If virPCIDeviceGetVFIOGroupDev() failed,
virSecurity*(Set|Restore)HostdevLabel() would fail to free a
virPCIDevice that had been allocated.
These leaks were all introduced (by me) very recently, in commit
f0bd70a.
---
src/security/security_apparmor.c | 4 +++-
src/security/security_dac.c | 10 ++++++----
src/security/security_selinux.c | 10 ++++++----
3 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 4fa0384..5be5ff0 100644
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -835,8 +835,10 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
== VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
- if (!vfioGroupDev)
+ if (!vfioGroupDev) {
+ virPCIDeviceFree(pci);
goto done;
+ }
ret = AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr);
VIR_FREE(vfioGroupDev);
} else {
diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0366c17..e197eff 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -520,8 +520,10 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
== VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
- if (!vfioGroupDev)
+ if (!vfioGroupDev) {
+ virPCIDeviceFree(pci);
goto done;
+ }
ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, params);
VIR_FREE(vfioGroupDev);
} else {
@@ -530,7 +532,6 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
}
virPCIDeviceFree(pci);
-
break;
}
@@ -611,15 +612,16 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
== VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
- if (!vfioGroupDev)
+ if (!vfioGroupDev) {
+ virPCIDeviceFree(pci);
goto done;
+ }
ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
VIR_FREE(vfioGroupDev);
} else {
ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
}
virPCIDeviceFree(pci);
-
break;
}
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 87a09c7..0cf4009 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1346,15 +1346,16 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
== VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
- if (!vfioGroupDev)
+ if (!vfioGroupDev) {
+ virPCIDeviceFree(pci);
goto done;
+ }
ret = virSecuritySELinuxSetSecurityPCILabel(pci, vfioGroupDev, def);
VIR_FREE(vfioGroupDev);
} else {
ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
}
virPCIDeviceFree(pci);
-
break;
}
@@ -1518,15 +1519,16 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
== VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
- if (!vfioGroupDev)
+ if (!vfioGroupDev) {
+ virPCIDeviceFree(pci);
goto done;
+ }
ret = virSecuritySELinuxRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
VIR_FREE(vfioGroupDev);
} else {
ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr);
}
virPCIDeviceFree(pci);
-
break;
}
--
1.7.11.7
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list