[libvirt] [PATCH] security driver: eliminate memory leaks in failure paths

If virPCIDeviceGetVFIOGroupDev() failed, virSecurity*(Set|Restore)HostdevLabel() would fail to free a virPCIDevice that had been allocated. These leaks were all introduced (by me) very recently, in commit f0bd70a. --- src/security/security_apparmor.c | 4 +++- src/security/security_dac.c | 10 ++++++---- src/security/security_selinux.c | 10 ++++++---- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 4fa0384..5be5ff0 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -835,8 +835,10 @@ AppArmorSetSecurityHostdevLabel(virSecurityManagerPtr mgr, == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci); - if (!vfioGroupDev) + if (!vfioGroupDev) { + virPCIDeviceFree(pci); goto done; + } ret = AppArmorSetSecurityPCILabel(pci, vfioGroupDev, ptr); VIR_FREE(vfioGroupDev); } else { diff --git a/src/security/security_dac.c b/src/security/security_dac.c index 0366c17..e197eff 100644 --- a/src/security/security_dac.c +++ b/src/security/security_dac.c @@ -520,8 +520,10 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci); - if (!vfioGroupDev) + if (!vfioGroupDev) { + virPCIDeviceFree(pci); goto done; + } ret = virSecurityDACSetSecurityPCILabel(pci, vfioGroupDev, params); VIR_FREE(vfioGroupDev); } else { @@ -530,7 +532,6 @@ virSecurityDACSetSecurityHostdevLabel(virSecurityManagerPtr mgr, } virPCIDeviceFree(pci); - break; } @@ -611,15 +612,16 @@ virSecurityDACRestoreSecurityHostdevLabel(virSecurityManagerPtr mgr, == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci); - if (!vfioGroupDev) + if (!vfioGroupDev) { + virPCIDeviceFree(pci); goto done; + } ret = virSecurityDACRestoreSecurityPCILabel(pci, vfioGroupDev, mgr); VIR_FREE(vfioGroupDev); } else { ret = virPCIDeviceFileIterate(pci, virSecurityDACRestoreSecurityPCILabel, mgr); } virPCIDeviceFree(pci); - break; } diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c index 87a09c7..0cf4009 100644 --- a/src/security/security_selinux.c +++ b/src/security/security_selinux.c @@ -1346,15 +1346,16 @@ virSecuritySELinuxSetSecurityHostdevSubsysLabel(virDomainDefPtr def, == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci); - if (!vfioGroupDev) + if (!vfioGroupDev) { + virPCIDeviceFree(pci); goto done; + } ret = virSecuritySELinuxSetSecurityPCILabel(pci, vfioGroupDev, def); VIR_FREE(vfioGroupDev); } else { ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxSetSecurityPCILabel, def); } virPCIDeviceFree(pci); - break; } @@ -1518,15 +1519,16 @@ virSecuritySELinuxRestoreSecurityHostdevSubsysLabel(virSecurityManagerPtr mgr, == VIR_DOMAIN_HOSTDEV_PCI_BACKEND_VFIO) { char *vfioGroupDev = virPCIDeviceGetVFIOGroupDev(pci); - if (!vfioGroupDev) + if (!vfioGroupDev) { + virPCIDeviceFree(pci); goto done; + } ret = virSecuritySELinuxRestoreSecurityPCILabel(pci, vfioGroupDev, mgr); VIR_FREE(vfioGroupDev); } else { ret = virPCIDeviceFileIterate(pci, virSecuritySELinuxRestoreSecurityPCILabel, mgr); } virPCIDeviceFree(pci); - break; } -- 1.7.11.7