os: append, rather than prepend, any new input thread fds

xf86AddEnabledDevice() prepends the new fd to the list,
xf86RemoveEnabledDevice() then searches for a matching fd and removes that
entry. If this is done for the same fd (and since we lose all information but
the actual fd) we usually unregister virtual devices in reverse order, causing
a dereference of already released memory.

Case in point:
- the wacom driver calls xf86AddEnabledDevice() once for the physical device,
  then multiple times for the virtual subdevices
- when the physical device is unplugged, the driver calls
  xf86RemoveEnabledDevice() for the physical device
- all we have is the fd, so we end up removing the last virtual device from
  the fd set
- xf86DeleteInput() frees the physical device's pInfo
- the fd goes crazy with ENODEV, but a read_input() now passes the already
  freed pInfo for the physical device
- boom

Fix this by appending to the fd list to provide bug-for-bug compatibility with
the old SIGIO code. This needs to be fixed in the driver, but meanwhile not
crashing the server provides for better user experience.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
This commit is contained in:
Peter Hutterer 2016-08-09 17:35:58 +10:00
parent a446ff84de
commit 2df2815d6a

View File

@ -205,7 +205,7 @@ InputThreadRegisterDev(int fd,
dev->state = device_state_added; dev->state = device_state_added;
input_lock(); input_lock();
xorg_list_add(&dev->node, &inputThreadInfo->devs); xorg_list_append(&dev->node, &inputThreadInfo->devs);
inputThreadInfo->changed = TRUE; inputThreadInfo->changed = TRUE;