Hi On Tue, Feb 2, 2021 at 11:33 AM Pavel Dovgalyuk <pavel.dovgal...@ispras.ru> wrote:
> On 02.02.2021 10:27, Marc-André Lureau wrote: > > Hi > > > > On Tue, Feb 2, 2021 at 11:18 AM Pavel Dovgalyuk > > <pavel.dovgal...@ispras.ru <mailto:pavel.dovgal...@ispras.ru>> wrote: > > > > This patch checks that ioc is not null before > > using it in tcp socket tcp_chr_add_watch function. > > > > Signed-off-by: Pavel Dovgalyuk <pavel.dovgal...@ispras.ru > > <mailto:pavel.dovgal...@ispras.ru>> > > > > > > Do you have a backtrace or a reproducer when this happens? > > thanks > > Here is the backtrace: > > Thread 4 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. > [Switching to Thread 0x7ffff2506700 (LWP 64988)] > object_get_class (obj=obj@entry=0x0) at ../qom/object.c:999 > 999 return obj->class; > (gdb) bt > #0 object_get_class (obj=obj@entry=0x0) at ../qom/object.c:999 > #1 0x0000555555b70e26 in QIO_CHANNEL_GET_CLASS (obj=0x0) at > /home/pasha/ispras/qemu-test/include/io/channel.h:29 > #2 qio_channel_create_watch (ioc=0x0, condition=(G_IO_OUT | G_IO_HUP)) > at ../io/channel.c:281 > #3 0x0000555555c1bf9b in qemu_chr_fe_add_watch > (be=be@entry=0x555556981648, cond=cond@entry=(G_IO_OUT | G_IO_HUP), > func=func@entry=0x55555597f170 <serial_watch_cb>, > user_data=user_data@entry=0x5555569815a0) > at /home/pasha/ispras/qemu-test/include/chardev/char.h:229 > #4 0x000055555597f042 in serial_xmit (s=s@entry=0x5555569815a0) at > ../hw/char/serial.c:265 > #5 0x000055555597f437 in serial_ioport_write (opaque=0x5555569815a0, > addr=<optimized out>, val=91, size=<optimized out>) at > ../hw/char/serial.c:359 > Thanks, I don't understand how this could happen. serial_xmit: int rc = qemu_chr_fe_write(&s->chr, &s->tsr, 1); if ((rc == 0 || (rc == -1 && errno == EAGAIN)) && s->tsr_retry < MAX_XMIT_RETRY) { assert(s->watch_tag == 0); s->watch_tag = qemu_chr_fe_add_watch(&s->chr, G_IO_OUT | G_IO_HUP, serial_watch_cb, s); The watch is added only if fe_write() returned 0 || -1 with EAGAIN. But tcp_chr_write() should return -1 with EIO if the state is disconnected (and ioc is NULL), or other errors on disconnect. Can you provide a reproducer? thanks > > > > --- > > chardev/char-socket.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/chardev/char-socket.c b/chardev/char-socket.c > > index 213a4c8dd0..cef1d9438f 100644 > > --- a/chardev/char-socket.c > > +++ b/chardev/char-socket.c > > @@ -385,6 +385,9 @@ static ssize_t tcp_chr_recv(Chardev *chr, char > > *buf, size_t len) > > static GSource *tcp_chr_add_watch(Chardev *chr, GIOCondition cond) > > { > > SocketChardev *s = SOCKET_CHARDEV(chr); > > + if (!s->ioc) { > > + return NULL; > > + } > > return qio_channel_create_watch(s->ioc, cond); > > } > > > > > >
