From: Michal Privoznik <mprivozn@redhat.com>
Date: Thu, 9 Feb 2017 09:25:28 +0000 (+0100)
Subject: qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup
X-Git-Tag: CVE-2017-2635~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7bb01ed3cd41718f652f8dbf07954c3297671bec;p=thirdparty%2Flibvirt.git

qemu_cgroup: Kill qemuSetupHostSCSIDeviceCgroup

There's no need for this function. Currently it is passed as a
callback to virSCSIDeviceFileIterate(). However, SCSI devices
have just one file path. Therefore we can mimic approach used in
qemuDomainGetHostdevPath() to get path and call
virCgroupAllowDevicePath() directly.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---

diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c
index 7302c43ee8..6017da662a 100644
--- a/src/qemu/qemu_cgroup.c
+++ b/src/qemu/qemu_cgroup.c
@@ -260,28 +260,6 @@ qemuSetupInputCgroup(virDomainObjPtr vm,
 }
 
 
-static int
-qemuSetupHostSCSIDeviceCgroup(virSCSIDevicePtr dev ATTRIBUTE_UNUSED,
-                              const char *path,
-                              void *opaque)
-{
-    virDomainObjPtr vm = opaque;
-    qemuDomainObjPrivatePtr priv = vm->privateData;
-    int ret;
-
-    VIR_DEBUG("Process path '%s' for SCSI device", path);
-
-    ret = virCgroupAllowDevicePath(priv->cgroup, path,
-                                   virSCSIDeviceGetReadonly(dev) ?
-                                   VIR_CGROUP_DEVICE_READ :
-                                   VIR_CGROUP_DEVICE_RW, false);
-
-    virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
-                             virSCSIDeviceGetReadonly(dev) ? "r" : "rw", ret == 0);
-
-    return ret;
-}
-
 static int
 qemuSetupHostSCSIVHostDeviceCgroup(virSCSIVHostDevicePtr dev ATTRIBUTE_UNUSED,
                                    const char *path,
@@ -395,9 +373,19 @@ qemuSetupHostdevCgroup(virDomainObjPtr vm,
                                              dev->shareable)) == NULL)
                     goto cleanup;
 
-                if (virSCSIDeviceFileIterate(scsi,
-                                             qemuSetupHostSCSIDeviceCgroup,
-                                             vm) < 0)
+                if (VIR_STRDUP(path, virSCSIDeviceGetPath(scsi)) < 0)
+                    goto cleanup;
+
+                VIR_DEBUG("Process path '%s' for SCSI device", path);
+                rv = virCgroupAllowDevicePath(priv->cgroup, path,
+                                              virSCSIDeviceGetReadonly(scsi) ?
+                                              VIR_CGROUP_DEVICE_READ :
+                                              VIR_CGROUP_DEVICE_RW, false);
+
+                virDomainAuditCgroupPath(vm, priv->cgroup, "allow", path,
+                                         virSCSIDeviceGetReadonly(scsi) ? "r" : "rw",
+                                         rv == 0);
+                if (rv < 0)
                     goto cleanup;
             }
             break;