From nobody Fri Dec 19 02:53:14 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1747347729; cv=none; d=zohomail.com; s=zohoarc; b=C9LtfH6e4jp/PXbmQoHulwOgYbpZgoT2wAIHe9rgWNHnmDNzx4blzYfJofbhEEIr/O40loVAUsCDMBTTjTqxYVku18LLz1UQXPkW8mMjdwF+3gjykx3mWpxcJHSFZ9kOM1MGVNB3cCKXctCOxyGsx7gm2m7XxvMQzTMZPKTiDv0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747347729; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=De0gjRa3T5YCe7yJyKnDVayes1vb36P+Z2zMRdyCnAA=; b=JSN2k9EkQmu2BIPK6eH9bX+trAkc7Q/Tc8faNu87Q/zCkvNfzUD0ncnYzrIPFXyn+svh8nrCljHaIW8dvDx7rTCQEn4LKrMmzNAi67lCZuMVDYif16HeN2wsLi9jtqxKg/EI5nzSHtgm2Gaj5/bfCQnB19gs3MND0Bgki1Ceuds= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1747347729104966.0850946349616; Thu, 15 May 2025 15:22:09 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uFgwL-0006aC-GM; Thu, 15 May 2025 18:20:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uFgwJ-0006YB-PL for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:31 -0400 Received: from smtp-out1.suse.de ([195.135.223.130]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uFgwD-0000Y2-RZ for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:31 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 98228218E0; Thu, 15 May 2025 22:20:21 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id F11FA137E8; Thu, 15 May 2025 22:20:19 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id WAA7K6NoJmhUNgAAD6G6ig (envelope-from ); Thu, 15 May 2025 22:20:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347621; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=De0gjRa3T5YCe7yJyKnDVayes1vb36P+Z2zMRdyCnAA=; b=ykqL7LuWaSALMuZrIT+6GZIo/epzIP8eI81JVpXCLWKVYGnUxf+e9xRq7Lh9F/68vNoypj Fj5RsirI2ylbvB5XhABVUBOfz7K3pRCki8TOb5xu7VTP79p3zdnwEaXejXENkqUjX8dAMY kmnUwFtBDEDWDz5gtl3h0AuLfBDyPSI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347621; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=De0gjRa3T5YCe7yJyKnDVayes1vb36P+Z2zMRdyCnAA=; b=AmAJr0ZxyZ2QU6ZOhCQ85g+1I3TCEgFZMf1mgP1HPQw7v5RgRzhj5ZWru6xjdu3JLfhDSs BPOJKAcH9KeyiDBg== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=ykqL7LuW; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=AmAJr0Zx DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347621; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=De0gjRa3T5YCe7yJyKnDVayes1vb36P+Z2zMRdyCnAA=; b=ykqL7LuWaSALMuZrIT+6GZIo/epzIP8eI81JVpXCLWKVYGnUxf+e9xRq7Lh9F/68vNoypj Fj5RsirI2ylbvB5XhABVUBOfz7K3pRCki8TOb5xu7VTP79p3zdnwEaXejXENkqUjX8dAMY kmnUwFtBDEDWDz5gtl3h0AuLfBDyPSI= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347621; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=De0gjRa3T5YCe7yJyKnDVayes1vb36P+Z2zMRdyCnAA=; b=AmAJr0ZxyZ2QU6ZOhCQ85g+1I3TCEgFZMf1mgP1HPQw7v5RgRzhj5ZWru6xjdu3JLfhDSs BPOJKAcH9KeyiDBg== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: marcandre.lureau@redhat.com, berrange@redhat.com, pbonzini@redhat.com Subject: [PATCH 1/4] chardev: Fix QIOChannel refcount Date: Thu, 15 May 2025 19:20:11 -0300 Message-Id: <20250515222014.4161-2-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250515222014.4161-1-farosas@suse.de> References: <20250515222014.4161-1-farosas@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 98228218E0 X-Rspamd-Action: no action X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Spamd-Result: default: False [-3.01 / 50.00]; BAYES_HAM(-3.00)[99.99%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; TO_DN_NONE(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:mid,suse.de:dkim]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; RCPT_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[suse.de:+] X-Spam-Score: -3.01 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=195.135.223.130; envelope-from=farosas@suse.de; helo=smtp-out1.