This patch adds support for cut+paste to the qemu vnc server, which
allows the vnc client exchange clipbaord data with qemu and other peers
like the qemu vdagent implementation.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20210519053940.1888907-1-kraxel@redhat.com
Message-Id: <20210519053940.1888907-8-kraxel@redhat.com>
---
ui/vnc.h | 24 ++++
ui/vnc-clipboard.c | 323 +++++++++++++++++++++++++++++++++++++++++++++
ui/vnc.c | 21 ++-
ui/meson.build | 1 +
4 files changed, 363 insertions(+), 6 deletions(-)
create mode 100644 ui/vnc-clipboard.c
diff --git a/ui/vnc.h b/ui/vnc.h
index d4f3e1555809..a7149831f906 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -29,6 +29,7 @@
#include "qemu/queue.h"
#include "qemu/thread.h"
+#include "ui/clipboard.h"
#include "ui/console.h"
#include "audio/audio.h"
#include "qemu/bitmap.h"
@@ -348,6 +349,10 @@ struct VncState
Notifier mouse_mode_notifier;
+ QemuClipboardPeer cbpeer;
+ QemuClipboardInfo *cbinfo;
+ uint32_t cbpending;
+
QTAILQ_ENTRY(VncState) next;
};
@@ -417,6 +422,7 @@ enum {
#define VNC_ENCODING_XVP 0XFFFFFECB /* -309 */
#define VNC_ENCODING_ALPHA_CURSOR 0XFFFFFEC6 /* -314 */
#define VNC_ENCODING_WMVi 0x574D5669
+#define VNC_ENCODING_CLIPBOARD_EXT 0xc0a1e5ce
/*****************************************************************************
*
@@ -458,6 +464,7 @@ enum VncFeatures {
VNC_FEATURE_ZYWRLE,
VNC_FEATURE_LED_STATE,
VNC_FEATURE_XVP,
+ VNC_FEATURE_CLIPBOARD_EXT,
};
#define VNC_FEATURE_RESIZE_MASK (1 << VNC_FEATURE_RESIZE)
@@ -474,6 +481,7 @@ enum VncFeatures {
#define VNC_FEATURE_ZYWRLE_MASK (1 << VNC_FEATURE_ZYWRLE)
#define VNC_FEATURE_LED_STATE_MASK (1 << VNC_FEATURE_LED_STATE)
#define VNC_FEATURE_XVP_MASK (1 << VNC_FEATURE_XVP)
+#define VNC_FEATURE_CLIPBOARD_EXT_MASK (1 << VNC_FEATURE_CLIPBOARD_EXT)
/* Client -> Server message IDs */
@@ -535,6 +543,17 @@ enum VncFeatures {
#define VNC_XVP_ACTION_REBOOT 3
#define VNC_XVP_ACTION_RESET 4
+/* extended clipboard flags */
+#define VNC_CLIPBOARD_TEXT (1 << 0)
+#define VNC_CLIPBOARD_RTF (1 << 1)
+#define VNC_CLIPBOARD_HTML (1 << 2)
+#define VNC_CLIPBOARD_DIB (1 << 3)
+#define VNC_CLIPBOARD_FILES (1 << 4)
+#define VNC_CLIPBOARD_CAPS (1 << 24)
+#define VNC_CLIPBOARD_REQUEST (1 << 25)
+#define VNC_CLIPBOARD_PEEK (1 << 26)
+#define VNC_CLIPBOARD_NOTIFY (1 << 27)
+#define VNC_CLIPBOARD_PROVIDE (1 << 28)
/*****************************************************************************
*
@@ -618,4 +637,9 @@ int vnc_zrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
int vnc_zywrle_send_framebuffer_update(VncState *vs, int x, int y, int w, int h);
void vnc_zrle_clear(VncState *vs);
+/* vnc-clipboard.c */
+void vnc_server_cut_text_caps(VncState *vs);
+void vnc_client_cut_text(VncState *vs, size_t len, uint8_t *text);
+void vnc_client_cut_text_ext(VncState *vs, int32_t len, uint32_t flags, uint8_t *data);
+
#endif /* QEMU_VNC_H */
