From nobody Sat Feb  7 10:50:42 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 207.211.31.81 as permitted sender) client-ip=207.211.31.81;
 envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 207.211.31.81 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81])
 by mx.zohomail.com
	with SMTPS id 1580149434721751.7830680551046;
 Mon, 27 Jan 2020 10:23:54 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-13-EE66l7moOfCPY3fUTtiQKw-1; Mon, 27 Jan 2020 13:23:50 -0500
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com
 [10.5.11.23])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 983A58010E1;
	Mon, 27 Jan 2020 18:23:44 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 94D393DBB;
	Mon, 27 Jan 2020 18:23:43 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 6C44A18095FF;
	Mon, 27 Jan 2020 18:23:40 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 00RINcsc013009 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 27 Jan 2020 13:23:39 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id C1DD31003208; Mon, 27 Jan 2020 18:23:38 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
	(mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id BD5BA11422D9
	for <libvir-list@redhat.com>; Mon, 27 Jan 2020 18:23:36 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
	[207.211.31.120])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BECC7805A87
	for <libvir-list@redhat.com>; Mon, 27 Jan 2020 18:23:36 +0000 (UTC)
Received: from mail-qk1-f196.google.com (mail-qk1-f196.google.com
	[209.85.222.196]) (Using TLS) by relay.mimecast.com with ESMTP id
	us-mta-341-CWlnZdXGMJO7f-9G-IlAtw-1; Mon, 27 Jan 2020 13:23:34 -0500
Received: by mail-qk1-f196.google.com with SMTP id j20so10570811qka.10;
	Mon, 27 Jan 2020 10:23:33 -0800 (PST)
Received: from rekt.ibmuc.com ([2804:431:c7c7:95cd:d947:55fb:7549:55ce])
	by smtp.gmail.com with ESMTPSA id v55sm8367024qtc.1.2020.01.27.10.23.31
	(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
	Mon, 27 Jan 2020 10:23:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1580149433;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=9xHh0Y4lM+fkCaXyYL+6bJnzPHzDxd1di5SfPDr1VMc=;
	b=NN9jJDaq6xSkAiUiGfyqCBX6yzj+E7g/hqlfDSAMKludn6mZDDRvAFMY7swSnolH93+a8Y
	qzIKULuXVOcGOMx1jtBW6doF7jRdO07edQvrPATIuap+pdvlNX3GPg2X6yf51V/kgBRGju
	ax9dOom0eek/ACkFx92IIudAEraYMxw=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=K+HRQgz0kSxD07TQxOS5TI96pySISBH1XKSAHJMxhvY=;
	b=F8tP00cKgjGHPWM0EeitJpoxy9QS0L8knmMBLI6j8O8c+0TZ0+ZRiPFPWqcUpzTQGt
	cHEEYuV3YUd/lHZ1yl60VuNB6ghetMAIaipy/i3LZ7jxYJ+PEe9fqzYfJOrfEb7ujQjx
	tL94Sl9CmqIAxfkmXFfjgH9WL+p0XvuvWkt/rPlh5cyj6Go5mxVBjyy6Facg7BaNkNWR
	pbkcNlKz9/Oia17DIqWHYzBKILI8gjh4WMfUJbNNOc7D74/TSiUYs/yFnL8rxqL7Kb4v
	oOInjyuJ+30giXnLBw51c3SeRRppGjpsYYI6qpPl/fanERyHv2ur0xFiZLSkDilI3wlE
	JQxw==
X-Gm-Message-State: APjAAAXYGzXJW/k4mPkTyYc7pYG8P5+aRgmO+rc6GMuLEvXnp3BNhGeP
	TUKs0LFS/YPHEnOGJAS6k/Cup6r3ifM=
X-Google-Smtp-Source: 
 APXvYqyihCF7ekuTS9unIVduO875KekU5VzJHEjcWUi1m4qe/lsw5475hxYtDB7ABs87eXIX9Ic7pw==
X-Received: by 2002:ae9:f711:: with SMTP id
 s17mr17522312qkg.238.1580149413197;
	Mon, 27 Jan 2020 10:23:33 -0800 (PST)
From: Daniel Henrique Barboza <danielhb413@gmail.com>
To: libvir-list@redhat.com
Subject: [PATCH v1 2/2] security: do not remember/recall labels for VFIO
Date: Mon, 27 Jan 2020 15:23:21 -0300
Message-Id: <20200127182321.713525-3-danielhb413@gmail.com>
In-Reply-To: <20200127182321.713525-1-danielhb413@gmail.com>
References: <20200127182321.713525-1-danielhb413@gmail.com>
MIME-Version: 1.0
X-MC-Unique: CWlnZdXGMJO7f-9G-IlAtw-1
X-MC-Unique: EE66l7moOfCPY3fUTtiQKw-1
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-MIME-Autoconverted: from quoted-printable to 8bit by
	lists01.pubmisc.prod.ext.phx2.redhat.com id 00RINcsc013009
X-loop: libvir-list@redhat.com
Cc: mprivozn@redhat.com, Daniel Henrique Barboza <danielhb413@gmail.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

