qxl: fix segfault

[PATCH] qxl: fix segfault

Posted by Gerd Hoffmann 3 years, 4 months ago

Add missing sanity check.
Reproducer: run qemu with "-device qxl" but without "-spice ..."

Fixes: 0d9b90ce5c73 ("console: make QMP/HMP screendump run in coroutine")
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/console.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ui/console.c b/ui/console.c
index e07d2c380df7..53dee8e26b17 100644
--- a/ui/console.c
+++ b/ui/console.c
@@ -264,7 +264,9 @@ static void gui_setup_refresh(DisplayState *ds)
 
 void graphic_hw_update_done(QemuConsole *con)
 {
-    qemu_co_queue_restart_all(&con->dump_queue);
+    if (con) {
+        qemu_co_queue_restart_all(&con->dump_queue);
+    }
 }
 
 void graphic_hw_update(QemuConsole *con)
-- 
2.27.0

Re: [PATCH] qxl: fix segfault

Posted by Marc-André Lureau 3 years, 4 months ago

Hi

On Tue, Nov 24, 2020 at 4:30 PM Gerd Hoffmann <kraxel@redhat.com> wrote:

> Add missing sanity check.
> Reproducer: run qemu with "-device qxl" but without "-spice ..."
>
> Fixes: 0d9b90ce5c73 ("console: make QMP/HMP screendump run in coroutine")
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> ---
>  ui/console.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/ui/console.c b/ui/console.c
> index e07d2c380df7..53dee8e26b17 100644
> --- a/ui/console.c
> +++ b/ui/console.c
> @@ -264,7 +264,9 @@ static void gui_setup_refresh(DisplayState *ds)
>
>  void graphic_hw_update_done(QemuConsole *con)
>  {
> -    qemu_co_queue_restart_all(&con->dump_queue);
> +    if (con) {
> +        qemu_co_queue_restart_all(&con->dump_queue);
> +    }
>  }
>
>  void graphic_hw_update(QemuConsole *con)
> --
> 2.27.0
>
>
>
Interesting case...
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>

thanks

-- 
Marc-André Lureau

Re: [PATCH] qxl: fix segfault

Posted by Marc-André Lureau 3 years, 4 months ago

Hi

On Tue, Nov 24, 2020 at 4:30 PM Gerd Hoffmann <kraxel@redhat.com> wrote:

> Add missing sanity check.
> Reproducer: run qemu with "-device qxl" but without "-spice ..."
>
> Fixes: 0d9b90ce5c73 ("console: make QMP/HMP screendump run in coroutine")
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
>

It would be nice to include this regression fix in the release. Anyone
taking the patch to PR?

---
>  ui/console.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/ui/console.c b/ui/console.c
> index e07d2c380df7..53dee8e26b17 100644
> --- a/ui/console.c
> +++ b/ui/console.c
> @@ -264,7 +264,9 @@ static void gui_setup_refresh(DisplayState *ds)
>
>  void graphic_hw_update_done(QemuConsole *con)
>  {
> -    qemu_co_queue_restart_all(&con->dump_queue);
> +    if (con) {
> +        qemu_co_queue_restart_all(&con->dump_queue);
> +    }
>  }
>
>  void graphic_hw_update(QemuConsole *con)
> --
> 2.27.0
>
>
>

-- 
Marc-André Lureau

Re: [PATCH] qxl: fix segfault

Posted by Peter Maydell 3 years, 4 months ago

On Thu, 26 Nov 2020 at 15:42, Marc-André Lureau
<marcandre.lureau@gmail.com> wrote:
>
> Hi
>
> On Tue, Nov 24, 2020 at 4:30 PM Gerd Hoffmann <kraxel@redhat.com> wrote:
>>
>> Add missing sanity check.
>> Reproducer: run qemu with "-device qxl" but without "-spice ..."
>>
>> Fixes: 0d9b90ce5c73 ("console: make QMP/HMP screendump run in coroutine")
>> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
>
>
> It would be nice to include this regression fix in the release. Anyone taking the patch to PR?


Looks like a safe fix and we do need to roll rc4 anyway, so if somebody wants
to send a pullreq tomorrow I can apply it.

thanks
-- PMM

Re: [PATCH] qxl: fix segfault

Posted by Gerd Hoffmann 3 years, 4 months ago

  Hi,

> > It would be nice to include this regression fix in the release. Anyone taking the patch to PR?
> 
> Looks like a safe fix and we do need to roll rc4 anyway, so if somebody wants
> to send a pullreq tomorrow I can apply it.

I had one prepared already and was waiting for ci.

Sent now,
  Gerd