summaryrefslogtreecommitdiffstats
path: root/server/char_device.c
Commit message (Collapse)AuthorAgeFilesLines
* char-device: set to NULL freed pointers on destroyVictor Toso2015-11-131-0/+2
| | | | | | | | As SpiceCharDeviceState is only unref'ed on spice_char_device_state_destroy the same device could be destroyed more then once so the pointers that are freed should be set to NULL. Related: https://bugzilla.redhat.com/show_bug.cgi?id=1281455
* char-device: free all memory pool when no clientsVictor Toso2015-11-131-0/+6
| | | | | | | | When no client is connect we should not need to keep the memory pool used by char-device. In most situations this is not significant but when using webdav this could mean freeing MAX_POOL_SIZE bytes Related: https://bugs.freedesktop.org/show_bug.cgi?id=91350
* char-device: Define a memory pool limitVictor Toso2015-11-131-1/+8
| | | | | | | | Otherwise the amount of unused memory could grow while transfering big chunks of data. This change only means that once the memory was used it will not be stored again after the limit was reached. Related: https://bugs.freedesktop.org/show_bug.cgi?id=91350
* char-device: fix usage of free/unref on WriteBufferVictor Toso2015-11-131-12/+22
| | | | | | | | | | | There are places were the could should definetly free the SpiceCharDeviceWriteBuffer and places that it should only unref it. The current use of spice_char_device_write_buffer_free was missleading. This patch creates the spice_char_device_write_buffer_unref and properly call these two functions. Related: https://bugs.freedesktop.org/show_bug.cgi?id=91350
* char-device: spice_char_device_write_to_device: protect against recursionUri Lublin2015-02-081-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes Spice's smart card support and is related to commit 697f3214fd16adcd524456003619f7f44ddd031b. Reported-by: Swapna Krishnan <skrishna@redhat.com> Recursion is now possible starting with spice_char_device_write_to_device going through spice_char_device_wakeup (after going through qemu), calling again to spice_char_device_write_to_device. The protecting code is the same as the one protecting the read path. This function call loop makes the program to abort with the following messages: usb-ccid: chardev: unexpected message of type 3000000 qemu: qemu_mutex_lock: Resource deadlock avoided Backtrace: (gdb) bt * #0 0x00007ffff3fc78c7 in raise () from /lib64/libc.so.6 * #1 0x00007ffff3fc952a in abort () from /lib64/libc.so.6 * #2 0x0000555555969a95 in error_exit (err=35, * msg=0x5555559f8c90 <__func__.5119> "qemu_mutex_lock") * at util/qemu-thread-posix.c:48 * #3 0x0000555555969b82 in qemu_mutex_lock (mutex=0x5555562c4d60) * at util/qemu-thread-posix.c:79 * #4 0x0000555555714771 in qemu_chr_fe_write (s=0x5555562c4d60, * buf=0x7fffffffd2a0 "", len=12) at qemu-char.c:219 * #5 0x000055555586be49 in ccid_card_vscard_send_msg (s=0x5555565c5f80, * type=VSC_Error, reader_id=0, payload=0x7fffffffd2e0 "", length=4) * at hw/usb/ccid-card-passthru.c:75 * #6 0x000055555586bf00 in ccid_card_vscard_send_error (s=0x5555565c5f80, * reader_id=0, code=VSC_GENERAL_ERROR) at * hw/usb/ccid-card-passthru.c:91 * #7 0x000055555586c559 in ccid_card_vscard_handle_message ( * card=0x5555565c5f80, scr_msg_header=0x5555565c6008) * at hw/usb/ccid-card-passthru.c:254 * #8 0x000055555586c72f in ccid_card_vscard_read (opaque=0x5555565c5f80, * buf=0x5555565034b0 "", size=12) at hw/usb/ccid-card-passthru.c:289 * #9 0x00005555557149db in qemu_chr_be_write (s=0x5555562c4d60, * buf=0x5555565034b0 "", len=12) at qemu-char.c:305 * #10 0x000055555571cde5 in vmc_write (sin=0x5555562c4e78, * buf=0x5555565034b0 "", len=12) at spice-qemu-char.c:41 * #11 0x00007ffff4fa86aa in spice_char_device_write_to_device ( * dev=0x55555657f210) at char_device.c:462 * #12 0x00007ffff4fa9b48 in spice_char_device_wakeup (dev=0x55555657f210) * at char_device.c:862 * #13 0x00007ffff4ff7658 in spice_server_char_device_wakeup * (sin=0x5555562c4e78) at reds.c:2955 * #14 0x000055555571d1d2 in spice_chr_write (chr=0x5555562c4d60, * buf=0x7fffffffd560 "", len=12) at spice-qemu-char.c:189 * #15 0x0000555555714789 in qemu_chr_fe_write (s=0x5555562c4d60, * buf=0x7fffffffd560 "", len=12) at qemu-char.c:220 * #16 0x000055555586be49 in ccid_card_vscard_send_msg (s=0x5555565c5f80, * type=VSC_Error, reader_id=0, payload=0x7fffffffd5a0 "", length=4) * at hw/usb/ccid-card-passthru.c:75 * #17 0x000055555586bf00 in ccid_card_vscard_send_error * (s=0x5555565c5f80, * reader_id=0, code=VSC_SUCCESS) at hw/usb/ccid-card-passthru.c:91 * #18 0x000055555586c4fc in ccid_card_vscard_handle_message ( * card=0x5555565c5f80, scr_msg_header=0x5555565c6008) * at hw/usb/ccid-card-passthru.c:242 * #19 0x000055555586c72f in ccid_card_vscard_read (opaque=0x5555565c5f80, * buf=0x5555565034b0 "", size=12) at hw/usb/ccid-card-passthru.c:289 * #20 0x00005555557149db in qemu_chr_be_write (s=0x5555562c4d60, * buf=0x5555565034b0 "", len=12) at qemu-char.c:305 * #21 0x000055555571cde5 in vmc_write (sin=0x5555562c4e78, * buf=0x5555565034b0 "", len=12) at spice-qemu-char.c:41 * #22 0x00007ffff4fa86aa in spice_char_device_write_to_device ( * dev=0x55555657f210) at char_device.c:462 * #23 0x00007ffff4fa8d37 in spice_char_device_write_buffer_add ( * dev=0x55555657f210, write_buf=0x555556501f70) at char_device.c:597 * #24 0x00007ffff501142d in smartcard_channel_write_to_reader ( * write_buf=0x555556501f70) at smartcard.c:669 * #25 0x00007ffff501034c in smartcard_char_device_notify_reader_add ( * st=0x55555657ef00) at smartcard.c:335 * #26 0x00007ffff50112b3 in smartcard_add_reader (scc=0x555556493ee0, * name=0x5555565023cc "E-Gate 0 0") at smartcard.c:642 * #27 0x00007ffff50118d2 in smartcard_channel_handle_message ( * rcc=0x555556493ee0, type=101, size=22, msg=0x5555565023c0 "\003") * at smartcard.c:757 * #28 0x00007ffff4fbc168 in red_peer_handle_incoming * (stream=0x555556588250, handler=0x555556497ff0) at red_channel.c:308 * #29 0x00007ffff4fbc231 in red_channel_client_receive * (rcc=0x555556493ee0) at red_channel.c:326 * #30 0x00007ffff4fc0019 in red_channel_client_event (fd=59, event=1, * data=0x555556493ee0) at red_channel.c:1574 * #31 0x00005555558b6076 in watch_read (opaque=0x5555565002f0) * at ui/spice-core.c:101 * #32 0x00005555558e8d48 in qemu_iohandler_poll (pollfds=0x5555562b7630, * ret=2) at iohandler.c:143 * #33 0x00005555558e89a4 in main_loop_wait (nonblocking=0) at * main-loop.c:495 * #34 0x00005555557219b0 in main_loop () at vl.c:1794 * #35 0x0000555555729257 in main (argc=40, argv=0x7fffffffddc8, * envp=0x7fffffffdf10) at vl.c:4350