diff --git a/ui/vnc-clipboard.c b/ui/vnc-clipboard.c
new file mode 100644
index 000000000000..9f077965d056
--- /dev/null
+++ b/ui/vnc-clipboard.c
@@ -0,0 +1,323 @@
+/*
+ * QEMU VNC display driver -- clipboard support
+ *
+ * Copyright (C) 2021 Gerd Hoffmann <kraxel@redhat.com>
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "qemu/osdep.h"
+#include "qemu-common.h"
+#include "vnc.h"
+#include "vnc-jobs.h"
+
+static uint8_t *inflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size)
+{
+ z_stream stream = {
+ .next_in = in,
+ .avail_in = in_len,
+ .zalloc = Z_NULL,
+ .zfree = Z_NULL,
+ };
+ uint32_t out_len = 8;
+ uint8_t *out = g_malloc(out_len);
+ int ret;
+
+ stream.next_out = out + stream.total_out;
+ stream.avail_out = out_len - stream.total_out;
+
+ ret = inflateInit(&stream);
+ if (ret != Z_OK) {
+ goto err;
+ }
+
+ while (stream.avail_in) {
+ ret = inflate(&stream, Z_FINISH);
+ switch (ret) {
+ case Z_OK:
+ case Z_STREAM_END:
+ break;
+ case Z_BUF_ERROR:
+ out_len <<= 1;
+ if (out_len > (1 << 20)) {
+ goto err_end;
+ }
+ out = g_realloc(out, out_len);
+ stream.next_out = out + stream.total_out;
+ stream.avail_out = out_len - stream.total_out;
+ break;
+ default:
+ goto err_end;
+ }
+ }
+
+ *size = stream.total_out;
+ inflateEnd(&stream);
+
+ return out;
+
+err_end:
+ inflateEnd(&stream);
+err:
+ g_free(out);
+ return NULL;
+}
+
+static uint8_t *deflate_buffer(uint8_t *in, uint32_t in_len, uint32_t *size)
+{
+ z_stream stream = {
+ .next_in = in,
+ .avail_in = in_len,
+ .zalloc = Z_NULL,
+ .zfree = Z_NULL,
+ };
+ uint32_t out_len = 8;
+ uint8_t *out = g_malloc(out_len);
+ int ret;
+
+ stream.next_out = out + stream.total_out;
+ stream.avail_out = out_len - stream.total_out;
+
+ ret = deflateInit(&stream, Z_DEFAULT_COMPRESSION);
+ if (ret != Z_OK) {
+ goto err;
+ }
+
+ while (ret != Z_STREAM_END) {
+ ret = deflate(&stream, Z_FINISH);
+ switch (ret) {
+ case Z_OK:
+ case Z_STREAM_END:
+ break;
+ case Z_BUF_ERROR:
+ out_len <<= 1;
+ if (out_len > (1 << 20)) {
+ goto err_end;
+ }
+ out = g_realloc(out, out_len);
+ stream.next_out = out + stream.total_out;
+ stream.avail_out = out_len - stream.total_out;
+ break;
+ default:
+ goto err_end;
+ }
+ }
+
+ *size = stream.total_out;
+ deflateEnd(&stream);
+
+ return out;
+
+err_end:
+ deflateEnd(&stream);
+err:
+ g_free(out);
+ return NULL;
+}
+
+static void vnc_clipboard_send(VncState *vs, uint32_t count, uint32_t *dwords)
+{
+ int i;
+
+ vnc_lock_output(vs);
+ vnc_write_u8(vs, VNC_MSG_SERVER_CUT_TEXT);
+ vnc_write_u8(vs, 0);
+ vnc_write_u8(vs, 0);
+ vnc_write_u8(vs, 0);
+ vnc_write_s32(vs, -(count * sizeof(uint32_t))); /* -(message length) */
+ for (i = 0; i < count; i++) {
+ vnc_write_u32(vs, dwords[i]);
+ }
+ vnc_unlock_output(vs);
+ vnc_flush(vs);
+}
+
+static void vnc_clipboard_provide(VncState *vs,
+ QemuClipboardInfo *info,
+ QemuClipboardType type)
+{
+ uint32_t flags = 0;
+ g_autofree uint8_t *buf = NULL;
