This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes

Bug 208025

Summary: Paravirt framebuffer daemon crashes due to not handling SIGPIPE
Product: [Fedora] Fedora Reporter: Daniel Berrange <berrange>
Component: xenAssignee: Markus Armbruster <armbru>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: bstein, katzj
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-28 17:53:58 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
Ignore sigpipe in xenfb-vnc none

Description Daniel Berrange 2006-09-25 17:18:08 EDT
Description of problem:
If you disconnect a VNC client program from the paravirt framebuffer, when the
server is in the middle of writing data to the client the server daemon will
crash. Tracing this in GDB shows that it is receiving SIGPIPE in the
rfbWriteExact call, and since it has not set SIGPIPE handler to SIG_IGN this
terminates the daemon.

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 1105209664 (LWP 1069)]
0x0000003e14c0cb7b in __write_nocancel () from /lib64/libpthread.so.0
(gdb) bt
#0  0x0000003e14c0cb7b in __write_nocancel () from /lib64/libpthread.so.0
#1  0x000000000040c7ed in rfbWriteExact (cl=<value optimized out>, buf=0x86ac14
"", len=20092)
    at sockets.c:541
#2  0x0000000000405b4f in rfbSendUpdateBuf (cl=0x868930) at rfbserver.c:3005
#3  0x00000000004062ad in rfbSendRectEncodingRaw (cl=0x868930, x=<value
optimized out>, 
    y=<value optimized out>, w=800, h=51) at rfbserver.c:2906
#4  0x000000000040760e in rfbSendFramebufferUpdate (cl=0x868930, 
    givenUpdateRegion=<value optimized out>) at rfbserver.c:2731
#5  0x000000000040501f in clientOutput (data=<value optimized out>) at main.c:477
#6  0x0000003e14c06305 in start_thread () from /lib64/libpthread.so.0
#7  0x0000000000000000 in ?? ()


Version-Release number of selected component (if applicable):
xen-3.0.2-33

How reproducible:
Tricky, but doable if you put the vnc client on a very slow link & force it to
use the very slow/inefficient raw encoding.

Steps to Reproduce:
1. Run vncviewer connecting to a paravirt guest, using RAW encoding over a
distant/slow link
2. While it is in the middle of receiving the initial frame buffer data, kill
the viewer
3.
  
Actual results:
The server daemon dies with SIGPIPE

Expected results:
The server daemon handles write() failure by closing & free'ing up client connection

Additional info:
Comment 1 Daniel Berrange 2006-09-27 09:47:09 EDT
Created attachment 137221 [details]
Ignore sigpipe in xenfb-vnc
Comment 2 Jeremy Katz 2006-09-27 13:52:56 EDT
Seems reasonable to me, fwiw
Comment 3 Daniel Berrange 2006-09-28 17:53:58 EDT
Pushed to rawhide in xen-3.0.2-39