From nobody Tue Feb 10 05:45:35 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176378108365257.48727048435126; Fri, 21 Nov 2025 19:11:23 -0800 (PST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1vMd7E-0004sZ-F5; Fri, 21 Nov 2025 21:12:45 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vMd1a-0000yn-63; Fri, 21 Nov 2025 21:06:54 -0500 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1vMd13-0002G4-MN; Fri, 21 Nov 2025 21:06:49 -0500 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 370E516C6FF; Fri, 21 Nov 2025 16:51:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 8E58332199C; Fri, 21 Nov 2025 16:52:05 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Albert Esteve , Stefano Garzarella , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.1.3 39/76] vhost-user: fix shared object lookup handler logic Date: Fri, 21 Nov 2025 16:51:17 +0300 Message-ID: <20251121135201.1114964-39-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, T_SPF_HELO_TEMPERROR=0.01, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1763781086015018900 Content-Type: text/plain; charset="utf-8" From: Albert Esteve Refactor backend_read() function and add a reply_ack variable to have the option for handlers to force tweak whether they should send a reply or not without depending on VHOST_USER_NEED_REPLY_MASK flag. This fixes an issue with vhost_user_backend_handle_shared_object_lookup() logic, as the error path was not closing the backend channel correctly. So, we can remove the reply call from within the handler, make sure it returns early on errors as other handlers do and set the reply_ack variable on backend_read() to true to ensure that it will send a response, thus keeping the original intent. Fixes: 1609476662 ("vhost-user: add shared_object msg") Cc: qemu-stable@nongnu.org Signed-off-by: Albert Esteve Reviewed-by: Stefano Garzarella Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin Message-Id: <20251017072011.1874874-2-aesteve@redhat.com> (cherry picked from commit fde5930cc37175cfcd0f03a089e26f4458a52311) (Mjt: context fix) Signed-off-by: Michael Tokarev diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c index 1e1d6b0d6e..199810a6bd 100644 --- a/hw/virtio/vhost-user.c +++ b/hw/virtio/vhost-user.c @@ -1668,14 +1668,6 @@ static bool vhost_user_send_resp(QIOChannel *ioc, Vh= ostUserHeader *hdr, return !qio_channel_writev_all(ioc, iov, ARRAY_SIZE(iov), errp); } =20 -static bool -vhost_user_backend_send_dmabuf_fd(QIOChannel *ioc, VhostUserHeader *hdr, - VhostUserPayload *payload, Error **errp) -{ - hdr->size =3D sizeof(payload->u64); - return vhost_user_send_resp(ioc, hdr, payload, errp); -} - int vhost_user_get_shared_object(struct vhost_dev *dev, unsigned char *uui= d, int *dmabuf_fd) { @@ -1716,19 +1708,15 @@ int vhost_user_get_shared_object(struct vhost_dev *= dev, unsigned char *uuid, =20 static int vhost_user_backend_handle_shared_object_lookup(struct vhost_user *u, - QIOChannel *ioc, - VhostUserHeader *hdr, - VhostUserPayload *payload) + VhostUserShared *object) { QemuUUID uuid; CharBackend *chr =3D u->user->chr; - Error *local_err =3D NULL; int dmabuf_fd =3D -1; int fd_num =3D 0; =20 - memcpy(uuid.data, payload->object.uuid, sizeof(payload->object.uuid)); + memcpy(uuid.data, object->uuid, sizeof(object->uuid)); =20 - payload->u64 =3D 0; switch (virtio_object_type(&uuid)) { case TYPE_DMABUF: dmabuf_fd =3D virtio_lookup_dmabuf(&uuid); @@ -1737,18 +1725,16 @@ vhost_user_backend_handle_shared_object_lookup(stru= ct vhost_user *u, { struct vhost_dev *dev =3D virtio_lookup_vhost_device(&uuid); if (dev =3D=3D NULL) { - payload->u64 =3D -EINVAL; - break; + return -EINVAL; } int ret =3D vhost_user_get_shared_object(dev, uuid.data, &dmabuf_f= d); if (ret < 0) { - payload->u64 =3D ret; + return ret; } break; } case TYPE_INVALID: - payload->u64 =3D -EINVAL; - break; + return -EINVAL; } =20 if (dmabuf_fd !=3D -1) { @@ -1757,11 +1743,6 @@ vhost_user_backend_handle_shared_object_lookup(struc= t vhost_user *u, =20 if (qemu_chr_fe_set_msgfds(chr, &dmabuf_fd, fd_num) < 0) { error_report("Failed to set msg fds."); - payload->u64 =3D -EINVAL; - } - - if (!vhost_user_backend_send_dmabuf_fd(ioc, hdr, payload, &local_err))= { - error_report_err(local_err); return -EINVAL; } =20 @@ -1790,6 +1771,7 @@ static gboolean backend_read(QIOChannel *ioc, GIOCond= ition condition, struct iovec iov; g_autofree int *fd =3D NULL; size_t fdsize =3D 0; + bool reply_ack; int i; =20 /* Read header */ @@ -1808,6 +1790,8 @@ static gboolean backend_read(QIOChannel *ioc, GIOCond= ition condition, goto err; } =20 + reply_ack =3D hdr.flags & VHOST_USER_NEED_REPLY_MASK; + /* Read payload */ if (qio_channel_read_all(ioc, (char *) &payload, hdr.size, &local_err)= ) { error_report_err(local_err); @@ -1833,8 +1817,10 @@ static gboolean backend_read(QIOChannel *ioc, GIOCon= dition condition, &payload.obje= ct); break; case VHOST_USER_BACKEND_SHARED_OBJECT_LOOKUP: - ret =3D vhost_user_backend_handle_shared_object_lookup(dev->opaque= , ioc, - &hdr, &payloa= d); + /* The backend always expects a response */ + reply_ack =3D true; + ret =3D vhost_user_backend_handle_shared_object_lookup(dev->opaque, + &payload.obje= ct); break; default: error_report("Received unexpected msg type: %d.", hdr.request); @@ -1845,7 +1831,7 @@ static gboolean backend_read(QIOChannel *ioc, GIOCond= ition condition, * REPLY_ACK feature handling. Other reply types has to be managed * directly in their request handlers. */ - if (hdr.flags & VHOST_USER_NEED_REPLY_MASK) { + if (reply_ack) { payload.u64 =3D !!ret; hdr.size =3D sizeof(payload.u64); =20 --=20 2.47.3