| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
If a client sends a request larger than maxBigRequestSize, the server is
supposed to ignore it.
Before commit cf88363d, the server would simply disconnect the client. After
that commit, it attempts to gracefully ignore the request by remembering how
long the client specified the request to be, and ignoring that many bytes.
However, if a client sends a BigReq header with a large size and disconnects
before actually sending the rest of the specified request, the server will
reuse the ConnectionInput buffer without resetting the ignoreBytes field. This
makes the server ignore new X clients' requests.
This fixes that behavior by resetting the ignoreBytes field when putting the
ConnectionInput buffer back on the FreeInputs list.
Signed-off-by: Robert Morell <rmorell@nvidia.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Backtrace logging etc. is already sigsafe, but the actual FatalError message
in response is not yet, leading to amusing logs like this:
(EE) Segmentation fault at address 0x0
(EE) BUG: triggered 'if (inSignalContext)'
(EE) BUG: log.c:499 in LogVMessageVerb()
(EE) Warning: attempting to log data in a signal unsafe manner while in
signal context.
Please update to check inSignalContext and/or use LogMessageVerbSigSafe() or
ErrorFSigSafe().
The offending log format message is:
Fatal server error:
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Mainly for %ld, smaller than int is propagated anyway, and %lld isn't really
used.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Libunwind generates backtraces much more reliably than glibc's "backtrace".
Before:
0: /opt/xserver/bin/X (0x400000+0x18ce36) [0x58ce36]
1: /opt/xserver/bin/X (xorg_backtrace+0x9) [0x58d119]
2: /opt/xserver/bin/X (0x400000+0x190d69) [0x590d69]
3: /lib64/libpthread.so.0 (0x7fb904268000+0x10a90) [0x7fb904278a90]
4: /lib64/libc.so.6 (ioctl+0x7) [0x7fb902fbf987]
5: /usr/lib64/libdrm.so.2 (drmIoctl+0x28) [0x7fb90405ffa8]
6: /usr/lib64/libdrm.so.2 (drmCommandWrite+0x1b) [0x7fb90406235b]
7: /usr/lib64/libdrm_nouveau.so.2 (nouveau_bo_wait+0x89) [0x7fb902009719]
8: /opt/xserver/lib/xorg/modules/drivers/nouveau_drv.so (0x7fb90220e000+0x76f3) [0x7fb9022156f3]
9: /opt/xserver/lib/xorg/modules/libexa.so (0x7fb9019c7000+0xbae0) [0x7fb9019d2ae0]
10: /opt/xserver/bin/X (0x400000+0x17d2b3) [0x57d2b3]
11: /opt/xserver/bin/X (0x400000+0xc9930) [0x4c9930]
12: /opt/xserver/bin/X (0x400000+0x3a81a) [0x43a81a]
13: /opt/xserver/bin/X (0x400000+0x3d6a1) [0x43d6a1]
14: /opt/xserver/bin/X (0x400000+0x2c2ca) [0x42c2ca]
15: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x7fb902f019b5]
16: /opt/xserver/bin/X (0x400000+0x2c60d) [0x42c60d]
17: ?? [0x0]
After:
0: /opt/xserver/bin/X (OsSigHandler+0x39) [0x590d69]
1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x7fb904278a8f]
2: /lib64/libc.so.6 (ioctl+0x7) [0x7fb902fbf987]
3: /usr/lib64/libdrm.so.2 (drmIoctl+0x28) [0x7fb90405ffa8]
4: /usr/lib64/libdrm.so.2 (drmCommandWrite+0x1b) [0x7fb90406235b]
5: /usr/lib64/libdrm_nouveau.so.2 (nouveau_bo_wait+0x89) [0x7fb902009719]
6: /opt/xserver/lib/xorg/modules/drivers/nouveau_drv.so (nouveau_exa_download_from_screen+0x1a3) [0x7fb9022156f3]
7: /opt/xserver/lib/xorg/modules/libexa.so (exaGetImage+0x1f0) [0x7fb9019d2ae0]
8: /opt/xserver/bin/X (miSpriteGetImage+0x173) [0x57d2b3]
9: /opt/xserver/bin/X (compGetImage+0xb0) [0x4c9930]
10: /opt/xserver/bin/X (ProcGetImage+0x55a) [0x43a81a]
11: /opt/xserver/bin/X (Dispatch+0x341) [0x43d6a1]
12: /opt/xserver/bin/X (main+0x3ba) [0x42c2ca]
13: /lib64/libc.so.6 (__libc_start_main+0xf5) [0x7fb902f019b5]
14: /opt/xserver/bin/X (_start+0x29) [0x42c60d]
15: ? (?+0x29) [0x29]
Signed-off-by: Marcin Slusarz <marcin.slusarz@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Knut Petersen <knut.petersen@t-online.de>
|
|
|
|
Format strings with length modifiers but missing format specifier like "%0"
will read one byte past the array size.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
If we're about to abort, we're already in the signal handler and cannot call
down to the default device cleanup routines (which reset, free, alloc, and
do a bunch of other things).
