[PATCH] Destroy resources when destroying input and output

[Pekka Paalanen]

On Fri, 09 May 2014 14:33:58 +0100
Neil Roberts <neil at linux.intel.com> wrote:

> Perhaps we should consider applying the patch anyway even though it's
> not ideal. Currently if a client uses a dead output in a request such as
> xdg_surface.set_output Weston will end up with a weston_output pointer
> that points to freed memory. This could cause the compositor to crash.

True, it's very bad now.

> That is worse than the alternative provided by this patch which is to
> make the client abort. The clients know about the output being destroyed
> via the wl_registry.global_remove event so in practice they would only
> hit the problem in the unlikely event that they used the output in a
> request in the short time between the output being unplugged and
> noticing the removal event.

That is also true, but if it is fixed improperly now, there is a very
good chance we just forget about the problem, and never fix it for
real. Especially when it becomes very hard to trigger.

At least make sure we have an open bug report about it, please.

> In the longer term I was thinking maybe it would be good to handle the
> inert resource idea within libwayland-server. We could add a function
> like wl_resource_zombify() which would mark the resource as a zombie and
> call the destroy handlers. From the compositor's perspective it can then
> act as if the resource has been destroyed. We could detect zombie
> resources being used within the request marshalling code and ignore the
> request. If the request creates new resource we can internally create
> new zombie resources too and Weston would never need to know about it. I
> am planning to experiment with this approach now.

Hmm... will be interesting to see, if that works out. It does feel like
quite a lot of magic in libwayland-server, while also making life a lot
easier.


Thanks,
pq