security driver: eliminate memory leaks in failure paths

If virPCIDeviceGetVFIOGroupDev() failed,
virSecurity*(Set|Restore)HostdevLabel() would fail to free a
virPCIDevice that had been allocated.

These leaks were all introduced (by me) very recently, in commit
f0bd70a.

diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
index 4fa0384c4e06320a6187658922fa97073587e7a8..5be5ff02d98cfb692f18324ce0327da132edd5ad 100644 (file)
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@@ -835,8 +835,10 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr);
             VIR_FREE(vfioGroupDev);
         } else {

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 0366c1723b1d5149d49184232ed2a44293d0ba62..e197eff42eef52798dee6e8d6efabfb03f91ac1e 100644 (file)
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -520,8 +520,10 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, params);
             VIR_FREE(vfioGroupDev);
         } else {
@@ -530,7 +532,6 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
         }
 
         virPCIDeviceFree(pci);
-
         break;
     }
 
@@ -611,15 +612,16 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
             VIR_FREE(vfioGroupDev);
         } else {
             ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
         }
         virPCIDeviceFree(pci);
-
         break;
     }
 

diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 87a09c7b148e4a320bddc9daa59ca8741c20f7ad..0cf40093586c1f0057b041252e97c1c73f097cf6 100644 (file)
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -1346,15 +1346,16 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecuritySELinuxSetSecurityPCILabel(pci, vfioGroupDev, def);
             VIR_FREE(vfioGroupDev);
         } else {
             ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
         }
         virPCIDeviceFree(pci);
-
         break;
     }
 
@@ -1518,15 +1519,16 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecuritySELinuxRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
             VIR_FREE(vfioGroupDev);
         } else {
             ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr);
         }
         virPCIDeviceFree(pci);
-
         break;
     }