Bug 33449

Summary: [Piketon bisected]Whole screen white when compiz enabled
Product: xorg Reporter: meng <mengmeng.meng>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: VERIFIED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: major    
Priority: high CC: jcristau, xunx.fang
Version: git   
Hardware: All   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 31018    
Attachments:
Description Flags
The information for Xorg
none
The dmesg about screen white
none
fix BindTexImage length check none

Description meng 2011-01-24 21:30:37 UTC
Created attachment 42433 [details]
The information for Xorg

System Environment:
--------------------------------------------------------------------------
Libdrm:         (master)2.4.23-6-g550fe2ca3b29ad2191eab4fdfbed9ed21e25492d
Mesa:           (master)e8c7d7598fb48237508f566204c71ba8f74d544f
Xserver:        (master)xorg-server-1.9.99.901-118-    gc6aa4755ec355101a62bef86dbb090262fe806f6
Libva:          (master)b7849f39151a5efda5ae103486b8d00dbe6b2ff2
Kerenl:         (drm-intel-next)fe4402931e43e81a4129eba41d05cf8907603af5

Bug detailed description:
--------------------------------------------------------------------------
The whole screen is white only on gnome-desktop with compiz enabled. Especially,it works fine in gnome without compiz. It's xserver regression.
ec9c97c6bf70b523bc500bd3adf62176f1bb33a4 is the first bad commit.

commit ec9c97c6bf70b523bc500bd3adf62176f1bb33a4
Author: Julien Cristau <jcristau@debian.org>
Date:   Sat Jul 3 19:47:55 2010 +0100

    glx: validate request lengths

    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
    Reviewed-by: Daniel Stone <daniel@fooishbar.org>
    Signed-off-by: Julien Cristau <jcristau@debian.org>

Reproduce steps:
----------------
1. gnome-session
2. enable compiz
Comment 1 meng 2011-01-24 21:33:06 UTC
Created attachment 42434 [details]
The dmesg about screen white
Comment 2 Julien Cristau 2011-01-25 00:53:36 UTC
Do the patches in #33324 fix this?  What's the stderr output from compiz?
Comment 3 meng 2011-01-25 21:25:46 UTC
Whole Screen white still exist,when testing in commit (master)be3be7580b6f6fd2f7fa4d4abfe5e1ab19470223 with two patches(id=42338,id=42339)you given in #33324. Only in dmesg: end_request: I/O error, dev fd0, sector 0
Comment 4 Julien Cristau 2011-01-26 00:04:15 UTC
> --- Comment #3 from meng <mengmeng.meng@intel.com> 2011-01-25 21:25:46 PST ---
> Whole Screen white still exist,when testing in commit
> (master)be3be7580b6f6fd2f7fa4d4abfe5e1ab19470223 with two
> patches(id=42338,id=42339)you given in #33324. Only in dmesg: end_request: I/O
> error, dev fd0, sector 0
> 
You didn't answer my other question.  What's the output from compiz?
Comment 5 meng 2011-01-26 00:35:56 UTC
step:
1.gnome-session
2.enable compiz
output from compiz:
compiz[2926]: segfault at 329862ea80 ip 000000329862ea80 sp 00007fffe8cc4058 error 14 in libXxf86vm.so.1.0.0[329b400000+5000]
Comment 6 meng 2011-01-26 00:46:52 UTC
It's backtrace:
(gdb) bt
#0  0x0000003288ed4d78 in poll () from /lib64/libc.so.6
#1  0x000000000040ed49 in ?? ()
#2  0x0000000000411517 in eventLoop ()
#3  0x000000000040bc4b in main ()
Comment 7 Julien Cristau 2011-01-26 01:19:08 UTC
> --- Comment #5 from meng <mengmeng.meng@intel.com> 2011-01-26 00:35:56 PST ---
> output from compiz:
> compiz[2926]: segfault at 329862ea80 ip 000000329862ea80 sp 00007fffe8cc4058
> error 14 in libXxf86vm.so.1.0.0[329b400000+5000]

That's not output from compiz, that's your kernel log.  I'm not
interested in your kernel log, I'm interested in knowing what request
gets an error from the X server.  Which might (or might not) be in
compiz's stderr, but certainly won't be in dmesg.
Comment 8 meng 2011-01-26 01:30:51 UTC
I'm sorry I don't know how to get the compiz's stderr.Could you tell me that?
Comment 9 Chris Wilson 2011-01-26 01:31:51 UTC
Using gnome-session, the stderr should be captured in ~/.xsession-errors
Comment 10 Julien Cristau 2011-01-26 04:10:02 UTC
Created attachment 42518 [details] [review]
fix BindTexImage length check

This should hopefully make compiz work...
Comment 11 meng 2011-01-26 19:54:06 UTC
In your patch(id=42518),
-    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
+    REQUEST_AT_LEAST_SIZE(xGLXVendorPrivateReq, 12);
Maybe there is a mistype in your patch which caused it failed to compile. I guess maybe you meant as following:
-    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
+    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 12);

After we applied the new patch, it works fine. I tested with xserver(master)be3be7580b6f6fd2f7fa4d4abfe5e1ab19470223 with above patch.
Comment 12 Julien Cristau 2011-01-27 00:41:10 UTC
On Wed, Jan 26, 2011 at 19:54:06 -0800, bugzilla-daemon@freedesktop.org wrote:

> https://bugs.freedesktop.org/show_bug.cgi?id=33449
> 
> --- Comment #11 from meng <mengmeng.meng@intel.com> 2011-01-26 19:54:06 PST ---
> In your patch(id=42518),
> -    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
> +    REQUEST_AT_LEAST_SIZE(xGLXVendorPrivateReq, 12);
> Maybe there is a mistype in your patch which caused it failed to compile. I
> guess maybe you meant as following:
> -    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
> +    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 12);
> 
oops, sorry about that.  I think that should be
+    if ((sizeof(xGLXVendorPrivateReq) + 12) >> 2 > client->req_len)
+       return BadLength;

thanks!
Comment 13 Chris Wilson 2011-01-27 08:25:06 UTC
As Julien pointed out, this implies we are doing our compiz QA via indirect rendering? Do we also check direct rendering + compiz?
Comment 14 meng 2011-02-08 22:39:02 UTC
Tested with xserver(master)ea1ffd3e60bdcedbec5a6f28929f8677bf45d450 with apatch,it works fine.
------------------------------------------------------------------
-    REQUEST_FIXED_SIZE(xGLXVendorPrivateReq, 8);
+    if ((sizeof(xGLXVendorPrivateReq) + 12) >> 2 > client->req_len)
+    return BadLength;
Comment 15 meng 2011-02-08 22:50:58 UTC
(In reply to comment #13)
> As Julien pointed out, this implies we are doing our compiz QA via indirect
> rendering? Do we also check direct rendering + compiz?

glxinfo | grep "direct rendering"
direct rendering: Yes
Then,compiz use no direct rendering:lsof | grep id(compiz)|grep dri
Can you tell me how to let Compiz work with "direct rendering"?
Comment 16 meng 2011-02-10 19:08:20 UTC
Compiz is indirect rendering when this Piketon'system is in Fedora 11. But other in Fedora 13,compiz is direct rendering.
Comment 17 Julien Cristau 2011-02-19 06:27:00 UTC
Fixed in 1.10 rc2, thanks for the report.
Comment 18 meng 2011-02-21 21:00:05 UTC
Verified with Xserver:(master)b4ef34d4664e0eaac7211f7a22a2025958aa1527.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.