All of lore.kernel.org
 help / color / mirror / Atom feed
From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
	"Aleksandar Rikalo" <aleksandar.rikalo@syrmia.com>,
	"Michael S. Tsirkin" <mst@redhat.com>,
	"Rao Lei" <lei.rao@intel.com>,
	"Christian Schoenebeck" <qemu_oss@crudebyte.com>,
	"Philippe Mathieu-Daudé" <f4bug@amsat.org>,
	"Markus Armbruster" <armbru@redhat.com>,
	"Hervé Poussineau" <hpoussin@reactos.org>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>,
	"Eric Blake" <eblake@redhat.com>
Subject: [PULL 03/20] ui/vnc.c: Fixed a deadlock bug.
Date: Fri, 14 Jan 2022 07:53:09 +0100	[thread overview]
Message-ID: <20220114065326.782420-4-kraxel@redhat.com> (raw)
In-Reply-To: <20220114065326.782420-1-kraxel@redhat.com>

From: Rao Lei <lei.rao@intel.com>

The GDB statck is as follows:
(gdb) bt
0  __lll_lock_wait (futex=futex@entry=0x56211df20360, private=0) at lowlevellock.c:52
1  0x00007f263caf20a3 in __GI___pthread_mutex_lock (mutex=0x56211df20360) at ../nptl/pthread_mutex_lock.c:80
2  0x000056211a757364 in qemu_mutex_lock_impl (mutex=0x56211df20360, file=0x56211a804857 "../ui/vnc-jobs.h", line=60)
    at ../util/qemu-thread-posix.c:80
3  0x000056211a0ef8c7 in vnc_lock_output (vs=0x56211df14200) at ../ui/vnc-jobs.h:60
4  0x000056211a0efcb7 in vnc_clipboard_send (vs=0x56211df14200, count=1, dwords=0x7ffdf1701338) at ../ui/vnc-clipboard.c:138
5  0x000056211a0f0129 in vnc_clipboard_notify (notifier=0x56211df244c8, data=0x56211dd1bbf0) at ../ui/vnc-clipboard.c:209
6  0x000056211a75dde8 in notifier_list_notify (list=0x56211afa17d0 <clipboard_notifiers>, data=0x56211dd1bbf0) at ../util/notify.c:39
7  0x000056211a0bf0e6 in qemu_clipboard_update (info=0x56211dd1bbf0) at ../ui/clipboard.c:50
8  0x000056211a0bf05d in qemu_clipboard_peer_release (peer=0x56211df244c0, selection=QEMU_CLIPBOARD_SELECTION_CLIPBOARD)
    at ../ui/clipboard.c:41
9  0x000056211a0bef9b in qemu_clipboard_peer_unregister (peer=0x56211df244c0) at ../ui/clipboard.c:19
10 0x000056211a0d45f3 in vnc_disconnect_finish (vs=0x56211df14200) at ../ui/vnc.c:1358
11 0x000056211a0d4c9d in vnc_client_read (vs=0x56211df14200) at ../ui/vnc.c:1611
12 0x000056211a0d4df8 in vnc_client_io (ioc=0x56211ce70690, condition=G_IO_IN, opaque=0x56211df14200) at ../ui/vnc.c:1649
13 0x000056211a5b976c in qio_channel_fd_source_dispatch
    (source=0x56211ce50a00, callback=0x56211a0d4d71 <vnc_client_io>, user_data=0x56211df14200) at ../io/channel-watch.c:84
14 0x00007f263ccede8e in g_main_context_dispatch () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
15 0x000056211a77d4a1 in glib_pollfds_poll () at ../util/main-loop.c:232
16 0x000056211a77d51f in os_host_main_loop_wait (timeout=958545) at ../util/main-loop.c:255
17 0x000056211a77d630 in main_loop_wait (nonblocking=0) at ../util/main-loop.c:531
18 0x000056211a45bc8e in qemu_main_loop () at ../softmmu/runstate.c:726
19 0x000056211a0b45fa in main (argc=69, argv=0x7ffdf1701778, envp=0x7ffdf17019a8) at ../softmmu/main.c:50

From the call trace, we can see it is a deadlock bug.
vnc_disconnect_finish will acquire the output_mutex.
But, the output_mutex will be acquired again in vnc_clipboard_send.
Repeated locking will cause deadlock. So, I move
qemu_clipboard_peer_unregister() behind vnc_unlock_output();

