[Qemu-devel] [PATCH] server: don't call reds_stream_free from worker thread context

Fri, 02 Sep 2011 08:20:34 -0700 

reds_stream_free() may call the channel_event callback which is not
supposed to be callsed from worker thread context.  This patch moves
the reds_stream_free call for the display channel from the worker to
the dispatcher to fix this issue.

[ Note: not tested yet, against 0.8 branch, sending out for review &
        comments nevertheless ]

Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
---
 server/red_dispatcher.c |    5 +++++
 server/red_worker.c     |    3 +--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/server/red_dispatcher.c b/server/red_dispatcher.c
index f74b13e..801a575 100644
--- a/server/red_dispatcher.c
+++ b/server/red_dispatcher.c
@@ -51,6 +51,7 @@ struct RedDispatcher {
     int y_res;
     int use_hardware_cursor;
     RedDispatcher *next;
+    RedsStream *stream;
     RedWorkerMessage async_message;
     pthread_mutex_t  async_lock;
     QXLDevSurfaceCreate surface_create;
@@ -81,6 +82,7 @@ static void red_dispatcher_set_peer(Channel *channel, 
RedsStream *stream, int mi
 
     red_printf("");
     dispatcher = (RedDispatcher *)channel->data;
+    dispatcher->stream = stream;
     RedWorkerMessage message = RED_WORKER_MESSAGE_DISPLAY_CONNECT;
     write_message(dispatcher->channel, &message);
     send_data(dispatcher->channel, &stream, sizeof(RedsStream *));
@@ -93,6 +95,9 @@ static void red_dispatcher_shutdown_peer(Channel *channel)
     red_printf("");
     RedWorkerMessage message = RED_WORKER_MESSAGE_DISPLAY_DISCONNECT;
     write_message(dispatcher->channel, &message);
+    read_message(dispatcher->channel, &message);
+    ASSERT(message == RED_WORKER_MESSAGE_READY);
+    reds_stream_free(dispatcher->stream);
 }
 
 static void red_dispatcher_migrate(Channel *channel)
diff --git a/server/red_worker.c b/server/red_worker.c
index 5f07803..f77b0f2 100644
--- a/server/red_worker.c
+++ b/server/red_worker.c
@@ -8486,8 +8486,6 @@ static void red_disconnect_channel(RedChannel *channel)
 {
     channel_release_res(channel);
     red_pipe_clear(channel);
-    reds_stream_free(channel->stream);
-    channel->stream = NULL;
     channel->send_data.blocked = FALSE;
     channel->send_data.size = channel->send_data.pos = 0;
     spice_marshaller_reset(channel->send_data.marshaller);
@@ -10060,6 +10058,7 @@ static void handle_dev_input(EventListener *listener, 
uint32_t events)
     case RED_WORKER_MESSAGE_CURSOR_DISCONNECT:
         red_printf("cursor disconnect");
         red_disconnect_cursor((RedChannel *)worker->cursor_channel);
+        write_ready = 1;
         break;
     case RED_WORKER_MESSAGE_CURSOR_MIGRATE:
         red_printf("cursor migrate");
-- 
1.7.1

Reply via email to