+ g_autofree void *zbuf = NULL;
+ uint32_t zsize;
+
+ switch (type) {
+ case QEMU_CLIPBOARD_TYPE_TEXT:
+ flags |= VNC_CLIPBOARD_TEXT;
+ break;
+ default:
+ return;
+ }
+ flags |= VNC_CLIPBOARD_PROVIDE;
+
+ buf = g_malloc(info->types[type].size + 4);
+ buf[0] = (info->types[type].size >> 24) & 0xff;
+ buf[1] = (info->types[type].size >> 16) & 0xff;
+ buf[2] = (info->types[type].size >> 8) & 0xff;
+ buf[3] = (info->types[type].size >> 0) & 0xff;
+ memcpy(buf + 4, info->types[type].data, info->types[type].size);
+ zbuf = deflate_buffer(buf, info->types[type].size + 4, &zsize);
+ if (!zbuf) {
+ return;
+ }
+
+ vnc_lock_output(vs);
+ vnc_write_u8(vs, VNC_MSG_SERVER_CUT_TEXT);
+ vnc_write_u8(vs, 0);
+ vnc_write_u8(vs, 0);
+ vnc_write_u8(vs, 0);
+ vnc_write_s32(vs, -(sizeof(uint32_t) + zsize)); /* -(message length) */
+ vnc_write_u32(vs, flags);
+ vnc_write(vs, zbuf, zsize);
+ vnc_unlock_output(vs);
+ vnc_flush(vs);
+}
+
+static void vnc_clipboard_notify(Notifier *notifier, void *data)
+{
+ VncState *vs = container_of(notifier, VncState, cbpeer.update);
+ QemuClipboardInfo *info = data;
+ QemuClipboardType type;
+ bool self_update = info->owner == &vs->cbpeer;
+ uint32_t flags = 0;
+
+ if (info != vs->cbinfo) {
+ qemu_clipboard_info_unref(vs->cbinfo);
+ vs->cbinfo = qemu_clipboard_info_ref(info);
+ vs->cbpending = 0;
+ if (!self_update) {
+ if (info->types[QEMU_CLIPBOARD_TYPE_TEXT].available) {
+ flags |= VNC_CLIPBOARD_TEXT;
+ }
+ flags |= VNC_CLIPBOARD_NOTIFY;
+ vnc_clipboard_send(vs, 1, &flags);
+ }
+ return;
+ }
+
+ if (self_update) {
+ return;
+ }
+
+ for (type = 0; type < QEMU_CLIPBOARD_TYPE__COUNT; type++) {
+ if (vs->cbpending & (1 << type)) {
+ vs->cbpending &= ~(1 << type);
+ vnc_clipboard_provide(vs, info, type);
+ }
+ }
+}
+
+static void vnc_clipboard_request(QemuClipboardInfo *info,
+ QemuClipboardType type)
+{
+ VncState *vs = container_of(info->owner, VncState, cbpeer);
+ uint32_t flags = 0;
+
+ if (type == QEMU_CLIPBOARD_TYPE_TEXT) {
+ flags |= VNC_CLIPBOARD_TEXT;
+ }
+ if (!flags) {
+ return;
+ }
+ flags |= VNC_CLIPBOARD_REQUEST;
+
+ vnc_clipboard_send(vs, 1, &flags);
+}
+
+void vnc_client_cut_text_ext(VncState *vs, int32_t len, uint32_t flags, uint8_t *data)
+{
+ if (flags & VNC_CLIPBOARD_CAPS) {
+ /* need store caps somewhere ? */
+ return;
+ }
+
+ if (flags & VNC_CLIPBOARD_NOTIFY) {
+ QemuClipboardInfo *info =
+ qemu_clipboard_info_new(&vs->cbpeer, QEMU_CLIPBOARD_SELECTION_CLIPBOARD);
+ if (flags & VNC_CLIPBOARD_TEXT) {
+ info->types[QEMU_CLIPBOARD_TYPE_TEXT].available = true;
+ }
+ qemu_clipboard_update(info);
+ qemu_clipboard_info_unref(info);
+ return;
+ }
+
+ if (flags & VNC_CLIPBOARD_PROVIDE &&
+ vs->cbinfo &&
+ vs->cbinfo->owner == &vs->cbpeer) {
+ uint32_t size = 0;
+ g_autofree uint8_t *buf = inflate_buffer(data, len - 4, &size);
+ if ((flags & VNC_CLIPBOARD_TEXT) &&
+ buf && size >= 4) {
+ uint32_t tsize = read_u32(buf, 0);