Add a new DEVICE_ABORT mode to signal a driver's DeviceProc that it must
reset the hardware if needed but do nothing else. An actual HW reset is only
required for some drivers dealing with the HW directly.
This is largely backwards-compatible, hence the input ABI minor bump only.
Drivers we care about either return BadValue on a mode that's not
DEVICE_{INIT|ON|OFF|CLOSE} or print an error and return BadValue. Exception
here is vmmouse, which currently ignores it and would not reset anything.
This should be fixed if the reset is required.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Truncating the fraction part leads to a test failure where -1203.30 is
printed as -1203.29. Round this to the nearest value instead by adding
0.5 before converting to an integer
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
This is the lazy man's %f support. Print the decimal part of the number,
then append a decimal point, then print the first two digits of the
fractional part. So %f in sigsafe printing is really %.2f.
No boundary checks in place here.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Until we have support for them, ignore any length modifiers so we don't need
to update all callers.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
The formatter confused address operators preceded by casts with
bitwise-and expressions, placing spaces on either side of both.
That syntax isn't used by ordinary address operators, however,
so fix them for consistency.
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
setitimer() and SIGALRM aren't available on WIN32, so smart scheduler
code cannot be built. Provide only stubs for smart scheduler timer
code, and disable smart scheduler by default.
Signed-off-by: Ryan Pavlik <rpavlik@iastate.edu>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Signed-off-by: Ryan Pavlik <rpavlik@iastate.edu>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Fix compilation of OsBlockSIGIO with -Werror=return-type when SIGIO isn't
defined.
/jhbuild/checkout/xorg/xserver/os/utils.c: In function 'OsBlockSIGIO':
/jhbuild/checkout/xorg/xserver/os/utils.c:1248:1: error: control reaches end of non-void function [-Wreturn-type]
v2: Shuffle around to avoid writing unreachable code
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
MinGW doesn't have sigaction, so this patch is needed for building.
No attempt is made to actually install the fatal error signal handler, as MinGW
will simply terminate the process rather than deliver a fatal signal.
Also avoid using strsignal
Signed-off-by: Ryan Pavlik <rpavlik@iastate.edu>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Tested-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
libnettle is smaller than libgcrypt, currently being released more
frequently, and has replaced the latter in gnutls-3.x (which is used
by TigerVNC, so they can avoid pulling in two crypto libraries
simultaneously).
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
|
|
MinGW and MSVC lack the POSIX functions to compile the lock file code.
Signed-off-by: Ryan Pavlik <rpavlik@iastate.edu>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
|
|
Recieved → Received
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
They're declared in osdep.h, so don't redeclare them in io.c as
well. Keeps the compiler happier.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
|
|
In commit:
commit 092c57ab173c8b71056f6feb3b9d04d063a46579
Author: Adam Jackson <ajax@redhat.com>
Date: Fri Jun 17 14:03:01 2011 -0400
os: Hide the Connection{In,Out}put implementation details
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
the check for an empty output buffer was moved from one calling
location into the FlushClient implementation itself. However, this
neglected the possibility that additional data, in the form of
'extraBuf' would be passed to FlushClient from other code paths. If the
output buffer happened to be empty at that time, the extra data would
never be written to the client.
