Skip to content

modesetting: Check whether RandR was initialized before calling rrGetScrPriv

Aaron Plattner requested to merge aplattner/xserver:fix-modesetting-xinerama-crash into master

Calling rrGetScrPriv when RandR isn't initialized causes an assertion failure that aborts the server:

 Xorg: ../include/privates.h:121: dixGetPrivateAddr: Assertion `key->initialized' failed.

 Thread 1 "Xorg" received signal SIGABRT, Aborted.
 0x00007ffff78a8f25 in raise () from /usr/lib/libc.so.6
 (gdb) bt
 #0  0x00007ffff78a8f25 in raise () from /usr/lib/libc.so.6
 #1  0x00007ffff7892897 in abort () from /usr/lib/libc.so.6
 #2  0x00007ffff7892767 in __assert_fail_base.cold () from /usr/lib/libc.so.6
 #3  0x00007ffff78a1526 in __assert_fail () from /usr/lib/libc.so.6
 #4  0x00007ffff7fb57c1 in dixGetPrivateAddr (privates=0x555555ab1b60, key=0x555555855720 <rrPrivKeyRec>) at ../include/privates.h:121
 #5  0x00007ffff7fb5822 in dixGetPrivate (privates=0x555555ab1b60, key=0x555555855720 <rrPrivKeyRec>) at ../include/privates.h:136
 #6  0x00007ffff7fb586a in dixLookupPrivate (privates=0x555555ab1b60, key=0x555555855720 <rrPrivKeyRec>) at ../include/privates.h:166
 #7  0x00007ffff7fb8445 in CreateScreenResources (pScreen=0x555555ab1790) at ../hw/xfree86/drivers/modesetting/driver.c:1335
 #8  0x000055555576c5e4 in xf86CrtcCreateScreenResources (screen=0x555555ab1790) at ../hw/xfree86/modes/xf86Crtc.c:744
 #9  0x00005555555d8bb6 in dix_main (argc=4, argv=0x7fffffffead8, envp=0x7fffffffeb00) at ../dix/main.c:214
 #10 0x00005555557a4f0b in main (argc=4, argv=0x7fffffffead8, envp=0x7fffffffeb00) at ../dix/stubmain.c:34

This can happen, for example, if the server is configured with Xinerama and there is more than one X screen:

 Section "ServerLayout"
   Identifier "crash"
   Screen 0 "modesetting"
   Screen 1 "dummy" RightOf "modesetting"
   Option "Xinerama"
 EndSection

 Section "Device"
   Identifier "modesetting"
   Driver "modesetting"
 EndSection

 Section "Screen"
   Identifier "modesetting"
   Device "modesetting"
 EndSection

 Section "Device"
   Identifier "dummy"
   Driver "dummy"
 EndSection

 Section "Screen"
   Identifier "dummy"
   Device "dummy"
 EndSection

The problem does not reproduce if there is only one X screen because of this code in xf86RandR12Init:

 #ifdef PANORAMIX
     /* XXX disable RandR when using Xinerama */
     if (!noPanoramiXExtension) {
         if (xf86NumScreens == 1)
             noPanoramiXExtension = TRUE;
         else
             return TRUE;
     }
 #endif

Fix the problem by checking dixPrivateKeyRegistered(rrPrivKey) before calling rrGetScrPriv. This is similar to what the xf86-video-amdgpu driver does: https://gitlab.freedesktop.org/xorg/driver/xf86-video-amdgpu/blob/fd66f5c0bea2b7c22a47bfd5eb1f22d32d166d9c/src/amdgpu_kms.c#L388

Merge request reports