+ uint8_t *tbuf = buf + 4;
+ if (tsize < size) {
+ qemu_clipboard_set_data(&vs->cbpeer, vs->cbinfo,
+ QEMU_CLIPBOARD_TYPE_TEXT,
+ tsize, tbuf, true);
+ }
+ }
+ }
+
+ if (flags & VNC_CLIPBOARD_REQUEST &&
+ vs->cbinfo &&
+ vs->cbinfo->owner != &vs->cbpeer) {
+ if ((flags & VNC_CLIPBOARD_TEXT) &&
+ vs->cbinfo->types[QEMU_CLIPBOARD_TYPE_TEXT].available) {
+ if (vs->cbinfo->types[QEMU_CLIPBOARD_TYPE_TEXT].data) {
+ vnc_clipboard_provide(vs, vs->cbinfo, QEMU_CLIPBOARD_TYPE_TEXT);
+ } else {
+ vs->cbpending |= (1 << QEMU_CLIPBOARD_TYPE_TEXT);
+ qemu_clipboard_request(vs->cbinfo, QEMU_CLIPBOARD_TYPE_TEXT);
+ }
+ }
+ }
+}
+
+void vnc_client_cut_text(VncState *vs, size_t len, uint8_t *text)
+{
+ QemuClipboardInfo *info =
+ qemu_clipboard_info_new(&vs->cbpeer, QEMU_CLIPBOARD_SELECTION_CLIPBOARD);
+
+ qemu_clipboard_set_data(&vs->cbpeer, info, QEMU_CLIPBOARD_TYPE_TEXT,
+ len, text, true);
+ qemu_clipboard_info_unref(info);
+}
+
+void vnc_server_cut_text_caps(VncState *vs)
+{
+ uint32_t caps[2];
+
+ if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) {
+ return;
+ }
+
+ caps[0] = (VNC_CLIPBOARD_PROVIDE |
+ VNC_CLIPBOARD_NOTIFY |
+ VNC_CLIPBOARD_REQUEST |
+ VNC_CLIPBOARD_CAPS |
+ VNC_CLIPBOARD_TEXT);
+ caps[1] = 0;
+ vnc_clipboard_send(vs, 2, caps);
+
+ vs->cbpeer.name = "vnc";
+ vs->cbpeer.update.notify = vnc_clipboard_notify;
+ vs->cbpeer.request = vnc_clipboard_request;
+ qemu_clipboard_peer_register(&vs->cbpeer);
+}
diff --git a/ui/vnc.c b/ui/vnc.c
index 2bea46b2b3f8..b3d4d7b9a5f5 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -25,6 +25,7 @@
*/
#include "qemu/osdep.h"
+#include "qemu-common.h"
#include "vnc.h"
#include "vnc-jobs.h"
#include "trace.h"
@@ -1352,6 +1353,9 @@ void vnc_disconnect_finish(VncState *vs)
/* last client gone */
vnc_update_server_surface(vs->vd);
}
+ if (vs->cbpeer.update.notify) {
+ qemu_clipboard_peer_unregister(&vs->cbpeer);
+ }
vnc_unlock_output(vs);
@@ -1777,10 +1781,6 @@ uint32_t read_u32(uint8_t *data, size_t offset)
(data[offset + 2] << 8) | data[offset + 3]);
}
-static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
-{
-}
-
static void check_pointer_type_change(Notifier *notifier, void *data)
{
VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
@@ -2222,6 +2222,10 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
send_xvp_message(vs, VNC_XVP_CODE_INIT);
}
break;
+ case VNC_ENCODING_CLIPBOARD_EXT:
+ vs->features |= VNC_FEATURE_CLIPBOARD_EXT_MASK;
+ vnc_server_cut_text_caps(vs);
+ break;
case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
vs->tight->compression = (enc & 0x0F);
break;
@@ -2438,7 +2442,7 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
return 8;
}
if (len == 8) {
- uint32_t dlen = read_u32(data, 4);
+ uint32_t dlen = abs(read_s32(data, 4));
if (dlen > (1 << 20)) {
error_report("vnc: client_cut_text msg payload has %u bytes"
" which exceeds our limit of 1MB.", dlen);
