Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix race condition in VNC event queue #519

Merged
merged 1 commit into from
Mar 10, 2015
Merged

Fix race condition in VNC event queue #519

merged 1 commit into from
Mar 10, 2015

Conversation

mar-kolya
Copy link
Contributor

VNC plugin uses GQueue to store events. GQueue is not threadsafe
and needs protection when accessed from different threads.

The problem may be reproduced on original code by opening vnc
connection and quickly scrolling up and down some window. Eventually
session locks. This patch addresses this issues?

Signed-off-by: Nikolay Martynov [email protected]

@mar-kolya
Fix race condition in VNC event queue
9f3e14a 
VNC plugin uses GQueue to store events. GQueue is not threadsafe
and needs protection when accessed from different threads.

The problem may be reproduced on original code by opening vnc
connection and quickly scrolling up and down some window. Eventually
session locks. This patch addresses this issues?

Signed-off-by: Nikolay Martynov <[email protected]>
@giox069
Copy link
Contributor

giox069 commented Mar 10, 2015

Tested on Debian 7, is ok. I will test later in other OSes before merging.
I never noticed the lockups you described :) I will try with a slower client (Raspberry Pi) and see if I can reproduce.

@mar-kolya
Copy link
Contributor Author

The one I've described is a bit artificial although reproducible on quite fast laptop. I just open 'pluma', type in 2 pages of text and start scrolling up and down. :)

The ultimate issue I hope this patch would solve is remmina crashes with vnc connection running:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  magazine_chain_pop_head (magazine_chunks=0x7fb90c001c10) at /build/buildd/glib2.0-2.40.2/./glib/gslice.c:539
539 /build/buildd/glib2.0-2.40.2/./glib/gslice.c: No such file or directory.
(gdb) bt
#0  magazine_chain_pop_head (magazine_chunks=0x7fb90c001c10) at /build/buildd/glib2.0-2.40.2/./glib/gslice.c:539
#1  thread_memory_magazine1_alloc (tmem=<optimized out>, ix=1) at /build/buildd/glib2.0-2.40.2/./glib/gslice.c:842
#2  g_slice_alloc (mem_size=mem_size@entry=24) at /build/buildd/glib2.0-2.40.2/./glib/gslice.c:998
#3  0x00007fb9216d94f4 in g_list_append (list=list@entry=0xbece40, data=data@entry=0xfac540) at /build/buildd/glib2.0-2.40.2/./glib/glist.c:258
#4  0x00007fb9216d9ec3 in find_source_list_for_priority (context=0xc1c960, create=1, priority=200) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:991
#5  source_add_to_context (source=0x7fb90c94c0b0, context=0xc1c960) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:1005
#6  0x00007fb9216da029 in g_source_attach_unlocked (source=source@entry=0x7fb90c94c0b0, context=context@entry=0xc1c960, do_wakeup=do_wakeup@entry=1) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:1086
#7  0x00007fb9216dad28 in g_source_attach (source=0x7fb90c94c0b0, context=0xc1c960) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:1144
#8  0x00007fb9216ddc60 in g_idle_add_full (priority=200, function=0x7fb9219baea0, data=0xd300c0, notify=0x7fb9219ba9b0) at /build/buildd/glib2.0-2.40.2/./glib/gmain.c:5382
#9  0x00007fb9180b4312 in remmina_plugin_vnc_queue_draw_area (h=<optimized out>, w=2, y=210, x=761, gp=0xee36a0) at /build/buildd/remmina-1.0.0/remmina-plugins/vnc/vnc_plugin.c:646
#10 remmina_plugin_vnc_rfb_updatefb (cl=<optimized out>, x=761, y=210, w=2, h=17) at /build/buildd/remmina-1.0.0/remmina-plugins/vnc/vnc_plugin.c:755
#11 0x00007fb913df0a35 in HandleRFBServerMessage () from /usr/lib/x86_64-linux-gnu/libvncclient.so.0
#12 0x00007fb9180b4d58 in remmina_plugin_vnc_main_loop (gp=gp@entry=0xee36a0) at /build/buildd/remmina-1.0.0/remmina-plugins/vnc/vnc_plugin.c:1133
#13 0x00007fb9180b5d0a in remmina_plugin_vnc_main (gp=gp@entry=0xee36a0) at /build/buildd/remmina-1.0.0/remmina-plugins/vnc/vnc_plugin.c:1309
#14 0x00007fb9180b5da6 in remmina_plugin_vnc_main_thread (data=0xee36a0) at /build/buildd/remmina-1.0.0/remmina-plugins/vnc/vnc_plugin.c:1329
#15 0x00007fb920760182 in start_thread (arg=0x7fb911f49700) at pthread_create.c:312
#16 0x00007fb91fb1847d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

That one is caused by heap corruption which I think may be caused by unprotected access to queue.

So far it was working good.

giox069 added a commit that referenced this pull request Mar 10, 2015
@giox069
Merge pull request #519 from mar-kolya/fix-vnc-event-queue-race
b3e339e 
Fix race condition in VNC event queue
@giox069 giox069 merged commit b3e339e into FreeRDP:next Mar 10, 2015
@giox069
Copy link
Contributor

giox069 commented Mar 10, 2015

Thank you @mar-kolya.

giox069 added a commit that referenced this pull request Jul 10, 2015
@giox069
Merge pull request #519 from mar-kolya/fix-vnc-event-queue-race
c4f0566 
Fix race condition in VNC event queue
giox069 added a commit that referenced this pull request Jul 10, 2015
@giox069
Merge pull request #519 from mar-kolya/fix-vnc-event-queue-race
7c2218d 
Fix race condition in VNC event queue
giox069 added a commit that referenced this pull request Jul 10, 2015
@giox069
Merge pull request #519 from mar-kolya/fix-vnc-event-queue-race
f0d0b1e 
Fix race condition in VNC event queue
giox069 added a commit that referenced this pull request Jul 10, 2015
@giox069
Merge pull request #519 from mar-kolya/fix-vnc-event-queue-race
f1dcb80 
Fix race condition in VNC event queue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mar-kolya @giox069