Commit 346c151da3 for qemu.org

commit 346c151da330c42a643a160797167356357cc24e
Author: GuoHan Zhao <zhaoguohan@kylinos.cn>
Date:   Fri Apr 24 11:12:59 2026 +0800

    vfio-user: reject malformed migration capabilities

    check_migr() sets an error when the migration capability is not an object,
    but still returns true.  This lets version negotiation continue with an
    Error set and reports the wrong capability name in the diagnostic.

    Return false for the malformed capability, and report the migration
    capability name.

    Fixes: 36227628d824 ("vfio-user: implement message send infrastructure")
    Signed-off-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
    Reviewed-by: John Levon <john.levon@nutanix.com>
    Link: https://lore.kernel.org/qemu-devel/20260424031259.289211-1-zhaoguohan@kylinos.cn
    Signed-off-by: Cédric Le Goater <clg@redhat.com>

diff --git a/hw/vfio-user/proxy.c b/hw/vfio-user/proxy.c
index 314dfd23d8..8b7cc36231 100644
--- a/hw/vfio-user/proxy.c
+++ b/hw/vfio-user/proxy.c
@@ -1190,8 +1190,8 @@ static bool check_migr(VFIOUserProxy *proxy, QObject *qobj, Error **errp)
     QDict *qdict = qobject_to(QDict, qobj);

     if (qdict == NULL) {
-        error_setg(errp, "malformed %s", VFIO_USER_CAP_MAX_FDS);
-        return true;
+        error_setg(errp, "malformed %s", VFIO_USER_CAP_MIGR);
+        return false;
     }
     return caps_parse(proxy, qdict, caps_migr, errp);
 }