[PATCH] Xi: block SIGIOs while copying device classes around

Peter Hutterer peter.hutterer at who-t.net
Sun May 18 18:47:10 PDT 2014


On Sun, May 18, 2014 at 01:42:08PM +0200, Julien Cristau wrote:
> From: Steven McDonald <steven at steven-mcdonald.id.au>
> 
> I've been seeing sporadic (anywhere from once every few days to 3-4
> times a day) crashes and freezes in X. The problematic behaviour isn't
> always the same, but I chose a particular incident to debug, and found
> that X was segfaulting in updateMotionHistory, on line 575 of
> dix/getevents.c.
> 
> After some further investigation, I found that the bug was being
> triggered when a SIGIO was received in DeepCopyPointerClasses, between
> the AllocValuatorClass call (line 540) and updating the to->valuator
> pointer (line 545). AllocValuatorClass calls realloc() on to->valuator,
> so between these lines, it's not guaranteed to point to allocated
> memory.
> 
> It seems the SIGIO handler is calling updateMotionHistory, which is
> reading the memory pointed to by to->valuator and getting a wrong value
> for last_motion, which updates buff to point to wildly the wrong place
> and thus generates a segfault when a memcpy() is done into buff.
> 
> I am attaching a patch which I've been running on that machine for the
> past three days, and haven't yet observed any more crashing or freezing
> behaviour. The patch simply calls OsBlockSIGIO while
> DeepCopyDeviceClasses is in progress, as the state of the X server's
> device data structures is not guaranteed to be in a consistent state
> during that time.
> 
> Debian bug#744303 <https://bugs.debian.org/744303>

merged, thanks.

Cheers,
   Peter


> Signed-off-by: Julien Cristau <jcristau at debian.org>
> ---
>  Xi/exevents.c | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/Xi/exevents.c b/Xi/exevents.c
> index 02530bd..b0bc47e 100644
> --- a/Xi/exevents.c
> +++ b/Xi/exevents.c
> @@ -661,6 +661,8 @@ void
>  DeepCopyDeviceClasses(DeviceIntPtr from, DeviceIntPtr to,
>                        DeviceChangedEvent *dce)
>  {
> +    OsBlockSIGIO();
> +
>      /* generic feedback classes, not tied to pointer and/or keyboard */
>      DeepCopyFeedbackClasses(from, to);
>  
> @@ -668,6 +670,8 @@ DeepCopyDeviceClasses(DeviceIntPtr from, DeviceIntPtr to,
>          DeepCopyKeyboardClasses(from, to);
>      if ((dce->flags & DEVCHANGE_POINTER_EVENT))
>          DeepCopyPointerClasses(from, to);
> +
> +    OsReleaseSIGIO();
>  }
>  
>  /**
> -- 
> 2.0.0.rc2
> 


More information about the xorg-devel mailing list