Bug 44655

Summary: Server crash for wheel-only devices
Product: xorg Reporter: Peter Hutterer <peter.hutterer>
Component: Server/Input/CoreAssignee: Peter Hutterer <peter.hutterer>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: cosimoc
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
0001-Force-REL_X-REL_Y-to-exist-on-devices-with-any-relat.patch none

Description Peter Hutterer 2012-01-10 15:09:11 UTC 
Device:
I: Bus=0003 Vendor=046d Product=c52f Version=0111
N: Name="Logitech USB Receiver"
...
B: PROP=0
B: EV=1f
B: KEY=4837fff072ff32d bf54444600000000 1 20f908b17c000 677bfad9415fed 9ed68000004400 10000002
B: REL=40
B: ABS=100000000
B: MSC=10


Device has REL_HWHEEL only. Before XI 2.1 evdev would not init axes for this device, now it has one axis for smooth scrolling support. RandR reconfiguration can trigger this bug:

[ 50.423] BUG: triggered 'if (dev->valuator->numAxes < 2)'
BUG: getevents.c:842 in scale_to_desktop()
[ 50.423]
Backtrace:
[ 50.423] 0: /usr/bin/Xorg (xorg_backtrace+0x28) [0x4642d8]
[ 50.423] 1: /usr/bin/Xorg (0x400000+0x47fe6) [0x447fe6]
[ 50.423] 2: /usr/bin/Xorg (0x400000+0x4857e) [0x44857e]
[ 50.423] 3: /usr/bin/Xorg (GetPointerEvents+0xfb) [0x44987b]
[ 50.423] 4: /usr/bin/Xorg (0x400000+0x159186) [0x559186]
[ 50.423] 5: /usr/bin/Xorg (miPointerWarpCursor+0xdb) [0x5594cb]
[ 50.423] 6: /usr/bin/Xorg (0x400000+0x7bd51) [0x47bd51]
[ 50.424] 7: /usr/bin/Xorg (0x400000+0x1599e1) [0x5599e1]
[ 50.424] 8: /usr/bin/Xorg (0x400000+0xfcfef) [0x4fcfef]
[ 50.424] 9: /usr/bin/Xorg (0x400000+0xe979f) [0x4e979f]
[ 50.424] 10: /usr/bin/Xorg (RRPointerScreenConfigured+0x73) [0x4e99a3]
[ 50.424] 11: /usr/bin/Xorg (RRTellChanged+0xfb) [0x4e3a6b]
[ 50.424] 12: /usr/bin/Xorg (RRCrtcSet+0x198) [0x4e4998]
[ 50.424] 13: /usr/bin/Xorg (ProcRRSetCrtcConfig+0x3e9) [0x4e59d9]
[ 50.424] 14: /usr/bin/Xorg (0x400000+0x342e2) [0x4342e2]
[ 50.424] 15: /usr/bin/Xorg (0x400000+0x2340a) [0x42340a]
[ 50.424] 16: /lib64/libc.so.6 (__libc_start_main+0xed) [0x7fa42fa1b59d]
[ 50.424] 17: /usr/bin/Xorg (0x400000+0x236b1) [0x4236b1]
[ 50.424] BUG: triggered 'if (dev->valuator->numAxes < 2)'
BUG: getevents.c:842 in scale_to_desktop()

Looks like some special handling is needed here.
Comment 1 Peter Hutterer 2012-01-11 18:33:26 UTC 
Created attachment 55472 [details] [review]
0001-Force-REL_X-REL_Y-to-exist-on-devices-with-any-relat.patch

Looks like the actual trigger is that when the pointer is warped, a x/y motion event is generated. On a device that does not have actual x/y, this is generated on the wrong axis (whatever axes fill 0 and 1). On a device with a single axis only, this leads to an OOB access, hence the crash or general weird data.

This patch forces x/y to exist if any rel axes are present. A simliar patch should probably exist for absolute devices.
Comment 2 Cosimo Cecchi 2012-01-12 09:27:23 UTC 
I can confirm this xorg-x11-drv-evdev build [1], which contains this patch, fixes the issue on my machine. Thanks!

[1] http://koji.fedoraproject.org/koji/buildinfo?buildID=282853
Comment 3 Peter Hutterer 2012-01-16 21:05:48 UTC 
commit 5c5b2c8db851df7921cedd888222a6630a007fd8
Author: Peter Hutterer <peter.hutterer@who-t.net>
Date:   Thu Jan 12 11:03:30 2012 +1000

    Force x/y axes to exist on devices with any other axes (#44655)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.