From nobody Sat May 4 21:41:32 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 15174046543321012.7059549382486; Wed, 31 Jan 2018 05:17:34 -0800 (PST) Received: from localhost ([::1]:60046 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egsGW-0004Jn-1h for importer@patchew.org; Wed, 31 Jan 2018 08:17:28 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55466) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egsF8-0003tN-0i for qemu-devel@nongnu.org; Wed, 31 Jan 2018 08:16:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egsEy-0001ld-F2 for qemu-devel@nongnu.org; Wed, 31 Jan 2018 08:16:01 -0500 Received: from mail-eopbgr00097.outbound.protection.outlook.com ([40.107.0.97]:21051 helo=EUR02-AM5-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egsEy-0001km-5l for qemu-devel@nongnu.org; Wed, 31 Jan 2018 08:15:52 -0500 Received: from localhost.sw.ru (195.214.232.6) by AM5PR0801MB2068.eurprd08.prod.outlook.com (2603:10a6:203:4c::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.464.11; Wed, 31 Jan 2018 13:15:47 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=k//Yzb4GpOYkOoIxfz6Ukn/h+L82SIPJ8y/Ol+iaQVk=; b=CSK5jb+p0H4TeS4fB6D3elwKDF1NgXEINJWu4GFkkx63AA7eKI7u5zwJlhSD1VV+T5SO6xyz4MBbutWrHd3ReyuZzn74VCJyMIe7k/TUTo+ranWdA00/nW8abjyz/mzCtRo5FaVkz3nOrPAK2/4U/eRAThRLfgr9rLb0nVPVD+s= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=klim.kireev@virtuozzo.com; From: Klim Kireev To: qemu-devel@nongnu.org Date: Wed, 31 Jan 2018 16:15:37 +0300 Message-Id: <20180131131537.31642-1-klim.kireev@virtuozzo.com> X-Mailer: git-send-email 2.14.3 MIME-Version: 1.0 X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1PR0501CA0016.eurprd05.prod.outlook.com (2603:10a6:3:1a::26) To AM5PR0801MB2068.eurprd08.prod.outlook.com (2603:10a6:203:4c::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 86971275-da1a-41bf-1a6b-08d568acbe28 X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:AM5PR0801MB2068; X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2068; 3:h9uQq993CDBabQ3W01686No5S4NOfJWlFj/FfQ2KTs7RyAmTfA4KfyELY71AYPtdM2ZUCvbneiQaisevimCUGIrZaD2DJQT7bDIeGcgjGMDCiyqweisnZgDmv9zz9zo2j9dUvCAWPrg1GgKk83R+stdbyG3xOhaLUF4Dm0zFPmgfBwdoyFkoiUVM2m6uaka6qk9BitPsC+vsQ/C2V0maEMYOg5dIIb4oZ/UM0nhbAoWOox0WM8KCWCfTV++Wp9ek; 