qemu_security: Rework qemuSecurityCleanupTPMEmulator()

Currently, qemuSecurityCleanupTPMEmulator() returns nothing which means a caller (well, there's only one - qemuExtTPMStop()) can't produce a warning when restoring seclabels on TPM state failed. True, qemuSecurityCleanupTPMEmulator() does report a warning itself, but only in one specific error path. Make the function return an integer, just like the rest of qemuSecurity*Restore() functions. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2025-03-24 22:50:26 +03:00 · 2022-12-14 14:53:10 +01:00 · 2022-12-14 14:53:10 +01:00 · 8d6e1f3764
commit 8d6e1f3764
parent 24cc9cda82
3 changed files with 17 additions and 13 deletions
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@ -576,26 +576,29 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
 }


-void
+int
 qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
                               virDomainObj *vm,
                               bool restoreTPMStateLabel)
 {
    qemuDomainObjPrivate *priv = vm->privateData;
-    bool transactionStarted = false;
+    int ret = -1;

-    if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
-        transactionStarted = true;
+    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;

-    virSecurityManagerRestoreTPMLabels(driver->securityManager,
-                                       vm->def, restoreTPMStateLabel);
+    if (virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                           vm->def, restoreTPMStateLabel) < 0)
+        goto cleanup;

-    if (transactionStarted &&
-        virSecurityManagerTransactionCommit(driver->securityManager,
+    if (virSecurityManagerTransactionCommit(driver->securityManager,
                                            -1, priv->rememberOwner) < 0)
-        VIR_WARN("Unable to run security manager transaction");
+        goto cleanup;

+    ret = 0;
+ cleanup:
    virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
 }


--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@ -94,9 +94,9 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                 int *exitstatus,
                                 int *cmdret);

-void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                                    virDomainObj *vm,
-                                    bool restoreTPMStateLabel);
+int qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
+                                   virDomainObj *vm,
+                                   bool restoreTPMStateLabel);

 int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
                                   virDomainObj *vm,
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@ -1143,7 +1143,8 @@ qemuExtTPMStop(virQEMUDriver *driver,
    if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
        restoreTPMStateLabel = false;

-    qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel);
+    if (qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel) < 0)
+        VIR_WARN("Unable to restore labels on TPM state and/or log file");
 }