Fixes: 0bf41cab93e ("ui/vnc: clipboard support")
Signed-off-by: Lei Rao <lei.rao@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220105020808.597325-1-lei.rao@intel.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
 ui/vnc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/vnc.c b/ui/vnc.c
index 1ed1c7efc688..3ccd33dedcc8 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1354,12 +1354,12 @@ void vnc_disconnect_finish(VncState *vs)
         /* last client gone */
         vnc_update_server_surface(vs->vd);
     }
+    vnc_unlock_output(vs);
+
     if (vs->cbpeer.notifier.notify) {
         qemu_clipboard_peer_unregister(&vs->cbpeer);
     }
 
-    vnc_unlock_output(vs);
-
     qemu_mutex_destroy(&vs->output_mutex);
     if (vs->bh != NULL) {
         qemu_bh_delete(vs->bh);
-- 
2.34.1



  parent reply	other threads:[~2022-01-14  6:58 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-14  6:53 [PULL 00/20] Kraxel 20220114 patches Gerd Hoffmann
2022-01-14  6:53 ` [PULL 01/20] hw/usb/dev-wacom: add missing HID descriptor Gerd Hoffmann
2022-01-14  6:53 ` [PULL 02/20] usb: allow max 8192 bytes for desc Gerd Hoffmann
2022-01-14  6:53 ` Gerd Hoffmann [this message]
2022-01-14  6:53 ` [PULL 04/20] jackaudio: use ifdefs to hide unavailable functions Gerd Hoffmann
2022-01-14  6:53 ` [PULL 05/20] dsoundaudio: fix crackling audio recordings Gerd Hoffmann
2022-01-14  6:53 ` [PULL 06/20] hw/audio/intel-hda: fix stream reset Gerd Hoffmann
2022-01-14  6:53 ` [PULL 07/20] ui/dbus: fix buffer-overflow detected by ASAN Gerd Hoffmann
2022-01-14  6:53 ` [PULL 08/20] ui: fix gtk clipboard clear assertion Gerd Hoffmann
2022-01-14  6:53 ` [PULL 09/20] uas: add missing return Gerd Hoffmann
2022-01-14  6:53 ` [PULL 10/20] hw/display: Rename VGA_ISA_MM -> VGA_MMIO Gerd Hoffmann
2022-01-14  6:53 ` [PULL 11/20] hw/display/vga-mmio: Inline vga_mm_init() Gerd Hoffmann
2022-01-14  6:53 ` [PULL 12/20] hw/display/vga-mmio: QOM'ify vga_mmio_init() as TYPE_VGA_MMIO Gerd Hoffmann
2022-01-14  6:53 ` [PULL 13/20] hw/mips/jazz: Inline vga_mmio_init() and remove it Gerd Hoffmann
2022-01-14  6:53 ` [PULL 14/20] edid: set default resolution to 1280x800 (WXGA) Gerd Hoffmann
2022-01-14  6:53 ` [PULL 15/20] edid: Added support for 4k@60 Hz monitor Gerd Hoffmann
2022-01-14  6:53 ` [PULL 16/20] ps2: Initial horizontal scroll support Gerd Hoffmann
2022-01-14  6:53 ` [PULL 17/20] ui/cocoa: pass horizontal scroll information to the device code Gerd Hoffmann
2022-01-14  6:53 ` [PULL 18/20] ui/gtk: " Gerd Hoffmann
2022-01-14  6:53 ` [PULL 19/20] ui/sdl2: " Gerd Hoffmann
2022-01-14  6:53 ` [PULL 20/20] ui/input-legacy: pass horizontal scroll information Gerd Hoffmann
2022-01-14 15:56 ` [PULL 00/20] Kraxel 20220114 patches Peter Maydell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220114065326.782420-4-kraxel@redhat.com \
    --to=kraxel@redhat.com \
    --cc=aleksandar.rikalo@syrmia.com \
    --cc=armbru@redhat.com \
    --cc=eblake@redhat.com \
    --cc=f4bug@amsat.org \
    --cc=hpoussin@reactos.org \
    --cc=lei.rao@intel.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=mst@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=peter.maydell@linaro.org \
    --cc=qemu-devel@nongnu.org \
    --cc=qemu_oss@crudebyte.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.