From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33428)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john.liuli@huawei.com>) id 1XMVMQ-0007Qh-CJ
	for qemu-devel@nongnu.org; Wed, 27 Aug 2014 01:01:35 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <john.liuli@huawei.com>) id 1XMVMK-0000QG-QE
	for qemu-devel@nongnu.org; Wed, 27 Aug 2014 01:01:30 -0400
Received: from szxga01-in.huawei.com ([119.145.14.64]:25960)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john.liuli@huawei.com>) id 1XMVMJ-0000OR-Uc
	for qemu-devel@nongnu.org; Wed, 27 Aug 2014 01:01:24 -0400
From: "john.liuli" <john.liuli@huawei.com>
Date: Wed, 27 Aug 2014 13:00:51 +0800
Message-ID: <1409115651-3612-1-git-send-email-john.liuli@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain
Subject: [Qemu-devel] [PATCH] qemu-char: fix terminal crash when using
	"-monitor stdio -nographic"
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: aliguori@amazon.com
Cc: Li Liu <john.liuli@huawei.com>, qemu-devel@nongnu.org

From: Li Liu <john.liuli@huawei.com>

Eeay to reproduce, just try "qemu -monitor stdio -nographic"
and type "quit", then the terminal will be crashed.

There are two pathes try to call tcgetattr of stdio in vl.c:

1) Monitor_parse(optarg, "readline");
   .....
   qemu_opts_foreach(qemu_find_opts("chardev"),
                     chardev_init_func, NULL, 1) != 0)

2) if (default_serial)
   add_device_config(DEV_SERIAL, "stdio");
   ....
   if (foreach_device_config(DEV_SERIAL, serial_parse) < 0)

Both of them will trigger qemu_chr_open_stdio which will disable
ECHO attributes. First one has updated the attributes of stdio
by calling qemu_chr_fe_set_echo(chr, false). And the tty
attributes has been saved in oldtty. Then the second path will
redo such actions, and the oldtty is overlapped. So till "quit",
term_exit can't recove the correct attributes.

Signed-off-by: Li Liu <john.liuli@huawei.com>
---
 qemu-char.c |   14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index d4f327a..941eb3e 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -1017,6 +1017,7 @@ static CharDriverState *qemu_chr_open_pipe(ChardevHostdev *opts)
 /* init terminal so that we can grab keys */
 static struct termios oldtty;
 static int old_fd0_flags;
+static bool stdio_is_ready;
 static bool stdio_allow_signal;
 
 static void term_exit(void)
@@ -1060,10 +1061,15 @@ static CharDriverState *qemu_chr_open_stdio(ChardevStdio *opts)
         error_report("cannot use stdio with -daemonize");
         return NULL;
     }
-    old_fd0_flags = fcntl(0, F_GETFL);
-    tcgetattr (0, &oldtty);
-    qemu_set_nonblock(0);
-    atexit(term_exit);
+
+    if (!stdio_is_ready) {
+        stdio_is_ready = true;
+
+        old_fd0_flags = fcntl(0, F_GETFL);
+        tcgetattr(0, &oldtty);
+        qemu_set_nonblock(0);
+        atexit(term_exit);
+    }
 
     chr = qemu_chr_open_fd(0, 1);
     chr->chr_close = qemu_chr_close_stdio;
-- 
1.7.9.5