Removing an interface cause SpiceBaseInstance->st to be set to NULL.
This pointer was then deferenced in agent code.
As SpiceBaseInstance should not be used after this call make sure
we don't keep pointers to it.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
This code make easier to be sure we don't have dangling pointers
resetting in the function which free the structure.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
The include directory is specified with the -I which is the directory
used directly by #include<>.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
When a client disconnects remove it from the list of clients connected
to the spice char-device.
This was caused by commit 1cec1c5118
("reds: Make VDIPortState a GObject") as the lifespan of RedCharDevice
was changed.
This could be reproduced with:
- start rhel7 machine
- connect remote viewer (RV)
- RV: login
- connect ssh
- SSH: stop agent
- disconnect RV
- SSH: start agent
- connect to RV
and caused (using address sanitizer):
main_channel_handle_parsed: agent start
=================================================================
==29592==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c00001cff0 at pc 0x7fa85b6e8595 bp 0x7ffde3801940 sp 0x7ffde3801930
READ of size 8 at 0x60c00001cff0 thread T0
#0 0x7fa85b6e8594 in red_client_get_main /home/freddy/work/spice-server/server/red-channel.c:2190
#1 0x7fa85b7311e6 in vdi_port_send_msg_to_client /home/freddy/work/spice-server/server/reds.c:880
#2 0x7fa85b69383e in red_char_device_send_msg_to_client /home/freddy/work/spice-server/server/char-device.c:138
#3 0x7fa85b69383e in red_char_device_send_msg_to_clients /home/freddy/work/spice-server/server/char-device.c:356
#4 0x7fa85b69383e in red_char_device_read_from_device /home/freddy/work/spice-server/server/char-device.c:403
#5 0x55a2633b81c1 (/usr/bin/qemu-system-x86_64+0x5561c1)
#6 0x55a2633afe7a (/usr/bin/qemu-system-x86_64+0x54de7a)
#7 0x55a2634cb7b1 (/usr/bin/qemu-system-x86_64+0x6697b1)
#8 0x55a2632078d0 (/usr/bin/qemu-system-x86_64+0x3a58d0)
#9 0x55a26379b2e8 (/usr/bin/qemu-system-x86_64+0x9392e8)
#10 0x55a26379a7a0 (/usr/bin/qemu-system-x86_64+0x9387a0)
#11 0x55a26313fb78 in main (/usr/bin/qemu-system-x86_64+0x2ddb78)
#12 0x7fa85a3cc57f in __libc_start_main (/lib64/libc.so.6+0x2057f)
#13 0x55a26314b0c8 (/usr/bin/qemu-system-x86_64+0x2e90c8)
0x60c00001cff0 is located 48 bytes inside of 128-byte region [0x60c00001cfc0,0x60c00001d040)
freed by thread T0 here:
#0 0x7fa869e3667a in __interceptor_free (/lib64/libasan.so.2+0x9867a)
#1 0x7fa85b6d75f7 in red_client_unref /home/freddy/work/spice-server/server/red-channel.c:2076
#2 0x7fa85b6ead74 in dispatcher_handle_single_read /home/freddy/work/spice-server/server/dispatcher.c:291
#3 0x7fa85b6ead74 in dispatcher_handle_recv_read /home/freddy/work/spice-server/server/dispatcher.c:314
#4 0x55a26379b2e8 (/usr/bin/qemu-system-x86_64+0x9392e8)
#5 0x55a26379a7a0 (/usr/bin/qemu-system-x86_64+0x9387a0)
#6 0x55a26313fb78 in main (/usr/bin/qemu-system-x86_64+0x2ddb78)
#7 0x7fa85a3cc57f in __libc_start_main (/lib64/libc.so.6+0x2057f)
previously allocated by thread T0 here:
#0 0x7fa869e36b19 in __interceptor_calloc (/lib64/libasan.so.2+0x98b19)
#1 0x7fa85b7d6858 in spice_malloc0 /home/freddy/work/spice-server/spice-common/common/mem.c:109
#2 0x7fa85b6e760c in red_client_new /home/freddy/work/spice-server/server/red-channel.c:2053
#3 0x7fa85b7449e4 in reds_handle_main_link /home/freddy/work/spice-server/server/reds.c:1762
#4 0x7fa85b7449e4 in reds_handle_link /home/freddy/work/spice-server/server/reds.c:2002
#5 0x7fa85b745d3a in reds_handle_ticket /home/freddy/work/spice-server/server/reds.c:2056
#6 0x55a26379b2e8 (/usr/bin/qemu-system-x86_64+0x9392e8)
#7 0x55a26379a7a0 (/usr/bin/qemu-system-x86_64+0x9387a0)
#8 0x55a26313fb78 in main (/usr/bin/qemu-system-x86_64+0x2ddb78)
#9 0x7fa85a3cc57f in __libc_start_main (/lib64/libc.so.6+0x2057f)
SUMMARY: AddressSanitizer: heap-use-after-free /home/freddy/work/spice-server/server/red-channel.c:2190 red_client_get_main
Shadow bytes around the buggy address:
0x0c187fffb9a0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c187fffb9b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c187fffb9c0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c187fffb9d0: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c187fffb9e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c187fffb9f0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd[fd]fd
0x0c187fffba00: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c187fffba10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c187fffba20: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c187fffba30: fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa
0x0c187fffba40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Eduardo Lima (Etrunko) <etrunko@redhat.com>
Acked-by: Uri Lublin <uril@redhat.com>
This variable belongs to SpiceServerConfig rather than being a static
global variable hidden in sound.c
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
channels_info->num_of_channels is assigned, its value is not used, and
then it's assigned a different value. The first assignment can be
removed.
