From b005cda6898ecdd4675f4721064e3890e16b09ba Mon Sep 17 00:00:00 2001
From: Archana Shinde <archana.m.shinde@intel.com>
Date: Tue, 12 Dec 2023 21:02:48 -0800
Subject: [PATCH] network: Move up defer block tp cleanup network

Move the defer for cleaning up network before the call to add network.
This way if any change made by add network is reverted by in case of
failure. This is particulary important for physical network interfaces
as with this step we make sure that driver for the physical interface is
reverted back to the original host driver. Without this the physical
network iterface will remain bound to vfio.

Fixes: #8646

Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
---
 src/runtime/virtcontainers/api.go | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/runtime/virtcontainers/api.go b/src/runtime/virtcontainers/api.go
index 1927d4d077..6cda1db3db 100644
--- a/src/runtime/virtcontainers/api.go
+++ b/src/runtime/virtcontainers/api.go
@@ -70,18 +70,19 @@ func createSandboxFromConfig(ctx context.Context, sandboxConfig SandboxConfig, f
 		}
 	}()
 
+	// network rollback
+	defer func() {
+		if err != nil {
+			virtLog.Info("Removing network after failure in createSandbox")
+			s.removeNetwork(ctx)
+		}
+	}()
+
 	// Create the sandbox network
 	if err = s.createNetwork(ctx); err != nil {
 		return nil, err
 	}
 
-	// network rollback
-	defer func() {
-		if err != nil {
-			s.removeNetwork(ctx)
-		}
-	}()
-
 	// Set the sandbox host cgroups.
 	if err := s.setupResourceController(); err != nil {
 		return nil, err