From: Laine Stump Date: Thu, 19 Dec 2013 11:09:05 +0000 (+0200) Subject: qemu: avoid duplicate security label restore on hostdev attach failure X-Git-Tag: CVE-2013-6458-1~56 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0f511ee2bfeb4b177b301ed73f3a9d86b4d4dbd;p=thirdparty%2Flibvirt.git qemu: avoid duplicate security label restore on hostdev attach failure This eliminates the misleading error message that was being logged when a vfio hostdev hotplug failed: error: unable to set user and group to '107:107' on '/dev/vfio/22': No such file or directory as documented in: https://bugzilla.redhat.com/show_bug.cgi?id=1035490 Commit ee414b5d (pushed as a fix for Bug 1016511 and part of Bug 1025108) replaced the single call to virSecurityManagerSetHostdevLabel() in qemuDomainAttachHostDevice() with individual calls to that same function in each device-type-specific attach function (for PCI, USB, and SCSI). It also added a corresponding call to virSecurityManagerRestoreHostdevLabel() in the error handling of the device-type-specific functions, but forgot to remove the common call to that from qemuDomainAttachHostDevice() - this resulted in a duplicate call to virSecurityManagerRestoreHostdevLabel(), with the second occurrence being after (e.g.) a PCI device has already been re-attached to the host driver, thus destroying some of the device nodes / links that we then attempted to re-label (e.f. /dev/vfio/22) and generating an error log that obscured the original error. --- diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c index 4a2c5ce0f6..7a8caf1f43 100644 --- a/src/qemu/qemu_hotplug.c +++ b/src/qemu/qemu_hotplug.c @@ -1666,9 +1666,6 @@ int qemuDomainAttachHostDevice(virQEMUDriverPtr driver, return 0; error: - if (virSecurityManagerRestoreHostdevLabel(driver->securityManager, - vm->def, hostdev, NULL) < 0) - VIR_WARN("Unable to restore host device labelling on hotplug fail"); return -1; }