1. 26 Feb, 2018 1 commit
  2. 23 Feb, 2018 2 commits
  3. 22 Feb, 2018 4 commits
  4. 16 Feb, 2018 1 commit
  5. 15 Feb, 2018 1 commit
  6. 09 Feb, 2018 12 commits
  7. 22 Jan, 2018 1 commit
  8. 19 Jan, 2018 2 commits
  9. 09 Jan, 2018 7 commits
    • Derek Foreman's avatar
      tests: Check for wrong fd delivery with zombie objects · ff992951
      Derek Foreman authored
      Until recently, if an event attempting to deliver an fd to a zombie
      object was demarshalled after the object was made into a zombie, we
      leaked the fd and left it in the buffer.
      
      If another event attempting to deliver an fd to a live object was in that
      same buffer, the zombie's fd would be delivered instead.
      
      This test recreates that situation.
      
      While this is a ridiculously contrived way to force this race - delivering
      an event from a destruction handler - I do have reports of this race
      being hit in real world code.
      Signed-off-by: 's avatarDerek Foreman <derekf@osg.samsung.com>
      Acked-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      ff992951
    • Derek Foreman's avatar
      tests: Add a test for fd leaks on zombie objects · f74c9b98
      Derek Foreman authored
      Until recently, if a client destroying a resource raced with the
      server generating an event on that resource that delivered a file
      descriptor, we would leak the fd.
      
      This tests for a leaked fd from that race condition.
      Reviewed-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      Signed-off-by: 's avatarDerek Foreman <derekf@osg.samsung.com>
      f74c9b98
    • Derek Foreman's avatar
      client: Consume file descriptors destined for zombie proxies · 239ba393
      Derek Foreman authored
      We need to close file descriptors sent to zombie proxies to avoid leaking
      them, and perhaps more importantly, to prevent them from being dispatched
      in events on other objects (since they would previously be left in the
      buffer and potentially fed to following events destined for live proxies)
      Signed-off-by: 's avatarDerek Foreman <derekf@osg.samsung.com>
      Reviewed-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      239ba393
    • Derek Foreman's avatar
      client: Replace the singleton zombie with bespoke zombies · 4485ed1f
      Derek Foreman authored
      Using the singleton zombie object doesn't allow us to posthumously retain
      object interface information, which makes it difficult to properly inter
      future events destined for the recently deceased proxy.
      
      Notably, this makes it impossible for zombie proxy destined file
      descriptors to be properly consumed.
      
      When we create a proxy, we now create a zombie-state object to hold
      information about the file descriptors in events it can receive. This
      will allow us, in a future patch, to close those FDs.
      
      [daniels: Split Derek's patch into a few smaller ones.]
      Signed-off-by: 's avatarDerek Foreman <derekf@osg.samsung.com>
      Reviewed-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      4485ed1f
    • Daniel Stone's avatar
      client: Plug a race in proxy destruction vs. dispatch · 9744de9f
      Daniel Stone authored
      Closures created to hold events which will be dispatched on the client,
      take a reference to the proxy for the object the event was sent to, as
      well as the proxies for all objects referenced in that event.
      
      These references are dropped immediately before dispatch, with the
      display lock also being released. This leaves the potential for a
      vanishingly small race, where another thread drops the last reference
      on one of the proxies used in an event as it is being dispatched.
      
      Fix this by splitting decrease_closure_args_refcount into two functions:
      one which validates the objects (to ensure that clients are not returned
      objects which they have destroyed), and another which unrefs all proxies
      on the closure (object event was sent to, all referenced objects) as
      well as the closure itself. For symmetry, increase_closure_args_refcount
      is now the place where the refcount for the proxy for the object the
      event was sent to, is increased.
      
      This also happens to fix a bug: previously, if an event was sent to a
      client-destroyed object, and the event had object arguments, a reference
      would be leaked on the proxy for each of the object arguments.
      
      Found by inspection whilst reviewing the zombie-FD-leak series.
      Signed-off-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      Reviewed-by: 's avatarDerek Foreman <derekf@osg.samsung.com>
      Cc: Jonas Ådahl <jadahl@gmail.com>
      Cc: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
      9744de9f
    • Daniel Stone's avatar
      client: Add wl_proxy_unref helper · 430c7820
      Daniel Stone authored
      Rather than open-coded decrement-and-maybe-free, introduce a
      wl_proxy_unref helper to do this for us. This will come in useful for
      future patches, where we may also have to free a zombie object.
      Signed-off-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      Reviewed-by: 's avatarDerek Foreman <derekf@osg.samsung.com>
      Cc: Jonas Ådahl <jadahl@gmail.com>
      430c7820
    • Daniel Stone's avatar
      client: Use refcount exclusively for destruction · b39d8933
      Daniel Stone authored
      Commit e273c7cd added a refcount to wl_proxy. The refcount is set to 1
      on creation, decreased when the client explicitly destroys the proxy,
      and is increased and decreased every time an event referencing that
      proxy is queued.
      
      Assuming no bugs, this means the refcount cannot reach 0 without the
      proxy being explicitly destroyed. However, some (not all) of the
      proxy-unref paths were only destroying the proxy if it had already been
      deleted. This should already be enforced by refcounting, so remove the
      check and rely solely on the refcount as the arbiter of when to free a
      proxy.
      Signed-off-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      Reviewed-by: 's avatarDerek Foreman <derekf@osg.samsung.com>
      Cc: Jonas Ådahl <jadahl@gmail.com>
      b39d8933
  10. 28 Dec, 2017 4 commits
  11. 27 Dec, 2017 5 commits