qemuDomainBuildNamespace: Populate hostdevs from daemon's namespace

As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain hostdevs into daemon's
namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index afcbc7773c9936d778e88ea86a19557aa385f709..df0b8c76a57042f0f50fce34b00b624d7f6271a1 100644 (file)
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -555,19 +555,22 @@ qemuDomainSetupAllDisks(virDomainObjPtr vm,
 
 
 static int
-qemuDomainSetupHostdev(virDomainHostdevDefPtr dev,
-                       const struct qemuDomainCreateDeviceData *data)
+qemuDomainSetupHostdev(virDomainObjPtr vm,
+                       virDomainHostdevDefPtr hostdev,
+                       bool hotplug,
+                       char ***paths)
 {
     g_autofree char *path = NULL;
 
-    if (qemuDomainGetHostdevPath(dev, &path, NULL) < 0)
+    if (qemuDomainGetHostdevPath(hostdev, &path, NULL) < 0)
         return -1;
 
-    if (path && qemuDomainCreateDevice(path, data, false) < 0)
+    if (path && virStringListAdd(paths, path) < 0)
         return -1;
 
-    if (qemuHostdevNeedsVFIO(dev) &&
-        qemuDomainCreateDevice(QEMU_DEV_VFIO, data, false) < 0)
+    if (qemuHostdevNeedsVFIO(hostdev) &&
+        (!hotplug || !qemuDomainNeedsVFIO(vm->def)) &&
+        virStringListAdd(paths, QEMU_DEV_VFIO) < 0)
         return -1;
 
     return 0;
@@ -576,14 +579,16 @@ qemuDomainSetupHostdev(virDomainHostdevDefPtr dev,
 
 static int
 qemuDomainSetupAllHostdevs(virDomainObjPtr vm,
-                           const struct qemuDomainCreateDeviceData *data)
+                           char ***paths)
 {
     size_t i;
 
     VIR_DEBUG("Setting up hostdevs");
     for (i = 0; i < vm->def->nhostdevs; i++) {
-        if (qemuDomainSetupHostdev(vm->def->hostdevs[i],
-                                   data) < 0)
+        if (qemuDomainSetupHostdev(vm,
+                                   vm->def->hostdevs[i],
+                                   false,
+                                   paths) < 0)
             return -1;
     }
     VIR_DEBUG("Setup all hostdevs");
@@ -866,6 +871,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupAllDisks(vm, &paths) < 0)
         return -1;
 
+    if (qemuDomainSetupAllHostdevs(vm, &paths) < 0)
+        return -1;
+
     if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
         return -1;
 
@@ -917,9 +925,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
     if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
         goto cleanup;
 
-    if (qemuDomainSetupAllHostdevs(vm, &data) < 0)
-        goto cleanup;
-
     if (qemuDomainSetupAllMemories(vm, &data) < 0)
         goto cleanup;
 
@@ -1680,21 +1685,15 @@ int
 qemuDomainNamespaceSetupHostdev(virDomainObjPtr vm,
                                 virDomainHostdevDefPtr hostdev)
 {
-    g_autofree char *path = NULL;
     VIR_AUTOSTRINGLIST paths = NULL;
 
     if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
         return 0;
 
-    if (qemuDomainGetHostdevPath(hostdev, &path, NULL) < 0)
-        return -1;
-
-    if (path && virStringListAdd(&paths, path) < 0)
-        return -1;
-
-    if (qemuHostdevNeedsVFIO(hostdev) &&
-        !qemuDomainNeedsVFIO(vm->def) &&
-        virStringListAdd(&paths, QEMU_DEV_VFIO) < 0)
+    if (qemuDomainSetupHostdev(vm,
+                               hostdev,
+                               true,
+                               &paths) < 0)
         return -1;
 
     if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)