From: John Ferlan Date: Tue, 24 Jan 2017 17:26:25 +0000 (-0500) Subject: nodedev: Keep the node device lock longer in nodeDeviceDestroy X-Git-Tag: CVE-2017-2635~76 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ccb0d6e342ea87d43addb0330556f9f81e86db4c;p=thirdparty%2Flibvirt.git nodedev: Keep the node device lock longer in nodeDeviceDestroy While perhaps improbable, it could be possible that after finding our object that another thread running essentially in parallel could attempt to delete the same vHBA. So rather than dropping the lock right after finding the object, keep the lock around while we drop the object lock and work on deleting the object. Once the delete occurs we can safely drop the driver lock again. Cleanup some of the usage of cleanup instead out for the goto label. --- diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c index bac57fa2c4..32022ebca9 100644 --- a/src/node_device/node_device_driver.c +++ b/src/node_device/node_device_driver.c @@ -646,21 +646,18 @@ nodeDeviceDestroy(virNodeDevicePtr dev) int parent_host = -1; nodeDeviceLock(); - obj = virNodeDeviceFindByName(&driver->devs, dev->name); - nodeDeviceUnlock(); - - if (!obj) { + if (!(obj = virNodeDeviceFindByName(&driver->devs, dev->name))) { virReportError(VIR_ERR_NO_NODE_DEVICE, _("no node device with matching name '%s'"), dev->name); - goto out; + goto cleanup; } if (virNodeDeviceDestroyEnsureACL(dev->conn, obj->def) < 0) - goto out; + goto cleanup; - if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) == -1) - goto out; + if (virNodeDeviceGetWWNs(obj->def, &wwnn, &wwpn) < 0) + goto cleanup; /* virNodeDeviceGetParentHost will cause the device object's lock to be @@ -670,20 +667,21 @@ nodeDeviceDestroy(virNodeDevicePtr dev) if (VIR_STRDUP(parent_name, obj->def->parent) < 0) { virNodeDeviceObjUnlock(obj); obj = NULL; - goto out; + goto cleanup; } virNodeDeviceObjUnlock(obj); obj = NULL; if (virNodeDeviceGetParentHost(&driver->devs, dev->name, parent_name, &parent_host) < 0) - goto out; + goto cleanup; if (virVHBAManageVport(parent_host, wwpn, wwnn, VPORT_DELETE) < 0) - goto out; + goto cleanup; ret = 0; - out: + cleanup: + nodeDeviceUnlock(); if (obj) virNodeDeviceObjUnlock(obj); VIR_FREE(parent_name);