25:6UL/5eTbBoZRtqpQkctvgXvGOC3B0DidcBEfnxXnVUR/LW2lHvsxc/uAdEFuZFSF1TAqUSDcW4eRU/yN66caawS5m7UEh7Y70Cp99rbLYBh9m/hIpLQ36hudBnIdBXJctqLN5jd57OVLqrMlKoi0o2RV3mEHuGuhz4SN3JUz5pSVF3swh6nbQEu0oNw7dPMmpmclHAUOxMjM91q6Y764yZvv1pOXd6KWt8ETuf1c7e/mMbqv+rfPu6YssajAzLmQpYhXbBz25CKfvHtIxgfl/M1Py4lsqlNU/WtOyrz7Jh4EkfbJawh5INvKrffd7pK4hVKtvTdVj5h4+ywvVRPX1g==; 31:StvgaZ1zUlX9x+rwOSMJiAFws68FU6f32NU2H6KJ3LO3+8Jk5lXPXM4AtJz2Cvi/a1jfr59V01iNuDptZZZIoM5qQYD6xM38uXQFwG7z/siUjhQVWs7aXeBCKYHAIDKZbCwcNPvkVJmakH1EfDwASwLp+1nDdInt2jJi29lmWVAgQEX42ju5KVHr54XG7cKli3TboXljlDJI3Dl1fQ/+e6zKPhAHs6wUgWMWpnZZJXE= X-MS-TrafficTypeDiagnostic: AM5PR0801MB2068: X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2068; 20:FCrCN9kgVhaa02tEJ/kV69d1ogwdHrQT6MxYS99xFoIDx6wHR8QO5IhgJog/cCnp6KHejSzI+bqVVAn4J4c+TF+ekvBIt8RD5d5aJ/z46n5fSE6/D6p/A6fktxoS1xozoxYR9CeXgzvMGBb8yhuZ9uIWIDoTinIRMGc6h3pQ9Ce66+QOdqDxJNSUT+vh0EueF+NGuIhjJrgqxeTf7kmWn5zJxAuzMUZFN6nNL9el3o1WeVOHxxG8DmcEF8PO840FWynS0TsYuhxo2p6Rwt1kXzYOMqScMUpcHcFB4l5MD9ewMLcXW6C6DBmGabyTFddcGW19wvohgBfB3Fc4GvhP/k+85dTIujplsA5YJdVRWvRJEkHPOVJ44ME+aXYBxqMMl1QsRx9HAg2hyfsY+zppTzMBsFtFVoIZudnXpgGwfn4=; 4:9OTUKdxW2yc3vs7qJ3zbfk+ziMOFGld0vXTHzBZLxXSQdmOs9+VHuJfbJLudlJ8YKXleiYowJ8zn7JndE8SL7/70GU0FT9ttdJ7XJWJmuxT1Ds5w7Rz6ZyaRT33GL04xdSoj0THo/ObRet7gXB5IzI+o3QEV/zX7HaCV8B9wVVILkv3xe5NKutQq+j8twdUsKLMtBzOtbF0BP4B4AN0fl+e1C/IzzweLJ084lAWMPZfrwMDhqVLh2a8rQ9x7c4r8vlTorHrDCokFEnUaO2tKvg== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(3231101)(2400082)(944501161)(3002001)(93006095)(93001095)(6041288)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(6072148)(201708071742011); SRVR:AM5PR0801MB2068; BCL:0; PCL:0; RULEID:; SRVR:AM5PR0801MB2068; X-Forefront-PRVS: 056929CBB8 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(396003)(366004)(376002)(39840400004)(39380400002)(346002)(199004)(189003)(54534003)(5660300001)(97736004)(69596002)(8936002)(50226002)(36756003)(68736007)(6486002)(81156014)(81166006)(76506005)(53416004)(8676002)(6512007)(53936002)(25786009)(4326008)(86362001)(26005)(6506007)(50466002)(386003)(55236004)(316002)(48376002)(106356001)(305945005)(66066001)(7736002)(1076002)(2906002)(51416003)(47776003)(52116002)(6116002)(3846002)(6666003)(6916009)(16526019)(16586007)(105586002)(478600001)(2351001)(2361001)(186003); DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0801MB2068; H:localhost.sw.ru; FPR:; SPF:None; PTR:InfoNoRecords; A:3; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM5PR0801MB2068; 23:BS4NnEWHLWqJnlAZ0JF0ypggZJ2gvLRvnb+QDe3?= =?us-ascii?Q?gYjV3CoD121HLiciG/9tOBFH+3ignEYWdYtk/V7vcxmW96FyC+fhaVBEfUoP?