From nobody Tue Apr 30 11:00:28 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=virtuozzo.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1517997013207300.93322438613734;
 Wed, 7 Feb 2018 01:50:13 -0800 (PST)
Received: from localhost ([::1]:42685 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1ejMMi-0005kv-Km
	for importer@patchew.org; Wed, 07 Feb 2018 04:50:08 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41048)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <klim.kireev@virtuozzo.com>) id 1ejMLe-0005F6-8i
	for qemu-devel@nongnu.org; Wed, 07 Feb 2018 04:49:03 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <klim.kireev@virtuozzo.com>) id 1ejMLZ-0005qE-BR
	for qemu-devel@nongnu.org; Wed, 07 Feb 2018 04:49:02 -0500
Received: from mail-eopbgr40096.outbound.protection.outlook.com
	([40.107.4.96]:40672
	helo=EUR03-DB5-obe.outbound.protection.outlook.com)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <klim.kireev@virtuozzo.com>)
	id 1ejMLY-0005n9-M4
	for qemu-devel@nongnu.org; Wed, 07 Feb 2018 04:48:57 -0500
Received: from localhost.sw.ru (195.214.232.6) by
	AM5PR0801MB2066.eurprd08.prod.outlook.com (2603:10a6:203:4c::16) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10;
	Wed, 7 Feb 2018 09:48:54 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=virtuozzo.com;
	s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=PCAQcj1Izb+M3DrZr8J7nIlRuR4zzEv4dgg4jaGUkZ8=;
	b=BsasrznvwwODEbB/xPeeTpMG7jawJcCXG4K2V25tCDOGdN1ZyUoEPP7d14WGmiNdnKkY48tyh4NGRj0sASCo2k1yc0QeqTpYvj/eUs4C7N0ekY+oVO6lPpOfLNEY+5CDdwnYufy1+MHatSHwew64CMPghhikdBVPhbNaDjox1vc=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=klim.kireev@virtuozzo.com;
From: Klim Kireev <klim.kireev@virtuozzo.com>
To: qemu-devel@nongnu.org
Date: Wed,  7 Feb 2018 12:48:44 +0300
Message-Id: <20180207094844.21402-1-klim.kireev@virtuozzo.com>
X-Mailer: git-send-email 2.14.3
MIME-Version: 1.0
X-Originating-IP: [195.214.232.6]
X-ClientProxiedBy: HE1P190CA0024.EURP190.PROD.OUTLOOK.COM (2603:10a6:3:bc::34)
	To AM5PR0801MB2066.eurprd08.prod.outlook.com
	(2603:10a6:203:4c::16)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1b0ae66d-2ecd-41a9-47ee-08d56e10004d
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(7168020)(4627221)(201703031133081)(201702281549075)(2017052603307)(7153060)(7193020);
	SRVR:AM5PR0801MB2066;
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2066;
	3:YO15gYjgnfBQDfQgNrpnrVJ2oJXV5XETu2av1bPOpx02TlGuZjfuO+Ant5UCfbAOR5SBfGBsmGdXS5R6WEpZ3ycU7TDLVt1z3Gsx2t7tjI4d3BN25lHOuL9PI2uNd9xBQvbTfaWi/Puan+tV707NwqXSmaoji5NYHkoB6vrmYyeu4xqRqTC84UUdFoZkfl2EkGjlSLsEvltsefmD3JiSJ2MCyXkfgYyDAr5UcC1YlCucY4/cg88iHhIzYDfkKswN;
	25:HuHT7KB32NtdcIfs1pFu7oLBdH6YoH+aUlGYifCEYkCk5lqngBWUUhqpmCAav7SdfD4sGi1ZEszOzV7WPN827stFLGb29K4LOUYss5xUbcR8oF0F/huy7XrLiIKXCZ6UZJVZwvBUk/51qAQnsl7P7TBpg8JhwVRpY5fZlY8qO59jASCoGkDcqlaS4WrE7cNDru6KUgeeaJkTXlm2NZT09CQs/UQhv8kpGZ8r05hekqpNuhB8hAIQJKHDfNuRSx8a/vZsatqAPmnIIU2yJ2kFBUjKX12/rXkk1L90L8aH8SPpsfFbrI7CEHPoICTuDG6vO0yOmhJ/XPc/FD64JknuVQ==;
