Currently, qemuSecurityCleanupTPMEmulator() returns nothing which means a caller (well, there's only one - qemuExtTPMStop()) can't produce a warning when restoring seclabels on TPM state failed. True, qemuSecurityCleanupTPMEmulator() does report a warning itself, but only in one specific error path. Make the function return an integer, just like the rest of qemuSecurity*Restore() functions. Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> --- src/qemu/qemu_security.c | 21 ++++++++++++--------- src/qemu/qemu_security.h | 6 +++--- src/qemu/qemu_tpm.c | 3 ++- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c index def4061488..a0b78764e5 100644 --- a/src/qemu/qemu_security.c +++ b/src/qemu/qemu_security.c @@ -576,26 +576,29 @@ qemuSecurityStartTPMEmulator(virQEMUDriver *driver, } -void +int qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver, virDomainObj *vm, bool restoreTPMStateLabel) { qemuDomainObjPrivate *priv = vm->privateData; - bool transactionStarted = false; + int ret = -1; - if (virSecurityManagerTransactionStart(driver->securityManager) >= 0) - transactionStarted = true; + if (virSecurityManagerTransactionStart(driver->securityManager) < 0) + goto cleanup; - virSecurityManagerRestoreTPMLabels(driver->securityManager, - vm->def, restoreTPMStateLabel); + if (virSecurityManagerRestoreTPMLabels(driver->securityManager, + vm->def, restoreTPMStateLabel) < 0) + goto cleanup; - if (transactionStarted && - virSecurityManagerTransactionCommit(driver->securityManager, + if (virSecurityManagerTransactionCommit(driver->securityManager, -1, priv->rememberOwner) < 0) - VIR_WARN("Unable to run security manager transaction"); + goto cleanup; + ret = 0; + cleanup: virSecurityManagerTransactionAbort(driver->securityManager); + return ret; } diff --git a/src/qemu/qemu_security.h b/src/qemu/qemu_security.h index 969a47fc17..0b19f48ef2 100644 --- a/src/qemu/qemu_security.h +++ b/src/qemu/qemu_security.h @@ -94,9 +94,9 @@ int qemuSecurityStartTPMEmulator(virQEMUDriver *driver, int *exitstatus, int *cmdret); -void qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver, - virDomainObj *vm, - bool restoreTPMStateLabel); +int qemuSecurityCleanupTPMEmulator(virQEMUDriver *driver, + virDomainObj *vm, + bool restoreTPMStateLabel); int qemuSecuritySetSavedStateLabel(virQEMUDriver *driver, virDomainObj *vm, diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index f2edaf5eaa..8778d43913 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -1143,7 +1143,8 @@ qemuExtTPMStop(virQEMUDriver *driver, if (outgoingMigration || qemuTPMHasSharedStorage(vm->def)) restoreTPMStateLabel = false; - qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel); + if (qemuSecurityCleanupTPMEmulator(driver, vm, restoreTPMStateLabel) < 0) + VIR_WARN("Unable to restore labels on TPM state and/or log file"); } -- 2.38.2