[Spice-devel] [PATCH] char-device: spice_char_device_write_to_device: protect against recursion
Uri Lublin
uril at redhat.com
Tue Feb 3 05:03:14 PST 2015
On Mon, 2015-02-02 at 11:37 -0500, Marc-André Lureau wrote:
> Hi
>
> ----- Original Message -----
> > This fixes Spice's smart card support and is related to
> > commit 697f3214fd16adcd524456003619f7f44ddd031b.
> >
> > Reported-by: Swapna Krishnan <skrishna at redhat.com>
> >
> > Recursion is now possible starting with spice_char_device_wakeup calling
> > spice_char_device_write_to_device that later (after going through qemu)
> > calls spice_char_device_wakeup.
Actually, it's the other way:
spice_char_device_write_to_device -> (calling)
(other functions) ->
spice_char_device_wakeup ->
spice_char_device_write_to_device
> >
> > The protecting code is the same to the one in the read path.
> >
> > This function call loop makes the program to abort with the following
> > messages:
> >
> > usb-ccid: chardev: unexpected message of type 3000000
> > qemu: qemu_mutex_lock: Resource deadlock avoided
> > ---
> >
> > Should I attach the backtrace in the commit message ?
>
> Yes, please.
I'll post it here for now, and later add it to the commit message.
(gdb) bt
#0 0x00007ffff3fc78c7 in raise () from /lib64/libc.so.6
#1 0x00007ffff3fc952a in abort () from /lib64/libc.so.6
#2 0x0000555555969a95 in error_exit (err=35,
msg=0x5555559f8c90 <__func__.5119> "qemu_mutex_lock")
at util/qemu-thread-posix.c:48
#3 0x0000555555969b82 in qemu_mutex_lock (mutex=0x5555562c4d60)
at util/qemu-thread-posix.c:79
#4 0x0000555555714771 in qemu_chr_fe_write (s=0x5555562c4d60,
buf=0x7fffffffd2a0 "", len=12) at qemu-char.c:219
#5 0x000055555586be49 in ccid_card_vscard_send_msg (s=0x5555565c5f80,
type=VSC_Error, reader_id=0, payload=0x7fffffffd2e0 "", length=4)
at hw/usb/ccid-card-passthru.c:75
#6 0x000055555586bf00 in ccid_card_vscard_send_error (s=0x5555565c5f80,
reader_id=0, code=VSC_GENERAL_ERROR) at
hw/usb/ccid-card-passthru.c:91
#7 0x000055555586c559 in ccid_card_vscard_handle_message (
card=0x5555565c5f80, scr_msg_header=0x5555565c6008)
at hw/usb/ccid-card-passthru.c:254
#8 0x000055555586c72f in ccid_card_vscard_read (opaque=0x5555565c5f80,
buf=0x5555565034b0 "", size=12) at hw/usb/ccid-card-passthru.c:289
#9 0x00005555557149db in qemu_chr_be_write (s=0x5555562c4d60,
buf=0x5555565034b0 "", len=12) at qemu-char.c:305
#10 0x000055555571cde5 in vmc_write (sin=0x5555562c4e78,
buf=0x5555565034b0 "", len=12) at spice-qemu-char.c:41
#11 0x00007ffff4fa86aa in spice_char_device_write_to_device (
dev=0x55555657f210) at char_device.c:462
#12 0x00007ffff4fa9b48 in spice_char_device_wakeup (dev=0x55555657f210)
at char_device.c:862
#13 0x00007ffff4ff7658 in spice_server_char_device_wakeup
(sin=0x5555562c4e78) at reds.c:2955
#14 0x000055555571d1d2 in spice_chr_write (chr=0x5555562c4d60,
buf=0x7fffffffd560 "", len=12) at spice-qemu-char.c:189
#15 0x0000555555714789 in qemu_chr_fe_write (s=0x5555562c4d60,
buf=0x7fffffffd560 "", len=12) at qemu-char.c:220
#16 0x000055555586be49 in ccid_card_vscard_send_msg (s=0x5555565c5f80,
type=VSC_Error, reader_id=0, payload=0x7fffffffd5a0 "", length=4)
at hw/usb/ccid-card-passthru.c:75
#17 0x000055555586bf00 in ccid_card_vscard_send_error
(s=0x5555565c5f80,
reader_id=0, code=VSC_SUCCESS) at hw/usb/ccid-card-passthru.c:91
#18 0x000055555586c4fc in ccid_card_vscard_handle_message (
card=0x5555565c5f80, scr_msg_header=0x5555565c6008)
at hw/usb/ccid-card-passthru.c:242
#19 0x000055555586c72f in ccid_card_vscard_read (opaque=0x5555565c5f80,
buf=0x5555565034b0 "", size=12) at hw/usb/ccid-card-passthru.c:289
#20 0x00005555557149db in qemu_chr_be_write (s=0x5555562c4d60,
buf=0x5555565034b0 "", len=12) at qemu-char.c:305
#21 0x000055555571cde5 in vmc_write (sin=0x5555562c4e78,
buf=0x5555565034b0 "", len=12) at spice-qemu-char.c:41
#22 0x00007ffff4fa86aa in spice_char_device_write_to_device (
dev=0x55555657f210) at char_device.c:462
#23 0x00007ffff4fa8d37 in spice_char_device_write_buffer_add (
dev=0x55555657f210, write_buf=0x555556501f70) at char_device.c:597
#24 0x00007ffff501142d in smartcard_channel_write_to_reader (
write_buf=0x555556501f70) at smartcard.c:669
#25 0x00007ffff501034c in smartcard_char_device_notify_reader_add (
st=0x55555657ef00) at smartcard.c:335
#26 0x00007ffff50112b3 in smartcard_add_reader (scc=0x555556493ee0,
name=0x5555565023cc "E-Gate 0 0") at smartcard.c:642
#27 0x00007ffff50118d2 in smartcard_channel_handle_message (
rcc=0x555556493ee0, type=101, size=22, msg=0x5555565023c0 "\003")
at smartcard.c:757
#28 0x00007ffff4fbc168 in red_peer_handle_incoming
(stream=0x555556588250, handler=0x555556497ff0) at red_channel.c:308
#29 0x00007ffff4fbc231 in red_channel_client_receive
(rcc=0x555556493ee0) at red_channel.c:326
#30 0x00007ffff4fc0019 in red_channel_client_event (fd=59, event=1,
data=0x555556493ee0) at red_channel.c:1574
#31 0x00005555558b6076 in watch_read (opaque=0x5555565002f0)
at ui/spice-core.c:101
#32 0x00005555558e8d48 in qemu_iohandler_poll (pollfds=0x5555562b7630,
ret=2) at iohandler.c:143
#33 0x00005555558e89a4 in main_loop_wait (nonblocking=0) at
main-loop.c:495
#34 0x00005555557219b0 in main_loop () at vl.c:1794
#35 0x0000555555729257 in main (argc=40, argv=0x7fffffffddc8,
envp=0x7fffffffdf10) at vl.c:4350
(gdb)
More information about the Spice-devel
mailing list