1. 08 Oct, 2020 4 commits
  2. 30 Sep, 2020 2 commits
  3. 18 Aug, 2020 1 commit
    • Roman Gilg's avatar
      present: Check valid region in window mode flips · 7da8e7ba
      Roman Gilg authored
      For Pixmap flips to have well defined outcomes the window must be contained by
      the valid region if such region was specified.
      
      The valid region is inserted as an argument to the check in window mode.
      Setting this argument is missing in screen mode as well but we ignore it for now
      and only add it to window mode.
      
      It seems there are none or only very few clients actually making use of valid
      regions at the moment. For simplicity we therefore just check if a valid region
      was set by the client and in this case do never flip, independently of the
      window being contained by the region or not.
      Signed-off-by: Roman Gilg's avatarRoman Gilg <subdiff@gmail.com>
      (cherry picked from commit 591916ea)
      7da8e7ba
  4. 21 Nov, 2019 1 commit
  5. 22 Feb, 2019 1 commit
  6. 20 Feb, 2019 1 commit
  7. 09 Jan, 2019 1 commit
    • Olivier Fourdan's avatar
      present/wnmd: Fix use after free on CRTC removal · f89518e1
      Olivier Fourdan authored
      Xwayland will add and remove CRTCs as Wayland outputs are added or
      removed.
      
      If there is a pending flip when this occurs, the
      `xwl_present_sync_callback()` will be triggered after the Xwayland
      output's RRCtrcPtr has been destroyed, hence causing a crash in Xwayland
      while trying to use freed memory:
      
        #1  abort ()
        #2  OsAbort () at utils.c:1350
        #3  AbortServer () at log.c:877
        #4  FatalError () at log.c:1015
        #5  OsSigHandler () at osinit.c:156
        #6  <signal handler called>
        #7  dixGetPrivate () at ../include/privates.h:122
        #8  dixLookupPrivate () at ../include/privates.h:166
        #9  present_screen_priv () at present_priv.h:198
        #10 present_wnmd_flip () at present_wnmd.c:358
        #11 present_wnmd_execute () at present_wnmd.c:466
        #12 present_wnmd_re_execute () at present_wnmd.c:80
        #13 xwl_present_sync_callback () at xwayland-present.c:287
        #14 ffi_call_unix64 () from /lib64/libffi.so.6
        #15 ffi_call () from /lib64/libffi.so.6
        #16 wl_closure_invoke () at src/connection.c:1006
        #17 dispatch_event () at src/wayland-client.c:1427
        #18 dispatch_queue () at src/wayland-client.c:1573
        #19 wl_display_dispatch_queue_pending () at src/wayland-client.c:1815
        #20 wl_display_dispatch_pending () at src/wayland-client.c:1878
        #21 xwl_read_events () at xwayland.c:814
        #22 ospoll_wait () at ospoll.c:651
        #23 WaitForSomething () at WaitFor.c:208
        #24 Dispatch () at ../include/list.h:220
        #25 dix_main () at main.c:276
      
      To avoid the issue, get the `ScreenPtr` from the window instead of the
      CRTC that might have been just freed, `xwl_present_flip()` has no use
      for the CRTC anyway.
      
      Bugzilla: https://bugs.freedesktop.org/108249Suggested-by: Michel Dänzer's avatarMichel Daenzer <michel.daenzer@amd.com>
      Signed-off-by: default avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: Michel Dänzer's avatarMichel Daenzer <michel.daenzer@amd.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      (cherry picked from commit b768b7d6)
      f89518e1
  8. 04 Oct, 2018 1 commit
    • Lionel Landwerlin's avatar
      present: fix freed pointer access · 1b0db2c7
      Lionel Landwerlin authored
      When a vblank has been marked as aborted, it's going to be free in the
      flip_notify function when stopped. We can't notify it after it's
      stopped because the pointer is invalid.
      
      Valgrind backtrace:
      
      ==5331== Invalid read of size 8
      ==5331==    at 0x212B4D: present_vblank_notify (present_vblank.c:34)
      ==5331==    by 0x21439B: present_wnmd_flip_notify (present_wnmd.c:194)
      ==5331==    by 0x21439B: present_wnmd_event_notify (present_wnmd.c:228)
      ==5331==    by 0x156216: xwl_present_sync_callback (xwayland-present.c:282)
      ==5331==    by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
      ==5331==    by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
      ==5331==    by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
      ==5331==    by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
      ==5331==    by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
      ==5331==    by 0x14BCCA: xwl_read_events (xwayland.c:814)
      ==5331==    by 0x2AC0D0: ospoll_wait (ospoll.c:651)
      ==5331==    by 0x2A5322: WaitForSomething (WaitFor.c:208)
      ==5331==    by 0x27574B: Dispatch (dispatch.c:421)
      ==5331==  Address 0x1b44dc98 is 40 bytes inside a block of size 184 free'd
      ==5331==    at 0x48369EB: free (vg_replace_malloc.c:530)
      ==5331==    by 0x213B0A: present_wnmd_free_idle_vblanks (present_wnmd.c:118)
      ==5331==    by 0x213B0A: present_wnmd_flips_stop (present_wnmd.c:161)
      ==5331==    by 0x2143EF: present_wnmd_flip_notify (present_wnmd.c:192)
      ==5331==    by 0x2143EF: present_wnmd_event_notify (present_wnmd.c:228)
      ==5331==    by 0x156216: xwl_present_sync_callback (xwayland-present.c:282)
      ==5331==    by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
      ==5331==    by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
      ==5331==    by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
      ==5331==    by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
      ==5331==    by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
      ==5331==    by 0x14BCCA: xwl_read_events (xwayland.c:814)
      ==5331==    by 0x2AC0D0: ospoll_wait (ospoll.c:651)
      ==5331==    by 0x2A5322: WaitForSomething (WaitFor.c:208)
      ==5331==  Block was alloc'd at
      ==5331==    at 0x48377D5: calloc (vg_replace_malloc.c:711)
      ==5331==    by 0x212D9F: present_vblank_create (present_vblank.c:69)
      ==5331==    by 0x214014: present_wnmd_pixmap (present_wnmd.c:610)
      ==5331==    by 0x21576C: proc_present_pixmap (present_request.c:150)
      ==5331==    by 0x27599D: Dispatch (dispatch.c:479)
      ==5331==    by 0x279945: dix_main (main.c:276)
      ==5331==    by 0x633AB16: (below main) (libc-start.c:310)
      
      v2: Still notify aborted flips (Roman)
      Signed-off-by: Lionel Landwerlin's avatarLionel Landwerlin <lionel.g.landwerlin@intel.com>
      Reviewed-by: Daniel Stone's avatarDaniel Stone <daniels@collabora.com>
      Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107314Reviewed-by: Roman Gilg's avatarRoman Gilg <subdiff@gmail.com>
      Tested-by: Roman Gilg's avatarRoman Gilg <subdiff@gmail.com>
      (cherry picked from commit ce271535)
      1b0db2c7
  9. 19 Jun, 2018 1 commit
  10. 02 May, 2018 1 commit
  11. 28 Mar, 2018 2 commits