xserver: Branch 'master' - 2 commits
Peter Hutterer
whot at kemper.freedesktop.org
Fri Aug 12 04:43:50 UTC 2016
hw/xfree86/common/xf86Xinput.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
New commits:
commit f399919e13c994452f7219163b2a4b1fa015242e
Author: Peter Hutterer <peter.hutterer at who-t.net>
Date: Fri Aug 12 13:59:56 2016 +1000
xfree86: lock input during PreInit
This is a problem for the libinput driver that uses the same context across
multiple devices. The driver may be halfway through setting up an input device
(and the only way to do so is to add it to libinput) when the input thread
comes in an reads events. This then causes mayhem when data is dereferenced
that hasn't been set up yet.
In my case the cause was the call to libinput_path_remove_device() inside
preinit racing with evdev_dispatch_device() handling of ENODEV. The sequence
was:
- thread 2 gets an event and calls evdev_dispatch_device()
- thread 1 calls libinput_path_remove_device() which sets the device->source
to NULL
- thread 2 reads from the fd, gets ENODEV and now removes the device->source,
dereferencing the null-pointer
This is the one I could reproduce the most, but there are other potential
pitfalls that affect any driver that uses the same fd for multiple devices.
Avoid all this and wrap PreInit into the lock.
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
Reviewed-by: Keith Packard <keithp at keithp.com>
diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c
index 3e6a264..538b110 100644
--- a/hw/xfree86/common/xf86Xinput.c
+++ b/hw/xfree86/common/xf86Xinput.c
@@ -926,7 +926,9 @@ xf86NewInputDevice(InputInfoPtr pInfo, DeviceIntPtr *pdev, BOOL enable)
xf86AddInput(drv, pInfo);
+ input_lock();
rval = drv->PreInit(drv, pInfo, 0);
+ input_unlock();
if (rval != Success) {
xf86Msg(X_ERROR, "PreInit returned %d for \"%s\"\n", rval, pInfo->name);
commit dd4e21cb3a6e692e834ec34bec42944202b3e085
Author: Peter Hutterer <peter.hutterer at who-t.net>
Date: Fri Aug 12 12:06:18 2016 +1000
xfree86: fix unbalanced input_lock/unlock in xf86NewInputDevice()
If a device couldn't be enabled we left the lock hanging.
This patch also removes the leftover OsReleaseSignals() call, now unnecessary.
Note that input_unlock() is later than previously OsReleaseSignals().
RemoveDevice() manipulates the input device and its file descriptors, it's
safer to put the input_unlock() call after RemoveDevice() to avoid events
coming in while the device is being removed.
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
Reviewed-by: Keith Packard <keithp at keithp.com>
diff --git a/hw/xfree86/common/xf86Xinput.c b/hw/xfree86/common/xf86Xinput.c
index 42d0f32..3e6a264 100644
--- a/hw/xfree86/common/xf86Xinput.c
+++ b/hw/xfree86/common/xf86Xinput.c
@@ -957,10 +957,10 @@ xf86NewInputDevice(InputInfoPtr pInfo, DeviceIntPtr *pdev, BOOL enable)
input_lock();
EnableDevice(dev, TRUE);
if (!dev->enabled) {
- OsReleaseSignals();
xf86Msg(X_ERROR, "Couldn't init device \"%s\"\n", pInfo->name);
RemoveDevice(dev, TRUE);
rval = BadMatch;
+ input_unlock();
goto unwind;
}
/* send enter/leave event, update sprite window */
More information about the xorg-commit
mailing list