	31:FJWU1CqWnR42FZ1okFkGR9kXDIYEsOIhjSTVVJPCzC5OsFotImpjSiaKqnQRS3oDpJQI+BlGRk0WlBAJJEUIjn999Lwpst+oc6aRwZrCtw4pgAONmjE640baVAnrihut8AM4f5NmEjJbKBnv11tHX+0XhZU7qtmBq7u1b/0YZBTPjqy2KJLYacvqXqQyNsJVwGdSJqqfVnH75tCtcd269mcqE46j+/ILoZkbPDPFaMI=
X-MS-TrafficTypeDiagnostic: AM5PR0801MB2066:
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2066;
	20:lxJ75yJBO2JcM9KGX4ebC8KsvL+Wq3z6mXB9Tj7v7L/YPkwUIjmcu1KtNXCg7Yu1alUEtHazy9Sm14nPeTnhcDOLTe6hle/PZIHYPRenr7rR1UR0NzXaCHmrL3ZFuk2ciHPzvDJFvFv5PHgHl1VuCKx7OLKX6NRCkXR8qNaZ/7oG3hpiQlWRGBkXuhylXHIpsyGDDImfoxfBH+AfWVOG1yANQWErzq3c0z9uJYqTMOTEVEz6TBgLIgTo/1t86xdG+Ru4AOvSZpgsEOrVO9Lak0eN8Kjfln6gKMJGG08mWC2HALn1cOhoPgKjBpq9B23KphdnJnNGKdFNjRtDl7qz/d2GjE+ITgxNk7aETfYtpjjm8hDs7Jsn7Td8DSmISY2HIkppxucXpjcI60VCRTINVU5QkWLjjXkBldES9821Tjg=;
	4:FGIHcugfJ1wpEC3cxO08/La94sQz7M4pAb1u9uW951Cf7jseALWC741pD08OTkONhrvgULZugz2/MzO7jzYY4T/x0+CUjFFfBmJEKAag0cbaPfwpkVoacqAN4zTJopHrT7KtRfYqox8tw00WzTPd84Ksw6gQhi1PbzpZOphRluCJ2TmGBxbJgyK8Bt97QyDgEBQ/j6ddYDyWsrGqaawNdtOoEQQhk9UmMRQrGYSUTNNLIx53JImHfBF060vwGu9smYoS4QZB215bYhFDjQDoGw==
X-Microsoft-Antispam-PRVS: 
 <AM5PR0801MB2066B2836FF0655E44581B3AF2FC0@AM5PR0801MB2066.eurprd08.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(6040501)(2401047)(8121501046)(5005006)(10201501046)(93006095)(93001095)(3231101)(2400082)(944501161)(3002001)(6041288)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(6072148)(201708071742011);
	SRVR:AM5PR0801MB2066; BCL:0; PCL:0; RULEID:;
	SRVR:AM5PR0801MB2066;
X-Forefront-PRVS: 0576145E86
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10019020)(6069001)(39380400002)(376002)(366004)(396003)(39850400004)(346002)(189003)(199004)(54534003)(6512007)(6116002)(6506007)(25786009)(7736002)(16526019)(186003)(316002)(53416004)(106356001)(16586007)(76506005)(305945005)(1857600001)(2906002)(97736004)(5660300001)(1076002)(36756003)(478600001)(5890100001)(6916009)(47776003)(68736007)(8936002)(8676002)(69596002)(53936002)(2361001)(59450400001)(105586002)(81156014)(81166006)(48376002)(3846002)(52116002)(51416003)(2351001)(50466002)(6666003)(66066001)(4326008)(86362001)(6486002)(55236004)(26005)(386003)(50226002);
	DIR:OUT; SFP:1102; SCL:1; SRVR:AM5PR0801MB2066;
	H:localhost.sw.ru; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1;
	LANG:en;
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: None (protection.outlook.com: virtuozzo.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM5PR0801MB2066;
	23:oNVuU9tObTbbtiTafL+UZigOGw0mfaktNgqNakF?=
	=?us-ascii?Q?3XDVhTvYjRtiGrZ1bX2PnSmvxexOOPgyKSAKHKN8z+lMy3C7oDh/Vcrosh/3?=
	=?us-ascii?Q?xvnBm8LAhDzTteerJ26GUzlOwsXS35fq3i+EXKKa5VM/rA18D0JSOx62Jm1o?=
	=?us-ascii?Q?/qBOD8S1FsasCk2fYAM7w0L6NM438ZR2EnHneGxTKnHQ7ybbI7aiTVDAiczK?=
	=?us-ascii?Q?1N4W+t5+5W0JZZLQIjl7/OafJ5Xvjt8MhP3I+WslOgAMLlbJToCMf+Gnctpe?=
	=?us-ascii?Q?O8+pBOiJDX6SQKXikRtpJDNsvTVZ/iFNu6Ot73e76QAOG9ivq1jRH9/ZjNHp?=
	=?us-ascii?Q?JT+9xL8tuvjKrRqUYCt5WKQBZq1P4rvV3xWLfvv7ZQfRkhXMsfvhstKp/sdD?=
	=?us-ascii?Q?GGFIg0jWTdEWF4Oq7Fky+Je4R7IdHesZj/YaOqtSP5WsPz7A8G0ErDhTR2tD?=
