[arch-commits] Commit in xorg-server/trunk (4 files)

Jan de Groot jgc at archlinux.org
Wed Nov 16 06:32:26 EST 2011


    Date: Wednesday, November 16, 2011 @ 06:32:26
  Author: jgc
Revision: 142828

- Fix segmentation fault due to race conditions in Record extension (FS#24653)
- Update git-fixes, add commit that fixes segfault-on-exit
- Add patch to fix passive grabs with XI2 clients

Added:
  xorg-server/trunk/Xi-allow-passive-keygrabs-on-the-XIAll-Master-Device.patch
  xorg-server/trunk/xserver-1.11.2-record-crasher.patch
Modified:
  xorg-server/trunk/PKGBUILD
  xorg-server/trunk/git-fixes.patch

------------------------------------------------------------+
 PKGBUILD                                                   |   18 
 Xi-allow-passive-keygrabs-on-the-XIAll-Master-Device.patch |   31 +
 git-fixes.patch                                            |   44 ++
 xserver-1.11.2-record-crasher.patch                        |  241 +++++++++++
 4 files changed, 331 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2011-11-16 03:17:22 UTC (rev 142827)
+++ PKGBUILD	2011-11-16 11:32:26 UTC (rev 142828)
@@ -4,17 +4,19 @@
 pkgbase=xorg-server
 pkgname=('xorg-server' 'xorg-server-xephyr' 'xorg-server-xdmx' 'xorg-server-xvfb' 'xorg-server-xnest' 'xorg-server-common' 'xorg-server-devel')
 pkgver=1.11.2
-pkgrel=1
+pkgrel=2
 arch=('i686' 'x86_64')
 license=('custom')
 url="http://xorg.freedesktop.org"
-makedepends=('pixman' 'libx11' 'mesa' 'libgl' 'xf86driproto' 'xcmiscproto' 'xtrans' 'bigreqsproto' 'randrproto' 'inputproto' 'fontsproto' 'videoproto' 'compositeproto' 'recordproto' 'scrnsaverproto' 'resourceproto' 'xineramaproto' 'libxkbfile' 'libxfont' 'renderproto' 'libpciaccess' 'libxv' 'xf86dgaproto' 'libxmu' 'libxrender' 'libxi' 'dmxproto' 'libxaw' 'libdmx' 'libxtst' 'libxres' 'xorg-xkbcomp' 'xorg-util-macros' 'xorg-font-util' 'glproto' 'dri2proto')
+makedepends=('pixman' 'libx11' 'mesa' 'libgl' 'xf86driproto' 'xcmiscproto' 'xtrans' 'bigreqsproto' 'randrproto' 'inputproto' 'fontsproto' 'videoproto' 'compositeproto' 'recordproto' 'scrnsaverproto' 'resourceproto' 'xineramaproto' 'libxkbfile' 'libxfont' 'renderproto' 'libpciaccess' 'libxv' 'xf86dgaproto' 'libxmu' 'libxrender' 'libxi' 'dmxproto' 'libxaw' 'libdmx' 'libxtst' 'libxres' 'xorg-xkbcomp' 'xorg-util-macros' 'xorg-font-util' 'glproto' 'dri2proto' 'udev' 'libgcrypt')
 options=('!libtool')
 source=(${url}/releases/individual/xserver/${pkgbase}-${pkgver}.tar.bz2
         autoconfig-nvidia.patch
         autoconfig-sis.patch
         revert-trapezoids.patch
         git-fixes.patch
+        xserver-1.11.2-record-crasher.patch
+        Xi-allow-passive-keygrabs-on-the-XIAll-Master-Device.patch
         xvfb-run
         xvfb-run.1
         10-quirks.conf)
@@ -22,7 +24,9 @@
          '6c7e87d63ac4b535e19a80c89d0cf091'
          'f8194638ca4872c2b0a67862a70bcebf'
          'f6c84f4936f8e00abdfbd9fb4eda83fb'
-         'b9cdb3855cc2b2e974a98b9a20d1ec2b'
+         '6fb42ec979ecd6125b6599f54dc00d14'
+         '3f9de4dbfee2da90167192d8ca9eb2b4'
+         '47f9b979fe38043b42ff86eeee6fd0d0'
          '52fd3effd80d7bc6c1660d4ecf23d31c'
          '376c70308715cd2643f7bff936d9934b'
          'd4f7dfc6be4ef4e2c6dd7632a9d88abe')
@@ -42,6 +46,14 @@
   # Add post-release patches from 1.11 branch
   patch -Np1 -i "${srcdir}/git-fixes.patch"
 
