From df2a48c11d014c568393d4909e05b7b251baa47d Mon Sep 17 00:00:00 2001 From: jmaloy Date: Thu, 7 May 2020 21:51:47 +0100 Subject: [PATCH 1/2] vnc: add magic cookie to VncState MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit RH-Author: jmaloy Message-id: <20200507215148.1201876-2-jmaloy@redhat.com> Patchwork-id: 96346 O-Subject: [RHEL-8.2.0 qemu-kvm PATCH 1/2] vnc: add magic cookie to VncState Bugzilla: 1816763 RH-Acked-by: Gerd Hoffmann RH-Acked-by: Danilo de Paula RH-Acked-by: Philippe Mathieu-Daudé RH-Acked-by: Daniel P. Berrange From: Gerd Hoffmann Set magic cookie on initialization. Clear on cleanup. Sprinkle a bunch of assert()s checking the cookie, to verify the pointer is valid. Signed-off-by: Gerd Hoffmann Message-id: 20180507102254.12107-1-kraxel@redhat.com (cherry picked from commit f31f9c1080d8907c95f1501c6abab038eceb5490) Signed-off-by: Jon Maloy Signed-off-by: Danilo C. L. de Paula --- ui/vnc-jobs.c | 4 ++++ ui/vnc.c | 10 +++++++++- ui/vnc.h | 3 +++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/ui/vnc-jobs.c b/ui/vnc-jobs.c index 868ddde..b0b15d4 100644 --- a/ui/vnc-jobs.c +++ b/ui/vnc-jobs.c @@ -82,6 +82,7 @@ VncJob *vnc_job_new(VncState *vs) { VncJob *job = g_new0(VncJob, 1); + assert(vs->magic == VNC_MAGIC); job->vs = vs; vnc_lock_queue(queue); QLIST_INIT(&job->rectangles); @@ -214,6 +215,7 @@ static int vnc_worker_thread_loop(VncJobQueue *queue) /* Here job can only be NULL if queue->exit is true */ job = QTAILQ_FIRST(&queue->jobs); vnc_unlock_queue(queue); + assert(job->vs->magic == VNC_MAGIC); if (queue->exit) { return -1; @@ -236,6 +238,7 @@ static int vnc_worker_thread_loop(VncJobQueue *queue) /* Make a local copy of vs and switch output buffers */ vnc_async_encoding_start(job->vs, &vs); + vs.magic = VNC_MAGIC; /* Start sending rectangles */ n_rectangles = 0; @@ -289,6 +292,7 @@ disconnected: vnc_unlock_queue(queue); qemu_cond_broadcast(&queue->cond); g_free(job); + vs.magic = 0; return 0; } diff --git a/ui/vnc.c b/ui/vnc.c index 0bd44f1..dbbc76e 100644 --- a/ui/vnc.c +++ b/ui/vnc.c @@ -1157,6 +1157,7 @@ static void audio_capture_notify(void *opaque, audcnotification_e cmd) { VncState *vs = opaque; + assert(vs->magic == VNC_MAGIC); switch (cmd) { case AUD_CNOTIFY_DISABLE: vnc_lock_output(vs); @@ -1186,6 +1187,7 @@ static void audio_capture(void *opaque, void *buf, int size) { VncState *vs = opaque; + assert(vs->magic == VNC_MAGIC); vnc_lock_output(vs); if (vs->output.offset < vs->throttle_output_offset) { vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); @@ -1294,6 +1296,7 @@ void vnc_disconnect_finish(VncState *vs) vs->ioc = NULL; object_unref(OBJECT(vs->sioc)); vs->sioc = NULL; + vs->magic = 0; g_free(vs); } @@ -1433,7 +1436,7 @@ static void vnc_client_write_locked(VncState *vs) static void vnc_client_write(VncState *vs) { - + assert(vs->magic == VNC_MAGIC); vnc_lock_output(vs); if (vs->output.offset) { vnc_client_write_locked(vs); @@ -1506,6 +1509,7 @@ static void vnc_jobs_bh(void *opaque) { VncState *vs = opaque; + assert(vs->magic == VNC_MAGIC); vnc_jobs_consume_buffer(vs); } @@ -1556,6 +1560,8 @@ gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, GIOCondition condition, void *opaque) { VncState *vs = opaque; + + assert(vs->magic == VNC_MAGIC); if (condition & G_IO_IN) { if (vnc_client_read(vs) < 0) { goto end; @@ -1586,6 +1592,7 @@ end: void vnc_write(VncState *vs, const void *data, size_t len) { + assert(vs->magic == VNC_MAGIC); if (vs->disconnecting) { return; } @@ -3082,6 +3089,7 @@ static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, int i; trace_vnc_client_connect(vs, sioc); + vs->magic = VNC_MAGIC; vs->sioc = sioc; object_ref(OBJECT(vs->sioc)); vs->ioc = QIO_CHANNEL(sioc); diff --git a/ui/vnc.h b/ui/vnc.h index 7b29def..7626329 100644 --- a/ui/vnc.h +++ b/ui/vnc.h @@ -255,8 +255,11 @@ typedef enum { VNC_STATE_UPDATE_FORCE, } VncStateUpdate; +#define VNC_MAGIC ((uint64_t)0x05b3f069b3d204bb) + struct VncState { + uint64_t magic; QIOChannelSocket *sioc; /* The underlying socket */ QIOChannel *ioc; /* The channel currently used for I/O */ guint ioc_tag; -- 1.8.3.1