[virt-tools-list] [virt-viewer 2/2] session: Don't hold VirtViewerDisplay refs on channel destroy

Christophe Fergeau cfergeau at redhat.com
Tue Nov 19 20:54:38 UTC 2013 

VirtViewerSessionSpice creates a reference-holding VirtViewerDisplay
array and associates it with the display SpiceChannel with
g_object_set_data(channel, "virt-viewer-displays").

When virt_viewer_session_spice_channel_destroy() is called and the display
channel is being destroyed, we should ensure these VirtViewerDisplay
references are dropped or the displays could outlive the session.

In my testing (start qemu with a f20 live cd, connect to it, when the
kernel has started booting and qxl is initialized (4 displays listed in the
display submenu), kill qemu), I was getting "invalid unclassed pointer in
cast to 'VirtViewerSessionSpice'" warnings through

    #0  0x00000035bac504e9 in g_logv (log_domain=0x35bb039aa4 "GLib-GObject",
        log_level=G_LOG_LEVEL_WARNING, format=<optimized out>,
        args=args at entry=0x7fffffffc7c0) at gmessages.c:989
    #1  0x00000035bac5063f in g_log (
        log_domain=log_domain at entry=0x35bb039aa4 "GLib-GObject",
        log_level=log_level at entry=G_LOG_LEVEL_WARNING,
        format=format at entry=0x35bb041010 "invalid unclassed pointer in cast to '%s'")
        at gmessages.c:1025
    #2  0x00000035bb032e09 in g_type_check_instance_cast (type_instance=0x665580,
        iface_type=<optimized out>) at gtype.c:4025
    #3  0x0000000000426e9f in get_main (self=0x894190) at virt-viewer-display-spice.c:92
    #4  0x0000000000426ece in show_hint_changed (self=0x894190)
        at virt-viewer-display-spice.c:100
    #5  0x00000035bb010298 in g_closure_invoke (closure=0x9f47c0,
        return_value=return_value at entry=0x0, n_param_values=2,
        param_values=param_values at entry=0x7fffffffcad0,
        invocation_hint=invocation_hint at entry=0x7fffffffca70) at gclosure.c:777
    #6  0x00000035bb02235d in signal_emit_unlocked_R (node=node at entry=0x651f60,
        detail=detail at entry=1782, instance=instance at entry=0x894190,
        emission_return=emission_return at entry=0x0,
        instance_and_params=instance_and_params at entry=0x7fffffffcad0) at gsignal.c:3586
    #7  0x00000035bb02a0f2 in g_signal_emit_valist (instance=<optimized out>,
        signal_id=<optimized out>, detail=<optimized out>,
        var_args=var_args at entry=0x7fffffffcc60) at gsignal.c:3330
    #8  0x00000035bb02a3af in g_signal_emit (instance=<optimized out>,
        signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
    #9  0x00000035bb014945 in g_object_dispatch_properties_changed (object=0x894190,
        n_pspecs=92, pspecs=0x0) at gobject.c:1047
    #10 0x00000035bb017019 in g_object_notify_by_spec_internal (pspec=<optimized out>,
        object=0x894190) at gobject.c:1141
    #11 g_object_notify (object=0x894190, property_name=<optimized out>) at gobject.c:1183
    #12 0x000000000041b617 in virt_viewer_display_set_show_hint (self=0x894190, mask=1,
        enable=0) at virt-viewer-display.c:659
    #13 0x000000000042712c in update_display_ready (self=0x894190)
        at virt-viewer-display-spice.c:156
    #14 0x00000035bb010298 in g_closure_invoke (closure=0x6ba480,
        return_value=return_value at entry=0x0, n_param_values=2,
        param_values=param_values at entry=0x7fffffffcfb0,
        invocation_hint=invocation_hint at entry=0x7fffffffcf50) at gclosure.c:777
    #15 0x00000035bb02235d in signal_emit_unlocked_R (node=node at entry=0x651f60,
        detail=detail at entry=1798, instance=instance at entry=0xa2c250,
        emission_return=emission_return at entry=0x0,
        instance_and_params=instance_and_params at entry=0x7fffffffcfb0) at gsignal.c:3586
    #16 0x00000035bb02a0f2 in g_signal_emit_valist (instance=<optimized out>,
        signal_id=<optimized out>, detail=<optimized out>,