+  # From Fedora.
+  # Upstream URL: http://patchwork.freedesktop.org/patch/7866/
+  patch -Np1 -i "${srcdir}/xserver-1.11.2-record-crasher.patch"
+
+  # From Fedora.
+  # Upstream URL: https://bugs.freedesktop.org/show_bug.cgi?id=42298
+  patch -Np1 -i "${srcdir}/Xi-allow-passive-keygrabs-on-the-XIAll-Master-Device.patch"
+
   autoreconf -fi
   ./configure --prefix=/usr \
       --enable-ipv6 \

Added: Xi-allow-passive-keygrabs-on-the-XIAll-Master-Device.patch
===================================================================
--- Xi-allow-passive-keygrabs-on-the-XIAll-Master-Device.patch	                        (rev 0)
+++ Xi-allow-passive-keygrabs-on-the-XIAll-Master-Device.patch	2011-11-16 11:32:26 UTC (rev 142828)
@@ -0,0 +1,31 @@
+From 97f2af5876dab0dfab06be735416f3fc950ed39e Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer at who-t.net>
+Date: Thu, 27 Oct 2011 11:03:39 +1000
+Subject: [PATCH] Xi: allow passive keygrabs on the XIAll(Master)Devices fake
+ devices
+
+They don't have a KeyClassRec, but we must still allow passive grabs on
+them.
+
+Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
+Tested-by: Bastien Nocera <hadess at hadess.net>
+---
+ Xi/exevents.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index 053c76f..edf2c39 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -1495,7 +1495,7 @@ GrabKey(ClientPtr client, DeviceIntPtr dev, DeviceIntPtr modifier_device,
+     rc = CheckGrabValues(client, param);
+     if (rc != Success)
+         return rc;
+-    if (k == NULL)
++    if ((dev->id != XIAllDevices && dev->id != XIAllMasterDevices) && k == NULL)
+ 	return BadMatch;
+     if (grabtype == GRABTYPE_XI)
+     {
+-- 
+1.7.7
+

Modified: git-fixes.patch
===================================================================
--- git-fixes.patch	2011-11-16 03:17:22 UTC (rev 142827)
+++ git-fixes.patch	2011-11-16 11:32:26 UTC (rev 142828)
@@ -115,3 +115,47 @@
      miSetPixmapDepths ();
 --
 cgit v0.9.0.2-2-gbebe
+From 34bb83b9df20ff63dbb147ed661f39efb8bae8e4 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer at who-t.net>
+Date: Mon, 24 Oct 2011 02:00:32 +0000
+Subject: dix: block signals when closing all devices
+
+When closing down all devices, we manually unset master for all attached
+devices, but the device's sprite info still points to the master's sprite
+info. This leaves us a window where the master is freed already but the
+device isn't yet. A signal during that window causes dereference of the
+already freed spriteInfo in mieqEnqueue's EnqueueScreen macro.
+
+Simply block signals when removing all devices. It's not like we're really
+worrying about high-responsive input at this stage.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=737031
+
+Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
+Reviewed-by: Julien Cristau <jcristau at debian.org>
+(cherry picked from commit d7c44a7c9760449bef263413ad3b20f19b1dc95a)
+---
+diff --git a/dix/devices.c b/dix/devices.c
+index 0ccf252..cbdd4ea 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -982,6 +982,8 @@ CloseDownDevices(void)
+ {
+     DeviceIntPtr dev;
+ 
++    OsBlockSignals();
++
+     /* Float all SDs before closing them. Note that at this point resources
+      * (e.g. cursors) have been freed already, so we can't just call
+      * AttachDevice(NULL, dev, NULL). Instead, we have to forcibly set master
+@@ -1004,6 +1006,8 @@ CloseDownDevices(void)
+     inputInfo.keyboard = NULL;
+     inputInfo.pointer = NULL;
+     XkbDeleteRulesDflts();
++
++    OsReleaseSignals();
+ }
+ 
+ /**
+--
+cgit v0.9.0.2-2-gbebe

