From nobody Mon May 6 07:13:42 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1517416076521592.5837159410402; Wed, 31 Jan 2018 08:27:56 -0800 (PST) Received: from localhost ([::1]:42619 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egvEp-0006bJ-K6 for importer@patchew.org; Wed, 31 Jan 2018 11:27:55 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48634) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1egvCa-00058V-25 for qemu-devel@nongnu.org; Wed, 31 Jan 2018 11:25:37 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1egvCX-00047a-A1 for qemu-devel@nongnu.org; Wed, 31 Jan 2018 11:25:36 -0500 Received: from mail-eopbgr50137.outbound.protection.outlook.com ([40.107.5.137]:64185 helo=EUR03-VE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1egvCW-00045e-KN for qemu-devel@nongnu.org; Wed, 31 Jan 2018 11:25:33 -0500 Received: from localhost.sw.ru (195.214.232.6) by DB6PR0801MB2069.eurprd08.prod.outlook.com (2603:10a6:4:77::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.444.14; Wed, 31 Jan 2018 16:25:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=awSXfUI8f5qm7dmmfKRNk7/k79ciJQFsevZt4+b8gvo=; b=XlVqAVm5pSSJ8Lre4B0yHrhoU5Q1rEbu9vuxLF1tAdzLsKNn2SvLaTycfKdjTD5Ibyh2cOSftcVSJXsdYxIsNYoL+V3XV5VtFbb1b5i7kD5tCJg15sViJXcGzX3mMblny2ptCMiPbOtBm81e7ANbesBiE8/Vafk8XVpjbK9uH1Q= From: Klim Kireev To: qemu-devel@nongnu.org Date: Wed, 31 Jan 2018 19:25:21 +0300 Message-Id: <20180131162521.31210-1-klim.kireev@virtuozzo.com> X-Mailer: git-send-email 2.14.3 MIME-Version: 1.0 X-Originating-IP: [195.214.232.6] X-ClientProxiedBy: HE1PR1001CA0007.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:3:f7::17) To DB6PR0801MB2069.eurprd08.prod.outlook.com (2603:10a6:4:77::10) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 73ca8856-9c91-4538-df69-08d568c73e0b X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(2017052603307)(7153060)(7193020); SRVR:DB6PR0801MB2069; X-Microsoft-Exchange-Diagnostics: 1; DB6PR0801MB2069; 3:VM3Z3Z06yYDpLjUs9vFgkBRfOebm/Op0TwprRZqX5GFDLSPOZUvufgFv1QQ/h4xmGsXeYhrJsWqsXSkoVg7IIWZxbl6bFFLkiYUwRY7xBHviLlpqSH6P+DLWWhofUjJgu/eG8BIL56KbFquFBbGbm9qigv1C48sAA50k0xWo2jcYLOqrCtBsT7RVr/np4yabdjKqf0UbRRZFOiwXoH6zFt8VwPPxeLvnBVOHGkRZtsLU4Bk/bpkZgkBzwtFgDNjI; 25:4VuRiWqUz5OFY6FpbjyGuzFkVykZwE74wLdbisgv6MYv4E5R2XiJq34GdHELET9PvERV+mnJTFY+FzzL/DGqCFOs67XpmzhAYDJLJ0TbWD4DNcgnk2uVlG1DEeHQbsPx3/xFkbDrNwb18UJ6YrMI8h+HSCW78L1vCQDnU87B2+dKVUtGnomF0MWcvxSxvWB/nuBkj697JWbPLwfnAqbQW16lJV/TCxCjvg5kkoS6catDAsyIKq7maeddL9jGmE5p5CS2YoEAbfmeaSJKhp8iRcsmEBXuiYFdwKhfqSpDtm/j971wAaL/7UkhTsyl7q00aFSYmBIaF6rVx0OlcqTR6Q==; 31:21hn7AbLW7FJuRrlTmUP+E8opy+GFj5krsLB1ZA2/HuCmCedUXgFOqOjQcMRrZUrNl9rB3oANqB1XawXWfnxtveThiPJ118IIOaJbMEtMccJ8OYzyxmX+5WNF/0us+QORDUwmsgJ5+1LiAZI/VLjfCo2YUb8af/E+xemOy+WdhH7qYhAPqCQrN7qvlIKayVY0awh/A7gmaPCR6mkPe2EasW1VPQFVk21GHS427/0DiI= X-MS-TrafficTypeDiagnostic: DB6PR0801MB2069: Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=klim.kireev@virtuozzo.com; X-Microsoft-Exchange-Diagnostics: 1; DB6PR0801MB2069; 20:jmcvkDOrDQalXWrUZJOKw4BJaxp7qa9gf1LRZkojj7X0gxOOQsaAEEwvtlNbfEnQjn7v92FPw+DAgFaMnP/zqOOQ0A4m3KZcDXY8qlMwmOApYnefcv65h+8n9uLIjkexCFMABC+YMJvt2rPioYwv4batpN48gEDNlP9Nd1SGrP583e0oqMm/uU/ljtH/14bFGItX1cDXnI29DWW7HmkUHdpSvO7MH8KP43v56HByxRvzw+H/2oCa9i43o0qZs5cyv4Ix8o2Ctlui+AVM+9ohSAub0L6yF1nLFyzfzNsFm9FvoECp3xvaF0ZE9QCGmbiNfAWy7HIBqe8curwXnY53HXtHj3GHJmWNgVGRVTP+VoEr//uHc3N9NT5+vV7z1cI1yTs18Y5F8dG37jRQCZBdNcEA3DCE7ssQTDMQMRg86nM=; 4:jthtwG67UdQMD53osmxjGBN7Cg7RfLPsZYi9DWcTC24FqFDA2LccRZsMYOo+T9E5Qw4Vqq5DAXlV0zVgr86ZxhzSnNF0bKuY9OYClo8YN/n2F+GlmLssKXSe+hIcSHUl47fotQboSfUkpiDU/LvJMF9aKRVa3TYOkUYBP4cGy6RCmuN4o/6pMnSQ0GVciyms0adxTa0RRFu3xuCkTPXQvJWjnfpqeI1fBviCGIBjTKMkgvtukkdWtXo3s0t3hKCwQb3l7ZwmIyFvDlYH7FCjeQ== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(8121501046)(5005006)(3231101)(2400082)(944501161)(93006095)(93001095)(10201501046)(3002001)(6041288)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:DB6PR0801MB2069; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0801MB2069; X-Forefront-PRVS: 056929CBB8 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019020)(6069001)(39380400002)(39840400004)(376002)(346002)(396003)(366004)(199004)(189003)(54534003)(59450400001)(186003)(5660300001)(26005)(8676002)(50226002)(305945005)(86362001)(6506007)(68736007)(55236004)(8936002)(81166006)(52116002)(2906002)(48376002)(53936002)(3846002)(1076002)(386003)(6116002)(51416003)(81156014)(478600001)(7736002)(2351001)(97736004)(6486002)(2361001)(5890100001)(53416004)(106356001)(50466002)(4326008)(16586007)(69596002)(16526019)(6512007)(47776003)(66066001)(36756003)(316002)(105586002)(6916009)(76506005)(25786009)(6666003); DIR:OUT; SFP:1102; SCL:1; SRVR:DB6PR0801MB2069; H:localhost.sw.ru; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; DB6PR0801MB2069; 23:ydzwE8yGpeQdSjGRcRNefpf8GqsB/XeK7LruWDy?= =?us-ascii?Q?SVpFW6z9Gp8OwxhNC+EMKO+IS+qgIlr+Me7iLlGc5093FMVNeJgJjqBItFY5?= =?us-ascii?Q?z47Uz2zyXc+PhAkLrrQ/MlUGHBHQGGH74KMV9DamgY4l05HaayL9ITApkJK4?= =?us-ascii?Q?68Fe5dY7cVwAsZMqo5Hp7Nsa28EQLqGV5w2p47Ea/hPJACftaesIl0Bzjcv2?= =?us-ascii?Q?h7st9SBF/YaLDYBtTu4ibimJChrPQkgy0X5ne6l8NnU+IjkkpOuK9vl3oOtt?= =?us-ascii?Q?5VkJUbHmQqFaYZNVgf/GL2g1raqp1ULTAjctt0imqlJCXNzkmNtePETnDmPR?= =?us-ascii?Q?8aa4nfH5VsXE5SLN5zM/vwBdVRl6GYmrAvf4d2Bh8xy0IndfCib0abyBYPvs?= =?us-ascii?Q?z3EZqHHysQteo+MufoLvDAQTL97zRdzcHEeWHkNQlmHKcMb7uTmyMx1DBAV5?= =?us-ascii?Q?9Xp4jlr/H//lQHIhnLa1wO1D7caOcAUtfmNnp1Pj+/KkSaYA8I3sDHFWoAIO?= =?us-ascii?Q?0q0EEOLEiG/oWuKxAZYPlPZHPgNikFiZpBVmopeE95nXG3EbyVtfahUcNIRG?= =?us-ascii?Q?fsjh4ys7UMbBFArvk2l0uxDYI4thvr+DH3//B+qQtuJXhyYH8O3s1lEOK03C?= =?us-ascii?Q?bmh/IhjVPklNYPTOqxNqlqNjPL21/BKEQ2P3x6chx95Ax0nxFT9TLjvFrqPS?= =?us-ascii?Q?LqZV5Hf2IALLe06b0YcYxKae4m5akEI0JZ1bPlfVMzvNM/6go64/GQ5t71Kd?= =?us-ascii?Q?ydYJU3JFnHt+NP/1TiGUx3vd0h7x0urMGBxAYtIHLEnzxMN9O+ozbiHpEhZc?= =?us-ascii?Q?CQllmSxwqzrbU0UFwGvZOIBII+sc0kgyNRPv5DHOoWMfNSLILy3c6fTsxhZy?= =?us-ascii?Q?j81+HbnDQVSTU7RoH6wy3vZZiukqNGCvujX8lIVL6JYwYgNefeO0xbKYbUXU?= =?us-ascii?Q?GC9uthHHFe4Dq9gbdYbPP1IR4FZcNwxCcoMQT66/qD6Oq34kAVp6SyBK/ZpH?= =?us-ascii?Q?XVR0v3CicPS1FdsgUO9tloV1+TNNu6mQVKLdXhD2qMsADjMqQnY9Y8csolyb?= =?us-ascii?Q?v41CiRBump3Ius+towtgul/ft9FpBsq02B61lX2za7M8hp0WabsXzEpF9blT?= =?us-ascii?Q?zwD3aCiXnkNv51MIyU7zaTE90vsAKMeS6b6hWZ1vVej3jZlAiOjjAuNQOiM+?= =?us-ascii?Q?ICyYcYATVu8zpusDeZ8SdjT4uOxHyyWl6YIo7KyOm7qH6hM89ATGg89N5ooX?= =?us-ascii?Q?/qORzkYhacvy80t3IWWeFOmssIgEBU7UAK8nwOyLJxKl2zS0IawOHXCrtAnC?= =?us-ascii?Q?DHw=3D=3D?= X-Microsoft-Exchange-Diagnostics: 1; DB6PR0801MB2069; 6:HNXJq/ThZ21R/zUMBLDsUF3fsl4iIIDQ6nACUre6ChF4BjzobqcsaLu2OIvn3OUbhEbm+w2nMOP9waJcem99FTv9ZKxRuAqDJSUrVQJoBTXKC2RDUqDfnSOx9YmIybNIxjArmcx9OlbGn0GLK1HqA3mVptOr+8YMYjm/bj7yuGoR0at7KSzYcdiAS5KWflkKC5+2A4KsouF5IUyxq4/vrWMstr2lu+7V6bcYABh+J8J/t9CZFl3n82ywhcapTw63etQQT3znUsN37vl7negRgC/szRgYhtwd/ijCLSDQzSx0+okRhmTW8nNd/fptkIcJyo43n65dB2Uu0YKnqTnsT/yihMqCEi19uh05sktsV/s=; 5:3pAiQ7LpjgGjWDi+Z8oAWp86MCnXn7FUFYf/pgN3hSteiAyieh5lymyeQu8e/PYbtC7l2KyR9GnUg8a0PnVSYI08pm1WbPWXU9BK/k0ZE5RoLc15NXHBCZ0YCBT1vTCOHWu56bOWAftqkKgx/wjbF2OzDavlbF42hnxzmL29aN8=; 24:Th47VB2xS723RutM9eN5mE+RnsT/NOUlsgafEHet8Y+IT7KHaE8qF/0Mv6X7pTHn08RhTLW0zXPV24Dv5TcFi/oXWHGks1t3eDoqxsny5WQ=; 7:sklNiqiv4tRkiOK1xDNaSSm3rmzrll2ymJEBnXkrOId7NW6UeviQjpNZ1ofMdP4nr367xxv19KI0SNP/BvmmAH4R2KN8jb5JnJsipRCeVndEBeXZi/dWj848zN1Wm1kWBxCsNcIjFKE6mpV+fLXMMNlgQzhvM9fNxo73Ra6s/oAkosdyoKWtMARffudzY1ih50APbkjZUHOe/n9flu/AGRLNqWCVc854L3sqdls1oSSj/NTfjUyvM2LE+ilzva8n SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DB6PR0801MB2069; 20:kPbr3QycIyIl32kVUceeA0zlynhi1kCbT3jc9a6fpZhVFuSfL5XMCZEYlzpg94cRtdNbCc2rdeBnktE5oY2VDwkQCr9YyHPNFgZWtC9HvURG/RKaYCzPAfQhPxujijne/6VY/X0l7iG9+Q2MPbqj71OWF+rjsnpJ+9/CQ+gdgfg= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 31 Jan 2018 16:25:28.8726 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 73ca8856-9c91-4538-df69-08d568c73e0b X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB2069 X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy] X-Received-From: 40.107.5.137 Subject: [Qemu-devel] [PATCH v2] vnc: fix segfault in closed connection handling X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: kraxel@redhat.