        var_args=var_args at entry=0x7fffffffd140) at gsignal.c:3330
    #17 0x00000035bb02a3af in g_signal_emit (instance=<optimized out>,
        signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
    #18 0x00000035bb014945 in g_object_dispatch_properties_changed (object=0xa2c250,
        n_pspecs=92, pspecs=0x0) at gobject.c:1047
    #19 0x00000035bb017019 in g_object_notify_by_spec_internal (pspec=<optimized out>,
        object=0xa2c250) at gobject.c:1141
    #20 g_object_notify (object=0xa2c250, property_name=<optimized out>) at gobject.c:1183
    #21 0x00007ffff7044d9a in update_ready (display=0xa2c250) at spice-widget.c:257
    #22 0x00007ffff7044df0 in set_monitor_ready (self=0xa2c250, ready=0)
        at spice-widget.c:265
    #23 0x00007ffff7049bb3 in primary_destroy (channel=0x9f40b0, data=0xa2c250)
        at spice-widget.c:2131
    #24 0x00007ffff704afd5 in channel_destroy (s=0x892880, channel=0x9f40b0, data=0xa2c250)
        at spice-widget.c:2444
    #25 0x00000035bb010298 in g_closure_invoke (closure=0xa27850,
        return_value=return_value at entry=0x0, n_param_values=2,
        param_values=param_values at entry=0x7fffffffd570,
        invocation_hint=invocation_hint at entry=0x7fffffffd510) at gclosure.c:777
    #26 0x00000035bb02235d in signal_emit_unlocked_R (node=node at entry=0x7cf600,
        detail=detail at entry=0, instance=instance at entry=0x892880,
        emission_return=emission_return at entry=0x0,
        instance_and_params=instance_and_params at entry=0x7fffffffd570) at gsignal.c:3586
    #27 0x00000035bb02a0f2 in g_signal_emit_valist (instance=<optimized out>,
        signal_id=<optimized out>, detail=<optimized out>,
        var_args=var_args at entry=0x7fffffffd700) at gsignal.c:3330
    #28 0x00000035bb02a3af in g_signal_emit (instance=<optimized out>,
        signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3386
    #29 0x00007ffff6ceba87 in spice_session_channel_destroy (session=0x892880,
        channel=0x9f40b0) at spice-session.c:1923
    #30 0x00007ffff6cecf05 in spice_channel_dispose (gobject=0x9f40b0)
        at spice-channel.c:149
    #31 0x00007ffff6cf912c in spice_display_channel_dispose (object=0x9f40b0)
        at channel-display.c:136
    #32 0x00000035bb014ee8 in g_object_unref (_object=0x9f40b0) at gobject.c:3160
    #33 0x00007ffff6cf300c in spice_channel_delayed_unref (data=0x9f40b0)
        at spice-channel.c:2135
    #34 0x00000035bac492a6 in g_main_dispatch (context=0x67a6b0) at gmain.c:3066
    #35 g_main_context_dispatch (context=context at entry=0x67a6b0) at gmain.c:3642
    #36 0x00000035bac49628 in g_main_context_iterate (context=0x67a6b0,
        block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
        at gmain.c:3713
    #37 0x00000035bac49a3a in g_main_loop_run (loop=0x7baf60) at gmain.c:3907
    #38 0x00000035bfdaa2d5 in gtk_main () at gtkmain.c:1158
    #39 0x000000000042caf1 in main (argc=1, argv=0x7fffffffdc78) at remote-viewer-main.c:179

In that backtrace, the last ref to the VirtViewerDisplay instances is held by the
SpiceChannel:virt-viewer-displays object data which will only be released after
completion of spice_display_channel_dispose()
---
 src/virt-viewer-session-spice.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/virt-viewer-session-spice.c b/src/virt-viewer-session-spice.c
index 3c9e765..25a7f8c 100644
--- a/src/virt-viewer-session-spice.c
+++ b/src/virt-viewer-session-spice.c
@@ -776,6 +776,7 @@ virt_viewer_session_spice_channel_destroy(G_GNUC_UNUSED SpiceSession *s,
 
     if (SPICE_IS_DISPLAY_CHANNEL(channel)) {
         DEBUG_LOG("zap display channel (#%d)", id);
+        g_object_set_data(G_OBJECT(channel), "virt-viewer-displays", NULL);
     }
 
     if (SPICE_IS_PLAYBACK_CHANNEL(channel) && self->priv->audio) {
-- 
1.8.4.2

More information about the virt-tools-list mailing list