xserver: Branch 'master' - 2 commits

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Thu Jul 16 21:08:25 UTC 2020 

 hw/xwayland/xwayland-input.c   |   12 ++++++++++--
 hw/xwayland/xwayland-present.c |    3 ++-
 2 files changed, 12 insertions(+), 3 deletions(-)

New commits:
commit ba0e789b912671c724a21b3a30291247718bcf7d
Author: Lyude Paul <lyude at redhat.com>
Date:   Tue Jul 14 18:32:39 2020 -0400

    xwayland: Store xwl_tablet_pad in its own private key
    
    When a slave device causes the master virtual pointer device to change
    device types, the device's private data pointer
    (device->public.devicePrivate) is also changed to match the type of the
    slave device. This can be a problem though, as tablet pad devices will
    set the device's private data pointer to their own xwl_tablet_pad
    struct. This can cause us to dereference the pointer as the wrong type,
    and result in a segfault:
    
    Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
    wl_proxy_marshal (proxy=0x51, opcode=opcode at entry=0) at src/wayland-client.c:792
    792             va_start(ap, opcode);
    (gdb) bt
    0  wl_proxy_marshal (proxy=0x51, opcode=opcode at entry=0) at
      src/wayland-client.c:792
    1  0x00005610b27b6c55 in wl_pointer_set_cursor (hotspot_y=0,
      hotspot_x=0, surface=0x0, serial=<optimized out>, wl_pointer=<optimized
      out>) at /usr/include/wayland-client-protocol.h:4610
    2  xwl_seat_set_cursor (xwl_seat=xwl_seat at entry=0x5610b46d5d10) at
      xwayland-cursor.c:137
    3  0x00005610b27b6ecd in xwl_set_cursor (device=<optimized out>,
      screen=<optimized out>, cursor=<optimized out>, x=<optimized out>,
      y=<optimized out>) at xwayland-cursor.c:249
    4  0x00005610b2800b46 in miPointerUpdateSprite (pDev=0x5610b4501a30) at
      mipointer.c:468
    5  miPointerUpdateSprite (pDev=0x5610b4501a30) at mipointer.c:410
    6  0x00005610b2800e56 in miPointerDisplayCursor (pCursor=0x5610b4b35740,
      pScreen=0x5610b3d54410, pDev=0x5610b4501a30) at mipointer.c:206
    7  miPointerDisplayCursor (pDev=0x5610b4501a30, pScreen=0x5610b3d54410,
      pCursor=0x5610b4b35740) at mipointer.c:194
    8  0x00005610b27ed62b in CursorDisplayCursor (pDev=<optimized out>,
      pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at cursor.c:168
    9  0x00005610b28773ee in AnimCurDisplayCursor (pDev=0x5610b4501a30,
      pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at animcur.c:197
    10 0x00005610b28eb4ca in ChangeToCursor (pDev=0x5610b4501a30,
      cursor=0x5610b4b35740) at events.c:938
    11 0x00005610b28ec99f in WindowHasNewCursor
      (pWin=pWin at entry=0x5610b4b2e0c0) at events.c:3362
    12 0x00005610b291102d in ChangeWindowAttributes (pWin=0x5610b4b2e0c0,
      vmask=<optimized out>, vlist=vlist at entry=0x5610b4c41dcc,
      client=client at entry=0x5610b4b2c900) at window.c:1561
    13 0x00005610b28db8e3 in ProcChangeWindowAttributes (client=0x5610b4b2c900)
      at dispatch.c:746
    14 0x00005610b28e1e5b in Dispatch () at dispatch.c:497
    15 0x00005610b28e5f34 in dix_main (argc=16, argv=0x7ffc7a601b68,
      envp=<optimized out>) at main.c:276
    16 0x00007f8828cde042 in __libc_start_main (main=0x5610b27ae930 <main>,
      argc=16, argv=0x7ffc7a601b68, init=<optimized out>, fini=<optimized
      out>, rtld_fini=<optimized out>, stack_end=0x7ffc7a601b58) at
      ../csu/libc-start.c:308
    17 0x00005610b27ae96e in _start () at cursor.c:1064
    
    Simple reproducer in gnome-shell: open up an Xwayland window, press some
    tablet buttons, lock and unlock the screen. Repeat if it doesn't crash
    the first time.
    
