Re: [PATCH] usbredir: Prevent recursion in usbredir_write

[Gerd Hoffmann]

On Wed, Dec 18, 2019 at 11:30:12AM +0000, Dr. David Alan Gilbert (git) wrote:
> From: "Dr. David Alan Gilbert" <address@hidden>
> 
> I've got a case where usbredir_write manages to call back into itself
> via spice; this patch causes the recursion to fail (0 bytes) the write;
> this seems to avoid the deadlock I was previously seeing.
> 
> I can't say I fully understand the interaction of usbredir and spice;
> but there are a few similar guards in spice and usbredir
> to catch other cases especially onces also related to 
> spice_server_char_device_wakeup
> 
> This case seems to be triggered by repeated migration+repeated
> reconnection of the viewer; but my debugging suggests the migration
> finished before this hits.
> 
> The backtrace of the hang looks like:
>   reds_handle_ticket
>   reds_handle_other_links
>   reds_channel_do_link
>   red_channel_connect
>   spicevmc_connect
>   usbredir_create_parser
>   usbredirparser_do_write
>   usbredir_write
>   qemu_chr_fe_write
>   qemu_chr_write
>   qemu_chr_write_buffer
>   spice_chr_write
>   spice_server_char_device_wakeup
>   red_char_device_wakeup
>   red_char_device_write_to_device
>   vmc_write
>   usbredirparser_do_write
>   usbredir_write
>   qemu_chr_fe_write
>   qemu_chr_write
>   qemu_chr_write_buffer
>   qemu_mutex_lock_impl
> 
> and we fail as we lang through qemu_chr_write_buffer's lock
> twice.
> 
> Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1752320
> 
> Signed-off-by: Dr. David Alan Gilbert <address@hidden>
> ---
>  hw/usb/redirect.c | 9 +++++++++
>  1 file changed, 9 insertions(+)

Added to usb queue.

thanks,
  Gerd