| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
As SpiceCharDeviceState is only unref'ed on
spice_char_device_state_destroy the same device could be destroyed more
then once so the pointers that are freed should be set to NULL.
Related: https://bugzilla.redhat.com/show_bug.cgi?id=1281455
|
|
|
|
|
|
|
|
| |
When no client is connect we should not need to keep the memory pool
used by char-device. In most situations this is not significant but
when using webdav this could mean freeing MAX_POOL_SIZE bytes
Related: https://bugs.freedesktop.org/show_bug.cgi?id=91350
|
|
|
|
|
|
|
|
| |
Otherwise the amount of unused memory could grow while transfering big
chunks of data. This change only means that once the memory was used it
will not be stored again after the limit was reached.
Related: https://bugs.freedesktop.org/show_bug.cgi?id=91350
|
|
|
|
|
|
|
|
|
|
|
| |
There are places were the could should definetly free the
SpiceCharDeviceWriteBuffer and places that it should only unref it. The
current use of spice_char_device_write_buffer_free was missleading.
This patch creates the spice_char_device_write_buffer_unref and properly
call these two functions.
Related: https://bugs.freedesktop.org/show_bug.cgi?id=91350
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes Spice's smart card support and is related to
commit 697f3214fd16adcd524456003619f7f44ddd031b.
Reported-by: Swapna Krishnan <skrishna@redhat.com>
Recursion is now possible starting with spice_char_device_write_to_device
going through spice_char_device_wakeup (after going through qemu),
calling again to spice_char_device_write_to_device.
The protecting code is the same as the one protecting the read path.
This function call loop makes the program to abort with the following messages:
usb-ccid: chardev: unexpected message of type 3000000
qemu: qemu_mutex_lock: Resource deadlock avoided
Backtrace:
(gdb) bt
* #0 0x00007ffff3fc78c7 in raise () from /lib64/libc.so.6
* #1 0x00007ffff3fc952a in abort () from /lib64/libc.so.6
* #2 0x0000555555969a95 in error_exit (err=35,
* msg=0x5555559f8c90 <__func__.5119> "qemu_mutex_lock")
* at util/qemu-thread-posix.c:48
* #3 0x0000555555969b82 in qemu_mutex_lock (mutex=0x5555562c4d60)
* at util/qemu-thread-posix.c:79
* #4 0x0000555555714771 in qemu_chr_fe_write (s=0x5555562c4d60,
* buf=0x7fffffffd2a0 "", len=12) at qemu-char.c:219
* #5 0x000055555586be49 in ccid_card_vscard_send_msg (s=0x5555565c5f80,
* type=VSC_Error, reader_id=0, payload=0x7fffffffd2e0 "", length=4)
* at hw/usb/ccid-card-passthru.c:75
* #6 0x000055555586bf00 in ccid_card_vscard_send_error (s=0x5555565c5f80,
* reader_id=0, code=VSC_GENERAL_ERROR) at
* hw/usb/ccid-card-passthru.c:91
* #7 0x000055555586c559 in ccid_card_vscard_handle_message (
* card=0x5555565c5f80, scr_msg_header=0x5555565c6008)
* at hw/usb/ccid-card-passthru.c:254
* #8 0x000055555586c72f in ccid_card_vscard_read (opaque=0x5555565c5f80,
* buf=0x5555565034b0 "", size=12) at hw/usb/ccid-card-passthru.c:289
* #9 0x00005555557149db in qemu_chr_be_write (s=0x5555562c4d60,
* buf=0x5555565034b0 "", len=12) at qemu-char.c:305
* #10 0x000055555571cde5 in vmc_write (sin=0x5555562c4e78,
* buf=0x5555565034b0 "", len=12) at spice-qemu-char.c:41
* #11 0x00007ffff4fa86aa in spice_char_device_write_to_device (
* dev=0x55555657f210) at char_device.c:462
* #12 0x00007ffff4fa9b48 in spice_char_device_wakeup (dev=0x55555657f210)
* at char_device.c:862
* #13 0x00007ffff4ff7658 in spice_server_char_device_wakeup
* (sin=0x5555562c4e78) at reds.c:2955
* #14 0x000055555571d1d2 in spice_chr_write (chr=0x5555562c4d60,
* buf=0x7fffffffd560 "", len=12) at spice-qemu-char.c:189
* #15 0x0000555555714789 in qemu_chr_fe_write (s=0x5555562c4d60,
* buf=0x7fffffffd560 "", len=12) at qemu-char.c:220
* #16 0x000055555586be49 in ccid_card_vscard_send_msg (s=0x5555565c5f80,
* type=VSC_Error, reader_id=0, payload=0x7fffffffd5a0 "", length=4)
* at hw/usb/ccid-card-passthru.c:75
* #17 0x000055555586bf00 in ccid_card_vscard_send_error
* (s=0x5555565c5f80,
* reader_id=0, code=VSC_SUCCESS) at hw/usb/ccid-card-passthru.c:91
* #18 0x000055555586c4fc in ccid_card_vscard_handle_message (
* card=0x5555565c5f80, scr_msg_header=0x5555565c6008)
* at hw/usb/ccid-card-passthru.c:242