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1747347730791116600 Content-Type: text/plain; charset="utf-8" The IOWatchPoll holds a reference to the iochannel while the "child" source (iwp->src) is removed from the context and freed. Freeing the source leads to the iochannel being also freed at qio_channel_fd_source_finalize(). Later, io_watch_poll_prepare() tries to create another source with the same iochannel and hits an use after free: =3D=3D8241=3D=3DERROR: AddressSanitizer: heap-use-after-free on address 0x5= 14000000040 READ of size 8 at 0x514000000040 thread T2 #0 0x561c2d272fcd in object_get_class ../qom/object.c:1043:17 #1 0x561c2d338f84 in QIO_CHANNEL_GET_CLASS include/io/channel.h:29:1 #2 0x561c2d33b26f in qio_channel_create_watch ../io/channel.c:388:30 #3 0x561c2d2f0993 in io_watch_poll_prepare ../chardev/char-io.c:65:20 ... 0x514000000040 is located 0 bytes inside of 392-byte region [0x514000000040= ,0x5140000001c8) freed by thread T2 here: #0 0x561c2d2319a5 in free #1 0x7fb2c0926638 in g_free #2 0x561c2d276507 in object_finalize ../qom/object.c:734:9 #3 0x561c2d271d0d in object_unref ../qom/object.c:1231:9 #4 0x561c2d32ef1d in qio_channel_fd_source_finalize ../io/channel-watc= h.c:95:5 #5 0x7fb2c091d124 in g_source_unref_internal ../glib/gmain.c:2298 #6 0x561c2d2f0b6c in io_watch_poll_prepare ../chardev/char-io.c:71:9 ... previously allocated by thread T3 (connect) here: #0 0x561c2d231c69 in malloc #1 0x7fb2c0926518 in g_malloc #2 0x561c2d27246e in object_new_with_type ../qom/object.c:767:15 #3 0x561c2d272530 in object_new ../qom/object.c:789:12 #4 0x561c2d320193 in qio_channel_socket_new ../io/channel-socket.c:64:= 31 #5 0x561c2d308013 in tcp_chr_connect_client_async ../chardev/char-sock= et.c:1181:12 #6 0x561c2d3002e7 in qmp_chardev_open_socket_client ../chardev/char-so= cket.c:1281:9 ... Fix the issue by incrementing the iochannel reference count when the IOWatchPoll takes a reference and decrementing when it is finalized. Signed-off-by: Fabiano Rosas Reviewed-by: Daniel P. Berrang=C3=A9 --- chardev/char-io.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/chardev/char-io.c b/chardev/char-io.c index 3be17b51ca..d9b11f335f 100644 --- a/chardev/char-io.c +++ b/chardev/char-io.c @@ -88,6 +88,9 @@ static gboolean io_watch_poll_dispatch(GSource *source, G= SourceFunc callback, static void io_watch_poll_finalize(GSource *source) { IOWatchPoll *iwp =3D io_watch_poll_from_source(source); + + object_unref(OBJECT(iwp->ioc)); + if (iwp->src) { g_source_destroy(iwp->src); g_source_unref(iwp->src); @@ -117,6 +120,8 @@ GSource *io_add_watch_poll(Chardev *chr, iwp->fd_can_read =3D fd_can_read; iwp->opaque =3D user_data; iwp->ioc =3D ioc; + object_ref(OBJECT(iwp->ioc)); + iwp->fd_read =3D (GSourceFunc) fd_read; iwp->src =3D NULL; iwp->context =3D context; --=20 2.35.3 From nobody Fri Dec 19 02:53:14 