Added: xserver-1.11.2-record-crasher.patch
===================================================================
--- xserver-1.11.2-record-crasher.patch	                        (rev 0)
+++ xserver-1.11.2-record-crasher.patch	2011-11-16 11:32:26 UTC (rev 142828)
@@ -0,0 +1,241 @@
+From patchwork Tue Nov  8 18:22:13 2011
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Subject: Save major/minor opcodes in ClientRec for RecordAReply
+Date: Tue, 08 Nov 2011 18:22:13 -0000
+From: Keith Packard <keithp at keithp.com>
+X-Patchwork-Id: 7866
+Message-Id: <1320776533-3120-1-git-send-email-keithp at keithp.com>
+To: xorg-devel at lists.freedesktop.org
+
+The record extension needs the major and minor opcodes in the reply
+hook, but the request buffer may have been freed by the time the hook
+is invoked. Saving the request major and minor codes as the request is
+executed avoids fetching from the defunct request buffer.
+
+This patch also eliminates the public MinorOpcodeOfRequest function,
+making it static to dispatch. Usages of that function have been
+replaced with direct access to the new ClientRec field.
+
+Signed-off-by: Keith Packard <keithp at keithp.com>
+Reviewed-by: Rami Ylimäki <rami.ylimaki at vincit.fi>
+
+---
+Here's what I was thinking of to fix this -- just record the major and
+minor opcodes of the request in the ClientRec during Dispatch and then
+using those fields in RecordAReply instead of fetching the discarded
+request buffer.
+
+This is entirely untested; I don't know how to make the old code break.
+
+ Xext/security.c       |    4 +---
+ Xext/xselinux_hooks.c |    4 ++--
+ dix/dispatch.c        |   31 ++++++++++++++++++++++---------
+ dix/extension.c       |   14 --------------
+ include/dixstruct.h   |    1 +
+ include/extension.h   |    2 --
+ record/record.c       |    8 +++-----
+ 7 files changed, 29 insertions(+), 35 deletions(-)
+
+[ fedora: technically this is an ABI breaker since it's changing ClientRec,
+  but hopefully not in a way that matters.  If it does matter, easiest thing
+  to do is have Record add a hook for XaceHookDispatch. - ajax ]
+
+diff --git a/Xext/security.c b/Xext/security.c
+index 08d8158..b0d82ab 100644
+--- a/Xext/security.c
++++ b/Xext/security.c
+@@ -148,9 +148,7 @@ SecurityLabelInitial(void)
+ static _X_INLINE const char *
+ SecurityLookupRequestName(ClientPtr client)
+ {
+-    int major = ((xReq *)client->requestBuffer)->reqType;
+-    int minor = MinorOpcodeOfRequest(client);
+-    return LookupRequestName(major, minor);
++    return LookupRequestName(client->majorOp, client->minorOp);
+ }
+ 
+ 
+diff --git a/Xext/xselinux_hooks.c b/Xext/xselinux_hooks.c
+index f1d8e5d..0d4c9ab 100644
+--- a/Xext/xselinux_hooks.c
++++ b/Xext/xselinux_hooks.c
+@@ -263,8 +263,8 @@ SELinuxAudit(void *auditdata,
+     if (client) {
+ 	REQUEST(xReq);
+ 	if (stuff) {
+-	    major = stuff->reqType;
+-	    minor = MinorOpcodeOfRequest(client);
++	    major = client->majorOp;
++	    minor = client->minorOp;
+ 	}
+     }
+     if (audit->id)
+diff --git a/dix/dispatch.c b/dix/dispatch.c
+index 6e33615..3600acd 100644
+--- a/dix/dispatch.c
++++ b/dix/dispatch.c
+@@ -337,7 +337,20 @@ DisableLimitedSchedulingLatency(void)
+ 	SmartScheduleLatencyLimited = 0;
+ }
+ 
+-#define MAJOROP ((xReq *)client->requestBuffer)->reqType
++static inline unsigned short
++MinorOpcodeOfRequest(ClientPtr client)
++{
++    unsigned char major;
++    ExtensionEntry *ext;
++
++    major = ((xReq *)client->requestBuffer)->reqType;
++    if (major < EXTENSION_BASE)
++	return 0;
++    ext = GetExtensionEntry(major);
++    if (!ext)
++	return 0;
++    return ext->MinorOpcode (client);
++}
+ 
+ void
+ Dispatch(void)
+@@ -419,21 +432,23 @@ Dispatch(void)
+ 	        }
+ 
+ 		client->sequence++;
++		client->majorOp = ((xReq *)client->requestBuffer)->reqType;
++		client->minorOp = MinorOpcodeOfRequest(client);
+ #ifdef XSERVER_DTRACE
+-		XSERVER_REQUEST_START(LookupMajorName(MAJOROP), MAJOROP,
++		XSERVER_REQUEST_START(LookupMajorName(client->majorOp), client->majorOp,
+ 			      ((xReq *)client->requestBuffer)->length,
+ 			      client->index, client->requestBuffer);
