From: Michal Privoznik <mprivozn@redhat.com>
Date: Wed, 14 Dec 2022 13:53:10 +0000 (+0100)
Subject: qemu_security: Rework qemuSecurityCleanupTPMEmulator()
X-Git-Tag: v9.0.0-rc1~125
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d6e1f3764b331a7f375d7d5e1e0a69889b55535;p=thirdparty%2Flibvirt.git

qemu_security: Rework qemuSecurityCleanupTPMEmulator()

Currently, qemuSecurityCleanupTPMEmulator() returns nothing which
means a caller (well, there's only one - qemuExtTPMStop()) can't
produce a warning when restoring seclabels on TPM state failed.
True, qemuSecurityCleanupTPMEmulator() does report a warning
itself, but only in one specific error path.

Make the function return an integer, just like the rest of
qemuSecurity*Restore() functions.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---

diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c
index def4061488..a0b78764e5 100644
--- a/src/qemu/qemu_security.c
+++ b/src/qemu/qemu_security.c
@@ -576,26 +576,29 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
 }
 
 
-void
+int
 qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
                                virDomainObj *vm,
                                bool restoreTPMStateLabel)
 {
     qemuDomainObjPrivate *priv = vm->privateData;
-    bool transactionStarted = false;
+    int ret = -1;
 
-    if (virSecurityManagerTransactionStart(driver->securityManager) >= 0)
-        transactionStarted = true;
+    if (virSecurityManagerTransactionStart(driver->securityManager) < 0)
+        goto cleanup;
 
-    virSecurityManagerRestoreTPMLabels(driver->securityManager,
-                                       vm->def, restoreTPMStateLabel);
+    if (virSecurityManagerRestoreTPMLabels(driver->securityManager,
+                                           vm->def, restoreTPMStateLabel) < 0)
+        goto cleanup;
 
-    if (transactionStarted &&
-        virSecurityManagerTransactionCommit(driver->securityManager,
+    if (virSecurityManagerTransactionCommit(driver->securityManager,
                                             -1, priv->rememberOwner) < 0)
-        VIR_WARN("Unable to run security manager transaction");
+        goto cleanup;
 
+    ret = 0;
+ cleanup:
     virSecurityManagerTransactionAbort(driver->securityManager);
+    return ret;
 }
 
 
diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h
index 969a47fc17..0b19f48ef2 100644
--- a/src/qemu/qemu_security.h
+++ b/src/qemu/qemu_security.h
@@ -94,9 +94,9 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver,
                                  int *exitstatus,
                                  int *cmdret);
 
-void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
-                                    virDomainObj *vm,
-                                    bool restoreTPMStateLabel);
+int qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver,
+                                   virDomainObj *vm,
+                                   bool restoreTPMStateLabel);
 
 int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver,
                                    virDomainObj *vm,
diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index f2edaf5eaa..8778d43913 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -1143,7 +1143,8 @@ qemuExtTPMStop(virQEMUDriver *driver,
     if (outgoingMigration || qemuTPMHasSharedStorage(vm->def))
         restoreTPMStateLabel = false;
 
-    qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel);
+    if (qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel) < 0)
+        VIR_WARN("Unable to restore labels on TPM state and/or log file");
 }