From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:41173) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TBslF-0001BX-T1 for qemu-devel@nongnu.org; Wed, 12 Sep 2012 15:38:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TBslE-0003Lg-Hd for qemu-devel@nongnu.org; Wed, 12 Sep 2012 15:38:09 -0400 Received: from e35.co.us.ibm.com ([32.97.110.153]:52173) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TBslE-0003LT-9z for qemu-devel@nongnu.org; Wed, 12 Sep 2012 15:38:08 -0400 Received: from /spool/local by e35.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 12 Sep 2012 13:38:06 -0600 Received: from d03relay02.boulder.ibm.com (d03relay02.boulder.ibm.com [9.17.195.227]) by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id 24F8DC40006 for ; Wed, 12 Sep 2012 13:37:39 -0600 (MDT) Received: from d03av06.boulder.ibm.com (d03av06.boulder.ibm.com [9.17.195.245]) by d03relay02.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q8CJbBtM183768 for ; Wed, 12 Sep 2012 13:37:16 -0600 Received: from d03av06.boulder.ibm.com (loopback [127.0.0.1]) by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q8CJcbfd010857 for ; Wed, 12 Sep 2012 13:38:38 -0600 From: Anthony Liguori In-Reply-To: <20120912183435.GC9668@rhmail.home.annexia.org> References: <1346871696-8150-1-git-send-email-aliguori@us.ibm.com> <20120912183435.GC9668@rhmail.home.annexia.org> Date: Wed, 12 Sep 2012 14:37:04 -0500 Message-ID: <87ehm7dodb.fsf@codemonkey.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [Qemu-devel] [PATCH] socket: don't attempt to reconnect a TCP socket in server mode List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Richard W.M. Jones" Cc: pbonzini@redhat.com, qemu-devel@nongnu.org, Lei Li "Richard W.M. Jones" writes: > On Wed, Sep 05, 2012 at 02:01:36PM -0500, Anthony Liguori wrote: >> Commit c3767ed0eb5d0bb25fe409ae5dec06e3411ff1b6 introduced a possible SEGV when >> using a socket chardev with server=on because it assumes that all TCP sockets >> are in client mode. >> >> This patch adds a check to only reconnect when in client mode. >> >> Cc: Lei Li >> Reported-by: Michael Roth >> Signed-off-by: Anthony Liguori >> --- >> qemu-char.c | 4 +++- >> 1 files changed, 3 insertions(+), 1 deletions(-) >> >> diff --git a/qemu-char.c b/qemu-char.c >> index 398baf1..767da93 100644 >> --- a/qemu-char.c >> +++ b/qemu-char.c >> @@ -2148,10 +2148,12 @@ static int tcp_chr_write(CharDriverState *chr, const uint8_t *buf, int len) >> TCPCharDriver *s = chr->opaque; >> if (s->connected) { >> return send_all(s->fd, buf, len); >> - } else { >> + } else if (s->listen_fd == -1) { >> /* (Re-)connect for unconnected writing */ >> tcp_chr_connect(chr); >> return 0; >> + } else { >> + return len; >> } >> } > > Hi Anthony, > > I just came around this patch when I was trying to fix this > bug: https://bugzilla.redhat.com/show_bug.cgi?id=853408 > qemu segfaults when trying to write to a serial socket which > is *not* a server socket and has been closed by the other end. > > Unfortunately your patch above does not fix it. Only a > complete revert of c3767ed0eb5d0 fixes it. > > I don't understand the purpose of c3767ed0eb5d0 at all. It > seems to set the s->connected flag and carries on regardless, > happily calling write (-1, ...), which is completely broken. > > The other end closed the socket. There's no one listening on the > other end, and setting the s->connected flag will not help that. You're 100% correct. I was only attempting to fix the server SEGV, I didn't notice that client was hopelessly broken too. Will send a patch reverting both commits. Regards, Anthony Liguori > > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming blog: http://rwmj.wordpress.com > Fedora now supports 80 OCaml packages (the OPEN alternative to F#) > http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora