From: John Levon <john.levon@nutanix.com>
Date: Wed, 3 Dec 2025 10:03:15 +0000 (+0530)
Subject: vfio-user: recycle msg on failure
X-Git-Tag: v10.2.0-rc3~6^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=23c586abf2e12843894189c4742c8ea55c594cd5;p=thirdparty%2Fqemu.git

vfio-user: recycle msg on failure

If we fail to read an incoming request, recycle the message.

Resolves: Coverity CID 1611807
Resolves: Coverity CID 1611808
Signed-off-by: John Levon <john.levon@nutanix.com>
Reviewed-by: Mark Cave-Ayland <mark.caveayland@nutanix.com>
Link: https://lore.kernel.org/qemu-devel/20251203100316.3604456-6-john.levon@nutanix.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---

diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
index f2601eada5..314dfd23d8 100644
--- a/hw/vfio-user/proxy.c
+++ b/hw/vfio-user/proxy.c
@@ -412,11 +412,22 @@ err:
     for (i = 0; i < numfds; i++) {
         close(fdp[i]);
     }
-    if (isreply && msg != NULL) {
-        /* force an error to keep sending thread from hanging */
-        vfio_user_set_error(msg->hdr, EINVAL);
-        msg->complete = true;
-        qemu_cond_signal(&msg->cv);
+    if (msg != NULL) {
+        if (msg->type == VFIO_MSG_REQ) {
+            /*
+             * Clean up the request message on failure. Change type back to
+             * NOWAIT to free.
+             */
+            msg->type = VFIO_MSG_NOWAIT;
+            vfio_user_recycle(proxy, msg);
+        } else {
+            /*
+             * Report an error back to the sender. Sender will recycle msg.
+             */
+            vfio_user_set_error(msg->hdr, EINVAL);
+            msg->complete = true;
+            qemu_cond_signal(&msg->cv);
+        }
     }
     return -1;
 }