qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] f42fdb: vnc: remove bogus object_unref on cli


From: GitHub
Subject: [Qemu-commits] [qemu/qemu] f42fdb: vnc: remove bogus object_unref on client socket
Date: Fri, 16 Feb 2018 08:45:56 -0800

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: f42fdb24b740f2b99526128dd6e78197e033be11
      
https://github.com/qemu/qemu/commit/f42fdb24b740f2b99526128dd6e78197e033be11
  Author: Daniel P. Berrangé <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  vnc: remove bogus object_unref on client socket

vnc_listen_io() does not own the reference on the 'cioc' parameter is it
passed, so should not be unref'ing it.

Fixes: 13e1d0e71e78a925848258391a6e616b6b5ae219
Reported-by: Bandan Das <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 577ce409acd439b7b5ad14935569cfb10bf261f3
      
https://github.com/qemu/qemu/commit/577ce409acd439b7b5ad14935569cfb10bf261f3
  Author: Gerd Hoffmann <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/vnc-stubs.c

  Log Message:
  -----------
  vnc: add qapi/error.h include to stubs

Fixes --disable-vnc build failure.

Signed-off-by: Gerd Hoffmann <address@hidden>
Reviewed-by: Eric Blake <address@hidden>
Message-id: address@hidden


  Commit: d49b87f0d1e0520443a990fc610d0f02bc63c556
      
https://github.com/qemu/qemu/commit/d49b87f0d1e0520443a990fc610d0f02bc63c556
  Author: Klim Kireev <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/vnc-jobs.c
    M ui/vnc.c

  Log Message:
  -----------
  vnc: fix segfault in closed connection handling

On one of our client's node, due to trying to read from closed ioc,
a segmentation fault occured. Corresponding backtrace:

0  object_get_class (address@hidden)
1  qio_channel_readv_full (ioc=0x0, iov=0x7ffe55277180 ...
2  qio_channel_read (ioc=<optimized out> ...
3  vnc_client_read_buf (address@hidden, ...
4  vnc_client_read_plain (vs=0x55625f3c6000)
5  vnc_client_read (vs=0x55625f3c6000)
6  vnc_client_io (ioc=<optimized out>, condition=G_IO_IN, ...
7  g_main_dispatch (context=0x556251568a50)
8  g_main_context_dispatch (address@hidden)
9  glib_pollfds_poll ()
10 os_host_main_loop_wait (timeout=<optimized out>)
11 main_loop_wait (address@hidden)
12 main_loop () at vl.c:1909
13 main (argc=<optimized out>, argv=<optimized out>, ...

Having analyzed the coredump, I understood that the reason is that
ioc_tag is reset on vnc_disconnect_start and ioc is cleaned
in vnc_disconnect_finish. Between these two events due to some
reasons the ioc_tag was set again and after vnc_disconnect_finish
the handler is running with freed ioc,
which led to the segmentation fault.

The patch checks vs->disconnecting in places where we call
qio_channel_add_watch and resets handler if disconnecting == TRUE
to prevent such an occurrence.

Signed-off-by: Klim Kireev <address@hidden>
Reviewed-by: Daniel P. Berrangé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 2ab858c6c38ee152299445f2810dbd4c3a0ac7ee
      
https://github.com/qemu/qemu/commit/2ab858c6c38ee152299445f2810dbd4c3a0ac7ee
  Author: Anatoly Trosinenko <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/sdl2-2d.c

  Log Message:
  -----------
  sdl: restore optimized redraw

The documentation on SDL_RenderPresent function states that
"the backbuffer should be considered invalidated after each present",
so copy the entire texture on each redraw.

On the other hand, SDL_UpdateTexture function is described as
"fairly slow function", so restrict it to just the changed pixels.

Also added SDL_RenderClear call, as suggested in the documentation
page on SDL_RenderPresent.

Signed-off-by: Anatoly Trosinenko <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 8dfa3061ce56d871dc9df1e264f05e7ec2fb50c1
      
https://github.com/qemu/qemu/commit/8dfa3061ce56d871dc9df1e264f05e7ec2fb50c1
  Author: Gerd Hoffmann <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/sdl2.c

  Log Message:
  -----------
  sdl2: fix mouse grab

When qemu mouse mode changes from relative to absolute
we must turn off sdl relative mouse mode too.

