[PATCHv2 22/22] usb: keep USB context alive as long as channels exist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It was assumed the session would remain alive as long as channel
existed, so USB context would be valid too. Now that channels
are removed from session, USB context may be destroyed before
channels. This produces invalid read/write on USB context.
Make sure the context is alive as long as USB channels are by
adding a reference on USB manager.

==6939== Invalid write of size 4
==6939==    at 0x394B604482: libusb_set_debug (core.c:1850)
==6939==    by 0x3953A063D5: usbredirhost_open_full (usbredirhost.c:741)
==6939==    by 0x4EC7E2F:
spice_usbredir_channel_set_context (channel-usbredir.c:212)
==6939==    by 0x4EC7AB6:
spice_usbredir_channel_reset (channel-usbredir.c:125)
==6939==    by 0x4EACCDC: spice_channel_reset (spice-channel.c:2621)
==6939==    by 0x4EACDB4: channel_disconnect (spice-channel.c:2640)
==6939==    by 0x4EAC28F: spice_channel_coroutine (spice-channel.c:2423)
==6939==    by 0x4EE8B1C: coroutine_trampoline (coroutine_ucontext.c:63)
==6939==    by 0x4EE87D6: continuation_trampoline (continuation.c:55)
==6939==    by 0x3928247FEF: ??? (in /usr/lib64/libc-2.20.so)
==6939==    by 0x51E36FF: ??? (in
/usr/local/stow/spice-gtk/lib/libspice-client-glib-2.0.so.8.5.0)
==6939==    by 0xCF0C18F: ???
==6939==  Address 0xff15f90 is 0 bytes inside a block of size 536 free'd
==6939==    at 0x4A07CE9: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==6939==    by 0x394B606466: libusb_exit (core.c:2041)
==6939==    by 0x4ECC590: spice_usb_device_manager_finalize (usb-device-manager.c:371)
---
 gtk/usb-device-manager.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gtk/usb-device-manager.c b/gtk/usb-device-manager.c
index 7b27516..7a9fdc7 100644
--- a/gtk/usb-device-manager.c
+++ b/gtk/usb-device-manager.c
@@ -767,6 +767,14 @@ static void channel_new(SpiceSession *session, SpiceChannel *channel,
     g_ptr_array_add(self->priv->channels, channel);
 
     spice_usb_device_manager_check_redir_on_connect(self, channel);
+
+    /*
+     * add a reference to ourself, to make sure the context is alive
+     * as long as channel is.
+     * TODO: moving to Gusb could help here too.
+     */
+    g_object_ref(self);
+    g_object_weak_ref(G_OBJECT(channel), (GWeakNotify)g_object_unref, self);
 }
 
 static void channel_destroy(SpiceSession *session, SpiceChannel *channel,
-- 
2.1.0

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]