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1747347722; cv=none; d=zohomail.com; s=zohoarc; b=MZhxsxKNklF47GZ5jSdJ4fvmTX6jeJXx5FoVNsdTCGPPldmr95f43tfaudOpIZf2hKGYA0lLeBwrqL4nvmMYvOqH/cKyT06cBsneIQ85NnzGpxn9lLQBjl7rBjxF5uJ2d0lOlYM06VAUURigL/ZMOChRnaA+FNeQKXLFY3Vtua4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747347722; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=c7V3pk0hf/BePuUnMB/AIoL4/3z/5fFir7975cFBizY=; b=lK6D4asGtAoAQtABXX2O1BDEGlqxKusQ7PZnc8s4NX174Ny/AkvhqhLpj4swfmznbrgA8evVf8rGi0+VnJOjkQT/Vxe4a7BDPKOPTFkjkdy8YXkrygw2Yms5akQEfjxH8oG9mDAuxJ3jckBclmZ11/+4zTrLJla4VRlncb8tNT0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1747347722236744.704214156892; Thu, 15 May 2025 15:22:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uFgwS-0006cR-2R; Thu, 15 May 2025 18:20:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uFgwQ-0006bu-6g for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:38 -0400 Received: from smtp-out2.suse.de ([2a07:de40:b251:101:10:150:64:2]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uFgwO-0000ZL-1l for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:37 -0400 Received: from imap1.dmz-prg2.suse.org (unknown [10.150.64.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id B046E1F7F5; Thu, 15 May 2025 22:20:23 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 1D4BF137E8; Thu, 15 May 2025 22:20:21 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id 4CocM6VoJmhUNgAAD6G6ig (envelope-from ); Thu, 15 May 2025 22:20:21 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347623; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c7V3pk0hf/BePuUnMB/AIoL4/3z/5fFir7975cFBizY=; b=XDVw8kS+YOmJScWqvzyUM28WwExr2MebBQjzsnWbDNCl6l+bbSY49m9e+DmuqnXkhOs6el b6s4BwwzHzy5TFPJZOYU4efu7Who5uHP6PD8xprDB1hhlT/JMD5RtJDtgmJ/6XTO3UDswg UrsoHJqEG0dCP34UR7Ss+hWa03+Rll0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347623; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c7V3pk0hf/BePuUnMB/AIoL4/3z/5fFir7975cFBizY=; b=KM/P0LAR6n4wyiAzfL+MwcQB1BK0KpyxR29yamBx51JSxXQ/5roqpVgKiF0REbrfq6otUY 9GEFxsLgJjU4jTAA== Authentication-Results: smtp-out2.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347623; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c7V3pk0hf/BePuUnMB/AIoL4/3z/5fFir7975cFBizY=; b=XDVw8kS+YOmJScWqvzyUM28WwExr2MebBQjzsnWbDNCl6l+bbSY49m9e+DmuqnXkhOs6el b6s4BwwzHzy5TFPJZOYU4efu7Who5uHP6PD8xprDB1hhlT/JMD5RtJDtgmJ/6XTO3UDswg UrsoHJqEG0dCP34UR7Ss+hWa03+Rll0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347623; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c7V3pk0hf/BePuUnMB/AIoL4/3z/5fFir7975cFBizY=; b=KM/P0LAR6n4wyiAzfL+MwcQB1BK0KpyxR29yamBx51JSxXQ/5roqpVgKiF0REbrfq6otUY 9GEFxsLgJjU4jTAA== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: marcandre.lureau@redhat.com, berrange@redhat.com, pbonzini@redhat.com Subject: [PATCH 2/4] chardev: Don't attempt to unregister yank function more than once Date: Thu, 15 May 2025 19:20:12 -0300 Message-Id: <20250515222014.4161-3-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250515222014.4161-1-farosas@suse.de> References: <20250515222014.4161-1-farosas@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.80 X-Spamd-Result: default: False [-2.80 / 50.00]; BAYES_HAM(-3.00)[99.99%]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; R_MISSING_CHARSET(0.50)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:mid]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; RCVD_TLS_ALL(0.00)[] Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:2; envelope-from=farosas@suse.de; helo=smtp-out2.suse.