xserver: Branch 'master' - 2 commits
Adam Jackson
ajax at kemper.freedesktop.org
Tue Jul 3 16:59:55 UTC 2018
hw/xfree86/modes/xf86Crtc.c | 64 +++++++++++++++++++++++++++++++++-----------
1 file changed, 48 insertions(+), 16 deletions(-)
New commits:
commit 2faf4cef8bcf9bb2034a27219a656ea7221afc6c
Author: Keith Packard <keithp at keithp.com>
Date: Thu Jun 28 11:45:16 2018 -0700
xfree86: Wrap RRCrtcIsLeased and RROutputIsLeased to check for DIX structures
Before DIX structures are allocated for crtcs and outputs, we don't
want to call DIX randr code with NULL pointers. This can happen if the
driver sets video modes early in server initialization, which Nouveau
does in zaphod mode.
Cc: thellstrom at vmware.com
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=106772
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=106960
Reviewed-by: Adam Jackson <ajax at redhat.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
index 142ab1ebe..37a45bb3a 100644
--- a/hw/xfree86/modes/xf86Crtc.c
+++ b/hw/xfree86/modes/xf86Crtc.c
@@ -174,6 +174,32 @@ xf86CrtcInUse(xf86CrtcPtr crtc)
return FALSE;
}
+/**
+ * Return whether the crtc is leased by a client
+ */
+
+static Bool
+xf86CrtcIsLeased(xf86CrtcPtr crtc)
+{
+ /* If the DIX structure hasn't been created, it can't have been leased */
+ if (!crtc->randr_crtc)
+ return FALSE;
+ return RRCrtcIsLeased(crtc->randr_crtc);
+}
+
+/**
+ * Return whether the output is leased by a client
+ */
+
+static Bool
+xf86OutputIsLeased(xf86OutputPtr output)
+{
+ /* If the DIX structure hasn't been created, it can't have been leased */
+ if (!output->randr_output)
+ return FALSE;
+ return RROutputIsLeased(output->randr_output);
+}
+
void
xf86CrtcSetScreenSubpixelOrder(ScreenPtr pScreen)
{
@@ -254,7 +280,7 @@ xf86CrtcSetModeTransform(xf86CrtcPtr crtc, DisplayModePtr mode,
RRTransformRec saved_transform;
Bool saved_transform_present;
- crtc->enabled = xf86CrtcInUse(crtc) && !RRCrtcIsLeased(crtc->randr_crtc);;
+ crtc->enabled = xf86CrtcInUse(crtc) && !xf86CrtcIsLeased(crtc);
/* We only hit this if someone explicitly sends a "disabled" modeset. */
if (!crtc->enabled) {
@@ -412,7 +438,7 @@ xf86CrtcSetOrigin(xf86CrtcPtr crtc, int x, int y)
crtc->x = x;
crtc->y = y;
- if (RRCrtcIsLeased(crtc->randr_crtc))
+ if (xf86CrtcIsLeased(crtc))
return;
if (crtc->funcs->set_origin) {
@@ -2662,7 +2688,7 @@ xf86InitialConfiguration(ScrnInfoPtr scrn, Bool canGrow)
static void
xf86DisableCrtc(xf86CrtcPtr crtc)
{
- if (RRCrtcIsLeased(crtc->randr_crtc))
+ if (xf86CrtcIsLeased(crtc))
return;
crtc->funcs->dpms(crtc, DPMSModeOff);
@@ -2683,7 +2709,7 @@ xf86PrepareOutputs(ScrnInfoPtr scrn)
for (o = 0; o < config->num_output; o++) {
xf86OutputPtr output = config->output[o];
- if (RROutputIsLeased(output->randr_output))
+ if (xf86OutputIsLeased(output))
continue;
#if RANDR_GET_CRTC_INTERFACE
@@ -2709,7 +2735,7 @@ xf86PrepareCrtcs(ScrnInfoPtr scrn)
uint32_t desired_outputs = 0, current_outputs = 0;
int o;
- if (RRCrtcIsLeased(crtc->randr_crtc))
+ if (xf86CrtcIsLeased(crtc))
continue;
for (o = 0; o < config->num_output; o++) {
@@ -2732,7 +2758,7 @@ xf86PrepareCrtcs(ScrnInfoPtr scrn)
if (desired_outputs != current_outputs || !desired_outputs)
xf86DisableCrtc(crtc);
#else
- if (RRCrtcIsLeased(crtc->randr_crtc))
+ if (xf86CrtcIsLeased(crtc))
continue;
xf86DisableCrtc(crtc);
@@ -2970,7 +2996,7 @@ xf86DPMSSet(ScrnInfoPtr scrn, int mode, int flags)
for (i = 0; i < config->num_output; i++) {
xf86OutputPtr output = config->output[i];
- if (!RROutputIsLeased(output->randr_output) && output->crtc != NULL)
+ if (!xf86OutputIsLeased(output) && output->crtc != NULL)
(*output->funcs->dpms) (output, mode);
}
}
@@ -2986,7 +3012,7 @@ xf86DPMSSet(ScrnInfoPtr scrn, int mode, int flags)
for (i = 0; i < config->num_output; i++) {
xf86OutputPtr output = config->output[i];
- if (!RROutputIsLeased(output->randr_output) && output->crtc != NULL)
+ if (!xf86OutputIsLeased(output) && output->crtc != NULL)
(*output->funcs->dpms) (output, mode);
}
}
commit c55a44a9a86aaece17c1a2e73c77e3e665c4888e
Author: Keith Packard <keithp at keithp.com>
Date: Thu Jun 28 11:45:15 2018 -0700
xfree86: Reset randr_crtc and randr_output early in xf86CrtcCloseScreen
The DIX crtc and output structures are freed when their resources are
destroyed, which happens before CloseScreen is called. As a result, we
know these pointers are invalid and referencing them during any of the
remaining CloseScreen sequence will be bad.
Reviewed-by: Adam Jackson <ajax at redhat.com>
Signed-off-by: Keith Packard <keithp at keithp.com>
Cc: thellstrom at vmware.com
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=106960
diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c
index 4aa77a244..142ab1ebe 100644
--- a/hw/xfree86/modes/xf86Crtc.c
+++ b/hw/xfree86/modes/xf86Crtc.c
@@ -734,14 +734,11 @@ xf86CrtcCloseScreen(ScreenPtr screen)
xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(scrn);
int o, c;
- screen->CloseScreen = config->CloseScreen;
-
- xf86RotateCloseScreen(screen);
-
- xf86RandR12CloseScreen(screen);
-
- screen->CloseScreen(screen);
-
+ /* The randr_output and randr_crtc pointers are already invalid as
+ * the DIX resources were freed when the associated resources were
+ * freed. Clear them now; referencing through them during the rest
+ * of the CloseScreen sequence will not end well.
+ */
for (o = 0; o < config->num_output; o++) {
xf86OutputPtr output = config->output[o];
@@ -752,6 +749,15 @@ xf86CrtcCloseScreen(ScreenPtr screen)
crtc->randr_crtc = NULL;
}
+
+ screen->CloseScreen = config->CloseScreen;
+
+ xf86RotateCloseScreen(screen);
+
+ xf86RandR12CloseScreen(screen);
+
+ screen->CloseScreen(screen);
+
/* detach any providers */
if (config->randr_provider) {
RRProviderDestroy(config->randr_provider);
More information about the xorg-commit
mailing list