Skip to content

xsync: Fix SyncAwaitTriggerFired SIGSEGV during CloseDownClient

Alex Goins requested to merge agoins/xserver:agoins-xsync-segv-fix into master

When destroying a sync fence with a pending Await, we call through SyncAwaitTriggerFired, which finally unblocks the client using AttendClient. AttendClient assumes that the client is alive, but it's possible for us to destroy a sync fence as part of CloseDownClient, after CloseDownConnection has already been called. This results in a segfault:

Thread 1 "X" received signal SIGSEGV, Segmentation fault.
AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942
(gdb) bt
#0  AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942
#1  0x00005571c3dbb865 in SyncAwaitTriggerFired (pTrigger=<optimized out>) at ../Xext/sync.c:694
#2  0x00005571c3dd5749 in miSyncDestroyFence (pFence=0x5571c5063980) at ../miext/sync/misync.c:120
#3  0x00005571c3dbbc69 in FreeFence (obj=<optimized out>, id=<optimized out>) at ../Xext/sync.c:1909
#4  0x00005571c3d7a01d in doFreeResource (res=0x5571c506e3d0, skip=skip@entry=0) at ../dix/resource.c:880
#5  0x00005571c3d7b1dc in FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1146
#6  FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1109
#7  0x00005571c3d5525f in CloseDownClient (client=0x5571c4aed9a0) at ../dix/dispatch.c:3473
#8  0x00005571c3d55eeb in Dispatch () at ../dix/dispatch.c:492
#9  0x00005571c3d59e96 in dix_main (argc=3, argv=0x7ffe7854bc28, envp=<optimized out>) at ../dix/main.c:276
#10 0x00007fea4837cb6b in __libc_start_main (main=0x5571c3d1d060 <main>, argc=3, argv=0x7ffe7854bc28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe7854bc18) at ../csu/libc-start.c:308
#11 0x00005571c3d1d09a in _start () at ../Xext/sync.c:2378
(gdb) print client->osPrivate
$1 = (void *) 0x0

By checking that the client isn't gone before calling AttendClient, we avoid the crash. In this case, there's no need to unblock the client anyway, since it's already gone.

Signed-off-by: Alex Goins

Merge request reports