	=?us-ascii?Q?hDomV2OEnJZQs49ozy4ogNceKknd+8QLEfcuCGPpiBJMh4qssBBtiD8ShwYJ?=
	=?us-ascii?Q?xCMgVoUBfcXfOjdJGA5bSOh5n+PLBIwk5WSMb7ZKkebTfJT8MnUXiMs4eJ2w?=
	=?us-ascii?Q?YfFZ5MdjpbhFIULpYJhpW5hUmxRZVR3WGd6MZ1EvatO3eW/ZFW/gIRAIoi2k?=
	=?us-ascii?Q?zU4+ELgxu/vWDlyhP4cqUGOkmP711NqdvN29DGXFB+tl23YxWjesGaQC4YBR?=
	=?us-ascii?Q?29M6I111C1ttRsJr+tLdePFr8HbeAFg9Vk6TesrMp8uNALSBKhtcURKfGIPJ?=
	=?us-ascii?Q?Mf1TKUjtRTE3Y6zT2hucwG3fp6yprP+vM/bhFR9qZPRtD1cNRO82499/lJsw?=
	=?us-ascii?Q?8FRvbVXpQcP9B7zMIiqWcgZFYljXBxlWbUqibg2Batfxn2JVfcDkdSq4rdOU?=
	=?us-ascii?Q?UM05gNNjIfmxtKXqrNXGFXMulnoN+C6xuVWM4ceVbMRl7qSsl+tJ03rck2TD?=
	=?us-ascii?Q?PBMrMZ50vZeHVdtz8j+igajU21yMnoEi3Uwe2qTYb52mQohNE2RDG8D6A+DY?=
	=?us-ascii?Q?GjPkIdy6ImjCMO4+jeGKc5Qa84l20uu8mspUrSWyK9RkoVC8YF/V+X5hCreN?=
	=?us-ascii?Q?skeKkTgsUBWf3jq40SHqAhFwoVILDLQcqDt/txUJzeBR0/CVI8wm17T/Mb8b?=
	=?us-ascii?Q?4B4lsi6VydlCyJ3s9G3H5YwC8YLRD3YxkVDzuZKRB7jtOmClJEmAV4YsE/iZ?=
	=?us-ascii?Q?jYEP4RcwpzFPQRgon2A59VlYzg5xGMkALz8j0mtnhMkpm3G1E07uuuL5cdYk?=
	=?us-ascii?Q?4jm0oOmEfyxy2Ddle4vEEaBy54erGI2xPMVojd4hkcEGigcz0g7zcmB/1fTH?=
	=?us-ascii?Q?cP0gPX0mFCIoxO6RWjIbt8Ws=3D?=
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2066;
	6:jdZahIWnQKNL4IX8MYtjQEQacD0AYMeQuFfvly+vXPURv/TI7mZxDDBNcWdD03PAZMlS2YhR3+jEIyfymjrGREexKFFgKv27SIKA9wfgeJo+ikJBVL52XIwtsMOPWWozsNq93XG5KTSyVHFFBC9HGWbBOXQuCO5NdMYHXC/Lruoy42YcUE3F95lPJKWi3B/xNKCB4l+PHjNCvSZ0lPzv4voqcpstT90q179iCiVwAGxjHM5Ud4nDxtRSkmNbe6qQbbgBqBGbm9hrsm1ccAIVpI/SUbQJzeikxmycbtN/Rr/2UuysRdzdodTytYDQBZf7FEMRpe3YnYc1MYZ6qmDHdiTAzetNeu9O1LAa6iFRag0=;
	5:UN362DdKlMb0SvgDp1wSZQHYaS1+7PrRkX4xmBTNkQTH8YGnBrk9/mUddupph9j0koPLEmip8OGTzF+6uv0WdOyOApTLmz/BsoOWEjRywKl9gmzAaRttEeo6Idx5rXQ/1rq07Rw90H5xMKLXjvVweFH3Bg97q4vN6swHHGfU1rc=;
	24:91lEnnrZFYB+Ikp8CHFxdbhVpi1xkKB2n2esz2KtxjRBlIpH/Gr8j1ao5aL6FR6IOfIb+lw7iE6IBrcOa6U50LrCEhv1XiAJEHzs0Kbhv9Q=;
	7:SQuzz0F8GxJDCABRtI21qE+XYlbctZaY3gxSLCGwTO1Gl0OTKis62d5GARuT4+HNKxp5etNEbjgbx/3u1kHJdtK9liWB+yA/uTBx+w9tAVZmvCinCKphJwVDHwpFrSKHXgK9DO5EECsRiR057ULxQkJnIoZ5k+EjyB76KmcPPcO82inzwDDs9LTXoFSqEPLDzD+ubYy59DZ7x+TsiWi25jF6fr7E3tmDUf3/6+98G/ELd5/72uL/LT+xhIpjQlSu
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; AM5PR0801MB2066;
	20:/SCXKne7l5uOzCqLIzV13+3u2cHt5q2+fTUy6PLstMghoJQEN8ILj4QCCZcafWA/kDCs48Gga4fRmsNzdmx5KAXXAevMnla8RIjrZ59FcV5qGjTuJTnYD+TjzxwZfyLHtstKrFFNCtG4b9bIrixl5aARjl8/8r+MD8tzbCFYkwY=
X-OriginatorOrg: virtuozzo.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Feb 2018 09:48:54.2952 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 1b0ae66d-2ecd-41a9-47ee-08d56e10004d
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 0bc7f26d-0264-416e-a6fc-8352af79c58f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5PR0801MB2066
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-Received-From: 40.107.4.96
Subject: [Qemu-devel] [PATCH] vnc: fix segfault in closed connection handling
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: den@virtuozzo.com, kraxel@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

