qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] qxl: Fix race on accessing cursor in struct SimpleSpiceD

From: Philippe Mathieu-Daudé
Subject: Re: [PATCH 2/2] qxl: Fix race on accessing cursor in struct SimpleSpiceDisplay
Date: Fri, 20 Dec 2024 11:41:19 +0100
User-agent: Mozilla Thunderbird 
Hi Hyman,

On 19/12/24 19:46, Hyman Huang wrote:

Both the spice server and the qemu (iothread/main loop) context
can access the cursor field in struct SimpleSpiceDisplay.

Add the mutex lock before accessing cursor in
qxl_spice_reset_cursor().

Signed-off-by: Hyman Huang <yong.huang@smartx.com>
---
  hw/display/qxl.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/hw/display/qxl.c b/hw/display/qxl.c
index ae2d983299..d1fbeb65cf 100644
--- a/hw/display/qxl.c
+++ b/hw/display/qxl.c
@@ -298,10 +298,12 @@ void qxl_spice_reset_cursor(PCIQXLDevice *qxl)
      qemu_mutex_lock(&qxl->track_lock);
      qxl->guest_cursor = 0;
      qemu_mutex_unlock(&qxl->track_lock);
+    qemu_mutex_lock(&qxl->ssd.lock);
      if (qxl->ssd.cursor) {
          cursor_unref(qxl->ssd.cursor);
      }
      qxl->ssd.cursor = cursor_builtin_hidden();
+    qemu_mutex_unlock(&qxl->ssd.lock);
  }


Alternatively convert to use WITH_QEMU_LOCK_GUARD() from
"qemu/lockable.h".

Regards,

Phil.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]