qemu: hotplug: Audit device detach before deleting it

Commit f30843142aa0836423f5e3ff7a45707eb13ce553 introduced a code path
for solving a race when qemu doesn't know about a device but libvirt
still does. The patch introduced a call to 'qemuDomainRemoveDevice'
(which deletes/frees the device definition) and placed it before the
call to 'qemuDomainRemoveAuditDevice' (which accesses the device
definition to do the audit log reporting).

Reorder them to prevent the qemu driver crashing in the corner case
where qemu already detached the device but libvirt didn't yet process
it, which can be triggered by calling the asynchronous
'virDomainDetachDeviceAlias' API.

In addition in case when we're about to delete the device and return
success we need to also report successful detach in the audit log so the
logic calling the auditing function needs to be fixed as well.

Resolves: https://issues.redhat.com/browse/RHEL-110191
Fixes: f30843142aa0836423f5e3ff7a45707eb13ce553
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index e9568af12593b058c4242d5e69addd4d2bc5df62..afc75072aedc8f9addf9777392515b6fbc649bfb 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -6620,10 +6620,13 @@ qemuDomainDetachDeviceLive(virDomainObj *vm,
 
     rc = qemuDomainDeleteDevice(vm, info->alias);
     if (rc < 0) {
+        /* we want to report succesful detach if device doesn't exist any more in qemu */
+        if (virDomainObjIsActive(vm))
+            qemuDomainRemoveAuditDevice(vm, &detach, rc == -2);
+
         if (rc == -2)
             ret = qemuDomainRemoveDevice(driver, vm, &detach);
-        if (virDomainObjIsActive(vm))
-            qemuDomainRemoveAuditDevice(vm, &detach, false);
+
         goto cleanup;
     }