vfio-user: disconnect container when device info query fails

vfio_user_device_attach() connects the vfio-user container before querying
VFIO_USER_DEVICE_GET_INFO.  If the device info query fails,
vfio_device_prepare() has not run yet, so vbasedev->bcontainer is still
NULL and the later vfio_device_detach() cleanup path cannot reach the new
container.

Disconnect the container before returning the attach failure so the listener,
RAM discard state, object reference and address space reference are released
on this error path.

Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
Reviewed-by: John Levon <john.levon@nutanix.com>
Link: https://lore.kernel.org/qemu-devel/20260522065637.4109499-1-zhaoguohan@kylinos.cn
Signed-off-by: Cédric Le Goater <clg@redhat.com>

diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c
index 796289a469033ef47fa7199dbe30d02f0ba83ada..dc23b06eebf1da5cccaab9b648becb986623213d 100644 (file)
--- a/hw/vfio-user/container.c
+++ b/hw/vfio-user/container.c
@@ -309,7 +309,12 @@ static bool vfio_user_device_attach(const char *name, VFIODevice *vbasedev,
         return false;
     }
 
-    return vfio_user_device_get(container, vbasedev, errp);
+    if (!vfio_user_device_get(container, vbasedev, errp)) {
+        vfio_user_container_disconnect(container);
+        return false;
+    }
+
+    return true;
 }
 
 static void vfio_user_device_detach(VFIODevice *vbasedev)