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1747347723291116600 Content-Type: text/plain; charset="utf-8" tcp_chr_free_connection() can be called multiple times in succession, in which case the yank function will get as argument a NULL s->sioc that has been cleared by the previous tcp_chr_free_connection() call. This leads to an abort() at yank_unregister_function(). #0 __GI_raise (sig=3D6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 __GI_abort () at abort.c:79 #2 qtest_check_status (s=3D0x513000005600) at ../tests/qtest/libqtest.c:2= 09 #3 qtest_wait_qemu (s=3D0x513000005600) at ../tests/qtest/libqtest.c:273 #4 qtest_kill_qemu (s=3D0x513000005600) at ../tests/qtest/libqtest.c:285 #5 kill_qemu_hook_func (s=3D0x513000005600) at ../tests/qtest/libqtest.c:= 294 #6 g_hook_list_invoke (hook_list=3D0x55ea9cc750c0 , may_recur= se=3D0) at ../glib/ghook.c:534 #7 sigabrt_handler (signo=3D6) at ../tests/qtest/libqtest.c:299 #8 #9 __GI_raise (sig=3D6) at ../sysdeps/unix/sysv/linux/raise.c:51 #10 __GI_abort () at abort.c:79 #11 yank_unregister_function (instance=3D0x7fb26f2ea9a0, func=3D0x55ea9bcc0a10 , opaque=3D0x0) at ../util/yank.c:151 #12 tcp_chr_free_connection (chr=3D0x51300000ffc0) at ../chardev/char-sock= et.c:385 #13 tcp_chr_disconnect_locked (chr=3D0x51300000ffc0) at ../chardev/char-so= cket.c:477 #14 tcp_chr_disconnect (chr=3D0x51300000ffc0) at ../chardev/char-socket.c:= 495 #15 tcp_chr_hup (channel=3D0x514000000040, cond=3DG_IO_HUP, opaque=3D0x513= 00000ffc0) at ../chardev/char-socket.c:536 #16 qio_channel_fd_source_dispatch (source=3D0x50c0000b5fc0, callback=3D0x= 55ea9bcd6770 , user_data=3D0x51300000ffc0) at ../io/channel-watch.c:84 #17 g_main_dispatch (context=3D0x50f000000040) at ../glib/gmain.c:3381 #18 g_main_context_dispatch (context=3Dcontext@entry=3D0x50f000000040) at = ../glib/gmain.c:4099 #19 g_main_context_iterate (context=3D0x50f000000040, block=3Dblock@entry= =3D1, dispatch=3Ddispatch@entry=3D1, self=3D) at ../glib/gmain.c:4175 #20 g_main_loop_run (loop=3D0x502000055690) at ../glib/gmain.c:4373 Commit ebae6477dc ("chardev: check if the chardev is registered for yanking") seems to have encountered a similar issue, but checking s->registered_yank is not a complete solution because that flag pertains to the yank instance, not to each individual function. Skip the yank_unregister_function() in case s->sioc is already NULL, which indicates the last yank function was already removed. Signed-off-by: Fabiano Rosas Reviewed-by: Daniel P. Berrang=C3=A9 --- Can tcp_chr_free_connection() race with itself? I'm assuming no. Could we just make yank_unregister_instance() remove all yank functions at once? Those asserts/abort in the yank code are a bit masochistic. --- chardev/char-socket.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index e8dd2931dc..8ae225d953 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -378,7 +378,8 @@ static void tcp_chr_free_connection(Chardev *chr) =20 tcp_set_msgfds(chr, NULL, 0); remove_fd_in_watch(chr); - if (s->registered_yank && + + if (s->registered_yank && s->sioc && (s->state =3D=3D TCP_CHARDEV_STATE_CONNECTING || s->state =3D=3D TCP_CHARDEV_STATE_CONNECTED)) { yank_unregister_function(CHARDEV_YANK_INSTANCE(chr->label), --=20 2.35.3 From nobody Fri Dec 19 02:53:14 