On Fri, May 22, 2026 at 02:56:37PM +0800, [email protected] wrote: > vfio_user_device_attach() connects the vfio-user container before querying > VFIO_USER_DEVICE_GET_INFO. If the device info query fails, > vfio_device_prepare() has not run yet, so vbasedev->bcontainer is still > NULL and the later vfio_device_detach() cleanup path cannot reach the new > container. > > Disconnect the container before returning the attach failure so the listener, > RAM discard state, object reference and address space reference are released > on this error path. > > Signed-off-by: GuoHan Zhao <[email protected]> > --- > hw/vfio-user/container.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/hw/vfio-user/container.c b/hw/vfio-user/container.c > index 796289a46903..dc23b06eebf1 100644 > --- a/hw/vfio-user/container.c > +++ b/hw/vfio-user/container.c > @@ -309,7 +309,12 @@ static bool vfio_user_device_attach(const char *name, > VFIODevice *vbasedev, > return false; > } > > - return vfio_user_device_get(container, vbasedev, errp); > + if (!vfio_user_device_get(container, vbasedev, errp)) { > + vfio_user_container_disconnect(container); > + return false; > + } > + > + return true; > } > > static void vfio_user_device_detach(VFIODevice *vbasedev)
Reviewed-by: John Levon <[email protected]>
