{
qemuDomainObjPrivate *priv = vm->privateData;
- bool transactionStarted = false;
+ int ret = -1;
- if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
- transactionStarted = true;
+ if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+ goto cleanup;
- virSecurityManagerRestoreTPMLabels(driver->securityManager,
- vm->def, restoreTPMStateLabel);
+ if (virSecurityManagerRestoreTPMLabels(driver->securityManager,
+ vm->def, restoreTPMStateLabel) < 0)
+ goto cleanup;
- if (transactionStarted &&
- virSecurityManagerTransactionCommit(driver->securityManager,
+ if (virSecurityManagerTransactionCommit(driver->securityManager,
-1, priv->rememberOwner) < 0)
- VIR_WARN("Unable to run security manager transaction");
+ goto cleanup;
+ ret = 0;
+ cleanup:
virSecurityManagerTransactionAbort(driver->securityManager);
+ return ret;
}
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 969a47fc17..0b19f48ef2 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -94,9 +94,9 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
int *exitstatus,
int *cmdret);
-void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
- virDomainObj *vm,
- bool restoreTPMStateLabel);
+int qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
+ virDomainObj *vm,
+ bool restoreTPMStateLabel);
int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
virDomainObj *vm,
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f2edaf5eaa..8778d43913 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -1143,7 +1143,8 @@ qemuExtTPMStop(virQEMUDriver *driver,
if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
restoreTPMStateLabel = false;
- qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel);
+ if (qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel) < 0)
+ VIR_WARN("Unable to restore labels on TPM state and/or log file");
}
--
2.38.2
More information about the libvir-list
mailing list