security driver: eliminate memory leaks in failure paths

If virPCIDeviceGetVFIOGroupDev() failed, virSecurity*(Set|Restore)HostdevLabel() would fail to free a virPCIDevice that had been allocated. These leaks were all introduced (by me) very recently, in commit f0bd70a.
2024-12-23 22:25:25 +00:00 · 2013-04-30 10:59:29 -04:00 · 2013-04-30 10:59:29 -04:00 · ed12bbee81
commit ed12bbee81
parent 80f01915b5
3 changed files with 15 additions and 9 deletions
--- a/src/security/security_apparmor.c
+++ b/src/security/security_apparmor.c
@ -835,8 +835,10 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);

-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                goto done;
+            }
            ret = AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr);
            VIR_FREE(vfioGroupDev);
        } else {
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@ -520,8 +520,10 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);

-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                goto done;
+            }
            ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, params);
            VIR_FREE(vfioGroupDev);
        } else {
@ -530,7 +532,6 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
        }

        virPCIDeviceFree(pci);
-
        break;
    }

@ -611,15 +612,16 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);

-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                goto done;
+            }
            ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
            VIR_FREE(vfioGroupDev);
        } else {
            ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
        }
        virPCIDeviceFree(pci);
-
        break;
    }

--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@ -1346,15 +1346,16 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);

-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                goto done;
+            }
            ret = virSecuritySELinuxSetSecurityPCILabel(pci, vfioGroupDev, def);
            VIR_FREE(vfioGroupDev);
        } else {
            ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
        }
        virPCIDeviceFree(pci);
-
        break;
    }

@ -1518,15 +1519,16 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
            == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
            char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);

-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                goto done;
+            }
            ret = virSecuritySELinuxRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
            VIR_FREE(vfioGroupDev);
        } else {
            ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr);
        }
        virPCIDeviceFree(pci);
-
        break;
    }