From: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: Sun, 28 Sep 2025 08:54:30 +0000 (-0400)
Subject: vfio/iommufd: Restore vbasedev's reference to hwpt after CPR transfer
X-Git-Tag: v10.2.0-rc1~50^2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8bf49fff0dfbb065ad65daa48d2e1a63ad2fd552;p=thirdparty%2Fqemu.git

vfio/iommufd: Restore vbasedev's reference to hwpt after CPR transfer

After CPR transfer, if there are more than one VFIO devices, device is
not added to hwpt->device_list and its reference to hwpt isn't restored
on destination. We still need to call iommufd_cdev_attach_container() to
restore it after a matching container is found, or else SIGSEV triggers.

Fixes: 4296ee07455e ("vfio/iommufd: reconstruct device")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Steve Sistare <steven.sistare@oracle.com>
Link: https://lore.kernel.org/qemu-devel/20250928085432.40107-5-zhenzhong.duan@intel.com
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---

diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
index 63a16d4dc1..24a99efa87 100644
--- a/hw/vfio/iommufd.c
+++ b/hw/vfio/iommufd.c
@@ -560,10 +560,9 @@ static bool iommufd_cdev_attach(const char *name, VFIODevice *vbasedev,
             continue;
         }
 
-        if (!cpr_is_incoming()) {
+        if (!cpr_is_incoming() ||
+            (vbasedev->cpr.ioas_id == container->ioas_id)) {
             res = iommufd_cdev_attach_container(vbasedev, container, &err);
-        } else if (vbasedev->cpr.ioas_id == container->ioas_id) {
-            res = true;
         } else {
             continue;
         }