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On one of our client's node, due to trying to read from closed ioc, a segmentation fault occured. Corresponding backtrace: 0 object_get_class (obj=3Dobj@entry=3D0x0) 1 qio_channel_readv_full (ioc=3D0x0, iov=3D0x7ffe55277180 ... 2 qio_channel_read (ioc=3D ... 3 vnc_client_read_buf (vs=3Dvs@entry=3D0x55625f3c6000, ... 4 vnc_client_read_plain (vs=3D0x55625f3c6000) 5 vnc_client_read (vs=3D0x55625f3c6000) 6 vnc_client_io (ioc=3D, condition=3DG_IO_IN, ... 7 g_main_dispatch (context=3D0x556251568a50) 8 g_main_context_dispatch (context=3Dcontext@entry=3D0x556251568a50) 9 glib_pollfds_poll () 10 os_host_main_loop_wait (timeout=3D) 11 main_loop_wait (nonblocking=3Dnonblocking@entry=3D0) 12 main_loop () at vl.c:1909 13 main (argc=3D, argv=3D, ... Having analyzed the coredump, I understood that the reason is that ioc_tag is reset on vnc_disconnect_start and ioc is cleaned in vnc_disconnect_finish. Between these two events due to some reasons the ioc_tag was set again and after vnc_disconnect_finish the handler is running with freed ioc, which led to the segmentation fault. The patch checks vs->disconnecting in places where we call qio_channel_add_watch to prevent such an occurrence. Signed-off-by: Klim Kireev --- Changelog: v2: Attach the backtrace v3: Change checks ui/vnc.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/ui/vnc.c b/ui/vnc.c index 33b087221f..708204fa7e 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -1407,13 +1407,19 @@ static void vnc_client_write_locked(VncState *vs) } else #endif /* CONFIG_VNC_SASL */ { - vnc_client_write_plain(vs); + if (vs->disconnecting =3D=3D FALSE) { + vnc_client_write_plain(vs); + } else { + if (vs->ioc_tag !=3D 0) { + g_source_remove(vs->ioc_tag); + vs->ioc_tag =3D 0; + } + } } } =20 static void vnc_client_write(VncState *vs) { - vnc_lock_output(vs); if (vs->output.offset) { vnc_client_write_locked(vs); @@ -1421,8 +1427,12 @@ static void vnc_client_write(VncState *vs) if (vs->ioc_tag) { g_source_remove(vs->ioc_tag); } - vs->ioc_tag =3D qio_channel_add_watch( - vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); + if (vs->disconnecting =3D=3D FALSE) { + vs->ioc_tag =3D qio_channel_add_watch( + vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); + } else { + vs->ioc_tag =3D 0; + } } vnc_unlock_output(vs); } --=20 2.14.3