yeahuh / rpms / qemu-kvm

Forked from rpms/qemu-kvm 2 years ago
Clone

Blame SOURCES/kvm-usbredir-Prevent-recursion-in-usbredir_write.patch

902636
From 8f6311159977b8ee4b78172caa411d3cee4d2ae5 Mon Sep 17 00:00:00 2001
016a62
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
902636
Date: Tue, 14 Jan 2020 20:23:30 +0000
902636
Subject: [PATCH 4/5] usbredir: Prevent recursion in usbredir_write
016a62
MIME-Version: 1.0
016a62
Content-Type: text/plain; charset=UTF-8
016a62
Content-Transfer-Encoding: 8bit
016a62
016a62
RH-Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
902636
Message-id: <20200114202331.51831-2-dgilbert@redhat.com>
902636
Patchwork-id: 93344
902636
O-Subject: [RHEL-AV-8.2.0 qemu-kvm PATCH 1/2] usbredir: Prevent recursion in usbredir_write
902636
Bugzilla: 1790844
016a62
RH-Acked-by: Peter Xu <peterx@redhat.com>
902636
RH-Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com>
902636
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
016a62
016a62
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
016a62
016a62
I've got a case where usbredir_write manages to call back into itself
016a62
via spice; this patch causes the recursion to fail (0 bytes) the write;
016a62
this seems to avoid the deadlock I was previously seeing.
016a62
016a62
I can't say I fully understand the interaction of usbredir and spice;
016a62
but there are a few similar guards in spice and usbredir
016a62
to catch other cases especially onces also related to spice_server_char_device_wakeup
016a62
016a62
This case seems to be triggered by repeated migration+repeated
016a62
reconnection of the viewer; but my debugging suggests the migration
016a62
finished before this hits.
016a62
016a62
The backtrace of the hang looks like:
016a62
  reds_handle_ticket
016a62
  reds_handle_other_links
016a62
  reds_channel_do_link
016a62
  red_channel_connect
016a62
  spicevmc_connect
016a62
  usbredir_create_parser
016a62
  usbredirparser_do_write
016a62
  usbredir_write
016a62
  qemu_chr_fe_write
016a62
  qemu_chr_write
016a62
  qemu_chr_write_buffer
016a62
  spice_chr_write
016a62
  spice_server_char_device_wakeup
016a62
  red_char_device_wakeup
016a62
  red_char_device_write_to_device
016a62
  vmc_write
016a62
  usbredirparser_do_write
016a62
  usbredir_write
016a62
  qemu_chr_fe_write
016a62
  qemu_chr_write
016a62
  qemu_chr_write_buffer
016a62
  qemu_mutex_lock_impl
016a62
016a62
and we fail as we land through qemu_chr_write_buffer's lock
016a62
twice.
016a62
016a62
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1752320
016a62
016a62
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
016a62
Message-Id: <20191218113012.13331-1-dgilbert@redhat.com>
016a62
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
016a62
(cherry picked from commit 394642a8d3742c885e397d5bb5ee0ec40743cdc6)
902636
Signed-off-by: Danilo C. L. de Paula <ddepaula@redhat.com>
016a62
---
016a62
 hw/usb/redirect.c | 9 +++++++++
016a62
 1 file changed, 9 insertions(+)
016a62
016a62
diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
902636
index e0f5ca6..97f2c3a 100644
016a62
--- a/hw/usb/redirect.c
016a62
+++ b/hw/usb/redirect.c
902636
@@ -113,6 +113,7 @@ struct USBRedirDevice {
016a62
     /* Properties */
016a62
     CharBackend cs;
016a62
     bool enable_streams;
016a62
+    bool in_write;
016a62
     uint8_t debug;
016a62
     int32_t bootindex;
016a62
     char *filter_str;
902636
@@ -290,6 +291,13 @@ static int usbredir_write(void *priv, uint8_t *data, int count)
016a62
         return 0;
016a62
     }
016a62
 
016a62
+    /* Recursion check */
016a62
+    if (dev->in_write) {
016a62
+        DPRINTF("usbredir_write recursion\n");
016a62
+        return 0;
016a62
+    }
016a62
+    dev->in_write = true;
016a62
+
016a62
     r = qemu_chr_fe_write(&dev->cs, data, count);
016a62
     if (r < count) {
016a62
         if (!dev->watch) {
902636
@@ -300,6 +308,7 @@ static int usbredir_write(void *priv, uint8_t *data, int count)
016a62
             r = 0;
016a62
         }
016a62
     }
016a62
+    dev->in_write = false;
016a62
     return r;
016a62
 }
016a62
 
016a62
-- 
016a62
1.8.3.1
016a62