[PATCH] qemu_tpm: Check for qemuTPMSetupEncryption() errors

Michal Privoznik posted 1 patch 1 week, 5 days ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/68b966e9ef5c60bf5813a40e57c29da473c1df54.1669121101.git.mprivozn@redhat.com
There is a newer version of this series
src/qemu/qemu_tpm.c | 5 +++++
1 file changed, 5 insertions(+)
[PATCH] qemu_tpm: Check for qemuTPMSetupEncryption() errors
Posted by Michal Privoznik 1 week, 5 days ago
Inside of qemuTPMEmulatorBuildCommand() there are two calls to
qemuTPMSetupEncryption() which simply ignore returned error. This
is suboptimal because then we rely on swtpm binary reporting a
generic error (something among invalid arguments) while an error
reported by qemuTPMSetupEncryption() is more specific.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/qemu/qemu_tpm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 15ee7db757..502a77b5b3 100644
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -635,7 +635,12 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
         }
 
         pwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, cmd);
+        if (pwdfile_fd < 0)
+            goto error;
+
         migpwdfile_fd = qemuTPMSetupEncryption(tpm->data.emulator.secretuuid, cmd);
+        if (migpwdfile_fd < 0)
+            goto error;
 
         virCommandAddArg(cmd, "--key");
         virCommandAddArgFormat(cmd, "pwdfd=%d,mode=aes-256-cbc", pwdfile_fd);
-- 
2.37.4
Re: [PATCH] qemu_tpm: Check for qemuTPMSetupEncryption() errors
Posted by Ján Tomko 1 week, 5 days ago
On a Tuesday in 2022, Michal Privoznik wrote:
>Inside of qemuTPMEmulatorBuildCommand() there are two calls to
>qemuTPMSetupEncryption() which simply ignore returned error. This
>is suboptimal because then we rely on swtpm binary reporting a
>generic error (something among invalid arguments) while an error
>reported by qemuTPMSetupEncryption() is more specific.

It seems like qemuTPMSetupEncryption does not report an error in all
cases, specifically virCommandSetSendBuffer only sets an errno.

So in that case, "no error message" would be a downgrade from
"generic error message".

Jano

>
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>---
> src/qemu/qemu_tpm.c | 5 +++++
> 1 file changed, 5 insertions(+)
>