* chardev: remove write pollingMarc-André Lureau2014-11-251-9/+27
| | | | | | | | | | | | In an effort to reduce the wakeups per second, get rid of the "write_to_dev" timer when the implementation supports SPICE_CHAR_DEVICE_NOTIFY_WRITABLE. When this flag is set, the frontend instance is responsible for calling spice_char_device_wakeup() when the device is ready to perform IO. Related to: https://bugzilla.redhat.com/show_bug.cgi?id=912763
* server: fix crash when restarting VM with old clientMarc-André Lureau2014-10-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The server will reset the vdagent char device when the client does not implement SPICE_MAIN_CAP_AGENT_CONNECTED_TOKENS. This will nullify dev->sin and the following crash will be reached on restart: #0 0x00007fb05aa264a1 in spice_char_device_write_to_device (dev=dev@entry=0x7fb066ae5d30) at char_device.c:443 #1 0x00007fb05aa27137 in spice_char_device_write_to_device (dev=0x7fb066ae5d30) at char_device.c:436 #2 spice_char_device_start (dev=0x7fb066ae5d30) at char_device.c:798 #3 0x00007fb05aa6a981 in spice_server_vm_start (s=<optimized out>) at reds.c:3795 #4 0x00007fb0644b7f89 in qdev_reset_one (dev=<optimized out>, opaque=<optimized out>) at hw/core/qdev.c:241 #5 0x00007fb0644b7918 in qbus_walk_children (bus=0x7fb06661e870, pre_devfn=0x0, pre_busfn=0x0, post_devfn=0x7fb0644b7f80 <qdev_reset_one>, post_busfn=0x7fb0644b6350 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:422 #6 0x00007fb0644b7848 in qdev_walk_children (dev=0x7fb0665f47a0, pre_devfn=0x0, pre_busfn=0x0, post_devfn=0x7fb0644b7f80 <qdev_reset_one>, post_busfn=0x7fb0644b6350 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:456 #7 0x00007fb0644b7918 in qbus_walk_children (bus=0x7fb06647cde0, pre_devfn=0x0, pre_busfn=0x0, post_devfn=0x7fb0644b7f80 <qdev_reset_one>, post_busfn=0x7fb0644b6350 <qbus_reset_one>, opaque=0x0) at hw/core/qdev.c:422 #8 0x00007fb0644399fd in qemu_devices_reset () at vl.c:1830 After restart, qemu will reset the device instance (sin) when virtio port is opened: #0 spice_char_device_state_reset_dev_instance (state=0x7fe4873876d0, sin=sin@entry=0x7fe486fb0c68) at char_device.c:667 #1 0x00007fe47b277516 in attach_to_red_agent (sin=0x7fe486fb0c68) at reds.c:2838 #2 spice_server_char_device_add_interface (sin=0x7fe486fb0c68, s=0x7fe486fb2e60) at reds.c:2962 #3 spice_server_add_interface (s=0x7fe486fb2e60, sin=0x7fe486fb0c68) at reds.c:3104 #4 0x00007fe484c69e57 in vmc_register_interface (scd=0x7fe486fb0c60) at spice-qemu-char.c:123 #5 0x00007fe484ce96b4 in set_guest_connected (port=<optimized out>, guest_connected=1) at hw/char/virtio-console.c:89 #6 0x00007fe484ba70ed in handle_control_message (len=8, buf=0x7fe486fbdf70, vser=0x7fe48739ae98) at /usr/src/debug/qemu-2.1.0/hw/char/virtio-serial-bus.c:382 Let's ignore the call to spice_char_device_{write,read}_to_device() when dev->sin is NULL, similary to other conditions, such as dev->running. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1145919
* syntax-check: remove trailing whitespacesUri Lublin2013-07-161-2/+2
| | | | Only whitespace changes in this commit.
