[Spice-commits] Branch '0.8' - server/red_worker.c
Alon Levy
alon at kemper.freedesktop.org
Sun Jul 24 02:26:31 PDT 2011
server/red_worker.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
New commits:
commit c8d63ceb2f678bdc089fe6ed7c3a0f3491b2eeed
Author: Yonit Halperin <yhalperi at redhat.com>
Date: Mon Jul 4 15:14:43 2011 +0300
server: not reading command rings before RED_WORKER_MESSAGE_START, RHBZ #718713
On migration, destroy_surfaces is called from qxl (qxl_hard_reset), before the device was loaded (on destination).
handle_dev_destroy_surfaces led to red_process_commands, which read the qxl command ring
(which appeared to be not empty), and then when processing the command
it accessed unmapped memory.
diff --git a/server/red_worker.c b/server/red_worker.c
index 2880f8c..5f07803 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -4296,6 +4296,11 @@ static int red_process_cursor(RedWorker *worker, uint32_t max_pipe_size, int *ri
QXLCommandExt ext_cmd;
int n = 0;
+ if (!worker->running) {
+ *ring_is_empty = TRUE;
+ return n;
+ }
+
*ring_is_empty = FALSE;
while (!worker->cursor_channel || worker->cursor_channel->base.pipe_size <= max_pipe_size) {
if (!worker->qxl->st->qif->get_cursor_command(worker->qxl, &ext_cmd)) {
@@ -4335,7 +4340,12 @@ static int red_process_commands(RedWorker *worker, uint32_t max_pipe_size, int *
QXLCommandExt ext_cmd;
int n = 0;
uint64_t start = red_now();
-
+
+ if (!worker->running) {
+ *ring_is_empty = TRUE;
+ return n;
+ }
+
*ring_is_empty = FALSE;
while (!worker->display_channel || worker->display_channel->base.pipe_size <= max_pipe_size) {
if (!worker->qxl->st->qif->get_command(worker->qxl, &ext_cmd)) {
More information about the Spice-commits
mailing list