* #19 0x000055555586c72f in ccid_card_vscard_read (opaque=0x5555565c5f80,
* buf=0x5555565034b0 "", size=12) at hw/usb/ccid-card-passthru.c:289
* #20 0x00005555557149db in qemu_chr_be_write (s=0x5555562c4d60,
* buf=0x5555565034b0 "", len=12) at qemu-char.c:305
* #21 0x000055555571cde5 in vmc_write (sin=0x5555562c4e78,
* buf=0x5555565034b0 "", len=12) at spice-qemu-char.c:41
* #22 0x00007ffff4fa86aa in spice_char_device_write_to_device (
* dev=0x55555657f210) at char_device.c:462
* #23 0x00007ffff4fa8d37 in spice_char_device_write_buffer_add (
* dev=0x55555657f210, write_buf=0x555556501f70) at char_device.c:597
* #24 0x00007ffff501142d in smartcard_channel_write_to_reader (
* write_buf=0x555556501f70) at smartcard.c:669
* #25 0x00007ffff501034c in smartcard_char_device_notify_reader_add (
* st=0x55555657ef00) at smartcard.c:335
* #26 0x00007ffff50112b3 in smartcard_add_reader (scc=0x555556493ee0,
* name=0x5555565023cc "E-Gate 0 0") at smartcard.c:642
* #27 0x00007ffff50118d2 in smartcard_channel_handle_message (
* rcc=0x555556493ee0, type=101, size=22, msg=0x5555565023c0 "\003")
* at smartcard.c:757
* #28 0x00007ffff4fbc168 in red_peer_handle_incoming
* (stream=0x555556588250, handler=0x555556497ff0) at red_channel.c:308
* #29 0x00007ffff4fbc231 in red_channel_client_receive
* (rcc=0x555556493ee0) at red_channel.c:326
* #30 0x00007ffff4fc0019 in red_channel_client_event (fd=59, event=1,
* data=0x555556493ee0) at red_channel.c:1574
* #31 0x00005555558b6076 in watch_read (opaque=0x5555565002f0)
* at ui/spice-core.c:101
* #32 0x00005555558e8d48 in qemu_iohandler_poll (pollfds=0x5555562b7630,
* ret=2) at iohandler.c:143
* #33 0x00005555558e89a4 in main_loop_wait (nonblocking=0) at
* main-loop.c:495
* #34 0x00005555557219b0 in main_loop () at vl.c:1794
* #35 0x0000555555729257 in main (argc=40, argv=0x7fffffffddc8,
* envp=0x7fffffffdf10) at vl.c:4350
|
|
|
|
|
|
|
|
|
|
|
|
| |
In an effort to reduce the wakeups per second, get rid of the
"write_to_dev" timer when the implementation supports
SPICE_CHAR_DEVICE_NOTIFY_WRITABLE.
When this flag is set, the frontend instance is responsible for calling
spice_char_device_wakeup() when the device is ready to perform IO.
Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=912763
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The server will reset the vdagent char device when the client does not
implement SPICE_MAIN_CAP_AGENT_CONNECTED_TOKENS. This will nullify
dev->sin and the following crash will be reached on restart:
#0 0x00007fb05aa264a1 in spice_char_device_write_to_device (dev=dev@entry=0x7fb066ae5d30) at char_device.c:443
#1 0x00007fb05aa27137 in spice_char_device_write_to_device (dev=0x7fb066ae5d30) at char_device.c:436
#2 spice_char_device_start (dev=0x7fb066ae5d30) at char_device.c:798
#3 0x00007fb05aa6a981 in spice_server_vm_start (s=<optimized out>) at reds.c:3795
#4 0x00007fb0644b7f89 in qdev_reset_one (dev=<optimized out>, opaque=<optimized out>) at hw/core/qdev.c:241
#5 0x00007fb0644b7918 in qbus_walk_children (bus=0x7fb06661e870, pre_devfn=0x0, pre_busfn=0x0,
post_devfn=0x7fb0644b7f80 <qdev_reset_one>, post_busfn=0x7fb0644b6350 <qbus_reset_one>, opaque=0x0)
at hw/core/qdev.c:422
#6 0x00007fb0644b7848 in qdev_walk_children (dev=0x7fb0665f47a0, pre_devfn=0x0, pre_busfn=0x0,
post_devfn=0x7fb0644b7f80 <qdev_reset_one>, post_busfn=0x7fb0644b6350 <qbus_reset_one>, opaque=0x0)
at hw/core/qdev.c:456
#7 0x00007fb0644b7918 in qbus_walk_children (bus=0x7fb06647cde0, pre_devfn=0x0, pre_busfn=0x0,
post_devfn=0x7fb0644b7f80 <qdev_reset_one>, post_busfn=0x7fb0644b6350 <qbus_reset_one>, opaque=0x0)
at hw/core/qdev.c:422
#8 0x00007fb0644399fd in qemu_devices_reset () at vl.c:1830
After restart, qemu will reset the device instance (sin) when virtio
port is opened:
#0 spice_char_device_state_reset_dev_instance (state=0x7fe4873876d0, sin=sin@entry=0x7fe486fb0c68)
at char_device.c:667
#1 0x00007fe47b277516 in attach_to_red_agent (sin=0x7fe486fb0c68) at reds.c:2838
#2 spice_server_char_device_add_interface (sin=0x7fe486fb0c68, s=0x7fe486fb2e60) at reds.c:2962
#3 spice_server_add_interface (s=0x7fe486fb2e60, sin=0x7fe486fb0c68) at reds.c:3104
#4 0x00007fe484c69e57 in vmc_register_interface (scd=0x7fe486fb0c60) at spice-qemu-char.c:123