On one of our client's node, due to trying to read from closed ioc,
a segmentation fault occured. Corresponding backtrace:

0  object_get_class (obj=3Dobj@entry=3D0x0)
1  qio_channel_readv_full (ioc=3D0x0, iov=3D0x7ffe55277180 ...
2  qio_channel_read (ioc=3D<optimized out> ...
3  vnc_client_read_buf (vs=3Dvs@entry=3D0x55625f3c6000, ...
4  vnc_client_read_plain (vs=3D0x55625f3c6000)
5  vnc_client_read (vs=3D0x55625f3c6000)
6  vnc_client_io (ioc=3D<optimized out>, condition=3DG_IO_IN, ...
7  g_main_dispatch (context=3D0x556251568a50)
8  g_main_context_dispatch (context=3Dcontext@entry=3D0x556251568a50)
9  glib_pollfds_poll ()
10 os_host_main_loop_wait (timeout=3D<optimized out>)
11 main_loop_wait (nonblocking=3Dnonblocking@entry=3D0)
12 main_loop () at vl.c:1909
13 main (argc=3D<optimized out>, argv=3D<optimized out>, ...

Having analyzed the coredump, I understood that the reason is that
ioc_tag is reset on vnc_disconnect_start and ioc is cleaned
in vnc_disconnect_finish. Between these two events due to some
reasons the ioc_tag was set again and after vnc_disconnect_finish
the handler is running with freed ioc,
which led to the segmentation fault.

The patch checks vs->disconnecting in places where we call
qio_channel_add_watch and resets handler if disconnecting =3D=3D TRUE
to prevent such an occurrence.

Signed-off-by: Klim Kireev <klim.kireev@virtuozzo.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
Changelog:
v2: Attach the backtrace

v3: Change checks

 ui/vnc-jobs.c |  6 ++++--
 ui/vnc.c      | 15 ++++++++++++++-
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
index e326679dd0..868dddef4b 100644
--- a/ui/vnc-jobs.c
+++ b/ui/vnc-jobs.c
@@ -148,8 +148,10 @@ void vnc_jobs_consume_buffer(VncState *vs)
             if (vs->ioc_tag) {
                 g_source_remove(vs->ioc_tag);
             }
-            vs->ioc_tag =3D qio_channel_add_watch(
-                vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
+            if (vs->disconnecting =3D=3D FALSE) {
+                vs->ioc_tag =3D qio_channel_add_watch(
+                    vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
+            }
         }
         buffer_move(&vs->output, &vs->jobs_buffer);
=20
diff --git a/ui/vnc.c b/ui/vnc.c
index 93731accb6..67ccc8160f 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1536,12 +1536,19 @@ gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSE=
D,
     VncState *vs =3D opaque;
     if (condition & G_IO_IN) {
         if (vnc_client_read(vs) < 0) {
-            return TRUE;
+            goto end;
         }
     }
     if (condition & G_IO_OUT) {
         vnc_client_write(vs);
     }
+end:
+    if (vs->disconnecting) {
+        if (vs->ioc_tag !=3D 0) {
+            g_source_remove(vs->ioc_tag);
+        }
+        vs->ioc_tag =3D 0;
+    }
     return TRUE;
 }
=20
@@ -1630,6 +1637,12 @@ void vnc_flush(VncState *vs)
     if (vs->ioc !=3D NULL && vs->output.offset) {
         vnc_client_write_locked(vs);
     }
+    if (vs->disconnecting) {
+        if (vs->ioc_tag !=3D 0) {
+            g_source_remove(vs->ioc_tag);
+        }
+        vs->ioc_tag =3D 0;
+    }
     vnc_unlock_output(vs);
 }
=20
--=20
2.14.3