]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bdbb8e7)
qemu_tpm: Restore TPM labels on failed start
authorMichal Privoznik <mprivozn@redhat.com>
Wed, 14 Dec 2022 14:12:38 +0000 (15:12 +0100)
committerMichal Privoznik <mprivozn@redhat.com>
Tue, 3 Jan 2023 16:19:22 +0000 (17:19 +0100)
If swtpm binary fails to start after successful exec() (e.g. it
fails to initialize itself), the seclabels set in
qemuSecurityStartTPMEmulator() are not restored. This is due to
lacking qemuSecurityRestoreTPMLabels() call in the error path.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
src/qemu/qemu_tpm.c patch | blob | blame | history

diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
index 200ff0de6f4c831fd384273b1122ef622691f902..03055002cb69b0609bc0a52278f2194d514bc3c4 100644 (file)
--- a/src/qemu/qemu_tpm.c
+++ b/src/qemu/qemu_tpm.c
@@ -927,6 +927,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
     virTimeBackOffVar timebackoff;
     const unsigned long long timeout = 1000; /* ms */
     bool setTPMStateLabel = true;
+    bool teardownlabel = false;
     int cmdret = 0;
     pid_t pid = -1;
 
@@ -970,6 +971,7 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
          * already reported error. */
         goto error;
     }
+    teardownlabel = true;
 
     if (virPidFileReadPath(pidfile, &pid) < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
@@ -1012,6 +1014,8 @@ qemuTPMEmulatorStart(virQEMUDriver *driver,
         virProcessKillPainfully(pid, true);
     if (pidfile)
         unlink(pidfile);
+    if (teardownlabel)
+        qemuSecurityRestoreTPMLabels(driver, vm, setTPMStateLabel);
     return -1;
 }
 
Unnamed repository; edit this file 'description' to name the repository.