security driver: eliminate memory leaks in failure paths

If virPCIDeviceGetVFIOGroupDev() failed,
virSecurity*(Set|Restore)HostdevLabel() would fail to free a
virPCIDevice that had been allocated.

These leaks were all introduced (by me) very recently, in commit
f0bd70a9.

src/security/security_apparmor.c

@@ -835,8 +835,10 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr);
             VIR_FREE(vfioGroupDev);
         } else {

src/security/security_dac.c

@@ -520,8 +520,10 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, params);
             VIR_FREE(vfioGroupDev);
         } else {
@@ -530,7 +532,6 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr,
         }
 
         virPCIDeviceFree(pci);
-
         break;
     }
 
@@ -611,15 +612,16 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
             VIR_FREE(vfioGroupDev);
         } else {
             ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr);
         }
         virPCIDeviceFree(pci);
-
         break;
     }
 

src/security/security_selinux.c

@@ -1346,15 +1346,16 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecuritySELinuxSetSecurityPCILabel(pci, vfioGroupDev, def);
             VIR_FREE(vfioGroupDev);
         } else {
             ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def);
         }
         virPCIDeviceFree(pci);
-
         break;
     }
 
@@ -1518,15 +1519,16 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr,
             == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) {
             char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci);
 
-            if (!vfioGroupDev)
+            if (!vfioGroupDev) {
+                virPCIDeviceFree(pci);
                 goto done;
+            }
             ret = virSecuritySELinuxRestoreSecurityPCILabel(pci, vfioGroupDev, mgr);
             VIR_FREE(vfioGroupDev);
         } else {
             ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr);
         }
         virPCIDeviceFree(pci);
-
         break;
     }