|
 |
1bb5d1 |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
1bb5d1 |
From: Christophe Fergeau <cfergeau@redhat.com>
|
|
|
1bb5d1 |
Date: Tue, 10 Apr 2018 17:32:48 +0200
|
|
|
1bb5d1 |
Subject: [spice-server] cursor: Delay release of QXL guest cursor resources
|
|
|
1bb5d1 |
|
|
|
1bb5d1 |
There's an implicit API/ABI contract between QEMU and SPICE that SPICE
|
|
|
1bb5d1 |
will keep the guest QXL resources alive as long as QEMU can hold a
|
|
|
1bb5d1 |
pointer to them. This implicit contract was broken in 1c6e7cf7 "Release
|
|
|
1bb5d1 |
cursor as soon as possible", causing crashes at migration time.
|
|
|
1bb5d1 |
While the proper fix would be in QEMU so that spice-server does not need
|
|
|
1bb5d1 |
to have that kind of knowledge regarding QEMU internal implementation,
|
|
|
1bb5d1 |
this commit reverts to the pre-1c6e7cf7 behaviour to avoid a regression
|
|
|
1bb5d1 |
while QEMU is being fixed.
|
|
|
1bb5d1 |
|
|
|
1bb5d1 |
This version of the fix is based on a suggestion from Frediano Ziglio.
|
|
|
1bb5d1 |
|
|
|
1bb5d1 |
https://bugzilla.redhat.com/show_bug.cgi?id=1540919
|
|
|
1bb5d1 |
|
|
|
1bb5d1 |
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
|
1bb5d1 |
Acked-by: Frediano Ziglio <fziglio@redhat.com>
|
|
|
1bb5d1 |
---
|
|
|
1bb5d1 |
server/red-parse-qxl.c | 4 ++++
|
|
|
1bb5d1 |
server/red-parse-qxl.h | 1 +
|
|
|
1bb5d1 |
server/red-worker.c | 2 +-
|
|
|
1bb5d1 |
3 files changed, 6 insertions(+), 1 deletion(-)
|
|
|
1bb5d1 |
|
|
|
1bb5d1 |
diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
|
|
|
1bb5d1 |
index 33f3692..c436214 100644
|
|
|
1bb5d1 |
--- a/server/red-parse-qxl.c
|
|
|
1bb5d1 |
+++ b/server/red-parse-qxl.c
|
|
|
1bb5d1 |
@@ -24,6 +24,7 @@
|
|
|
1bb5d1 |
#include <common/lz_common.h>
|
|
|
1bb5d1 |
#include "spice-bitmap-utils.h"
|
|
|
1bb5d1 |
#include "red-common.h"
|
|
|
1bb5d1 |
+#include "red-qxl.h"
|
|
|
1bb5d1 |
#include "memslot.h"
|
|
|
1bb5d1 |
#include "red-parse-qxl.h"
|
|
|
1bb5d1 |
|
|
|
1bb5d1 |
@@ -1497,4 +1498,7 @@ void red_put_cursor_cmd(RedCursorCmd *red)
|
|
|
1bb5d1 |
red_put_cursor(&red->u.set.shape);
|
|
|
1bb5d1 |
break;
|
|
|
1bb5d1 |
}
|
|
|
1bb5d1 |
+ if (red->qxl) {
|
|
|
1bb5d1 |
+ red_qxl_release_resource(red->qxl, red->release_info_ext);
|
|
|
1bb5d1 |
+ }
|
|
|
1bb5d1 |
}
|
|
|
1bb5d1 |
diff --git a/server/red-parse-qxl.h b/server/red-parse-qxl.h
|
|
|
1bb5d1 |
index 4a576ca..f0407b5 100644
|
|
|
1bb5d1 |
--- a/server/red-parse-qxl.h
|
|
|
1bb5d1 |
+++ b/server/red-parse-qxl.h
|
|
|
1bb5d1 |
@@ -99,6 +99,7 @@ typedef struct RedSurfaceCmd {
|
|
|
1bb5d1 |
} RedSurfaceCmd;
|
|
|
1bb5d1 |
|
|
|
1bb5d1 |
typedef struct RedCursorCmd {
|
|
|
1bb5d1 |
+ QXLInstance *qxl;
|
|
|
1bb5d1 |
QXLReleaseInfoExt release_info_ext;
|
|
|
1bb5d1 |
uint8_t type;
|
|
|
1bb5d1 |
union {
|
|
|
1bb5d1 |
diff --git a/server/red-worker.c b/server/red-worker.c
|
|
|
1bb5d1 |
index 8a63fde..ccf5df9 100644
|
|
|
1bb5d1 |
--- a/server/red-worker.c
|
|
|
1bb5d1 |
+++ b/server/red-worker.c
|
|
|
1bb5d1 |
@@ -112,7 +112,7 @@ static gboolean red_process_cursor_cmd(RedWorker *worker, const QXLCommandExt *e
|
|
|
1bb5d1 |
free(cursor_cmd);
|
|
|
1bb5d1 |
return FALSE;
|
|
|
1bb5d1 |
}
|
|
|
1bb5d1 |
- red_qxl_release_resource(worker->qxl, cursor_cmd->release_info_ext);
|
|
|
1bb5d1 |
+ cursor_cmd->qxl = worker->qxl;
|
|
|
1bb5d1 |
cursor_channel_process_cmd(worker->cursor_channel, cursor_cmd);
|
|
|
1bb5d1 |
return TRUE;
|
|
|
1bb5d1 |
}
|