From: John Levon <[email protected]> If we fail to read an incoming request, recycle the message.
Resolves: Coverity CID 1611807 Resolves: Coverity CID 1611808 Signed-off-by: John Levon <[email protected]> Reviewed-by: Mark Cave-Ayland <[email protected]> Link: https://lore.kernel.org/qemu-devel/[email protected] Signed-off-by: Cédric Le Goater <[email protected]> --- hw/vfio-user/proxy.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c index f2601eada5b9c8010e88bf4b3035a27811769b0d..314dfd23d8af385532bb87219fb3153961942cba 100644 --- a/hw/vfio-user/proxy.c +++ b/hw/vfio-user/proxy.c @@ -412,11 +412,22 @@ err: for (i = 0; i < numfds; i++) { close(fdp[i]); } - if (isreply && msg != NULL) { - /* force an error to keep sending thread from hanging */ - vfio_user_set_error(msg->hdr, EINVAL); - msg->complete = true; - qemu_cond_signal(&msg->cv); + if (msg != NULL) { + if (msg->type == VFIO_MSG_REQ) { + /* + * Clean up the request message on failure. Change type back to + * NOWAIT to free. + */ + msg->type = VFIO_MSG_NOWAIT; + vfio_user_recycle(proxy, msg); + } else { + /* + * Report an error back to the sender. Sender will recycle msg. + */ + vfio_user_set_error(msg->hdr, EINVAL); + msg->complete = true; + qemu_cond_signal(&msg->cv); + } } return -1; } -- 2.52.0