    So, let's fix this by registering our own device-specific private key
    for storing a backpointer to xwl_tablet_pad, so that all input devices
    have their private data pointers set to their respective xwl_seat.
    
    Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
    Signed-off-by: Lyude Paul <lyude at redhat.com>

diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c
index d31e0ea4e..946315cd2 100644
--- a/hw/xwayland/xwayland-input.c
+++ b/hw/xwayland/xwayland-input.c
@@ -60,6 +60,8 @@ struct sync_pending {
     DeviceIntPtr pending_dev;
 };
 
+static DevPrivateKeyRec xwl_tablet_private_key;
+
 static void
 xwl_pointer_warp_emulator_handle_motion(struct xwl_pointer_warp_emulator *warp_emulator,
                                         double dx,
@@ -2108,7 +2110,8 @@ static struct zwp_tablet_pad_group_v2_listener tablet_pad_group_listener = {
 static int
 xwl_tablet_pad_proc(DeviceIntPtr device, int what)
 {
-    struct xwl_tablet_pad *pad = device->public.devicePrivate;
+    struct xwl_tablet_pad *pad = dixGetPrivate(&device->devPrivates,
+                                               &xwl_tablet_private_key);
     /* Axis layout mirrors that of xf86-input-wacom to have better
        compatibility with existing clients */
 #define NAXES 7
@@ -2232,7 +2235,7 @@ tablet_pad_done(void *data,
 
     pad->xdevice = add_device(pad->seat, "xwayland-tablet-pad",
                               xwl_tablet_pad_proc);
-    pad->xdevice->public.devicePrivate = pad;
+    dixSetPrivate(&pad->xdevice->devPrivates, &xwl_tablet_private_key, pad);
     ActivateDevice(pad->xdevice, TRUE);
     EnableDevice(pad->xdevice, TRUE);
 }
@@ -2950,6 +2953,11 @@ InitInput(int argc, char *argv[])
     ScreenPtr pScreen = screenInfo.screens[0];
     struct xwl_screen *xwl_screen = xwl_screen_get(pScreen);
 
+    if (!dixRegisterPrivateKey(&xwl_tablet_private_key, PRIVATE_DEVICE, 0)) {
+        ErrorF("Failed to register private key\n");
+        return;
+    }
+
     mieqInit();
 
     xwl_screen->input_registry = wl_display_get_registry(xwl_screen->display);
commit 85a6fd11c723888ca093785a3df43066fdca9c33
Author: Roman Gilg <subdiff at gmail.com>
Date:   Wed Jul 8 17:08:55 2020 +0200

    xwayland: Damage surface in surface-relative coordinates
    
    In 9141196d positional coordinates were added to the damage call of pixmap
    flips. The damage box coordinates are in screen space though and we need
    to convert them first to surface-relative ones by substracting the origin
    of the window.
    
    Signed-off-by: Roman Gilg <subdiff at gmail.com>

diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c
index a5326d916..b1a050a7c 100644
--- a/hw/xwayland/xwayland-present.c
+++ b/hw/xwayland/xwayland-present.c
@@ -497,7 +497,8 @@ xwl_present_flip(WindowPtr present_window,
     xwl_present_reset_timer(xwl_present_window);
 
     xwl_surface_damage(xwl_window->xwl_screen, xwl_window->surface,
-                       damage_box->x1, damage_box->y1,
+                       damage_box->x1 - present_window->drawable.x,
+                       damage_box->y1 - present_window->drawable.y,
                        damage_box->x2 - damage_box->x1,
                        damage_box->y2 - damage_box->y1);

More information about the xorg-commit mailing list