= =?us-ascii?Q?UK4gmvZ2H5ce1JIuM98tXCr/pmdJuEAp5EgoYc98VyM+QWeZIiPLsFUTM73D?= =?us-ascii?Q?vygDRy4QUmYTllVQzzL3kuNDbH94ewXFUPsxxmA/zMTcU36kcVdOF5dajjAI?= =?us-ascii?Q?ql/6JxLzvNHgHI8u79a8auKJsJePp/MqDXF8YsHkOwZz0uD80pfgWTHgWmG4?= =?us-ascii?Q?ReqEOV96LTo+GL46Opgo8TRRolsuzbt5tR6suddDfOdQ+Nf6z2UmZUKfdPG6?= =?us-ascii?Q?tWbEwgpCYsO1HYqEA8rGo1Jsvl9NUWRDdduR6j4bBjZpIhlUWDZy4O7XCvMf?= =?us-ascii?Q?JMXImDltYCzLGhvZvF1KOkcRxxaP2MU1qqoHygVUhGPwDzJdUg541dyUVUSb?= =?us-ascii?Q?zGxdpYW3KGJzKfm79cAKbEeSCgzSfFtn7v9rqJvcsMTFdhaZLUHVd1ZIt+O0?= =?us-ascii?Q?PzOTYf/H0IdRtCM0f5um4fVR9ET9j86GfaKsrqqDUmx+MI97AFrSUo3As8yE?= =?us-ascii?Q?snpIWrHerGtxu7VY73H7PQM0S+1QQcodQ3Vwj+r1lvFQ/7EOlHcm5+E3aeTW?= =?us-ascii?Q?g/+ic1DpRFv4SSPQA8CZc90pZ/J4ME1wjaaAY7zR9+UEnwkIATidlhbRCFm0?= =?us-ascii?Q?QfYq4jorTuoJ7JphDS8/4595UtInUv5S5B+DZJaZPesW8TaYr88Gy8Q0bBSZ?= =?us-ascii?Q?AkfaQmMMOZwU5FtEbA3YRJtqB8dd47iSEhCAed1q8kATzbIT6UXs7g4RTrRv?= =?us-ascii?Q?7fVMmA3kO90Zf1MGtfgkjJ8hE+FeQGyk1TEdfBKWWON6Et/BO7jEcIA+jmCw?= =?us-ascii?Q?emlfE0YihKp/A/P3mqLp3rpltT/EpEQm4seIZ+q4ul4MLwcJ19IWQEwtJ27u?= =?us-ascii?Q?wzvOSnRmmZehxS9JSZYk4wk2nmkL+jxmwyUy2dvkZLsIX31S2FiBimrQbbyl?= =?us-ascii?Q?HNgd9WElEr7sisHrjIpK02VB3H9c1IOY1Dmsyu/dpsyuEqRsYxIg0ZYPy7Wg?= =?us-ascii?Q?NgbghOhM8Cf2mh21e9Y/SE3KIcFxIUPNa3czs9/8Z945MABtquj9rmCI6LvR?= =?us-ascii?Q?Fez0YZOT5/khXH8+yPgF78G8+CE2Z64lriJht7tT0eDP0U6SU0edqFF2ulfW?= =?us-ascii?Q?bqfWZU4VO+oV0t2w1App5ChLeiKMDemhxlLoseE0Qy6vBPeFS4nwtPCfB62K?= =?us-ascii?Q?w0ZhXuwt0R3quOVFpQZA=3D?= X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2068; 6:lsGNCEnIkWFbGoIRf5pF2KSst2ThQca/i9VTozQnX/dUrEPe4j+APTasCeQ1LjkJNExV23ntJUfWghQAaow39LSzLTADwDcJ3JKyYL3P7BSbXY7JE7lB1h+6w8T74oZDFpuXhio9iGL9HhOcorZDIT6K4c7gVdm4VQOrb6+0dlINDY+am8ku8VFnjjKRfk5UAJPmb29KIh1iIX04G32muhKlvltjMl6oEICtFaFrZgPR9FxImBGu7Tv9tWXe7OGVfWAuFiAs9E+GmyCWeGuFO2ZLPhSvNWVy3iDIrl4IUXHWaxD3wGMvTfJAAP5M/zoCxwDB6609/FeUuofYlZ8h8yY0iSv1XiaRFJKMKYFuU4E=; 5:LxvMlMx/zkoLx5udClHH/dI5RRA7vujg24MiqWnIMeSkwV/hGymZ45NJIuKbFxmAAeUONS2nR8J9guqeysD10lfTvGjzSCwEj+CxHEnlclD3Ma6MNtRVWe2kTA7avIUv4rHQvbdaAHS5XCpRL8pB4yGiBJya6drsga3okkIiA2g=; 24:6ZhlcaRF3jWFsPQqfsceQigDkCOIsQFaSRPxUQWeZ02ex0Z9TYFp+VPW4Z7x/eo9JS5WU3ZVcE5+lIX5tQa+Cac28ydCh3CFWHs644sWNZY=; 7:w+RvyX+pDWCdoUNFF0nZ4Y/+D8DfNIKabiHQwjHhxwCKg5mWSj9fXjr7kGeh305BRpmxA6AVdmQIXrUdmv5u6hkza8JPv4I9nzUYGr2xffgbq6WR70e5mRvLC11Y6YBsA18MRqs1OajfOPMJd3R/rWy/67J2Z+VcN49a3C/S4G6wsS7iAyk5XgSCLuRgAq+dfkFkd8zYcSTPg+zc9hnsWtkX7lKS2r6ldN8UWTpE6fpmfElOqk8z2n9XibRDbz8t SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2068; 20:JTzeYz5CsUhEjCHSs7tPQsJJkaCtiJoO6TVRSYZSycmwnCmcYtFB8xitENu8dRvVllkEMLMCPhPuI93v8ylsnX0TYqsDcqxbOlIFbFqPSR+bf2Cu/qMlLJlKE7yUQbbXDYi9mADF7y7/+N8vp+SZS8RzZnXnqT/39VRIlQT+EeA= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jan 2018 13:15:47.4568 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 86971275-da1a-41bf-1a6b-08d568acbe28 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0801MB2068 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.0.97 Subject: [Qemu-devel] [PATCH v2] vnc: fix segfault in closed connection handling X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kraxel@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On one of our client's node, due to trying to read from closed ioc, a segmentation fault occured. Corresponding backtrace: 0 object_get_class (obj=3Dobj@entry=3D0x0) 1 qio_channel_readv_full (ioc=3D0x0, iov=3D0x7ffe55277180 ... 2 qio_channel_read (ioc=3D ... 3 vnc_client_read_buf (vs=3Dvs@entry=3D0x55625f3c6000, ... 4 vnc_client_read_plain (vs=3D0x55625f3c6000) 5 vnc_client_read (vs=3D0x55625f3c6000) 6 vnc_client_io (ioc=3D, condition=3DG_IO_IN, ... 7 g_main_dispatch (context=3D0x556251568a50) 8 g_main_context_dispatch (context=3Dcontext@entry=3D0x556251568a50) 9 glib_pollfds_poll () 10 os_host_main_loop_wait (timeout=3D) 11 main_loop_wait (nonblocking=3Dnonblocking@entry=3D0) 12 main_loop () at vl.c:1909 13 main (argc=3D, argv=3D, ... Having analyzed the coredump, I understood that the reason is that ioc_tag is reset on vnc_disconnect_start and ioc is cleaned in vnc_disconnect_finish. Between these two events due to some reasons the ioc_tag was set again and after vnc_disconnect_finish the handler is running with freed ioc, which led to the segmentation fault. I suggest to check ioc_tag in vnc_disconnect_finish to prevent such an occurrence. Signed-off-by: Klim Kireev --- Changelog: v2: Apply the backtrace ui/vnc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ui/vnc.c b/ui/vnc.c index 33b087221f..b8bf0180cb 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -1270,6 +1270,10 @@ void vnc_disconnect_finish(VncState *vs) } g_free(vs->lossy_rect); =20 + if (vs->ioc_tag) { + g_source_remove(vs->ioc_tag); + vs->ioc_tag =3D 0; + } object_unref(OBJECT(vs->ioc)); vs->ioc =3D NULL; object_unref(OBJECT(vs->sioc)); --=20 2.14.3