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1747347723; cv=none; d=zohomail.com; s=zohoarc; b=c2iZYCo3xnJ032Vd3sS4vVJzoOfyzHCnBnK1//3NyY9m77onAbnbjuG4P6UOthe316ZZ2Cz+L2tBz5BTSnqSCN9DEo+jVZXXxoy3XYZQohftb0Jo7wqb8kQNWTOCzIRMVqVnJBv4myCujvqL5g3FIQq61PdHByja9Dqna6BnEwk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747347723; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=aIo+ntTCrjCNM2uWShUmgqItoiCZwXsjCUhwgX50soo=; b=nG+Y4EsYWIz/o7GewUVhQ4R6teqTM4DeXcX9Dxp6yIgQDhU+iceKZbe42/DUSGtWjn2iC0XtDrkV6pD7qs35MKPdvzjRixdIlK4RXgejnOYgTqzKqLcQo7ZoSDN0328pUwyg84e5Mna/0IbOYLwwGf8JvGHC2vulbPEARHwqKJ4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 174734772373542.83995663581595; Thu, 15 May 2025 15:22:03 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uFgwS-0006cS-Cl; Thu, 15 May 2025 18:20:40 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uFgwQ-0006c6-TA for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:38 -0400 Received: from smtp-out1.suse.de ([2a07:de40:b251:101:10:150:64:1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uFgwP-0000ZR-0N for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:38 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id D36B2218E2; Thu, 15 May 2025 22:20:25 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 3D9DC137E8; Thu, 15 May 2025 22:20:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id CK3xOqdoJmhUNgAAD6G6ig (envelope-from ); Thu, 15 May 2025 22:20:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347626; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aIo+ntTCrjCNM2uWShUmgqItoiCZwXsjCUhwgX50soo=; b=XTe9eMwfbHXh4jcto5yqmLpJMo4qislZrNrMMD2zQ2d9U+XKtvkivobyJ/QbNrzEkzm2rW I5DTsWo8MN7t/cf2qAn5kWoTEjioWMNpemzKvPc/aYLc4yoUUazYn8dj9/0+U4QAdSujUe kBYENgH/K7yZ6qZAUNggbZbfvPOmrlM= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347626; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aIo+ntTCrjCNM2uWShUmgqItoiCZwXsjCUhwgX50soo=; b=DXKS/hVZFeSrstqaUAlX3enDYs3KmfY7DThafX/l3OydnraVl6FBJjvwNNihpa2nYlePL1 aXUCZpBYctnlxRAA== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=p1RxOvLd; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=ax8iAdMR DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347625; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aIo+ntTCrjCNM2uWShUmgqItoiCZwXsjCUhwgX50soo=; b=p1RxOvLdSIYCzBVsHjr/bVTPDVBGGcXGI3ZdY9tTTsMLzBPDHof0HhEuiFiuaUUTjubyYg aQ57HqSXI3JzU1A8lIKsh+R0ZFEqeR/X6zYOXnwHZhrNPUcK3qumuzo0nwuzJV2Sy8gfka rw0pcCuaxGZVkuwafEUIHiR9Jxq47Fg= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347625; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aIo+ntTCrjCNM2uWShUmgqItoiCZwXsjCUhwgX50soo=; b=ax8iAdMRm+0+FtzqUm2M5KEOHyDTjd2tU+nzMU2BcWVrYZSIBfwJgBBGlVb/bkMWUT6mMP 2cAZMJW0COSigPCw== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: marcandre.lureau@redhat.com, berrange@redhat.com, pbonzini@redhat.com Subject: [PATCH 3/4] chardev: Consolidate yank registration Date: Thu, 15 May 2025 19:20:13 -0300 Message-Id: <20250515222014.4161-4-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250515222014.4161-1-farosas@suse.de> References: <20250515222014.4161-1-farosas@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: D36B2218E2 X-Rspamd-Action: no action X-Rspamd-Server: rspamd2.dmz-prg2.suse.org X-Spamd-Result: default: False [-3.01 / 50.00]; BAYES_HAM(-3.00)[99.99%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; TO_DN_NONE(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:mid,suse.de:dkim]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; RCPT_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[suse.de:+] X-Spam-Score: -3.01 Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:1; envelope-from=farosas@suse.de; helo=smtp-out1.suse.