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Instead of exporting 2 methods to get number of channels, and to fill
channel information, and use that from the main channel code, it's
better to do everything in one go in reds.c, and call that single method
from the main channel code.
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
This wraps/groups the various parameters that can be set by spice-server
users through the spice_server_set_xxx public API.
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
RedCharDevice implementation had to callback into reds.c in order to let
it know a char device was being destroyed. Now that RedCharDevice is a
gobject, a weak reference can be used instead allowing to remove that
coupling.
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
We can get 'reds' from the RedCharDevice accessible from the
SpiceCharDeviceInstance passed as an argument.
Acked-by: Pavel Grunt <pgrunt@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Now that all derived classes use a type deriving from PipeItem for their
RedCharDeviceMsgToClient, we can make this explicit in the
RedCharDeviceClass vfuncs, and remove the RedCharDeviceMsgToClient
typedef.
Since PipeItem is already refcounted, this allows to remove various
layers of ref/unref helpers from reds.c, and use the generic
pipe_item_{ref, unref} instead.
One more duplicate typedef, once in reds.c and another time in
reds-private.h
RedsState::agent_dev is defined in reds-private.h but only used in
reds.c, so longer term this could all be moved back to reds.c
This structure holding virtual function pointers was kept until now as a
RedCharDevice member in order to make the GObject conversion easier.
Now that all RedCharDevice children are converted to GObject, it can be
moved into RedCharDeviceClass.
VDIPortState and VDIReadBuf don't really need to be defined in a header
file as they are only used in reds.c
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
make the function names match the type names. So
spice_char_device_state_* becomes red_char_device_* and
spice_char_device_* also becomes red_char_device_*.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
This is more consistent with internal type naming convention, and it
paves the way for a new char device GObject heirarchy
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Rename the function to channel_supports_multiple_clients() as
channel_is_secondary() is unclear and was coded to return the opposite
of what was originally intended.
Also there are few channel types and whether they support multiple
clients is totally static so we might as well delegate the check to
the compiler.
Signed-off-by: Francois Gouget <fgouget@codeweavers.com>
Initialize global images at load time:
- make sure these stuff are initialized without using runtime
resources;
- make sure stuff are initialize really earlier.
Do not use atexit function but a destructor.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Pavel Grunt <pgrunt@redhat.com>
This should be the final piece of removing the global reds variable. We
still need a global variable to clean up during the atexit() function,
but we use a GList of servers (even though we technically don't support
multiple servers in the same process yet).
Acked-by: Fabiano Fidêncio <fidencio@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
This makes it easier to move the VDIPort API to a different file, and
make it as self-contained as possible.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
AgentMsgFilter needs to know whether monitors config messages need to be
filtered or not. This used to be done from within
agent_msg_filter_config() using the global RedsState, but this got more
tricky as it was removed.
A first attempt a1e62fa5ae caused crashes on qemu startup with
"qemu-system-x86_64 -spice port=5900" (without -vga qxl). A second
attempt added a RedsState* argument to agent_msg_filter_config() which
in my opinion is not really nice from a layering point of view.
This new attempt makes sure AgentMsgFilter state is correct when the
filter is set to stop discarding all data, which allows to remove direct
use of RedsState from within AgentMsgFilter.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Passing Reds into agent-msg-filter.[ch] isn't the right thing to do from
a layering point of view.
This reverts commit a1e62fa5ae.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
This seems to make more sense this way, QXLInstance is the 'main' object
with QXLState being its private data. External users then use QXLInstance
rather than passing a pointer to the private data to red-qxl.h methods.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
This public API is no longer needed as the keepalive interval does not
need to be configurable.
This API was present in the 0.13.0 release, but was never added to a
stable release, in my opinion it's still acceptable to remove it without
changing soname.
The code was introducing an intermediate RedsMigWaitDisconnectClient type to
hold linked list elements, resulting in a memory handling behaviour very
similar to a GList. Using GList directly makes the code shorter and more
readable.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
The code was introducing an intermediate SpiceCharDevStateItem type to
hold linked list elements, resulting in a memory handling behaviour very
similar to a GList. Using GList directly makes the code shorter and more
readable.
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Remove use of global 'reds' variable from QXLState functions.
Instead store the owning RedsState variable inside the QXLState
struct and use that when necessary.
Acked-by: Fabiano Fidêncio <fidencio@redhat.com>
Acked-by: Frediano Ziglio <fziglio@redhat.com>
Considering that:
- QXLState is the state of QXLInstance implementation;
- RedDispatcher is the implementation of QXL;
- qif (QXLInterface*) field can be computed really easy from QXLInstance;
- most of its state is private.
Make all structure private and use QXLState instead of RedDispatcher.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
Acked-by: Christophe Fergeau <cfergeau@redhat.com>
RedDispatcher is basically implementing QXLInstance.
After some internal discussion we decided to use QXLState structure
and red_qxl_ as function prefix.
This is the first of 3 patches that rename functions, structure
and files.
Signed-off-by: Frediano Ziglio <fziglio@redhat.com>
Acked-by: Jonathon Jongsma <jjongsma@redhat.com>