Files inside /dev/vfio/ can't be opened more than once, meaning
that any subsequent open calls will fail. This behavior was
introduced in kernel v3.11, commit 6d6768c61b39.

When using the VFIO driver, we open a FD to /dev/vfio/N and
pass it to QEMU. If any other call attempt for the same
/dev/vfio/N happens while QEMU is still using the file, we are
unable to open it and QEMU will report -EBUSY. This can happen
if we hotplug a PCI hostdev that belongs to the same IOMMU group
of an existing domain hostdev.

The problem and solution is similar to what we already dealt
with for TPM in commit 4e95cdcbb3. This patch changes both
DAC and SELinux drivers to disable 'remember' for VFIO hostdevs
in virSecurityDACSetHostdevLabelHelper() and
virSecurityDACSetHostdevLabel(), and 'recall'
in virSecurityDACRestoreHostdevLabel() and
virSecuritySELinuxRestoreHostdevSubsysLabel().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
 src/security/security_dac.c     | 7 +++++--
 src/security/security_selinux.c | 6 ++++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index b456c59a02..216fe93a56 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -1263,7 +1263,9 @@ virSecurityDACSetHostdevLabel(virSecurityManagerPtr m=
gr,
                 virPCIDeviceFree(pci);
                 return -1;
             }
-            ret =3D virSecurityDACSetPCILabel(pci, vfioGroupDev, &cbdata);
+            ret =3D virSecurityDACSetHostdevLabelHelper(vfioGroupDev,
+                                                      false,
+                                                      &cbdata);
             VIR_FREE(vfioGroupDev);
         } else {
             ret =3D virPCIDeviceFileIterate(pci,
@@ -1430,7 +1432,8 @@ virSecurityDACRestoreHostdevLabel(virSecurityManagerP=
tr mgr,
                 virPCIDeviceFree(pci);
                 return -1;
             }
-            ret =3D virSecurityDACRestorePCILabel(pci, vfioGroupDev, mgr);
+            ret =3D virSecurityDACRestoreFileLabelInternal(mgr, NULL,
+                                                         vfioGroupDev, fal=
se);
             VIR_FREE(vfioGroupDev);
         } else {
             ret =3D virPCIDeviceFileIterate(pci, virSecurityDACRestorePCIL=
abel, mgr);
diff --git a/src/security/security_selinux.c b/src/security/security_selinu=
x.c
index 86acc0a33f..ce46df09da 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -2118,7 +2118,9 @@ virSecuritySELinuxSetHostdevSubsysLabel(virSecurityMa=
nagerPtr mgr,
                 virPCIDeviceFree(pci);
                 return -1;
             }
-            ret =3D virSecuritySELinuxSetPCILabel(pci, vfioGroupDev, &data=
);
+            ret =3D virSecuritySELinuxSetHostdevLabelHelper(vfioGroupDev,
+                                                          false,
+                                                          &data);
             VIR_FREE(vfioGroupDev);
         } else {
             ret =3D virPCIDeviceFileIterate(pci, virSecuritySELinuxSetPCIL=
abel, &data);
@@ -2356,7 +2358,7 @@ virSecuritySELinuxRestoreHostdevSubsysLabel(virSecuri=
tyManagerPtr mgr,
                 virPCIDeviceFree(pci);
                 return -1;
             }
-            ret =3D virSecuritySELinuxRestorePCILabel(pci, vfioGroupDev, m=
gr);
+            ret =3D virSecuritySELinuxRestoreFileLabel(mgr, vfioGroupDev, =
false);
             VIR_FREE(vfioGroupDev);
         } else {
             ret =3D virPCIDeviceFileIterate(pci, virSecuritySELinuxRestore=
PCILabel, mgr);
--=20
2.24.1