If we fail to read an incoming request, recycle the message.
Resolves: Coverity CID 1611807
Resolves: Coverity CID 1611808
Signed-off-by: John Levon <[email protected]>
---
hw/vfio-user/proxy.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
index aa5b971fb6..28542a5e83 100644
--- a/hw/vfio-user/proxy.c
+++ b/hw/vfio-user/proxy.c
@@ -412,11 +412,22 @@ err:
for (i = 0; i < numfds; i++) {
close(fdp[i]);
}
- if (isreply && msg != NULL) {
- /* force an error to keep sending thread from hanging */
- vfio_user_set_error(msg->hdr, EINVAL);
- msg->complete = true;
- qemu_cond_signal(&msg->cv);
+ if (msg != NULL) {
+ if (msg->type == VFIO_MSG_REQ) {
+ /*
+ * Clean up the request message on failure. Change type back to
+ * NOWAIT to free.
+ */
+ msg->type = VFIO_MSG_NOWAIT;
+ vfio_user_recycle(proxy, msg);
+ } else {
+ /*
+ * Report an error back to the sender. Sender will recycle msg.
+ */
+ vfio_user_set_error(msg->hdr, EINVAL);
+ msg->complete = true;
+ qemu_cond_signal(&msg->cv);
+ }
}
return -1;
}
--
2.43.0
