qemu_hotplug: Don't skip cleanup in qemuDomainAttachNetDevice()

Introduced in v8.4.0-rc1~183 but the first real problem
introduced in v8.4.0-rc1~170, there's a
qemuBuildInterfaceConnect() call inside of
qemuDomainAttachNetDevice(). If the former fails, then the
function is immediately returned from instead of jumping onto the
cleanup label. This is crucial, because at this point the domain
definition contains 'borrowed' net definition, which is then
freed, since an error was met. The domain definition is then left
with a dangling pointer which leads to all sorts of different
crashes.

Fixes: 29d022b1eb7b2330ed224a08509e6d3a5eeecc53
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2102009
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>

diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index ee44649d4810149cf3ec37e409fc3b9c09837c90..27e68370cf448aa378674fe0ca2c6ce03395c753 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1265,7 +1265,7 @@ qemuDomainAttachNetDevice(virQEMUDriver *driver,
     VIR_APPEND_ELEMENT_COPY(vm->def->nets, vm->def->nnets, net);
 
     if (qemuBuildInterfaceConnect(vm, net, VIR_NETDEV_VPORT_PROFILE_OP_CREATE) < 0)
-         return -1;
+        goto cleanup;
 
     iface_connected = true;