qemu: hotplug: Only label hostdev after checking device conflicts

Similar to what Jiri did for cgroup setup/teardown in 05e149f94, push
it all into the device handler functions so we can do the necessary prep
work before claiming the device.

This also fixes hotplugging USB devices by product/vendor (virt-manager's
default behavior):

https://bugzilla.redhat.com/show_bug.cgi?id=1016511

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index f4fc7231bc408a9c84053c47a2d6fa8f031df50a..bff9e23df5103bf5d21e20c186d6d0e6d1fab81b 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1153,6 +1153,7 @@ qemuDomainAttachHostPciDevice(virQEMUDriverPtr driver,
     char *configfd_name = NULL;
     bool releaseaddr = false;
     bool teardowncgroup = false;
+    bool teardownlabel = false;
     int backend = hostdev->source.subsys.u.pci.backend;
 
     if (VIR_REALLOC_N(vm->def->hostdevs, vm->def->nhostdevs + 1) < 0)
@@ -1193,6 +1194,11 @@ qemuDomainAttachHostPciDevice(virQEMUDriverPtr driver,
         goto error;
     teardowncgroup = true;
 
+    if (virSecurityManagerSetHostdevLabel(driver->securityManager,
+                                          vm->def, hostdev, NULL) < 0)
+        goto error;
+    teardownlabel = true;
+
     if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
         if (qemuAssignDeviceHostdevAlias(vm->def, hostdev, -1) < 0)
             goto error;
@@ -1250,6 +1256,10 @@ qemuDomainAttachHostPciDevice(virQEMUDriverPtr driver,
 error:
     if (teardowncgroup && qemuTeardownHostdevCgroup(vm, hostdev) < 0)
         VIR_WARN("Unable to remove host device cgroup ACL on hotplug fail");
+    if (teardownlabel &&
+        virSecurityManagerRestoreHostdevLabel(driver->securityManager,
+                                              vm->def, hostdev, NULL) < 0)
+        VIR_WARN("Unable to restore host device labelling on hotplug fail");
 
     if (releaseaddr)
         qemuDomainReleaseDeviceAddress(vm, hostdev->info, NULL);
@@ -1445,6 +1455,7 @@ qemuDomainAttachHostUsbDevice(virQEMUDriverPtr driver,
     char *devstr = NULL;
     bool added = false;
     bool teardowncgroup = false;
+    bool teardownlabel = false;
     int ret = -1;
 
     if (qemuFindHostdevUSBDevice(hostdev, true, &usb) < 0)
@@ -1466,6 +1477,11 @@ qemuDomainAttachHostUsbDevice(virQEMUDriverPtr driver,
         goto cleanup;
     teardowncgroup = true;
 
+    if (virSecurityManagerSetHostdevLabel(driver->securityManager,
+                                          vm->def, hostdev, NULL) < 0)
+        goto cleanup;
+    teardownlabel = true;
+
     if (virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE)) {
         if (qemuAssignDeviceHostdevAlias(vm->def, hostdev, -1) < 0)
             goto cleanup;
@@ -1492,10 +1508,14 @@ qemuDomainAttachHostUsbDevice(virQEMUDriverPtr driver,
 
     ret = 0;
 cleanup:
-    if (ret < 0 &&
-        teardowncgroup &&
-        qemuTeardownHostdevCgroup(vm, hostdev) < 0)
-        VIR_WARN("Unable to remove host device cgroup ACL on hotplug fail");
+    if (ret < 0) {
+        if (teardowncgroup && qemuTeardownHostdevCgroup(vm, hostdev) < 0)
+            VIR_WARN("Unable to remove host device cgroup ACL on hotplug fail");
+        if (teardownlabel &&
+            virSecurityManagerRestoreHostdevLabel(driver->securityManager,
+                                                  vm->def, hostdev, NULL) < 0)
+            VIR_WARN("Unable to restore host device labelling on hotplug fail");
+    }
     if (added)
         virUSBDeviceListSteal(driver->activeUsbHostdevs, usb);
     virUSBDeviceFree(usb);
@@ -1515,6 +1535,7 @@ qemuDomainAttachHostScsiDevice(virQEMUDriverPtr driver,
     char *devstr = NULL;
     char *drvstr = NULL;
     bool teardowncgroup = false;
+    bool teardownlabel = false;
 
     if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DRIVE) ||
         !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_DEVICE) ||
@@ -1543,6 +1564,11 @@ qemuDomainAttachHostScsiDevice(virQEMUDriverPtr driver,
         goto cleanup;
     teardowncgroup = true;
 
+    if (virSecurityManagerSetHostdevLabel(driver->securityManager,
+                                          vm->def, hostdev, NULL) < 0)
+        goto cleanup;
+    teardownlabel = true;
+
     if (qemuAssignDeviceHostdevAlias(vm->def, hostdev, -1) < 0)
         goto cleanup;
 
@@ -1584,6 +1610,10 @@ cleanup:
         qemuDomainReAttachHostScsiDevices(driver, vm->def->name, &hostdev, 1);
         if (teardowncgroup && qemuTeardownHostdevCgroup(vm, hostdev) < 0)
             VIR_WARN("Unable to remove host device cgroup ACL on hotplug fail");
+        if (teardownlabel &&
+            virSecurityManagerRestoreHostdevLabel(driver->securityManager,
+                                                  vm->def, hostdev, NULL) < 0)
+            VIR_WARN("Unable to restore host device labelling on hotplug fail");
     }
     VIR_FREE(drvstr);
     VIR_FREE(devstr);
@@ -1601,10 +1631,6 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver,
         return -1;
     }
 
-    if (virSecurityManagerSetHostdevLabel(driver->securityManager,
-                                          vm->def, hostdev, NULL) < 0)
-        return -1;
-
     switch (hostdev->source.subsys.type) {
     case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
         if (qemuDomainAttachHostPciDevice(driver, vm,