@@ -2450,7 +2454,12 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
}
}
- client_cut_text(vs, read_u32(data, 4), data + 8);
+ if (read_s32(data, 4) < 0) {
+ vnc_client_cut_text_ext(vs, abs(read_s32(data, 4)),
+ read_u32(data, 8), data + 12);
+ break;
+ }
+ vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
break;
case VNC_MSG_CLIENT_XVP:
if (!(vs->features & VNC_FEATURE_XVP)) {
diff --git a/ui/meson.build b/ui/meson.build
index bad49fb6de60..f37ef882e0e3 100644
--- a/ui/meson.build
+++ b/ui/meson.build
@@ -30,6 +30,7 @@ vnc_ss.add(files(
'vnc-auth-vencrypt.c',
'vnc-ws.c',
'vnc-jobs.c',
+ 'vnc-clipboard.c',
))
vnc_ss.add(zlib, png, jpeg, gnutls)
vnc_ss.add(when: sasl, if_true: files('vnc-auth-sasl.c'))
--
2.31.1
21.05.2021 15:51, Gerd Hoffmann wrote:
> This patch adds support for cut+paste to the qemu vnc server, which
> allows the vnc client exchange clipbaord data with qemu and other peers
> like the qemu vdagent implementation.
>
> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Message-id: 20210519053940.1888907-1-kraxel@redhat.com
> Message-Id: <20210519053940.1888907-8-kraxel@redhat.com>
> ---
[..]
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -25,6 +25,7 @@
> */
>
> #include "qemu/osdep.h"
> +#include "qemu-common.h"
> #include "vnc.h"
> #include "vnc-jobs.h"
> #include "trace.h"
> @@ -1352,6 +1353,9 @@ void vnc_disconnect_finish(VncState *vs)
> /* last client gone */
> vnc_update_server_surface(vs->vd);
> }
> + if (vs->cbpeer.update.notify) {
> + qemu_clipboard_peer_unregister(&vs->cbpeer);
> + }
>
> vnc_unlock_output(vs);
>
Hi Gerd!
Something is wrong here.
We are already under mutex, but calling qemu_clipboard_peer_unregister may trigger taking this mutex again in same call stack:
(gdb) bt
#0 0x00007f4c979b77b0 in __lll_lock_wait () at /lib64/libpthread.so.0
#1 0x00007f4c979b0553 in pthread_mutex_lock () at /lib64/libpthread.so.0
#2 0x0000558fb33bbb72 in qemu_mutex_lock_impl (mutex=0x558fb5416598, file=0x558fb3447fb7 "../ui/vnc-jobs.h", line=60) at ../util/qemu-thread-posix.c:80
#3 0x0000558fb2ca16c6 in vnc_lock_output (vs=0x558fb540a400) at ../ui/vnc-jobs.h:60
#4 0x0000558fb2ca1ab0 in vnc_clipboard_send (vs=0x558fb540a400, count=1, dwords=0x7ffe37f5f968) at ../ui/vnc-clipboard.c:138
#5 0x0000558fb2ca1f17 in vnc_clipboard_notify (notifier=0x558fb541a700, data=0x558fb524ee70) at ../ui/vnc-clipboard.c:209
#6 0x0000558fb33c25f0 in notifier_list_notify (list=0x558fb3a142f0 <clipboard_notifiers>, data=0x558fb524ee70) at ../util/notify.c:39
#7 0x0000558fb2c6d601 in qemu_clipboard_update (info=0x558fb524ee70) at ../ui/clipboard.c:50
#8 0x0000558fb2c6d570 in qemu_clipboard_peer_release (peer=0x558fb541a6f8, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD) at ../ui/clipboard.c:41
#9 0x0000558fb2c6d4b6 in qemu_clipboard_peer_unregister (peer=0x558fb541a6f8) at ../ui/clipboard.c:19
#10 0x0000558fb2c8518a in vnc_disconnect_finish (vs=0x558fb540a400) at ../ui/vnc.c:1358
