1. Patchew
  2. QEMU
  3. View series

[PATCH] vfio-user: reject malformed migration capabilities

zhaoguohan@kylinos.cn posted 1 patch 1 month ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260424031259.289211-1-zhaoguohan@kylinos.cn
Maintainers: John Levon <john.levon@nutanix.com>, Thanos Makatos <thanos.makatos@nutanix.com>, "Cédric Le Goater" <clg@redhat.com>
hw/vfio-user/proxy.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
[PATCH] vfio-user: reject malformed migration capabilities
Posted by zhaoguohan@kylinos.cn 1 month ago 
From: GuoHan Zhao <zhaoguohan@kylinos.cn>

check_migr() sets an error when the migration capability is not an object,
but still returns true.  This lets version negotiation continue with an
Error set and reports the wrong capability name in the diagnostic.

Return false for the malformed capability, and report the migration
capability name.

Fixes: 36227628d824 ("vfio-user: implement message send infrastructure")
Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
---
 hw/vfio-user/proxy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
index 314dfd23d8af..8b7cc36231ab 100644
--- a/hw/vfio-user/proxy.c
+++ b/hw/vfio-user/proxy.c
@@ -1190,8 +1190,8 @@ static bool check_migr(VFIOUserProxy *proxy, QObject *qobj, Error **errp)
     QDict *qdict = qobject_to(QDict, qobj);
 
     if (qdict == NULL) {
-        error_setg(errp, "malformed %s", VFIO_USER_CAP_MAX_FDS);
-        return true;
+        error_setg(errp, "malformed %s", VFIO_USER_CAP_MIGR);
+        return false;
     }
     return caps_parse(proxy, qdict, caps_migr, errp);
 }
-- 
2.43.0
Re: [PATCH] vfio-user: reject malformed migration capabilities
Posted by Cédric Le Goater 3 weeks, 5 days ago 
On 4/24/26 05:12, zhaoguohan@kylinos.cn wrote:
> From: GuoHan Zhao <zhaoguohan@kylinos.cn>
> 
> check_migr() sets an error when the migration capability is not an object,
> but still returns true.  This lets version negotiation continue with an
> Error set and reports the wrong capability name in the diagnostic.
> 
> Return false for the malformed capability, and report the migration
> capability name.
> 
> Fixes: 36227628d824 ("vfio-user: implement message send infrastructure")
> Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
> ---
>   hw/vfio-user/proxy.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
> index 314dfd23d8af..8b7cc36231ab 100644
> --- a/hw/vfio-user/proxy.c
> +++ b/hw/vfio-user/proxy.c
> @@ -1190,8 +1190,8 @@ static bool check_migr(VFIOUserProxy *proxy, QObject *qobj, Error **errp)
>       QDict *qdict = qobject_to(QDict, qobj);
>   
>       if (qdict == NULL) {
> -        error_setg(errp, "malformed %s", VFIO_USER_CAP_MAX_FDS);
> -        return true;
> +        error_setg(errp, "malformed %s", VFIO_USER_CAP_MIGR);
> +        return false;
>       }
>       return caps_parse(proxy, qdict, caps_migr, errp);
>   }


Applied to

     https://github.com/legoater/qemu vfio-next

Please base future contributions on this branch.

Thanks,

C.
Re: [PATCH] vfio-user: reject malformed migration capabilities
Posted by John Levon 1 month ago 
On Fri, Apr 24, 2026 at 11:12:59AM +0800, zhaoguohan@kylinos.cn wrote:

> check_migr() sets an error when the migration capability is not an object,
> but still returns true.  This lets version negotiation continue with an
> Error set and reports the wrong capability name in the diagnostic.
> 
> Return false for the malformed capability, and report the migration
> capability name.
> 
> Fixes: 36227628d824 ("vfio-user: implement message send infrastructure")
> Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>

Thanks!

Reviewed-by: John Levon <john.levon@nutanix.com>

regards
john

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.