[PATCH xserver 2/2] xwayland: abandon present events when removing CRTC

Olivier Fourdan ofourdan at redhat.com
Mon Oct 8 14:46:33 UTC 2018 

Xwayland will add and remove CRTCs as Wayland outputs are added or
removed.

If there is a pending flip when this occurs, the
`xwl_present_sync_callback()` will be triggered after the Xwayland
output's RRCtrcPtr has been destroyed, hence causing a crash in Xwayland
while trying to use freed memory:

  #1  abort ()
  #2  OsAbort () at utils.c:1350
  #3  AbortServer () at log.c:877
  #4  FatalError () at log.c:1015
  #5  OsSigHandler () at osinit.c:156
  #6  <signal handler called>
  #7  dixGetPrivate () at ../include/privates.h:122
  #8  dixLookupPrivate () at ../include/privates.h:166
  #9  present_screen_priv () at present_priv.h:198
  #10 present_wnmd_flip () at present_wnmd.c:358
  #11 present_wnmd_execute () at present_wnmd.c:466
  #12 present_wnmd_re_execute () at present_wnmd.c:80
  #13 xwl_present_sync_callback () at xwayland-present.c:287
  #14 ffi_call_unix64 () from /lib64/libffi.so.6
  #15 ffi_call () from /lib64/libffi.so.6
  #16 wl_closure_invoke () at src/connection.c:1006
  #17 dispatch_event () at src/wayland-client.c:1427
  #18 dispatch_queue () at src/wayland-client.c:1573
  #19 wl_display_dispatch_queue_pending () at src/wayland-client.c:1815
  #20 wl_display_dispatch_pending () at src/wayland-client.c:1878
  #21 xwl_read_events () at xwayland.c:814
  #22 ospoll_wait () at ospoll.c:651
  #23 WaitForSomething () at WaitFor.c:208
  #24 Dispatch () at ../include/list.h:220
  #25 dix_main () at main.c:276

To avoid the issue, make sure we call `present_event_abandon()` on the
CRTC we're about to destroy in `xwl_output_remove()`.

Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
Bugzilla: https://bugs.freedesktop.org/108249
---
 hw/xwayland/xwayland-output.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hw/xwayland/xwayland-output.c b/hw/xwayland/xwayland-output.c
index cc68f0340..50f27c624 100644
--- a/hw/xwayland/xwayland-output.c
+++ b/hw/xwayland/xwayland-output.c
@@ -29,6 +29,7 @@
 
 #include "xwayland.h"
 #include <randrstr.h>
+#include <present.h>
 
 #define DEFAULT_DPI 96
 #define ALL_ROTATIONS (RR_Rotate_0   | \
@@ -409,7 +410,7 @@ xwl_output_remove(struct xwl_output *xwl_output)
     xorg_list_for_each_entry(it, &xwl_screen->output_list, link)
         output_get_new_size(it, need_rotate, &height, &width);
     update_screen_size(xwl_output, width, height);
-
+    present_event_abandon (xwl_output->randr_crtc);
     RRCrtcDestroy(xwl_output->randr_crtc);
     RROutputDestroy(xwl_output->randr_output);
 
-- 
2.19.0

More information about the xorg-devel mailing list