* syntax-check: make sure config.h is the first included .h fileUri Lublin2013-07-161-0/+1
|
* syntax-check: fix no-newline or empty line at EOFUri Lublin2013-07-161-1/+0
|
* char_device: Don't set active when stopped and don't access dev after unrefHans de Goede2013-03-291-2/+4
| | | | | | | | | | 2 closely related changes in one: 1) When leaving the read or write loop because the chardev has been stopped active should not be updated. It has been set to FALSE by spice_char_device_stop and should stay FALSE 2) The updating of dev->active should be done *before* unref-ing dev Signed-off-by: Hans de Goede <hdegoede@redhat.com>
* char_device: Don't set the write-retry timer when not runningHans de Goede2013-03-291-4/+7
| | | | | | | The write-retry timer should not be set when we're leaving spice_char_device_write_to_device because the char-dev has been stopped. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
* char_device: Properly update buffer status when leaving the write loop on stopHans de Goede2013-03-291-4/+1
| | | | | | | | Before this patch the write-loop in spice_char_device_write_to_device would break on running becoming 0, after having written some data, without updating the buffer status, causing the same data to be written *again* when started. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
* char_device: Add spice_char_device_write_buffer_get_server_no_token()Hans de Goede2013-03-071-15/+26
| | | | | | | To allow the server to send agent messages without needing to wait for a self-token. IE for sending VD_AGENT_CLIENT_DISCONNECTED messages. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
* Silence __spice_char_device_write_buffer_get: internal buf is not availableHans de Goede2013-03-041-1/+0
| | | | | | | | | | | | | | | | | These messages are printed when the server tries to push a mouse event to the agent before the previous one has been flushed. This is a normal condition (which gets tracked by the reds->pending_mouse_event boolean), and as such it should *not* trigger the printing of error messages. I've seen these messages occasionally before, but with agent file-xfer they are trivial to trigger, simply send a large file to the agent and while it is transferring move the mouse over the client window. Note that due to the client tokens not allowing the client to completely saturate the agent channel mouse events do still get send to the agent, just with a slightly larger interval. So everything is working as designed and this spice_printerr is just leading to people chasing ghosts. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
* char_device.c: when the state is destroyed, also free the buffer that is ↵Yonit Halperin2012-11-261-0/+3
| | | | being written to the device
* char_device.c: add ref count for write-to-device buffersYonit Halperin2012-11-261-10/+43
| | | | | | The ref count is used in order to keep buffers that were in the write queue and now are part of migration data, in case the char_device state is destroyed before we complete sending the migration data.
* char_device.c: fix call to spice_marshaller_add_ref with memory on stackYonit Halperin2012-11-211-6/+8
| | | | rhbz#862352
* char_device: don't connect a migrated client if the state of the device ↵Yonit Halperin2012-08-271-8/+14
| | | | | | | | might have changed since it was created If reading/writing from the device have occured before migration data has arrived, the migration data might no longer be relvant, and we disconnect the client.
* char device migration: restore state at destination from migration dataYonit Halperin2012-08-271-0/+49
|
* char device migration: don't read or write from/to the device while waiting ↵Yonit Halperin2012-08-271-5/+19
| | | | for migraion data
* char device migration: marshall migration dataYonit Halperin2012-08-271-0/+69
|
* char_device: variable token price for write buffersYonit Halperin2012-08-271-12/+28
| | | | | | | When restoring migration data, we also restore data that is addressed to the device, and that might have been originated from more than 1 message. When the write buffer that is assoicated with this data is released, we need to free all the relevant tokens.
* reds: add tracking for char devicesYonit Halperin2012-08-271-0/+1
| | | | | | The list of attached char_devices will be used in the next patch for notifying each instance of SpiceCharDeviceState when the vm is started or stopped.
* char_device: move SpiceCharDeviceState from the headerYonit Halperin2012-07-031-0/+23
| | | | In addition, I also removed the no longer used wakeup callback
* char_device: Introducing shared flow control code for char devices.Yonit Halperin2012-07-031-0/+752
SpiceCharDeviceState manages the (1) write-to-device queue (2) wakeup and reading from the device (3) client tokens (4) sending messages from the device to the client/s, considering the available tokens. SpiceCharDeviceState can be also stopped and started. When the device is stopped, no reading or writing is done from/to the device. Messages addressed from the client to the device are being queued. Later, an api for stop/start will be added to spice.h and it should be called from qemu. This patch does not yet remove the wakeup callback from SpiceCharDeviceState, but once all the char devices (agent/spicevmc/smartcard) code will switch to the new implementation, SpiceCharDeviceState will be moved to the c file and its reference to the wakeup callback will be removed.
generated by cgit (git 2.34.1) at 2024-05-02 22:59:29 +0000