diff options
| author | Alon Levy <alevy@redhat.com> | 2012-05-30 10:09:47 +0300 |
|---|---|---|
| committer | Alon Levy <alevy@redhat.com> | 2012-06-15 10:34:08 +0300 |
| commit | c47ebff71878458ff6157aec7252999a6578fb97 (patch) | |
| tree | 483f0a083ba15ea7f86c0fdc219069c6e52a112f | |
| parent | fdf2274c9ff15fc5108b400b71120184d2651a21 (diff) | |
qxl_driver: hide cursors on vt switch
This is not enough to prevent any qxl_destroy_pixmap call during vt
switch, but it prevents those triggered by CursorDisplayCursor.
Note: a matching xf86_show_cursors call doesn't hurt, but is not
required, so not adding it.
It is still possible to access freed memory by the following trigger:
==4416== Invalid read of size 8
==4416== at 0x5D15EC1: unlink_surface (qxl_surface.c:685)
==4416== by 0x5D162F9: qxl_surface_kill (qxl_surface.c:799)
==4416== by 0x5D12688: qxl_destroy_pixmap (qxl_driver.c:928)
==4416== by 0x55730B: damageDestroyPixmap (damage.c:1556)
==4416== by 0x51C77B: ShmDestroyPixmap (shm.c:273)
==4416== by 0x54591B: FreePicture (picture.c:1465)
==4416== by 0x467A32: doFreeResource (resource.c:873)
==4416== by 0x467B7E: FreeResource (resource.c:903)
==4416== by 0x547742: ProcRenderFreePicture (render.c:661)
==4416== by 0x54B13A: ProcRenderDispatch (render.c:1988)
==4416== by 0x430670: Dispatch (dispatch.c:428)
==4416== by 0x492604: main (main.c:288)
==4416== Address 0x121031e0 is 116,960 bytes inside a block of size 122,880 free'd
==4416== at 0x4A079AE: free (vg_replace_malloc.c:427)
==4416== by 0x5D16BDA: qxl_surface_cache_evacuate_all (qxl_surface.c:1060)
==4416== by 0x5D13078: qxl_leave_vt (qxl_driver.c:1209)
==4416== by 0x4A4D4F: xf86VTSwitch (xf86Events.c:462)
==4416== by 0x4A4926: xf86Wakeup (xf86Events.c:285)
==4416== by 0x43E2E1: WakeupHandler (dixutils.c:421)
==4416== by 0x488A75: WaitForSomething (WaitFor.c:224)
==4416== by 0x4303CF: Dispatch (dispatch.c:357)
==4416== by 0x492604: main (main.c:288)
This is fixed by a following patch to not free all_surfaces, instead
keeping pointers from it to the evacuated list.
| -rw-r--r-- | src/qxl_driver.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/qxl_driver.c b/src/qxl_driver.c index 5519f57..ab44fa0 100644 --- a/src/qxl_driver.c +++ b/src/qxl_driver.c @@ -38,6 +38,9 @@ #include <errno.h> #include <time.h> #include <stdlib.h> + +#include <xf86Crtc.h> + #include "qxl.h" #include "assert.h" #include "qxl_option_helpers.h" @@ -1198,6 +1201,8 @@ qxl_leave_vt(VT_FUNC_ARGS_DECL) SCRN_INFO_PTR(arg); qxl_screen_t *qxl = pScrn->driverPrivate; + xf86_hide_cursors (pScrn); + pScrn->EnableDisableFBAccess (XF86_SCRN_ARG(pScrn), FALSE); qxl->vt_surfaces = qxl_surface_cache_evacuate_all (qxl->surface_cache); @@ -1386,6 +1391,10 @@ static void qxl_add_mode(ScrnInfoPtr pScrn, int width, int height, int type) xf86ModesAdd(pScrn->monitor->Modes, mode); } +static const xf86CrtcConfigFuncsRec qxl_xf86crtc_config_funcs = { + NULL +}; + static Bool qxl_pre_init(ScrnInfoPtr pScrn, int flags) { @@ -1518,7 +1527,10 @@ qxl_pre_init(ScrnInfoPtr pScrn, int flags) CHECK_POINT(); + xf86CrtcConfigInit(pScrn, &qxl_xf86crtc_config_funcs); + xf86PruneDriverModes(pScrn); + pScrn->currentMode = pScrn->modes; /* If no modes are specified in xorg.conf, default to 1024x768 */ if (pScrn->display->modes == NULL || pScrn->display->modes[0] == NULL) |