[PATCH libinput 3/3] lid: remove the keyboard listener on remove and re-init the listener
Peter Hutterer
peter.hutterer at who-t.net
Fri May 5 08:22:03 UTC 2017
If the event listener is added, then removed again on a lid switch on/off
event, the list is set to null. This can trigger two crashes:
* when the keyboard is removed first, the call to
libinput_device_remove_event_listener() dereferences the null pointer
* when the switch is removed first, the call to device_destroy will find a
remaining event listener and assert
https://bugzilla.redhat.com/show_bug.cgi?id=1440927
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
---
src/evdev-lid.c | 21 +++++++++++++++++++--
test/test-lid.c | 30 ++++++++++++++++++++++++++++++
2 files changed, 49 insertions(+), 2 deletions(-)
diff --git a/src/evdev-lid.c b/src/evdev-lid.c
index a975e357..baf71851 100644
--- a/src/evdev-lid.c
+++ b/src/evdev-lid.c
@@ -99,6 +99,8 @@ lid_switch_toggle_keyboard_listener(struct lid_switch_dispatch *dispatch,
} else {
libinput_device_remove_event_listener(
&dispatch->keyboard.listener);
+ libinput_device_init_event_listener(
+ &dispatch->keyboard.listener);
}
}
@@ -174,6 +176,17 @@ evdev_read_switch_reliability_prop(struct evdev_device *device)
}
static void
+lid_switch_remove(struct evdev_dispatch *evdev_dispatch)
+{
+ struct lid_switch_dispatch *dispatch = lid_dispatch(evdev_dispatch);
+
+ if (!dispatch->keyboard.keyboard)
+ return;
+
+ libinput_device_remove_event_listener(&dispatch->keyboard.listener);
+}
+
+static void
lid_switch_destroy(struct evdev_dispatch *evdev_dispatch)
{
struct lid_switch_dispatch *dispatch = lid_dispatch(evdev_dispatch);
@@ -197,7 +210,9 @@ lid_switch_pair_keyboard(struct evdev_device *lid_switch,
if (dispatch->keyboard.keyboard) {
if (bus_kbd != BUS_I8042)
return;
+
libinput_device_remove_event_listener(&dispatch->keyboard.listener);
+ libinput_device_init_event_listener(&dispatch->keyboard.listener);
}
dispatch->keyboard.keyboard = keyboard;
@@ -225,7 +240,9 @@ lid_switch_interface_device_removed(struct evdev_device *device,
if (removed_device == dispatch->keyboard.keyboard) {
libinput_device_remove_event_listener(
- &dispatch->keyboard.listener);
+ &dispatch->keyboard.listener);
+ libinput_device_init_event_listener(
+ &dispatch->keyboard.listener);
dispatch->keyboard.keyboard = NULL;
}
}
@@ -271,7 +288,7 @@ lid_switch_sync_initial_state(struct evdev_device *device,
struct evdev_dispatch_interface lid_switch_interface = {
lid_switch_process,
NULL, /* suspend */
- NULL, /* remove */
+ lid_switch_remove,
lid_switch_destroy,
lid_switch_interface_device_added,
lid_switch_interface_device_removed,
diff --git a/test/test-lid.c b/test/test-lid.c
index 6b2fa3c5..258f8e3d 100644
--- a/test/test-lid.c
+++ b/test/test-lid.c
@@ -407,6 +407,35 @@ START_TEST(lid_open_on_key_touchpad_enabled)
}
END_TEST
+START_TEST(lid_suspend_with_keyboard)
+{
+ struct libinput *li;
+ struct litest_device *keyboard;
+ struct litest_device *sw;
+
+ li = litest_create_context();
+
+ sw = litest_add_device(li, LITEST_LID_SWITCH);
+ libinput_dispatch(li);
+
+ keyboard = litest_add_device(li, LITEST_KEYBOARD);
+ libinput_dispatch(li);
+
+ litest_lid_action(sw, LIBINPUT_SWITCH_STATE_ON);
+ litest_drain_events(li);
+ litest_lid_action(sw, LIBINPUT_SWITCH_STATE_OFF);
+ litest_drain_events(li);
+
+ litest_delete_device(keyboard);
+ litest_drain_events(li);
+
+ litest_delete_device(sw);
+ libinput_dispatch(li);
+
+ libinput_unref(li);
+}
+END_TEST
+
START_TEST(lid_suspend_with_touchpad)
{
struct libinput *li;
@@ -493,6 +522,7 @@ litest_setup_tests_lid(void)
litest_add("lid:keyboard", lid_open_on_key, LITEST_SWITCH, LITEST_ANY);
litest_add("lid:keyboard", lid_open_on_key_touchpad_enabled, LITEST_SWITCH, LITEST_ANY);
+ litest_add_no_device("lid:keyboard", lid_suspend_with_keyboard);
litest_add_no_device("lid:disable_touchpad", lid_suspend_with_touchpad);
litest_add_for_device("lid:buggy", lid_update_hw_on_key, LITEST_LID_SWITCH_SURFACE3);
--
2.12.2
More information about the wayland-devel
mailing list