Xorg hits assert in DRI2Authenticate with QXL driver.
The Wine test infrastructure revealed Xorg hitting an assert making the server abort.
This is visible with current Debian testing and can be reproduced
with just a simple call to gst-play-1.0 no-such-file.avi.
I was starting the qemu VM with -vga qxl -spice addr=$LOCALIP,port=5930,disable-ticketing=on.
Similar issues might be:
- xorg/driver/xf86-video-qxl#10
- #1053 which notes "DRI2 request processing functions need to be made robust" (@daenzer).
The diff below would avoid the assert and the abort of the X-server.
Would that be feasible?
[ 85.820] (II) qxl(0): PreInit complete
...
[ 254.585] (EE)
[ 254.585] (EE) Backtrace:
[ 254.586] (EE) 0: /usr/lib/xorg/Xorg (OsLookupColor+0x139) [0x5641b521ecf9]
[ 254.587] (EE) 1: /lib/x86_64-linux-gnu/libc.so.6 (__sigaction+0x40) [0x7f2e46e5af90]
[ 254.587] (EE) 2: /lib/x86_64-linux-gnu/libc.so.6 (pthread_key_delete+0x14c) [0x7f2e46ea9ccc]
[ 254.588] (EE) 3: /lib/x86_64-linux-gnu/libc.so.6 (gsignal+0x12) [0x7f2e46e5aef2]
[ 254.589] (EE) 4: /lib/x86_64-linux-gnu/libc.so.6 (abort+0xd3) [0x7f2e46e45472]
[ 254.589] (EE) unw_get_proc_name failed: no unwind info found [-10]
[ 254.590] (EE) 5: /lib/x86_64-linux-gnu/libc.so.6 (?+0x0) [0x7f2e46e45395]
[ 254.590] (EE) 6: /lib/x86_64-linux-gnu/libc.so.6 (__assert_fail+0x42) [0x7f2e46e53df2]
[ 254.591] (EE) 7: /usr/lib/xorg/Xorg (DRIMoveBuffersHelper+0xc33) [0x5641b51d7213]
[ 254.591] (EE) 8: /usr/lib/xorg/Xorg (DRI2Authenticate+0xad) [0x5641b51d94ad]
[ 254.591] (EE) 9: /usr/lib/xorg/Xorg (DRI2GetParam+0x6cb) [0x5641b51da22b]
[ 254.592] (EE) 10: /usr/lib/xorg/Xorg (SendErrorToClient+0x3d4) [0x5641b50ab734]
[ 254.592] (EE) 11: /usr/lib/xorg/Xorg (InitFonts+0x3bc) [0x5641b50af6cc]
[ 254.592] (EE) 12: /lib/x86_64-linux-gnu/libc.so.6 (__libc_init_first+0x8a) [0x7f2e46e4618a]
[ 254.593] (EE) 13: /lib/x86_64-linux-gnu/libc.so.6 (__libc_start_main+0x85) [0x7f2e46e46245]
[ 254.593] (EE) 14: /usr/lib/xorg/Xorg (_start+0x21) [0x5641b5098b71]
[ 254.593] (EE)
[ 254.593] (EE)
Fatal server error:
[ 254.593] (EE) Caught signal 6 (Aborted). Server aborting(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#1 0x00007f2e46ea9d2f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#2 0x00007f2e46e5aef2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f2e46e45472 in __GI_abort () at ./stdlib/abort.c:79
#4 0x00005641b52219da in OsAbort () at ../../../../os/utils.c:1352
#5 0x00005641b5227043 in AbortServer () at ../../../../os/log.c:879
#6 0x00005641b5228075 in FatalError (f=f@entry=0x5641b5259dd0 "Caught signal %d (%s). Server aborting\n") at ../../../../os/log.c:1017
#7 0x00005641b521ed58 in OsSigHandler (unused=<optimized out>, sip=<optimized out>, signo=6) at ../../../../os/osinit.c:156
#8 OsSigHandler (signo=6, sip=<optimized out>, unused=<optimized out>) at ../../../../os/osinit.c:110
#9 <signal handler called>
#10 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at ./nptl/pthread_kill.c:44