This is fixed by checking the total data to be written, which includes
both pending and extra data, instead of just the pending data.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
|
|
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Forwarding proxies like sshd will appear to be local, even though they
aren't really. This leads to weird behaviour for extensions that truly
require running under the same OS services as the client, like MIT-SHM
and DRI2.
Add two new legal values for the initial connection's byteOrder field,
'r' and 'R'. These act like 'l' and 'B' respectively, but have the side
effect of forcing the client to be treated as non-local. Forwarding
proxies should attempt to munge the first packet of the connection
accordingly; older servers will reject connections thusly munged, so the
proxy should fall back to passthrough if the munged connection attempt
fails.
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
|
|
Introduced in 164b38c72fe9c69d13ea4f9c46d4ccc46566d826
Reported-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
Throw an error into the log file, but continue anyway. And after three
warnings, stop complaining. Not all input drivers will be fixed in time (or
ever) and our printf implementation is vastly inferior, so there is still a
use-case for non-sigsafe logging.
This also adds more linebreaks to the message.
CC: Chase Douglas <chase.douglas@canonical.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
|
|
The mouse driver uses %i in some debug messages
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
|
|
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
|
|
Calling OsReleaseSignal() inside the signal handler releases SIGIO, causing
the signal handler to be called again from within the handler.
Practical use-case: when synaptics calls TimerSet in the signal handler,
this causes the signals to be released, eventually hanging the server.
Regression introduced in 08962951de.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
|
|
Fix Win32TempDir() in the case where we fell back to checking the TMP
environment variable. It looks like this has been wrong since forever.
Signed-off-by: Colin Harrison <colin.harrison@virgin.net>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
|
|
Popen and Pclose are never used on Windows, so don't bother to even
try to define them.
System(s) was defined as system(s), but the two users of that
function are in xkb, which carefully redefines that as
Win32System. Move Win32System and Win32TempDir to os/utils.c, renaming
Win32System to be just System, which simplifies the xkb code
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
|
|
|
|
No-one ever did anything with this variable except assign its default
value to it.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
If failing to disable a protocol specified by -nolisten failed, we'd
throw a FatalError and bomb startup entirely. From poking at xtrans, it
looks like the only way we can get a failure here is because we've
specified a protocol name which doesn't exist, which probably doesn't
constitute a security risk.
And it makes it possible to start gdm even though you've built with
--disable-tcp-transport.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Adds new function padding_for_int32() and uses existing pad_to_int32()
depending on required results.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Daniel Stone <daniel@fooishbar.org>
|
|
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
|
|
Clear them out when needed instead of leaving whatever values were
present in previously sent messages.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
|
|
Each DDX currently calls OsReleaseSIGIO in case it was suspended when
the server regen started. This causes a BUG to occur if SIGIO was
*not* blocked at that time. Instead of relying on each DDX, make the
OS layer reliably reset all signal state at server init time, ensuring
that signals are suitably unblocked and that the various signal state
counting variables are set back to zero.
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
Conflicts:
test/Makefile.am
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Let the dix be in charge of changing the sigprocmask so we only have one
entity that changes it.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
|
|
This merge includes a minor fixup for '%p' arguments; must cast to
uintptr_t instead of uint64_t as we use -Werror=pointer-to-int-cast
which complains when doing a cast (even explicitly) from a pointer
to an integer of different size.
|
|
While we probably don't need to be signal safe here since we will never
return to the normal context, the logging signal context check will
cause unsafe logging to be unhandled. Using signal safe logging here
resolves the issue.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Also, print out the offending message format. This will hopefully help
developers track down unsafe logging.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
Backtraces are often printed in signal context, such as when a segfault
occurs.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
os: print offset as unsigned int, not long unsigned int
pnprintf() takes unsigned int for %u
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
|
ErrorF() is not signal safe. Use ErrorSigSafe() whenever an error
message may be logged in signal context.
[whot: edited to "ErrorFSigSafe"]
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
|
