[PATCH] qemu_tpm: Check for qemuTPMSetupEncryption() errors
Michal Privoznik
mprivozn at redhat.com
Tue Nov 22 12:45:01 UTC 2022
Inside of qemuTPMEmulatorBuildCommand() there are two calls to
qemuTPMSetupEncryption() which simply ignore returned error. This
is suboptimal because then we rely on swtpm binary reporting a
generic error (something among invalid arguments) while an error
reported by qemuTPMSetupEncryption() is more specific.
Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
---
src/qemu/qemu_tpm.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 15ee7db757..502a77b5b3 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -635,7 +635,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
}
pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, cmd);
+ if (pwdfile_fd < 0)
+ goto error;
+
migpwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, cmd);
+ if (migpwdfile_fd < 0)
+ goto error;
virCommandAddArg(cmd, "--key");
virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
--
2.37.4
More information about the libvir-list
mailing list