xserver: Branch 'master'
Peter Hutterer
whot at kemper.freedesktop.org
Thu Aug 11 02:09:00 UTC 2016
os/inputthread.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 2df2815d6ae0c2ffb9e0a084d61ee3585f5116df
Author: Peter Hutterer <peter.hutterer at who-t.net>
Date: Tue Aug 9 17:35:58 2016 +1000
os: append, rather than prepend, any new input thread fds
xf86AddEnabledDevice() prepends the new fd to the list,
xf86RemoveEnabledDevice() then searches for a matching fd and removes that
entry. If this is done for the same fd (and since we lose all information but
the actual fd) we usually unregister virtual devices in reverse order, causing
a dereference of already released memory.
Case in point:
- the wacom driver calls xf86AddEnabledDevice() once for the physical device,
then multiple times for the virtual subdevices
- when the physical device is unplugged, the driver calls
xf86RemoveEnabledDevice() for the physical device
- all we have is the fd, so we end up removing the last virtual device from
the fd set
- xf86DeleteInput() frees the physical device's pInfo
- the fd goes crazy with ENODEV, but a read_input() now passes the already
freed pInfo for the physical device
- boom
Fix this by appending to the fd list to provide bug-for-bug compatibility with
the old SIGIO code. This needs to be fixed in the driver, but meanwhile not
crashing the server provides for better user experience.
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
Reviewed-by: Keith Packard <keithp at keithp.com>
diff --git a/os/inputthread.c b/os/inputthread.c
index e815319..cb3af06 100644
--- a/os/inputthread.c
+++ b/os/inputthread.c
@@ -205,7 +205,7 @@ InputThreadRegisterDev(int fd,
dev->state = device_state_added;
input_lock();
- xorg_list_add(&dev->node, &inputThreadInfo->devs);
+ xorg_list_append(&dev->node, &inputThreadInfo->devs);
inputThreadInfo->changed = TRUE;
More information about the xorg-commit
mailing list