External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-12 21:05:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

dac, selinux: skip setting/restoring label for absent PCI devices

Browse Source 
If the underlying PCI device of a hostdev does not exist in the
host (e.g. a SR-IOV VF that was removed while the domain was
running), skip security label handling for it.

This will avoid errors that happens during qemuProcessStop() time,
where a VF that was being used by the domain is not present anymore.
The restore label functions of both DAC and SELinux drivers will
trigger errors in virPCIDeviceNew().

Reviewed-by: Laine Stump <laine@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
This commit is contained in:
Daniel Henrique Barboza 2021-01-04 09:54:33 -03:00
parent cb4b59eda8
commit fae5e343fb
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/security/security_dac.c
View File

@ -1266,7 +1266,12 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr mgr,
}
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
g_autoptr(virPCIDevice) pci = virPCIDeviceNew(&pcisrc->addr);
g_autoptr(virPCIDevice) pci = NULL;
if (!virPCIDeviceExists(&pcisrc->addr))
break;
pci = virPCIDeviceNew(&pcisrc->addr);
if (!pci)
return -1;
@ -1422,7 +1427,12 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerPtr mgr,
}
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
g_autoptr(virPCIDevice) pci = virPCIDeviceNew(&pcisrc->addr);
g_autoptr(virPCIDevice) pci = NULL;
if (!virPCIDeviceExists(&pcisrc->addr))
break;
pci = virPCIDeviceNew(&pcisrc->addr);
if (!pci)
return -1;

14
src/security/security_selinux.c
View File

@ -2103,7 +2103,12 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityManagerPtr mgr,
}
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
g_autoptr(virPCIDevice) pci = virPCIDeviceNew(&pcisrc->addr);
g_autoptr(virPCIDevice) pci = NULL;
if (!virPCIDeviceExists(&pcisrc->addr))
break;
pci = virPCIDeviceNew(&pcisrc->addr);
if (!pci)
return -1;
@ -2331,7 +2336,12 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecurityManagerPtr mgr,
}
case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI: {
g_autoptr(virPCIDevice) pci = virPCIDeviceNew(&pcisrc->addr);
g_autoptr(virPCIDevice) pci = NULL;
if (!virPCIDeviceExists(&pcisrc->addr))
break;
pci = virPCIDeviceNew(&pcisrc->addr);
if (!pci)
return -1;