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) (identity @suse.de) X-ZM-MESSAGEID: 1747347724708116600 Content-Type: text/plain; charset="utf-8" There's currently five places where the yank function is being registered and they all come right before tcp_chr_new_client(). Fold them into it. Signed-off-by: Fabiano Rosas Reviewed-by: Daniel P. Berrang=C3=A9 --- chardev/char-socket.c | 31 ++++++------------------------- 1 file changed, 6 insertions(+), 25 deletions(-) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index 8ae225d953..d16608f1ed 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -904,6 +904,12 @@ static int tcp_chr_new_client(Chardev *chr, QIOChannel= Socket *sioc) s->sioc =3D sioc; object_ref(OBJECT(sioc)); =20 + if (s->registered_yank) { + yank_register_function(CHARDEV_YANK_INSTANCE(chr->label), + char_socket_yank_iochannel, + QIO_CHANNEL(sioc)); + } + qio_channel_set_blocking(s->ioc, false, NULL); =20 if (s->do_nodelay) { @@ -944,11 +950,6 @@ static int tcp_chr_add_client(Chardev *chr, int fd) } tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING); tcp_chr_set_client_ioc_name(chr, sioc); - if (s->registered_yank) { - yank_register_function(CHARDEV_YANK_INSTANCE(chr->label), - char_socket_yank_iochannel, - QIO_CHANNEL(sioc)); - } ret =3D tcp_chr_new_client(chr, sioc); object_unref(OBJECT(sioc)); return ret; @@ -963,11 +964,6 @@ static void tcp_chr_accept(QIONetListener *listener, =20 tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING); tcp_chr_set_client_ioc_name(chr, cioc); - if (s->registered_yank) { - yank_register_function(CHARDEV_YANK_INSTANCE(chr->label), - char_socket_yank_iochannel, - QIO_CHANNEL(cioc)); - } tcp_chr_new_client(chr, cioc); } =20 @@ -983,11 +979,6 @@ static int tcp_chr_connect_client_sync(Chardev *chr, E= rror **errp) object_unref(OBJECT(sioc)); return -1; } - if (s->registered_yank) { - yank_register_function(CHARDEV_YANK_INSTANCE(chr->label), - char_socket_yank_iochannel, - QIO_CHANNEL(sioc)); - } tcp_chr_new_client(chr, sioc); object_unref(OBJECT(sioc)); return 0; @@ -1003,11 +994,6 @@ static void tcp_chr_accept_server_sync(Chardev *chr) tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING); sioc =3D qio_net_listener_wait_client(s->listener); tcp_chr_set_client_ioc_name(chr, sioc); - if (s->registered_yank) { - yank_register_function(CHARDEV_YANK_INSTANCE(chr->label), - char_socket_yank_iochannel, - QIO_CHANNEL(sioc)); - } tcp_chr_new_client(chr, sioc); object_unref(OBJECT(sioc)); } @@ -1181,11 +1167,6 @@ static void tcp_chr_connect_client_async(Chardev *ch= r) tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING); sioc =3D qio_channel_socket_new(); tcp_chr_set_client_ioc_name(chr, sioc); - if (s->registered_yank) { - yank_register_function(CHARDEV_YANK_INSTANCE(chr->label), - char_socket_yank_iochannel, - QIO_CHANNEL(sioc)); - } /* * Normally code would use the qio_channel_socket_connect_async * method which uses a QIOTask + qio_task_set_error internally --=20 2.35.3 From nobody Fri Dec 19 02:53:14 