[PATCH] vfio-user: reject malformed migration capabilities

[PATCH] vfio-user: reject malformed migration capabilities

[zhaoguohan]

From: GuoHan Zhao <zhaoguohan@kylinos.cn>

check_migr() sets an error when the migration capability is not an object,
but still returns true.  This lets version negotiation continue with an
Error set and reports the wrong capability name in the diagnostic.

Return false for the malformed capability, and report the migration
capability name.

Fixes: 36227628d824 ("vfio-user: implement message send infrastructure")
Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
---
 hw/vfio-user/proxy.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
index 314dfd23d8af..8b7cc36231ab 100644
--- a/hw/vfio-user/proxy.c
+++ b/hw/vfio-user/proxy.c
@@ -1190,8 +1190,8 @@ static bool check_migr(VFIOUserProxy *proxy, QObject *qobj, Error **errp)
     QDict *qdict = qobject_to(QDict, qobj);
 
     if (qdict == NULL) {
-        error_setg(errp, "malformed %s", VFIO_USER_CAP_MAX_FDS);
-        return true;
+        error_setg(errp, "malformed %s", VFIO_USER_CAP_MIGR);
+        return false;
     }
     return caps_parse(proxy, qdict, caps_migr, errp);
 }
-- 
2.43.0

Re: [PATCH] vfio-user: reject malformed migration capabilities

[John Levon]

On Fri, Apr 24, 2026 at 11:12:59AM +0800, zhaoguohan@kylinos.cn wrote:

> check_migr() sets an error when the migration capability is not an object,
> but still returns true.  This lets version negotiation continue with an
> Error set and reports the wrong capability name in the diagnostic.
> 
> Return false for the malformed capability, and report the migration
> capability name.
> 
> Fixes: 36227628d824 ("vfio-user: implement message send infrastructure")
> Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>

Thanks!

Reviewed-by: John Levon <john.levon@nutanix.com>

regards
john

Re: [PATCH] vfio-user: reject malformed migration capabilities

[Cédric Le Goater]

On 4/24/26 05:12, zhaoguohan@kylinos.cn wrote:
> From: GuoHan Zhao <zhaoguohan@kylinos.cn>
> 
> check_migr() sets an error when the migration capability is not an object,
> but still returns true.  This lets version negotiation continue with an
> Error set and reports the wrong capability name in the diagnostic.
> 
> Return false for the malformed capability, and report the migration
> capability name.
> 
> Fixes: 36227628d824 ("vfio-user: implement message send infrastructure")
> Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
> ---
>   hw/vfio-user/proxy.c | 4 ++--
>   1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
> index 314dfd23d8af..8b7cc36231ab 100644
> --- a/hw/vfio-user/proxy.c
> +++ b/hw/vfio-user/proxy.c
> @@ -1190,8 +1190,8 @@ static bool check_migr(VFIOUserProxy *proxy, QObject *qobj, Error **errp)
>       QDict *qdict = qobject_to(QDict, qobj);
>   
>       if (qdict == NULL) {
> -        error_setg(errp, "malformed %s", VFIO_USER_CAP_MAX_FDS);
> -        return true;
> +        error_setg(errp, "malformed %s", VFIO_USER_CAP_MIGR);
> +        return false;
>       }
>       return caps_parse(proxy, qdict, caps_migr, errp);
>   }


Applied to

     https://github.com/legoater/qemu vfio-next

Please base future contributions on this branch.

Thanks,

C.