#5 0x00007fe484ce96b4 in set_guest_connected (port=<optimized out>, guest_connected=1)
at hw/char/virtio-console.c:89
#6 0x00007fe484ba70ed in handle_control_message (len=8, buf=0x7fe486fbdf70, vser=0x7fe48739ae98)
at /usr/src/debug/qemu-2.1.0/hw/char/virtio-serial-bus.c:382
Let's ignore the call to spice_char_device_{write,read}_to_device() when
dev->sin is NULL, similary to other conditions, such as dev->running.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1145919
|
|
|
|
| |
Only whitespace changes in this commit.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
2 closely related changes in one:
1) When leaving the read or write loop because the chardev has been stopped
active should not be updated. It has been set to FALSE by
spice_char_device_stop and should stay FALSE
2) The updating of dev->active should be done *before* unref-ing dev
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
| |
The write-retry timer should not be set when we're leaving
spice_char_device_write_to_device because the char-dev has been stopped.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
|
| |
Before this patch the write-loop in spice_char_device_write_to_device would
break on running becoming 0, after having written some data, without updating
the buffer status, causing the same data to be written *again* when started.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
| |
To allow the server to send agent messages without needing to wait for a
self-token. IE for sending VD_AGENT_CLIENT_DISCONNECTED messages.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These messages are printed when the server tries to push a mouse event to
the agent before the previous one has been flushed. This is a normal condition
(which gets tracked by the reds->pending_mouse_event boolean), and as such
it should *not* trigger the printing of error messages.
I've seen these messages occasionally before, but with agent file-xfer they
are trivial to trigger, simply send a large file to the agent and while it
is transferring move the mouse over the client window. Note that due to the
client tokens not allowing the client to completely saturate the agent
channel mouse events do still get send to the agent, just with a slightly
larger interval. So everything is working as designed and this spice_printerr
is just leading to people chasing ghosts.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
|
|
|
|
| |
being written to the device
|
|
|
|
|
|
| |
The ref count is used in order to keep buffers that were in the write
queue and now are part of migration data, in case the char_device state
is destroyed before we complete sending the migration data.
|
|
|
|
| |
rhbz#862352
|
|
|
|
|
|
|
|
| |
might have changed since it was created
If reading/writing from the device have occured before migration data
has arrived, the migration data might no longer be relvant, and we
disconnect the client.
|
| |
|
|
|
|
| |
for migraion data
|
| |
|
|
|
|
|
|
|
| |
When restoring migration data, we also restore data that is addressed to
the device, and that might have been originated from more than 1
message. When the write buffer that is assoicated with this data is
released, we need to free all the relevant tokens.
|
|
|
|
|
|
| |
The list of attached char_devices will be used in the next patch
for notifying each instance of SpiceCharDeviceState when the vm
is started or stopped.
|
|
|
|
| |
In addition, I also removed the no longer used wakeup callback
|
|
SpiceCharDeviceState manages the (1) write-to-device queue
(2) wakeup and reading from the device (3) client tokens (4)
sending messages from the device to the client/s, considering the
available tokens.
SpiceCharDeviceState can be also stopped and started. When the device
is stopped, no reading or writing is done from/to the device. Messages
addressed from the client to the device are being queued.
Later, an api for stop/start will be added to spice.h and it should
be called from qemu.
This patch does not yet remove the wakeup callback from
SpiceCharDeviceState, but once all the char devices (agent/spicevmc/smartcard)
code will switch to the new implementation, SpiceCharDeviceState
will be moved to the c file and its reference to the wakeup callback will be removed.
|