#11 0x00007f2e46ea9d2f in __pthread_kill_internal (signo=6, threadid=<optimized out>) at ./nptl/pthread_kill.c:78
#12 0x00007f2e46e5aef2 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#13 0x00007f2e46e45472 in __GI_abort () at ./stdlib/abort.c:79
#14 0x00007f2e46e45395 in __assert_fail_base (fmt=0x7f2e46fb9a70 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5641b523028a "key->initialized", file=file@entry=0x5641b5234e90 "../../../../../../include/privates.h", line=line@entry=122, function=function@entry=0x5641b52544c0 <__PRETTY_FUNCTION__.7> "dixGetPrivateAddr") at ./assert/assert.c:92
#15 0x00007f2e46e53df2 in __GI___assert_fail (assertion=assertion@entry=0x5641b523028a "key->initialized", file=file@entry=0x5641b5234e90 "../../../../../../include/privates.h", line=line@entry=122, function=function@entry=0x5641b52544c0 <__PRETTY_FUNCTION__.7> "dixGetPrivateAddr") at ./assert/assert.c:101
#16 0x00005641b51d7213 in dixGetPrivateAddr (key=0x5641b52f0ee0 <dri2ClientPrivateKeyRec>, privates=0x71) at ../../../../../../include/privates.h:122
#17 0x00005641b51d94ad in dixGetPrivateAddr (key=<optimized out>, privates=<optimized out>) at ../../../../../../include/privates.h:167
#18 dixLookupPrivate (key=<optimized out>, privates=<optimized out>) at ../../../../../../include/privates.h:165
#19 DRI2Authenticate (client=client@entry=0x5641b73cb2f0, pScreen=<optimized out>, magic=1) at ../../../../../../hw/xfree86/dri2/dri2.c:1365
#20 0x00005641b51da22b in ProcDRI2Authenticate (client=0x5641b73cb2f0) at ../../../../../../hw/xfree86/dri2/dri2ext.c:156
#21 ProcDRI2Dispatch (client=0x5641b73cb2f0) at ../../../../../../hw/xfree86/dri2/dri2ext.c:609
#22 0x00005641b50ab734 in Dispatch () at ../../../../dix/dispatch.c:550
#23 0x00005641b50af6cc in dix_main (argc=7, argv=<optimized out>, envp=<optimized out>) at ../../../../dix/main.c:272
#24 0x00007f2e46e4618a in __libc_start_call_main (main=main@entry=0x5641b5098b40 <main>, argc=argc@entry=7, argv=argv@entry=0x7fffce0eb4a8) at ../sysdeps/nptl/libc_start_call_main.h:58
#25 0x00007f2e46e46245 in __libc_start_main_impl (main=0x5641b5098b40 <main>, argc=7, argv=0x7fffce0eb4a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffce0eb498) at ../csu/libc-start.c:381
#26 0x00005641b5098b71 in _start ()--- hw/xfree86/dri2/dri2.c.orig 2023-02-07 02:16:51.000000000 +0100
+++ hw/xfree86/dri2/dri2.c 2023-03-19 10:51:44.963378663 +0100
@@ -1362,9 +1367,14 @@ Bool
DRI2Authenticate(ClientPtr client, ScreenPtr pScreen, uint32_t magic)
{
DRI2ScreenPtr ds;
- DRI2ClientPtr dri2_client = dri2ClientPrivate(client);
+ DRI2ClientPtr dri2_client;
ScreenPtr primescreen;
+ if (!dixPrivateKeyRegistered(dri2ScreenPrivateKey))
+ return FALSE;
+
+ dri2_client = dri2ClientPrivate(client);
+
ds = DRI2GetScreenPrime(pScreen, dri2_client->prime_id);
if (ds == NULL)
return FALSE;(A similar location in DRI2CreateDrawable2 shows a similar "unprotected" dri2ClientPrivate.)