qrexec: fix deadlock in qrexec-client

When VM-VM qrexec service is called, two qrexec-clients are connected in dom0. If both VMs are sending data simultaneously it can happen that both qrexec-client processes will call write(2) and none of them will be reading -> deadlock. Solve it by handling I/O in two separate threads (one for reading from VM, another for writing), at any time qrexec-client is ready to accept data from either direction.
10 years ago · 79abec9038
parent 6ab53c9456
commit 79abec9038
2 changed files with 17 additions and 21 deletions
--- a/qrexec/Makefile
+++ b/qrexec/Makefile
@ -7,6 +7,6 @@ all: qrexec-daemon qrexec-client
 qrexec-daemon: qrexec-daemon.o
 	$(CC) -pie -g -o qrexec-daemon qrexec-daemon.o $(LIBS)
 qrexec-client: qrexec-client.o
-	$(CC) -pie -g -o qrexec-client qrexec-client.o $(LIBS)
+	$(CC) -pie -g -o qrexec-client qrexec-client.o $(LIBS) -lpthread
 clean:
 	rm -f *.o *~ qrexec-daemon qrexec-client
--- a/qrexec/qrexec-client.c
+++ b/qrexec/qrexec-client.c
@ -27,6 +27,7 @@
 #include <unistd.h>
 #include <sys/wait.h>
 #include <errno.h>
+#include <pthread.h>
 #include "qrexec.h"
 #include "libqrexec-utils.h"

@ -225,30 +226,25 @@ void handle_daemon_only_until_writable(int s)
 	} while (!FD_ISSET(s, &wrset));
 }

+void *input_process_loop(void *arg) {
+	int s = *(int*)arg;
+	while (local_stdout_fd != -1)
+		handle_input(s);
+	return NULL;
+}
+
+
 void select_loop(int s)
 {
-	fd_set select_set;
-	int max;
+	pthread_t input_thread;
+	if (pthread_create(&input_thread, NULL, input_process_loop, &s) != 0) {
+		perror("pthread_create");
+		do_exit(1);
+	}
 	for (;;) {
-		handle_daemon_only_until_writable(s);
-		FD_ZERO(&select_set);
-		FD_SET(s, &select_set);
-		max = s;
-		if (local_stdout_fd != -1) {
-			FD_SET(local_stdout_fd, &select_set);
-			if (s < local_stdout_fd)
-				max = local_stdout_fd;
-		}
-		if (select(max + 1, &select_set, NULL, NULL, NULL) < 0) {
-			perror("select");
-			do_exit(1);
-		}
-		if (FD_ISSET(s, &select_set))
-			handle_daemon_data(s);
-		if (local_stdout_fd != -1
-		    && FD_ISSET(local_stdout_fd, &select_set))
-			handle_input(s);
+		handle_daemon_data(s);
 	}
+	pthread_join(input_thread, NULL);
 }

 void usage(const char *name)