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=suse.de ARC-Seal: i=1; a=rsa-sha256; t=1747347722; cv=none; d=zohomail.com; s=zohoarc; b=QbEjdc3wikkUVgTAINMMWmX5bZOv6JOd6WNXbvIew7kDWV8+ltLzadzFQtPo8eqTU5xTsyDplZxF418tE6ILo2edNhzARUVwzAJ7jBRbJ4Pe0LAqlznGHW9zIcfM5KkaNNawdqypSAmOkl5NtATDPkjttR4zSZXMrLBRWOTPojk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1747347722; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=K+FtgAybI9Vd1EfTpc5OhWxRtKJ7xl2YTXon2FoOVu4=; b=XChsf16Pr7nN6N/DxEkqutIqoUusJjWSSXmPEDYeLFA8rXOu73pFnWU6B+Rcdpk6lGfP/+4WmGBFdVQ3ova2h56i29WZstWDBpFVkFdGp7rnhd1zZhJdp72D8KdjMl//CwDkMNrpGU4x4PScKODRZBPJu81AqYIC78Kj+RlmCt4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1747347722923970.8744956479776; Thu, 15 May 2025 15:22:02 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uFgwa-0006e5-VD; Thu, 15 May 2025 18:20:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uFgwZ-0006dn-Rq for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:48 -0400 Received: from smtp-out1.suse.de ([2a07:de40:b251:101:10:150:64:1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uFgwV-0000Zv-4p for qemu-devel@nongnu.org; Thu, 15 May 2025 18:20:47 -0400 Received: from imap1.dmz-prg2.suse.org (imap1.dmz-prg2.suse.org [IPv6:2a07:de40:b281:104:10:150:64:97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 10927218F6; Thu, 15 May 2025 22:20:28 +0000 (UTC) Received: from imap1.dmz-prg2.suse.org (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 6618C137E8; Thu, 15 May 2025 22:20:26 +0000 (UTC) Received: from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167]) by imap1.dmz-prg2.suse.org with ESMTPSA id sNItCapoJmhUNgAAD6G6ig (envelope-from ); Thu, 15 May 2025 22:20:26 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347628; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K+FtgAybI9Vd1EfTpc5OhWxRtKJ7xl2YTXon2FoOVu4=; b=YlsjgzkzAgpUHdSo8CrYPeMqOcLhnCz4W2ffSRbRg+QkkqsqYxUJYCbD3n7ZmU/se+vdec 2tVaFBDBII82t7tfDmjG0E/X6WOJGWFAeeSodnqLHSfv3qODdm8nUs+vzzETL6wP4zJTSP cW1sdKLR5qZCXZYmwt6TgUiHYGaHXhA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347628; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K+FtgAybI9Vd1EfTpc5OhWxRtKJ7xl2YTXon2FoOVu4=; b=k+dX7vl6dFFJKrNlI5KmAMEtzIu+G2OKGJZUSQTiiRKYMny0Kr+FgAoEo+o8T2PuSPsSN7 2l59f0RCsK6PLKDQ== Authentication-Results: smtp-out1.suse.de; dkim=pass header.d=suse.de header.s=susede2_rsa header.b=Ylsjgzkz; dkim=pass header.d=suse.de header.s=susede2_ed25519 header.b=k+dX7vl6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1747347628; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K+FtgAybI9Vd1EfTpc5OhWxRtKJ7xl2YTXon2FoOVu4=; b=YlsjgzkzAgpUHdSo8CrYPeMqOcLhnCz4W2ffSRbRg+QkkqsqYxUJYCbD3n7ZmU/se+vdec 2tVaFBDBII82t7tfDmjG0E/X6WOJGWFAeeSodnqLHSfv3qODdm8nUs+vzzETL6wP4zJTSP cW1sdKLR5qZCXZYmwt6TgUiHYGaHXhA= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1747347628; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K+FtgAybI9Vd1EfTpc5OhWxRtKJ7xl2YTXon2FoOVu4=; b=k+dX7vl6dFFJKrNlI5KmAMEtzIu+G2OKGJZUSQTiiRKYMny0Kr+FgAoEo+o8T2PuSPsSN7 2l59f0RCsK6PLKDQ== From: Fabiano Rosas To: qemu-devel@nongnu.org Cc: marcandre.lureau@redhat.com, berrange@redhat.com, pbonzini@redhat.com Subject: [PATCH 4/4] chardev: Introduce a lock for hup_source Date: Thu, 15 May 2025 19:20:14 -0300 Message-Id: <20250515222014.4161-5-farosas@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20250515222014.4161-1-farosas@suse.de> References: <20250515222014.4161-1-farosas@suse.