Fixes: https://bugs.launchpad.net/qemu/+bug/1703795
Signed-off-by: Gerd Hoffmann <address@hidden>
Message-Id: <address@hidden>


  Commit: dffa1de071aa956308172170107b7b60d99bf34b
      
https://github.com/qemu/qemu/commit/dffa1de071aa956308172170107b7b60d99bf34b
  Author: Daniel P. Berrangé <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  ui: avoid risk of 32-bit int overflow in VNC buffer check

For very large framebuffers, it is theoretically possible for the result
of 'vs->throttle_output_offset * VNC_THROTTLE_OUTPUT_LIMIT_SCALE' to
exceed the size of a 32-bit int. For this to happen in practice, the
video RAM would have to be set to a large enough value, which is not
likely today. None the less we can be paranoid against future growth by
using division instead of multiplication when checking the limits.

Reported-by: Laszlo Ersek <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 52c7c9d076dc64a6d3f1938b5a4994f84744c7fa
      
https://github.com/qemu/qemu/commit/52c7c9d076dc64a6d3f1938b5a4994f84744c7fa
  Author: Daniel P. Berrangé <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/vnc-auth-sasl.c

  Log Message:
  -----------
  ui: avoid 'local_err' variable shadowing in VNC SASL auth

The start_auth_sasl() method declares a 'Error *local_err' variable in
an inner if () {...} scope, which shadows a variable of the same name
declared at the start of the method. This is confusing for reviewers and
may trigger compiler warnings.

Reported-by: Laszlo Ersek <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: cf0706581bc0c24ab2e9a81ff0fc3efa9482c812
      
https://github.com/qemu/qemu/commit/cf0706581bc0c24ab2e9a81ff0fc3efa9482c812
  Author: Daniel P. Berrangé <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  ui: check VNC audio frequency limit at time of reading from client

The 'vs->as.freq' value is a signed integer, which is read from an
unsigned 32-bit int field on the wire. There is thus a risk of overflow
on 32-bit platforms. Move the frequency limit checking to be done at
time of read before casting to a signed integer.

Reported-by: Laszlo Ersek <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: d50f09ff23f5509c05e3883440849b27af051f08
      
https://github.com/qemu/qemu/commit/d50f09ff23f5509c05e3883440849b27af051f08
  Author: Daniel P. Berrangé <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/vnc-auth-sasl.c

  Log Message:
  -----------
  ui: extend VNC trottling tracing to SASL codepaths

In previous commit:

  commit 6aa22a29187e1908f5db738d27c64a9efc8d0bfa
  Author: Daniel P. Berrange <address@hidden>
  Date:   Mon Dec 18 19:12:27 2017 +0000

    ui: add trace events related to VNC client throttling

trace points related to unthrottling client I/O were missed from the
SASL codepaths.

Reported-by: Laszlo Ersek <address@hidden>
Signed-off-by: Daniel P. Berrangé <address@hidden>
Reviewed-by: Laszlo Ersek <address@hidden>
Message-id: address@hidden
Signed-off-by: Gerd Hoffmann <address@hidden>


  Commit: 5e8d6a12d643a38b82a0a713a77d1192117dbdca
      
https://github.com/qemu/qemu/commit/5e8d6a12d643a38b82a0a713a77d1192117dbdca
  Author: Peter Maydell <address@hidden>
  Date:   2018-02-16 (Fri, 16 Feb 2018)

  Changed paths:
    M ui/sdl2-2d.c
    M ui/sdl2.c
    M ui/vnc-auth-sasl.c
    M ui/vnc-jobs.c
    M ui/vnc-stubs.c
    M ui/vnc.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/kraxel/tags/ui-20180216-pull-request' 
into staging

bugfixes for vnc and sdl2

# gpg: Signature made Fri 16 Feb 2018 11:53:37 GMT
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <address@hidden>"
# gpg:                 aka "Gerd Hoffmann <address@hidden>"
# gpg:                 aka "Gerd Hoffmann (private) <address@hidden>"
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20180216-pull-request:
  ui: extend VNC trottling tracing to SASL codepaths
  ui: check VNC audio frequency limit at time of reading from client
  ui: avoid 'local_err' variable shadowing in VNC SASL auth
  ui: avoid risk of 32-bit int overflow in VNC buffer check
  sdl2: fix mouse grab
  sdl: restore optimized redraw
  vnc: fix segfault in closed connection handling
  vnc: add qapi/error.h include to stubs
  vnc: remove bogus object_unref on client socket

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/d9c92ae335d9...5e8d6a12d643

reply via email to

[Prev in Thread] Current Thread [Next in Thread]