+ #endif
+ 		if (result > (maxBigRequestSize << 2))
+ 		    result = BadLength;
+ 		else {
+-		    result = XaceHookDispatch(client, MAJOROP);
++		    result = XaceHookDispatch(client, client->majorOp);
+ 		    if (result == Success)
+-			result = (* client->requestVector[MAJOROP])(client);
++			result = (* client->requestVector[client->majorOp])(client);
+ 		    XaceHookAuditEnd(client, result);
+ 		}
+ #ifdef XSERVER_DTRACE
+-		XSERVER_REQUEST_DONE(LookupMajorName(MAJOROP), MAJOROP,
++		XSERVER_REQUEST_DONE(LookupMajorName(client->majorOp), client->majorOp,
+ 			      client->sequence, client->index, result);
+ #endif
+ 
+@@ -444,8 +459,8 @@ Dispatch(void)
+ 		}
+ 		else if (result != Success)
+ 		{
+-		    SendErrorToClient(client, MAJOROP,
+-				      MinorOpcodeOfRequest(client),
++		    SendErrorToClient(client, client->majorOp,
++				      client->minorOp,
+ 				      client->errorValue, result);
+ 		    break;
+ 		}
+@@ -466,8 +481,6 @@ Dispatch(void)
+     SmartScheduleLatencyLimited = 0;
+ }
+ 
+-#undef MAJOROP
+-
+ static int  VendorRelease = VENDOR_RELEASE;
+ static char *VendorString = VENDOR_NAME;
+ 
+diff --git a/dix/extension.c b/dix/extension.c
+index c7bbac5..b677cdb 100644
+--- a/dix/extension.c
++++ b/dix/extension.c
+@@ -228,20 +228,6 @@ StandardMinorOpcode(ClientPtr client)
+     return ((xReq *)client->requestBuffer)->data;
+ }
+ 
+-unsigned short
+-MinorOpcodeOfRequest(ClientPtr client)
+-{
+-    unsigned char major;
+-
+-    major = ((xReq *)client->requestBuffer)->reqType;
+-    if (major < EXTENSION_BASE)
+-	return 0;
+-    major -= EXTENSION_BASE;
+-    if (major >= NumExtensions)
+-	return 0;
+-    return (*extensions[major]->MinorOpcode)(client);
+-}
+-
+ void
+ CloseDownExtensions(void)
+ {
+diff --git a/include/dixstruct.h b/include/dixstruct.h
+index 6cc9614..0a85f40 100644
+--- a/include/dixstruct.h
++++ b/include/dixstruct.h
+@@ -122,6 +122,7 @@ typedef struct _Client {
+     
+     DeviceIntPtr clientPtr;
+     ClientIdPtr  clientIds;
++    unsigned short majorOp, minorOp;
+ }           ClientRec;
+ 
+ /*
+diff --git a/include/extension.h b/include/extension.h
+index 29a11c3..9249951 100644
+--- a/include/extension.h
++++ b/include/extension.h
+@@ -52,8 +52,6 @@ _XFUNCPROTOBEGIN
+ 
+ extern _X_EXPORT unsigned short StandardMinorOpcode(ClientPtr /*client*/);
+ 
+-extern _X_EXPORT unsigned short MinorOpcodeOfRequest(ClientPtr /*client*/);
+-
+ extern _X_EXPORT Bool EnableDisableExtension(char *name, Bool enable);
+ 
+ extern _X_EXPORT void EnableDisableExtensionError(char *name, Bool enable);
+diff --git a/record/record.c b/record/record.c
+index 68311ac..4a0fe23 100644
+--- a/record/record.c
++++ b/record/record.c
+@@ -546,7 +546,7 @@ RecordARequest(ClientPtr client)
+ 	    }
+ 	    else /* extension, check minor opcode */
+ 	    {
+-		int minorop = MinorOpcodeOfRequest(client);
++		int minorop = client->minorOp;
+ 		int numMinOpInfo;
+ 		RecordMinorOpPtr pMinorOpInfo = pRCAP->pRequestMinOpInfo;
+ 
+@@ -603,12 +603,9 @@ RecordAReply(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
+     RecordContextPtr pContext;
+     RecordClientsAndProtocolPtr pRCAP;
+     int eci;
+-    int majorop;
+     ReplyInfoRec *pri = (ReplyInfoRec *)calldata;
+     ClientPtr client = pri->client;
+-    REQUEST(xReq);
+ 
+-    majorop = stuff->reqType;
+     for (eci = 0; eci < numEnabledContexts; eci++)
+     {
+ 	pContext = ppAllContexts[eci];
+@@ -616,6 +613,7 @@ RecordAReply(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
+ 					  NULL);
+ 	if (pRCAP)
+ 	{
++	    int majorop = client->majorOp;
+ 	    if (pContext->continuedReply)
+ 	    {
+ 		RecordAProtocolElement(pContext, client, XRecordFromServer,
+@@ -635,7 +633,7 @@ RecordAReply(CallbackListPtr *pcbl, pointer nulldata, pointer calldata)
+ 		}
+ 		else /* extension, check minor opcode */
+ 		{
+-		    int minorop = MinorOpcodeOfRequest(client);
++		    int minorop = client->minorOp;
+ 		    int numMinOpInfo;
+ 		    RecordMinorOpPtr pMinorOpInfo = pRCAP->pReplyMinOpInfo;
+ 		    		    assert (pMinorOpInfo);



More information about the arch-commits mailing list