qemu: Restore label before reattach device to host

When a hostdev is attached to the guest (and removed from the host), the order of operations is call qemuHostdevPreparePCIDevices to remove the device from the host, call qemuSetupHostdevCgroup to setup the cgroups, and virSecurityManagerSetHostdevLabel to set the labels. When the device is removed from the guest, the code didn't use the reverse order leading to possible issues (especially if the path to the device no longer exists). This patch will move the call to virSecurityManagerRestoreHostdevLabel to prior to reattaching the device to the host.

qemu: Restore label before reattach device to host
When a hostdev is attached to the guest (and removed from the host), the order of operations is call qemuHostdevPreparePCIDevices to remove the device from the host, call qemuSetupHostdevCgroup to setup the cgroups, and virSecurityManagerSetHostdevLabel to set the labels. When the device is removed from the guest, the code didn't use the reverse order leading to possible issues (especially if the path to the device no longer exists). This patch will move the call to virSecurityManagerRestoreHostdevLabel to prior to reattaching the device to the host.
409de00e · John Ferlan · 12b239a9 · 409de00e
隐藏空白更改
内联并排

Showing with 8 addition and 10 deletion

src/qemu/qemu_hotplug.c src/qemu/qemu_hotplug.c +8 -10

未找到文件。
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -2990,8 +2990,6 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver,
    int ret = -1;
    qemuDomainObjPrivatePtr priv = vm->privateData;
    char *drivestr = NULL;
-    int backend;
-    bool is_vfio = false;
    VIR_DEBUG("Removing host device %s from domain %p %s",
              hostdev->info->alias, vm, vm->def->name);
@@ -3033,10 +3031,16 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver,
    virDomainAuditHostdev(vm, hostdev, "detach", true);
+    if (hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI &&
+        hostdev->source.subsys.u.pci.backend !=
+        VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
+        if (virSecurityManagerRestoreHostdevLabel(driver->securityManager,
+                                                  vm->def, hostdev, NULL) < 0)
+            VIR_WARN("Failed to restore host device labelling");
+    }
    switch ((virDomainHostdevSubsysType) hostdev->source.subsys.type) {
    case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI:
-        backend = hostdev->source.subsys.u.pci.backend;
-        is_vfio = backend == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO;
        qemuDomainRemovePCIHostDevice(driver, vm, hostdev);
        /* QEMU might no longer need to lock as much memory, eg. we just
         * detached the last VFIO device, so adjust the limit here */
@@ -3056,12 +3060,6 @@ qemuDomainRemoveHostDevice(virQEMUDriverPtr driver,
    if (qemuTeardownHostdevCgroup(vm, hostdev) < 0)
        VIR_WARN("Failed to remove host device cgroup ACL");
-    if (!is_vfio &&
-        virSecurityManagerRestoreHostdevLabel(driver->securityManager,
-                                              vm->def, hostdev, NULL) < 0) {
-        VIR_WARN("Failed to restore host device labelling");
-    }
    virDomainHostdevDefFree(hostdev);
    if (net) {