#11 0x0000558fb2c848b0 in vnc_update_client (vs=0x558fb540a400, has_dirty=0) at ../ui/vnc.c:1167
#12 0x0000558fb2c8a1ce in vnc_refresh (dcl=0x558fb5882610) at ../ui/vnc.c:3207
#13 0x0000558fb2c72dec in dpy_refresh (s=0x558fb4fe7970) at ../ui/console.c:1673
#14 0x0000558fb2c6ebe4 in gui_update (opaque=0x558fb4fe7970) at ../ui/console.c:158
#15 0x0000558fb33e862b in timerlist_run_timers (timer_list=0x558fb45ed200) at ../util/qemu-timer.c:573
#16 0x0000558fb33e86d5 in qemu_clock_run_timers (type=QEMU_CLOCK_REALTIME) at ../util/qemu-timer.c:587
#17 0x0000558fb33e899a in qemu_clock_run_all_timers () at ../util/qemu-timer.c:669
#18 0x0000558fb33e26ec in main_loop_wait (nonblocking=0) at ../util/main-loop.c:542
#19 0x0000558fb3099c75 in qemu_main_loop () at ../softmmu/runstate.c:726
#20 0x0000558fb2c62ae6 in main (argc=5, argv=0x7ffe37f5fdf8, envp=0x7ffe37f5fe28) at ../softmmu/main.c:50
(gdb) fr 2
#2 0x0000558fb33bbb72 in qemu_mutex_lock_impl (mutex=0x558fb5416598, file=0x558fb3447fb7 "../ui/vnc-jobs.h", line=60) at ../util/qemu-thread-posix.c:80
80 err = pthread_mutex_lock(&mutex->lock);
(gdb) p *mutex
$1 = {lock = {__data = {__lock = 2, __count = 0, __owner = 1549902, __nusers = 1, __kind = 0, __spins = 0, __elision = 0, __list = {__prev = 0x0, __next = 0x0}},
__size = "\002\000\000\000\000\000\000\000N\246\027\000\001", '\000' <repeats 26 times>, __align = 2}, file = 0x558fb3442aaf "../ui/vnc-jobs.h", line = 60, initialized = true}
(gdb) info thr
Id Target Id Frame
* 1 Thread 0x7f4c89ba8fc0 (LWP 1549902) "qemu-system-x86" 0x00007f4c979b77b0 in __lll_lock_wait () from /lib64/libpthread.so.0
2 Thread 0x7f4c89a36640 (LWP 1549903) "qemu-system-x86" 0x00007f4c96ad8e0d in syscall () from /lib64/libc.so.6
3 Thread 0x7f4c890b3640 (LWP 1549904) "qemu-system-x86" 0x00007f4c96ad35bf in poll () from /lib64/libc.so.6
4 Thread 0x7f4c03fff640 (LWP 1549905) "qemu-system-x86" 0x00007f4c979baa8a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0
5 Thread 0x7f4c01bff640 (LWP 1549906) "qemu-system-x86" 0x00007f4c979baa8a in __futex_abstimed_wait_common64 () from /lib64/libpthread.so.0
Reproduce is simple:
On master branch, run something like this:
./build/qemu-system-x86_64 -vnc :7 --qmp stdio
Then, in two different terminals start connecting loops:
while true; do vncviewer <vnc server ip>:5907; done
Then wait. If vncviewer loop stack for some reason, when qemu is not yet dead-locked, just restart the loop. Qemu screen becoming black - good sign of dead-lock happen, go into gdb and check.
By default vncviewer does non-shared connection, so previous client is closed when new one is connected. So we trigger many disconnects and connects in a loop.
I don't know this code, so I'm not sure that it would be safe just move qemu_clipboard_peer_unregister() out of the critical section...
--
Best regards,
Vladimir
© 2016 - 2026 Red Hat, Inc.