[spice-server 1/2] cursor: Delay release of QXL guest cursor resources

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

There's an implicit API/ABI contract between QEMU and SPICE that SPICE
will keep the guest QXL resources alive as long as QEMU can hold a
pointer to them. This implicit contract was broken in 1c6e7cf7 "Release
cursor as soon as possible", causing crashes at migration time.
While the proper fix would be in QEMU so that spice-server does not need
to have that kind of knowledge regarding QEMU internal implementation,
this commit reverts to the pre-1c6e7cf7 behaviour to avoid a regression
while QEMU is being fixed.

This version of the fix is based on a suggestion from Frediano Ziglio.

https://bugzilla.redhat.com/show_bug.cgi?id=1540919

Signed-off-by: Christophe Fergeau <cfergeau@xxxxxxxxxx>
---
 server/red-parse-qxl.c | 3 +++
 server/red-parse-qxl.h | 1 +
 server/red-worker.c    | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/red-parse-qxl.c b/server/red-parse-qxl.c
index d0e7eb718..ebd7dcee7 100644
--- a/server/red-parse-qxl.c
+++ b/server/red-parse-qxl.c
@@ -1497,4 +1497,7 @@ void red_put_cursor_cmd(RedCursorCmd *red)
         red_put_cursor(&red->u.set.shape);
         break;
     }
+    if (red->qxl) {
+        red_qxl_release_resource(red->qxl, red->release_info_ext);
+    }
 }
diff --git a/server/red-parse-qxl.h b/server/red-parse-qxl.h
index 4a576ca07..f0407b54a 100644
--- a/server/red-parse-qxl.h
+++ b/server/red-parse-qxl.h
@@ -99,6 +99,7 @@ typedef struct RedSurfaceCmd {
 } RedSurfaceCmd;
 
 typedef struct RedCursorCmd {
+    QXLInstance *qxl;
     QXLReleaseInfoExt release_info_ext;
     uint8_t type;
     union {
diff --git a/server/red-worker.c b/server/red-worker.c
index 387f500e8..eb927f3e0 100644
--- a/server/red-worker.c
+++ b/server/red-worker.c
@@ -118,7 +118,7 @@ static gboolean red_process_cursor_cmd(RedWorker *worker, const QXLCommandExt *e
         g_free(cursor_cmd);
         return FALSE;
     }
-    red_qxl_release_resource(worker->qxl, cursor_cmd->release_info_ext);
+    cursor_cmd->qxl = worker->qxl;
     cursor_channel_process_cmd(worker->cursor_channel, cursor_cmd);
     return TRUE;
 }
-- 
2.14.3

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]