|
|
9ae3a8 |
From 74eb4b3e1fcc6d36de0116c2fbbaa308191a1ab7 Mon Sep 17 00:00:00 2001
|
|
|
9ae3a8 |
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
|
9ae3a8 |
Date: Thu, 8 Feb 2018 17:50:15 +0100
|
|
|
9ae3a8 |
Subject: [PATCH 01/27] vnc: Fix qemu crashed when vnc client disconnect
|
|
|
9ae3a8 |
suddenly
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
RH-Author: Daniel P. Berrange <berrange@redhat.com>
|
|
|
9ae3a8 |
Message-id: <20180208175041.5634-2-berrange@redhat.com>
|
|
|
9ae3a8 |
Patchwork-id: 78947
|
|
|
9ae3a8 |
O-Subject: [RHEL-7.5 qemu-kvm PATCH v1 01/27] vnc: Fix qemu crashed when vnc client disconnect suddenly
|
|
|
9ae3a8 |
Bugzilla: 1527405
|
|
|
9ae3a8 |
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
From: "Gonglei (Arei)" <arei.gonglei@huawei.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Hi,
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
When I use RealVNC viewer client (http://www.realvnc.com/) to connect vnc server,
|
|
|
9ae3a8 |
the client disconnect suddenly, and I click reconnect button immediately, then the Qemu crashed.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
In the function vnc_worker_thread_loop, will call vnc_async_encoding_start
|
|
|
9ae3a8 |
to set the local vs->output buffer by global queue's buffer. Then send rectangles to
|
|
|
9ae3a8 |
the vnc client call function vnc_send_framebuffer_update. Finally, Under normal circumstances,
|
|
|
9ae3a8 |
call vnc_async_encoding_end to set the global queue'buffer by the local vs->output conversely.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
When the vnc client disconnect, the job->vs->csock will be set to -1. And the current prcoess
|
|
|
9ae3a8 |
logic will goto disconnected partion without call function vnc_async_encoding_end.
|
|
|
9ae3a8 |
But, the function vnc_send_framebuffer_update will call buffer_reserve, which
|
|
|
9ae3a8 |
maybe call g_realloc reset the local vs's buffer, meaning the global queue's buffer is modified also.
|
|
|
9ae3a8 |
If anyone use the original global queue's buffer memory will cause corruption and then crash qemu.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
This patch assure the function vnc_async_encoding_end being called
|
|
|
9ae3a8 |
even though the vnc client disconnect suddenly.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
|
|
|
9ae3a8 |
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
|
|
|
9ae3a8 |
(cherry picked from commit e3c1adf16e38714ebd761dd02517dd07760ba6d2)
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
ui/vnc-jobs.c | 5 +++++
|
|
|
9ae3a8 |
1 file changed, 5 insertions(+)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c
|
|
|
9ae3a8 |
index 2d3fce8..a141f40 100644
|
|
|
9ae3a8 |
--- a/ui/vnc-jobs.c
|
|
|
9ae3a8 |
+++ b/ui/vnc-jobs.c
|
|
|
9ae3a8 |
@@ -252,6 +252,8 @@ static int vnc_worker_thread_loop(VncJobQueue *queue)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
if (job->vs->csock == -1) {
|
|
|
9ae3a8 |
vnc_unlock_display(job->vs->vd);
|
|
|
9ae3a8 |
+ /* Copy persistent encoding data */
|
|
|
9ae3a8 |
+ vnc_async_encoding_end(job->vs, &vs);
|
|
|
9ae3a8 |
goto disconnected;
|
|
|
9ae3a8 |
}
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
@@ -278,6 +280,9 @@ static int vnc_worker_thread_loop(VncJobQueue *queue)
|
|
|
9ae3a8 |
vnc_async_encoding_end(job->vs, &vs);
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
qemu_bh_schedule(job->vs->bh);
|
|
|
9ae3a8 |
+ } else {
|
|
|
9ae3a8 |
+ /* Copy persistent encoding data */
|
|
|
9ae3a8 |
+ vnc_async_encoding_end(job->vs, &vs);
|
|
|
9ae3a8 |
}
|
|
|
9ae3a8 |
vnc_unlock_output(job->vs);
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
--
|
|
|
9ae3a8 |
1.8.3.1
|
|
|
9ae3a8 |
|