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspamd1.dmz-prg2.suse.org X-Rspamd-Queue-Id: 10927218F6 X-Spam-Score: -3.01 X-Spamd-Result: default: False [-3.01 / 50.00]; BAYES_HAM(-3.00)[99.99%]; NEURAL_HAM_LONG(-1.00)[-1.000]; MID_CONTAINS_FROM(1.00)[]; R_MISSING_CHARSET(0.50)[]; R_DKIM_ALLOW(-0.20)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; MX_GOOD(-0.01)[]; TO_DN_NONE(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:email,suse.de:dkim,suse.de:mid]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; RCPT_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[suse.de:+] X-Rspamd-Action: no action Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a07:de40:b251:101:10:150:64:1; envelope-from=farosas@suse.de; helo=smtp-out1.suse.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @suse.de) X-ZM-MESSAGEID: 1747347724701116600 Content-Type: text/plain; charset="utf-8" It's possible for the hup_source to have its reference decremented by remove_hup_source() while it's still being added to the context, leading to asserts in glib: g_source_set_callback_indirect: assertion 'g_atomic_int_get (&source->ref_count) > 0' g_source_attach: assertion 'g_atomic_int_get (&source->ref_count) > 0' failed Add a lock to serialize removal and creation. Signed-off-by: Fabiano Rosas --- chardev/char-socket.c | 4 ++++ chardev/char.c | 2 ++ include/chardev/char.h | 1 + 3 files changed, 7 insertions(+) diff --git a/chardev/char-socket.c b/chardev/char-socket.c index d16608f1ed..88db9acd0d 100644 --- a/chardev/char-socket.c +++ b/chardev/char-socket.c @@ -374,7 +374,9 @@ static void tcp_chr_free_connection(Chardev *chr) s->read_msgfds_num =3D 0; } =20 + qemu_mutex_lock(&chr->hup_source_lock); remove_hup_source(s); + qemu_mutex_unlock(&chr->hup_source_lock); =20 tcp_set_msgfds(chr, NULL, 0); remove_fd_in_watch(chr); @@ -613,6 +615,7 @@ static void update_ioc_handlers(SocketChardev *s) tcp_chr_read, chr, chr->gcontext); =20 + qemu_mutex_lock(&chr->hup_source_lock); remove_hup_source(s); s->hup_source =3D qio_channel_create_watch(s->ioc, G_IO_HUP); /* @@ -634,6 +637,7 @@ static void update_ioc_handlers(SocketChardev *s) g_source_set_callback(s->hup_source, (GSourceFunc)tcp_chr_hup, chr, NULL); g_source_attach(s->hup_source, chr->gcontext); + qemu_mutex_unlock(&chr->hup_source_lock); } =20 static void tcp_chr_connect(void *opaque) diff --git a/chardev/char.c b/chardev/char.c index bbebd246c3..d03f698b38 100644 --- a/chardev/char.c +++ b/chardev/char.c @@ -279,6 +279,7 @@ static void char_init(Object *obj) chr->handover_yank_instance =3D false; chr->logfd =3D -1; qemu_mutex_init(&chr->chr_write_lock); + qemu_mutex_init(&chr->hup_source_lock); =20 /* * Assume if chr_update_read_handler is implemented it will @@ -316,6 +317,7 @@ static void char_finalize(Object *obj) close(chr->logfd); } qemu_mutex_destroy(&chr->chr_write_lock); + qemu_mutex_destroy(&chr->hup_source_lock); } =20 static const TypeInfo char_type_info =3D { diff --git a/include/chardev/char.h b/include/chardev/char.h index 429852f8d9..064184153d 100644 --- a/include/chardev/char.h +++ b/include/chardev/char.h @@ -60,6 +60,7 @@ struct Chardev { Object parent_obj; =20 QemuMutex chr_write_lock; + QemuMutex hup_source_lock; CharBackend *be; char *label; char *filename; --=20 2.35.3