1. Patchew
  2. QEMU
  3. View series

[PATCH] vfio-user: disconnect container when device info query fails

zhaoguohan@kylinos.cn posted 1 patch 1 week, 1 day ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260522065637.4109499-1-zhaoguohan@kylinos.cn
Maintainers: John Levon <john.levon@nutanix.com>, Thanos Makatos <thanos.makatos@nutanix.com>, "Cédric Le Goater" <clg@redhat.com>
hw/vfio-user/container.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
[PATCH] vfio-user: disconnect container when device info query fails
Posted by zhaoguohan@kylinos.cn 1 week, 1 day ago 
From: GuoHan Zhao <zhaoguohan@kylinos.cn>

vfio_user_device_attach() connects the vfio-user container before querying
VFIO_USER_DEVICE_GET_INFO.  If the device info query fails,
vfio_device_prepare() has not run yet, so vbasedev->bcontainer is still
NULL and the later vfio_device_detach() cleanup path cannot reach the new
container.

Disconnect the container before returning the attach failure so the listener,
RAM discard state, object reference and address space reference are released
on this error path.

Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
---
 hw/vfio-user/container.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c
index 796289a46903..dc23b06eebf1 100644
--- a/hw/vfio-user/container.c
+++ b/hw/vfio-user/container.c
@@ -309,7 +309,12 @@ static bool vfio_user_device_attach(const char *name, VFIODevice *vbasedev,
         return false;
     }
 
-    return vfio_user_device_get(container, vbasedev, errp);
+    if (!vfio_user_device_get(container, vbasedev, errp)) {
+        vfio_user_container_disconnect(container);
+        return false;
+    }
+
+    return true;
 }
 
 static void vfio_user_device_detach(VFIODevice *vbasedev)
-- 
2.43.0
Re: [PATCH] vfio-user: disconnect container when device info query fails
Posted by John Levon 4 days, 8 hours ago 
On Fri, May 22, 2026 at 02:56:37PM +0800, zhaoguohan@kylinos.cn wrote:

> vfio_user_device_attach() connects the vfio-user container before querying
> VFIO_USER_DEVICE_GET_INFO.  If the device info query fails,
> vfio_device_prepare() has not run yet, so vbasedev->bcontainer is still
> NULL and the later vfio_device_detach() cleanup path cannot reach the new
> container.
> 
> Disconnect the container before returning the attach failure so the listener,
> RAM discard state, object reference and address space reference are released
> on this error path.
> 
> Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
> ---
>  hw/vfio-user/container.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c
> index 796289a46903..dc23b06eebf1 100644
> --- a/hw/vfio-user/container.c
> +++ b/hw/vfio-user/container.c
> @@ -309,7 +309,12 @@ static bool vfio_user_device_attach(const char *name, VFIODevice *vbasedev,
>          return false;
>      }
>  
> -    return vfio_user_device_get(container, vbasedev, errp);
> +    if (!vfio_user_device_get(container, vbasedev, errp)) {
> +        vfio_user_container_disconnect(container);
> +        return false;
> +    }
> +
> +    return true;
>  }
>  
>  static void vfio_user_device_detach(VFIODevice *vbasedev)

Reviewed-by: John Levon <john.levon@nutanix.com>

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.