From abc6249d42f9681d5b659716434ef374c6e0edef Mon Sep 17 00:00:00 2001 From: Zhenzhong Duan Date: Mon, 23 Jun 2025 18:22:32 +0800 Subject: vfio/container: Fix SIGSEGV when open container file fails MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When open /dev/vfio/vfio fails, SIGSEGV triggers because vfio_listener_unregister() doesn't support a NULL bcontainer pointer. Fixes: a1f267a7d4d9 ("vfio/container: reform vfio_container_connect cleanup") Signed-off-by: Zhenzhong Duan Reviewed-by: Cédric Le Goater Link: https://lore.kernel.org/qemu-devel/20250623102235.94877-2-zhenzhong.duan@intel.com Signed-off-by: Cédric Le Goater --- hw/vfio/container.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'hw/vfio/container.c') diff --git a/hw/vfio/container.c b/hw/vfio/container.c index 3e8d645ebb..2853f6f08b 100644 --- a/hw/vfio/container.c +++ b/hw/vfio/container.c @@ -710,7 +710,9 @@ static bool vfio_container_connect(VFIOGroup *group, AddressSpace *as, return true; fail: - vfio_listener_unregister(bcontainer); + if (new_container) { + vfio_listener_unregister(bcontainer); + } if (group_was_added) { vfio_container_group_del(container, group); -- cgit 1.4.1 From c72d6ebaadcaec1daa995d47716348e150757a51 Mon Sep 17 00:00:00 2001 From: Zhenzhong Duan Date: Mon, 23 Jun 2025 18:22:33 +0800 Subject: vfio/container: fails mdev hotplug if add migration blocker failed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It's aggressive to abort a running QEMU process when hotplug a mdev and it fails migration blocker adding. Fix by just failing mdev hotplug itself. Signed-off-by: Zhenzhong Duan Reviewed-by: Cédric Le Goater Link: https://lore.kernel.org/qemu-devel/20250623102235.94877-3-zhenzhong.duan@intel.com [ clg: Changed test on value returned by migrate_add_blocker_modes() ] Signed-off-by: Cédric Le Goater --- hw/vfio/container.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'hw/vfio/container.c') diff --git a/hw/vfio/container.c b/hw/vfio/container.c index 2853f6f08b..3e13feaa74 100644 --- a/hw/vfio/container.c +++ b/hw/vfio/container.c @@ -992,12 +992,16 @@ static bool vfio_legacy_attach_device(const char *name, VFIODevice *vbasedev, if (vbasedev->mdev) { error_setg(&vbasedev->cpr.mdev_blocker, "CPR does not support vfio mdev %s", vbasedev->name); - migrate_add_blocker_modes(&vbasedev->cpr.mdev_blocker, &error_fatal, - MIG_MODE_CPR_TRANSFER, -1); + if (migrate_add_blocker_modes(&vbasedev->cpr.mdev_blocker, errp, + MIG_MODE_CPR_TRANSFER, -1) < 0) { + goto hiod_unref_exit; + } } return true; +hiod_unref_exit: + object_unref(vbasedev->hiod); device_put_exit: vfio_device_put(vbasedev); group_put_exit: -- cgit 1.4.1