[Spice-devel] [PATCHv2 22/22] usb: keep USB context alive as long as channels exist
Christophe Fergeau
cfergeau at redhat.com
Thu Nov 27 08:04:57 PST 2014
On Wed, Nov 26, 2014 at 06:56:13PM +0100, Marc-André Lureau wrote:
> It was assumed the session would remain alive as long as channel
> existed, so USB context would be valid too. Now that channels
> are removed from session, USB context may be destroyed before
> channels. This produces invalid read/write on USB context.
> Make sure the context is alive as long as USB channels are by
> adding a reference on USB manager.
>
> ==6939== Invalid write of size 4
> ==6939== at 0x394B604482: libusb_set_debug (core.c:1850)
> ==6939== by 0x3953A063D5: usbredirhost_open_full (usbredirhost.c:741)
> ==6939== by 0x4EC7E2F:
> spice_usbredir_channel_set_context (channel-usbredir.c:212)
> ==6939== by 0x4EC7AB6:
> spice_usbredir_channel_reset (channel-usbredir.c:125)
> ==6939== by 0x4EACCDC: spice_channel_reset (spice-channel.c:2621)
> ==6939== by 0x4EACDB4: channel_disconnect (spice-channel.c:2640)
> ==6939== by 0x4EAC28F: spice_channel_coroutine (spice-channel.c:2423)
> ==6939== by 0x4EE8B1C: coroutine_trampoline (coroutine_ucontext.c:63)
> ==6939== by 0x4EE87D6: continuation_trampoline (continuation.c:55)
> ==6939== by 0x3928247FEF: ??? (in /usr/lib64/libc-2.20.so)
> ==6939== by 0x51E36FF: ??? (in
> /usr/local/stow/spice-gtk/lib/libspice-client-glib-2.0.so.8.5.0)
> ==6939== by 0xCF0C18F: ???
> ==6939== Address 0xff15f90 is 0 bytes inside a block of size 536 free'd
> ==6939== at 0x4A07CE9: free (in
> /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==6939== by 0x394B606466: libusb_exit (core.c:2041)
> ==6939== by 0x4ECC590: spice_usb_device_manager_finalize (usb-device-manager.c:371)
> ---
> gtk/usb-device-manager.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/gtk/usb-device-manager.c b/gtk/usb-device-manager.c
> index 7b27516..7a9fdc7 100644
> --- a/gtk/usb-device-manager.c
> +++ b/gtk/usb-device-manager.c
> @@ -767,6 +767,14 @@ static void channel_new(SpiceSession *session, SpiceChannel *channel,
> g_ptr_array_add(self->priv->channels, channel);
>
> spice_usb_device_manager_check_redir_on_connect(self, channel);
> +
> + /*
> + * add a reference to ourself, to make sure the context is alive
I'd be explicit that it's about libusb context here
> + * as long as channel is.
as long as the channel is.
ACK.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20141127/e3d3695d/attachment.sig>
More information about the Spice-devel
mailing list