qemu_security: Rework qemuSecurityCleanupTPMEmulator()

Currently, qemuSecurityCleanupTPMEmulator() returns nothing which
means a caller (well, there's only one - qemuExtTPMStop()) can't
produce a warning when restoring seclabels on TPM state failed.
True, qemuSecurityCleanupTPMEmulator() does report a warning
itself, but only in one specific error path.

Make the function return an integer, just like the rest of
qemuSecurity*Restore() functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index def40614883eca326f6d7383f33188e542b1669b..a0b78764e58e0398743dd9f82ff7e10950f68664 100644 (file)
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -576,26 +576,29 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
 }
 
 
-void
+int
 qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
                                virDomainObj *vm,
                                bool restoreTPMStateLabel)
 {
     qemuDomainObjPrivate *priv = vm->privateData;
-    bool transactionStarted = false;
+    int ret = -1;
 
-    if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
-        transactionStarted = true;
+    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
 
-    virSecurityManagerRestoreTPMLabels(driver->securityManager,
-                                       vm->def, restoreTPMStateLabel);
+    if (virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                           vm->def, restoreTPMStateLabel) < 0)
+        goto cleanup;
 
-    if (transactionStarted &&
-        virSecurityManagerTransactionCommit(driver->securityManager,
+    if (virSecurityManagerTransactionCommit(driver->securityManager,
                                             -1, priv->rememberOwner) < 0)
-        VIR_WARN("Unable to run security manager transaction");
+        goto cleanup;
 
+    ret = 0;
+ cleanup:
     virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
 }
 
 

diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 969a47fc1787e4fd0cf60ce45b34f35fa4e476b6..0b19f48ef29d8bd937f55edfeb957288667a1112 100644 (file)
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -94,9 +94,9 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                  int *exitstatus,
                                  int *cmdret);
 
-void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                                    virDomainObj *vm,
-                                    bool restoreTPMStateLabel);
+int qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
+                                   virDomainObj *vm,
+                                   bool restoreTPMStateLabel);
 
 int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
                                    virDomainObj *vm,

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f2edaf5eaa754b291d62074563d1e10240a5e6d2..8778d43913336498eb29d16eb29885aa5f546db3 100644 (file)
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -1143,7 +1143,8 @@ qemuExtTPMStop(virQEMUDriver *driver,
     if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
         restoreTPMStateLabel = false;
 
-    qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel);
+    if (qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel) < 0)
+        VIR_WARN("Unable to restore labels on TPM state and/or log file");
 }