From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Markus Armbruster" <armbru@redhat.com>,
"Richard Henderson" <richard.henderson@linaro.org>,
"Philippe Mathieu-Daudé" <philmd@linaro.org>,
devel@lists.libvirt.org, qemu-rust@nongnu.org,
"Dr. David Alan Gilbert" <dave@treblig.org>,
"Gerd Hoffmann" <kraxel@redhat.com>,
"Christian Schoenebeck" <qemu_oss@crudebyte.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Manos Pitsidianakis" <manos.pitsidianakis@linaro.org>,
"Eduardo Habkost" <eduardo@habkost.net>,
"Pierrick Bouvier" <pierrick.bouvier@linaro.org>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Stefan Weil" <sw@weilnetz.de>
Subject: [PULL 04/27] io: fix cleanup for websock I/O source data on cancellation
Date: Thu, 5 Mar 2026 17:47:20 +0000 [thread overview]
Message-ID: <20260305174743.3084606-5-berrange@redhat.com> (raw)
In-Reply-To: <20260305174743.3084606-1-berrange@redhat.com>
The websock code will create a GSource for tracking completion of the
handshake process, passing a QIOTask which is freed by the callback
when it completes, which means when a source is cancelled, nothing is
free'ing the task.
Switch to provide a data free callback to the GSource, which ensures
the QIOTask is always freed even when the main event callback never
fires.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/3114
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
io/channel-websock.c | 49 +++++++++++++++++++++++++++++++-------------
1 file changed, 35 insertions(+), 14 deletions(-)
diff --git a/io/channel-websock.c b/io/channel-websock.c
index 100faba6b3..9902b014f7 100644
--- a/io/channel-websock.c
+++ b/io/channel-websock.c
@@ -526,11 +526,32 @@ static int qio_channel_websock_handshake_read(QIOChannelWebsock *ioc,
return 1;
}
+typedef struct QIOChannelWebsockData {
+ QIOTask *task;
+} QIOChannelWebsockData;
+
+static void qio_channel_websock_data_free(gpointer user_data)
+{
+ QIOChannelWebsockData *data = user_data;
+ /*
+ * Usually 'task' will be NULL since the GSource
+ * callback will either complete the task or pass
+ * it on to a new GSource. We'll see a non-NULL
+ * task here only if the GSource was released before
+ * its callback triggers
+ */
+ if (data->task) {
+ qio_task_free(data->task);
+ }
+ g_free(data);
+}
+
static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
GIOCondition condition,
gpointer user_data)
{
- QIOTask *task = user_data;
+ QIOChannelWebsockData *data = user_data;
+ QIOTask *task = data->task;
QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(
qio_task_get_source(task));
Error *err = NULL;
@@ -545,7 +566,6 @@ static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
trace_qio_channel_websock_handshake_fail(ioc, error_get_pretty(err));
qio_task_set_error(task, err);
qio_task_complete(task);
- qio_task_free(task);
wioc->hs_io_tag = 0;
return FALSE;
}
@@ -562,7 +582,6 @@ static gboolean qio_channel_websock_handshake_send(QIOChannel *ioc,
trace_qio_channel_websock_handshake_complete(ioc);
qio_task_complete(task);
}
- qio_task_free(task);
wioc->hs_io_tag = 0;
return FALSE;
}
@@ -574,7 +593,8 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
GIOCondition condition,
gpointer user_data)
{
- QIOTask *task = user_data;
+ QIOChannelWebsockData *data = user_data, *newdata = NULL;
+ QIOTask *task = data->task;
QIOChannelWebsock *wioc = QIO_CHANNEL_WEBSOCK(
qio_task_get_source(task));
Error *err = NULL;
@@ -590,7 +610,6 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
trace_qio_channel_websock_handshake_fail(ioc, error_get_pretty(err));
qio_task_set_error(task, err);
qio_task_complete(task);
- qio_task_free(task);
wioc->hs_io_tag = 0;
return FALSE;
}
@@ -603,12 +622,14 @@ static gboolean qio_channel_websock_handshake_io(QIOChannel *ioc,
error_propagate(&wioc->io_err, err);
trace_qio_channel_websock_handshake_reply(ioc);
+ newdata = g_new0(QIOChannelWebsockData, 1);
+ newdata->task = g_steal_pointer(&data->task);
wioc->hs_io_tag = qio_channel_add_watch(
wioc->master,
G_IO_OUT,
qio_channel_websock_handshake_send,
- task,
- NULL);
+ newdata,
+ qio_channel_websock_data_free);
return FALSE;
}
@@ -904,12 +925,12 @@ void qio_channel_websock_handshake(QIOChannelWebsock *ioc,
gpointer opaque,
GDestroyNotify destroy)
{
- QIOTask *task;
