[Qemu-commits] [qemu/qemu] 2b61bb: char-socket: initialize reconnect tim

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 2b61bb: char-socket: initialize reconnect tim

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] 2b61bb: char-socket: initialize reconnect timer only when ...
Date:	Mon, 13 Jul 2020 05:15:27 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 2b61bb716cd45ffe10fc92512b6134084c0ffcde
      
https://github.com/qemu/qemu/commit/2b61bb716cd45ffe10fc92512b6134084c0ffcde
  Author: Li Feng <fengli@smartx.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M chardev/char-socket.c
    M tests/test-char.c

  Log Message:
  -----------
  char-socket: initialize reconnect timer only when the timer doesn't start

When the disconnect event is triggered in the connecting stage,
the tcp_chr_disconnect_locked may be called twice.

The first call:
    #0  qemu_chr_socket_restart_timer (chr=0x55555582ee90) at 
chardev/char-socket.c:120
    #1  0x000055555558e38c in tcp_chr_disconnect_locked (chr=<optimized out>) 
at chardev/char-socket.c:490
    #2  0x000055555558e3cd in tcp_chr_disconnect (chr=0x55555582ee90) at 
chardev/char-socket.c:497
    #3  0x000055555558ea32 in tcp_chr_new_client (chr=chr@entry=0x55555582ee90, 
sioc=sioc@entry=0x55555582f0b0) at chardev/char-socket.c:892
    #4  0x000055555558eeb8 in qemu_chr_socket_connected (task=0x55555582f300, 
opaque=<optimized out>) at chardev/char-socket.c:1090
    #5  0x0000555555574352 in qio_task_complete 
(task=task@entry=0x55555582f300) at io/task.c:196
    #6  0x00005555555745f4 in qio_task_thread_result (opaque=0x55555582f300) at 
io/task.c:111
    #7  qio_task_wait_thread (task=0x55555582f300) at io/task.c:190
    #8  0x000055555558f17e in tcp_chr_wait_connected (chr=0x55555582ee90, 
errp=0x555555802a08 <error_abort>) at chardev/char-socket.c:1013
    #9  0x0000555555567cbd in char_socket_client_reconnect_test 
(opaque=0x5555557fe020 <client8unix>) at tests/test-char.c:1152
The second call:
    #0  0x00007ffff5ac3277 in raise () from /lib64/libc.so.6
    #1  0x00007ffff5ac4968 in abort () from /lib64/libc.so.6
    #2  0x00007ffff5abc096 in __assert_fail_base () from /lib64/libc.so.6
    #3  0x00007ffff5abc142 in __assert_fail () from /lib64/libc.so.6
    #4  0x000055555558d10a in qemu_chr_socket_restart_timer 
(chr=0x55555582ee90) at chardev/char-socket.c:125
    #5  0x000055555558df0c in tcp_chr_disconnect_locked (chr=<optimized out>) 
at chardev/char-socket.c:490
    #6  0x000055555558df4d in tcp_chr_disconnect (chr=0x55555582ee90) at 
chardev/char-socket.c:497
    #7  0x000055555558e5b2 in tcp_chr_new_client (chr=chr@entry=0x55555582ee90, 
sioc=sioc@entry=0x55555582f0b0) at chardev/char-socket.c:892
    #8  0x000055555558e93a in tcp_chr_connect_client_sync 
(chr=chr@entry=0x55555582ee90, errp=errp@entry=0x7fffffffd178) at 
chardev/char-socket.c:944
    #9  0x000055555558ec78 in tcp_chr_wait_connected (chr=0x55555582ee90, 
errp=0x555555802a08 <error_abort>) at chardev/char-socket.c:1035
    #10 0x000055555556804b in char_socket_client_test (opaque=0x5555557fe020 
<client8unix>) at tests/test-char.c:1023

Run test/test-char to reproduce this issue.

test-char: chardev/char-socket.c:125: qemu_chr_socket_restart_timer: Assertion 
`!s->reconnect_timer' failed.

Signed-off-by: Li Feng <fengli@smartx.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20200522025554.41063-1-fengli@smartx.com>


  Commit: 14a7a203063694ff932f3371ed93e97987dcafc0
      
https://github.com/qemu/qemu/commit/14a7a203063694ff932f3371ed93e97987dcafc0
  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M chardev/char.c

  Log Message:
  -----------
  chardev: don't abort on attempt to add duplicated chardev

This is a regression from commit d2623129a7d ("qom: Drop parameter @errp
of object_property_add() & friends").

(qemu) chardev-add id=null,backend=null
(qemu) chardev-add id=null,backend=null
Unexpected error in object_property_try_add() at 
/home/elmarco/src/qemu/qom/object.c:1166:
attempt to add duplicate property 'null' to object (type 'container')

That case is currently not covered in the test suite, but will be with
the queued patch "char: fix use-after-free with dup chardev &
reconnect".

Fixes: d2623129a7dec1d3041ad1221dda1ca49c667532
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>


  Commit: 6806601969a0d6c095e3836423fef1dedec55289
      
https://github.com/qemu/qemu/commit/6806601969a0d6c095e3836423fef1dedec55289
  Author: Marc-André Lureau <marcandre.lureau@redhat.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M chardev/char-socket.c
    M tests/test-char.c

  Log Message:
  -----------
  char: fix use-after-free with dup chardev & reconnect

With a reconnect socket, qemu_char_open() will start a background
thread. It should keep a reference on the chardev.

Fixes invalid read:
READ of size 8 at 0x6040000ac858 thread T7
    #0 0x5555598d37b8 in unix_connect_saddr 
/home/elmarco/src/qq/util/qemu-sockets.c:954
    #1 0x5555598d4751 in socket_connect 
/home/elmarco/src/qq/util/qemu-sockets.c:1109
    #2 0x555559707c34 in qio_channel_socket_connect_sync 
/home/elmarco/src/qq/io/channel-socket.c:145
    #3 0x5555596adebb in tcp_chr_connect_client_task 
/home/elmarco/src/qq/chardev/char-socket.c:1104
    #4 0x555559723d55 in qio_task_thread_worker 
/home/elmarco/src/qq/io/task.c:123
    #5 0x5555598a6731 in qemu_thread_start 
/home/elmarco/src/qq/util/qemu-thread-posix.c:519
    #6 0x7ffff40d4431 in start_thread (/lib64/libpthread.so.0+0x9431)
    #7 0x7ffff40029d2 in __clone (/lib64/libc.so.6+0x1019d2)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200420112012.567284-1-marcandre.lureau@redhat.com>


  Commit: 833ef7ec5677ac3f6627f44fbd599cfb16581220
      
https://github.com/qemu/qemu/commit/833ef7ec5677ac3f6627f44fbd599cfb16581220
  Author: Philippe Mathieu-Daudé <philmd@redhat.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M monitor/misc.c

  Log Message:
  -----------
  monitor/misc: Remove unused "chardev/char-mux.h" include

monitor/misc.c never required "chardev/char-mux.h", remove it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200423202112.644-2-philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>


  Commit: 35b49e93fda0498fe1a8663a6ad3db11756d7e93
      
https://github.com/qemu/qemu/commit/35b49e93fda0498fe1a8663a6ad3db11756d7e93
  Author: Philippe Mathieu-Daudé <philmd@redhat.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M tests/test-char.c

  Log Message:
  -----------
  tests/test-char: Remove unused "chardev/char-mux.h" include

This test never required "chardev/char-mux.h", remove it.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200423202112.644-3-philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>


  Commit: c383efd50a12991a23921e37541c6e5f1bfec1e4
      
https://github.com/qemu/qemu/commit/c383efd50a12991a23921e37541c6e5f1bfec1e4
  Author: Philippe Mathieu-Daudé <philmd@redhat.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M chardev/Makefile.objs

  Log Message:
  -----------
  chardev: Restrict msmouse / wctablet / testdev to system emulation

The msmouse / wctablet / testdev character devices are only
used by system emulation. Remove them from user mode and tools.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200423202112.644-4-philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>


  Commit: ffa0f7eb57f3fbb4947e5bf12040108481ea46c3
      
https://github.com/qemu/qemu/commit/ffa0f7eb57f3fbb4947e5bf12040108481ea46c3
  Author: Philippe Mathieu-Daudé <philmd@redhat.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M chardev/char-fe.c
    M chardev/char-mux.c
    M chardev/char.c
    A chardev/chardev-internal.h
    R include/chardev/char-mux.h

  Log Message:
  -----------
  chardev: Reduce "char-mux.h" scope, rename it "chardev-internal.h"

No file out of chardev/ requires access to this header,
restrict its scope.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200423202112.644-5-philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>


  Commit: 30827bad3852fd85d86995e7ccab429679442889
      
https://github.com/qemu/qemu/commit/30827bad3852fd85d86995e7ccab429679442889
  Author: Philippe Mathieu-Daudé <philmd@redhat.com>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M chardev/Makefile.objs
    M chardev/char.c
    M chardev/chardev-internal.h
    A chardev/chardev-sysemu.c

  Log Message:
  -----------
  chardev: Extract system emulation specific code

Split out code only used during system emulation,
to reduce code pulled in user emulation and tools.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200423202112.644-6-philmd@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>


  Commit: 6c87d9f311dba0641bdc2df556056938a8bf2a12
      
https://github.com/qemu/qemu/commit/6c87d9f311dba0641bdc2df556056938a8bf2a12
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2020-07-13 (Mon, 13 Jul 2020)

  Changed paths:
    M chardev/Makefile.objs
    M chardev/char-fe.c
    M chardev/char-mux.c
    M chardev/char-socket.c
    M chardev/char.c
    A chardev/chardev-internal.h
    A chardev/chardev-sysemu.c
    R include/chardev/char-mux.h
    M monitor/misc.c
    M tests/test-char.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/elmarco/tags/chardev-pull-request' into 
staging

# gpg: Signature made Mon 13 Jul 2020 09:23:19 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" 
[full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" 
[full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/chardev-pull-request:
  chardev: Extract system emulation specific code
  chardev: Reduce "char-mux.h" scope, rename it "chardev-internal.h"
  chardev: Restrict msmouse / wctablet / testdev to system emulation
  tests/test-char: Remove unused "chardev/char-mux.h" include
  monitor/misc: Remove unused "chardev/char-mux.h" include
  char: fix use-after-free with dup chardev & reconnect
  chardev: don't abort on attempt to add duplicated chardev
  char-socket: initialize reconnect timer only when the timer doesn't start

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/9f526fce49c6...6c87d9f311db
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 2b61bb: char-socket: initialize reconnect timer only when ..., Peter Maydell <=
Prev by Date: [Qemu-commits] [qemu/qemu] b418d2: crypto/linux_keyring: fix 'secret_keyring' configu...
Next by Date: [Qemu-commits] [qemu/qemu] d1abf3: configure: fix malloc check
Previous by thread: [Qemu-commits] [qemu/qemu] b418d2: crypto/linux_keyring: fix 'secret_keyring' configu...
Next by thread: [Qemu-commits] [qemu/qemu] d1abf3: configure: fix malloc check
Index(es):
- Date
- Thread