Bug 208025 - Paravirt framebuffer daemon crashes due to not handling SIGPIPE
Paravirt framebuffer daemon crashes due to not handling SIGPIPE
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: xen (Show other bugs)
rawhide
All Linux
medium Severity high
: ---
: ---
Assigned To: Markus Armbruster
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-25 17:18 EDT by Daniel Berrange
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-09-28 17:53:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Ignore sigpipe in xenfb-vnc (695 bytes, patch)
2006-09-27 09:47 EDT, Daniel Berrange
no flags Details | Diff

  None (edit)
Description Daniel Berrange 2006-09-25 17:18:08 EDT
Description of problem:
If you disconnect a VNC client program from the paravirt framebuffer, when the
server is in the middle of writing data to the client the server daemon will
crash. Tracing this in GDB shows that it is receiving SIGPIPE in the
rfbWriteExact call, and since it has not set SIGPIPE handler to SIG_IGN this
terminates the daemon.

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 1105209664 (LWP 1069)]
0x0000003e14c0cb7b in __write_nocancel () from /lib64/libpthread.so.0
(gdb) bt
#0  0x0000003e14c0cb7b in __write_nocancel () from /lib64/libpthread.so.0
#1  0x000000000040c7ed in rfbWriteExact (cl=<value optimized out>, buf=0x86ac14
"", len=20092)
    at sockets.c:541
#2  0x0000000000405b4f in rfbSendUpdateBuf (cl=0x868930) at rfbserver.c:3005
#3  0x00000000004062ad in rfbSendRectEncodingRaw (cl=0x868930, x=<value
optimized out>, 
    y=<value optimized out>, w=800, h=51) at rfbserver.c:2906
#4  0x000000000040760e in rfbSendFramebufferUpdate (cl=0x868930, 
    givenUpdateRegion=<value optimized out>) at rfbserver.c:2731
#5  0x000000000040501f in clientOutput (data=<value optimized out>) at main.c:477
#6  0x0000003e14c06305 in start_thread () from /lib64/libpthread.so.0
#7  0x0000000000000000 in ?? ()


Version-Release number of selected component (if applicable):
xen-3.0.2-33

How reproducible:
Tricky, but doable if you put the vnc client on a very slow link & force it to
use the very slow/inefficient raw encoding.

Steps to Reproduce:
1. Run vncviewer connecting to a paravirt guest, using RAW encoding over a
distant/slow link
2. While it is in the middle of receiving the initial frame buffer data, kill
the viewer
3.
  
Actual results:
The server daemon dies with SIGPIPE

Expected results:
The server daemon handles write() failure by closing & free'ing up client connection

Additional info:
Comment 1 Daniel Berrange 2006-09-27 09:47:09 EDT
Created attachment 137221 [details]
Ignore sigpipe in xenfb-vnc
Comment 2 Jeremy Katz 2006-09-27 13:52:56 EDT
Seems reasonable to me, fwiw
Comment 3 Daniel Berrange 2006-09-28 17:53:58 EDT
Pushed to rawhide in xen-3.0.2-39

Note You need to log in before you can comment on or make changes to this bug.