+ QIOChannelWebsockData *data = g_new0(QIOChannelWebsockData, 1);
- task = qio_task_new(OBJECT(ioc),
- func,
- opaque,
- destroy);
+ data->task = qio_task_new(OBJECT(ioc),
+ func,
+ opaque,
+ destroy);
trace_qio_channel_websock_handshake_start(ioc);
trace_qio_channel_websock_handshake_pending(ioc, G_IO_IN);
@@ -917,8 +938,8 @@ void qio_channel_websock_handshake(QIOChannelWebsock *ioc,
ioc->master,
G_IO_IN,
qio_channel_websock_handshake_io,
- task,
- NULL);
+ data,
+ qio_channel_websock_data_free);
}
--
2.53.0
next prev parent reply other threads:[~2026-03-05 17:49 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-05 17:47 [PULL v2 00/27] Misc patches queue Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 01/27] scripts: detect another GPL license boilerplate variant Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 02/27] io: separate freeing of tasks from marking them as complete Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 03/27] io: fix cleanup for TLS I/O source data on cancellation Daniel P. Berrangé
2026-03-05 17:47 ` Daniel P. Berrangé [this message]
2026-03-05 17:47 ` [PULL 05/27] docs: simplify DiamondRapids CPU docs Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 06/27] qemu-options: remove extraneous [] around arg values Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 07/27] include: define constant for early constructor priority Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 08/27] monitor: initialize global data from a constructor Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 09/27] system: unconditionally enable thread naming Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 10/27] util: fix race setting thread name on Win32 Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 11/27] util: expose qemu_thread_set_name Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 12/27] audio: make jackaudio use qemu_thread_set_name Daniel P. Berrangé
2026-03-07 11:37 ` Philippe Mathieu-Daudé
2026-03-05 17:47 ` [PULL 13/27] util: set the name for the 'main' thread on Windows Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 14/27] util: add API to fetch the current thread name Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 15/27] util: introduce some API docs for logging APIs Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 16/27] util: avoid repeated prefix on incremental qemu_log calls Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 17/27] util/log: add missing error reporting in qemu_log_trylock_with_err Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 18/27] ui: add proper error reporting for password changes Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 19/27] ui: remove redundant use of error_printf_unless_qmp() Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 20/27] monitor: remove redundant error_[v]printf_unless_qmp Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 21/27] monitor: refactor error_vprintf() Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 22/27] monitor: move error_vprintf back to error-report.c Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 23/27] util: fix interleaving of error & trace output Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 24/27] util: don't skip error prefixes when QMP is active Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 25/27] util: fix interleaving of error prefixes Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 26/27] scripts/checkpatch: Fix MAINTAINERS update warning with --terse Daniel P. Berrangé
2026-03-05 17:47 ` [PULL 27/27] util/oslib-posix: increase memprealloc thread count to 32 Daniel P. Berrangé
2026-03-06 9:49 ` [PULL v2 00/27] Misc patches queue Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260305174743.3084606-5-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=dave@treblig.org \
--cc=devel@lists.libvirt.org \
--cc=eduardo@habkost.net \
--cc=kraxel@redhat.com \
--cc=manos.pitsidianakis@linaro.org \
--cc=marcandre.lureau@redhat.com \
--cc=pbonzini@redhat.com \
--cc=philmd@linaro.org \
--cc=pierrick.bouvier@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-rust@nongnu.org \
--cc=qemu_oss@crudebyte.com \
--cc=richard.henderson@linaro.org \
--cc=sw@weilnetz.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox