[Spice-devel] [PATCH spice-gtk 2/2] channel: Abort migration in delayed unref
Pavel Grunt
pgrunt at redhat.com
Fri Apr 22 14:47:48 UTC 2016
When channel is unref'ed during migration migrate_channel_event_cb
is called causing a crash by coroutine yielding to nonexistent channel.
As comment in spice_channel_coroutine says:
Co-routine exits now - the SpiceChannel object may no longer exist,
so don't do anything else now unless you like SEGVs
Related: rhbz#1318574
---
src/spice-channel.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/spice-channel.c b/src/spice-channel.c
index 19237b3..7b0a3dc 100644
--- a/src/spice-channel.c
+++ b/src/spice-channel.c
@@ -2296,6 +2296,7 @@ static gboolean spice_channel_delayed_unref(gpointer data)
SpiceChannel *channel = SPICE_CHANNEL(data);
SpiceChannelPrivate *c = channel->priv;
gboolean was_ready = c->state == SPICE_CHANNEL_STATE_READY;
+ SpiceSession *session;
CHANNEL_DEBUG(channel, "Delayed unref channel %p", channel);
@@ -2303,6 +2304,13 @@ static gboolean spice_channel_delayed_unref(gpointer data)
c->state = SPICE_CHANNEL_STATE_UNCONNECTED;
+ session = spice_channel_get_session(channel);
+ if (spice_session_is_for_migration(session)) {
+ /* error during migration - abort migration */
+ spice_session_abort_migration(session);
+ return FALSE;
+ }
+
if (c->event != SPICE_CHANNEL_NONE) {
g_coroutine_signal_emit(channel, signals[SPICE_CHANNEL_EVENT], 0, c->event);
c->event = SPICE_CHANNEL_NONE;
--
2.8.1
More information about the Spice-devel
mailing list