Description of problem: If you disconnect a VNC client program from the paravirt framebuffer, when the server is in the middle of writing data to the client the server daemon will crash. Tracing this in GDB shows that it is receiving SIGPIPE in the rfbWriteExact call, and since it has not set SIGPIPE handler to SIG_IGN this terminates the daemon. Program received signal SIGPIPE, Broken pipe. [Switching to Thread 1105209664 (LWP 1069)] 0x0000003e14c0cb7b in __write_nocancel () from /lib64/libpthread.so.0 (gdb) bt #0 0x0000003e14c0cb7b in __write_nocancel () from /lib64/libpthread.so.0 #1 0x000000000040c7ed in rfbWriteExact (cl=<value optimized out>, buf=0x86ac14 "", len=20092) at sockets.c:541 #2 0x0000000000405b4f in rfbSendUpdateBuf (cl=0x868930) at rfbserver.c:3005 #3 0x00000000004062ad in rfbSendRectEncodingRaw (cl=0x868930, x=<value optimized out>, y=<value optimized out>, w=800, h=51) at rfbserver.c:2906 #4 0x000000000040760e in rfbSendFramebufferUpdate (cl=0x868930, givenUpdateRegion=<value optimized out>) at rfbserver.c:2731 #5 0x000000000040501f in clientOutput (data=<value optimized out>) at main.c:477 #6 0x0000003e14c06305 in start_thread () from /lib64/libpthread.so.0 #7 0x0000000000000000 in ?? () Version-Release number of selected component (if applicable): xen-3.0.2-33 How reproducible: Tricky, but doable if you put the vnc client on a very slow link & force it to use the very slow/inefficient raw encoding. Steps to Reproduce: 1. Run vncviewer connecting to a paravirt guest, using RAW encoding over a distant/slow link 2. While it is in the middle of receiving the initial frame buffer data, kill the viewer 3. Actual results: The server daemon dies with SIGPIPE Expected results: The server daemon handles write() failure by closing & free'ing up client connection Additional info:
Created attachment 137221 [details] Ignore sigpipe in xenfb-vnc
Seems reasonable to me, fwiw
Pushed to rawhide in xen-3.0.2-39