From nobody Sun May 5 17:51:28 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) client-ip=170.10.129.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1669131971; cv=none; d=zohomail.com; s=zohoarc; b=TXY4n2Jt/oj0Watb+cQwNW7pqIrsRO71XU68Deig6d0zG3dvp2aENCFAy2b0Rp8M8qDcSnYdB1/sJABGBiyGOKMLnE2nxzE6Q61i0iOK8Et4HiGoH1oVjf9IZo7YYzD/TlN54eaVn4TvBjvoKb+GQQcx4RNPQEsOzeszhcOvMQc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1669131971; h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=A3LNIxMv2h9HrdRwqM4eh/DItKWsiWoe2C3Zy9E1CfE=; b=LYH3T2nSo1KFg+6WXxoKK+PdYS03leAZV1f2Ymkz1Z0wZ2uKd6EKysQ00Y4FIyVucJIUe5wkKqTiR+GPj+NOA9w3e3oxgPeyG8DRirq16uGLk4rhIqGYi+nXmocX0rm1jiLsKhJ1H+vVkurIvlRRedWsIshRIM3TBLr1P8X4iq4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 170.10.129.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mx.zohomail.com with SMTPS id 1669131971205606.4178933153651; Tue, 22 Nov 2022 07:46:11 -0800 (PST) Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-17-pAHn1tiyMYKSh3RtTVY2Dg-1; Tue, 22 Nov 2022 10:46:05 -0500 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 37356833A0D; Tue, 22 Nov 2022 15:46:02 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id C2486492B2A; Tue, 22 Nov 2022 15:46:01 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 90D781946589; Tue, 22 Nov 2022 15:46:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 61FAC1946587 for ; Tue, 22 Nov 2022 15:46:00 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 4FD39C15E76; Tue, 22 Nov 2022 15:46:00 +0000 (UTC) Received: from maggie.redhat.com (unknown [10.43.2.39]) by smtp.corp.redhat.com (Postfix) with ESMTP id E854CC159CD for ; Tue, 22 Nov 2022 15:45:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1669131970; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=A3LNIxMv2h9HrdRwqM4eh/DItKWsiWoe2C3Zy9E1CfE=; b=eqfydSPPukp8BmSlqM8jNBPj6rHRLgLqY9o5kbOV1/G5svHo2z3lhud99q4r5GqdvbESRQ YjBukAUtWMIZe1ZzBSx/JN9fWWl370Ju53CvDAp7g515j/J4AGhjnWf+pbSuZyf5PhmOL5 inHOWBLwdpdie3plN6KVW+2s8J0YkSU= X-MC-Unique: pAHn1tiyMYKSh3RtTVY2Dg-1 X-Original-To: libvir-list@listman.corp.redhat.com From: Michal Privoznik To: libvir-list@redhat.com Subject: [PATCH v2] qemu_tpm: Check for qemuTPMSetupEncryption() errors Date: Tue, 22 Nov 2022 16:45:58 +0100 Message-Id: <33c1fa61b73749471ad6cb43b37dca033763a4b2.1669131877.git.mprivozn@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libvir-list-bounces@redhat.com Sender: "libvir-list" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1669131971864100001 Content-Type: text/plain; charset="utf-8"; x-default="true" Inside of qemuTPMEmulatorBuildCommand() there are two calls to qemuTPMSetupEncryption() which simply ignore returned error. This is suboptimal because then we rely on swtpm binary reporting a generic error (something among invalid command line arguments) while an error reported by qemuTPMSetupEncryption() is more specific. However, since virCommandSetSendBuffer() only sets an error inside of virCommand structure (the error is then reported in virCommandRun()), we need to exempt its retval from error checking. Thus, the signature of qemuTPMSetupEncryption() is changed a bit so that -1/0 can be returned to indicate error. Signed-off-by: Michal Privoznik Reviewed-by: Jiri Denemark --- v2 of: https://listman.redhat.com/archives/libvir-list/2022-November/235866.html diff to v1: - Ignore error from virCommandSetSendBuffer() as it'll be reported later. Don't actually jump onto error label as it would defeat the purpose. src/qemu/qemu_tpm.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c index 15ee7db757..bdce060db8 100644 --- a/src/qemu/qemu_tpm.c +++ b/src/qemu/qemu_tpm.c @@ -224,20 +224,25 @@ qemuTPMEmulatorDeleteStorage(virDomainTPMDef *tpm) * * @secretuuid: The UUID with the secret holding passphrase * @cmd: the virCommand to transfer the secret to + * @fd: returned read-end of the pipe * - * Returns file descriptor representing the read-end of a pipe. - * The passphrase can be read from this pipe. Returns < 0 in case - * of error. + * Sets @fd to a file descriptor representing the read-end of a + * pipe. The passphrase can be read from this pipe. * * This function reads the passphrase and writes it into the * write-end of a pipe so that the read-end of the pipe can be * passed to the emulator for reading the passphrase from. * - * Note that the returned FD is owned by @cmd. + * Note that the returned @fd is owned by @cmd and thus should + * only be used to append an argument onto emulator cmdline. + * + * Returns: 0 on success, + * -1 otherwise (with proper error reported). */ static int qemuTPMSetupEncryption(const unsigned char *secretuuid, - virCommand *cmd) + virCommand *cmd, + int *fd) { g_autoptr(virConnect) conn =3D NULL; g_autofree uint8_t *secret =3D NULL; @@ -260,7 +265,8 @@ qemuTPMSetupEncryption(const unsigned char *secretuuid, &secret, &secret_len) < 0) return -1; =20 - return virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_l= en); + *fd =3D virCommandSetSendBuffer(cmd, g_steal_pointer(&secret), secret_= len); + return 0; } =20 =20 @@ -322,7 +328,7 @@ qemuTPMVirCommandAddEncryption(virCommand *cmd, return -1; } =20 - if ((pwdfile_fd =3D qemuTPMSetupEncryption(secretuuid, cmd)) < 0) + if (qemuTPMSetupEncryption(secretuuid, cmd, &pwdfile_fd) < 0) return -1; =20 virCommandAddArg(cmd, "--pwdfile-fd"); @@ -634,8 +640,13 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm, goto error; } =20 - pwdfile_fd =3D qemuTPMSetupEncryption(tpm->data.emulator.secretuui= d, cmd); - migpwdfile_fd =3D qemuTPMSetupEncryption(tpm->data.emulator.secret= uuid, cmd); + if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, + cmd, &pwdfile_fd) < 0) + goto error; + + if (qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, + cmd, &migpwdfile_fd) < 0) + goto error; =20 virCommandAddArg(cmd, "--key"); virCommandAddArgFormat(cmd, "pwdfd=3D%d,mode=3Daes-256-cbc", pwdfi= le_fd); --=20 2.37.4