Bug 8875 - Security extension causes Xorg to core dump on server reset
Summary: Security extension causes Xorg to core dump on server reset
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: git
Hardware: x86 (IA32) Solaris
: high normal
Assignee: Eamon Walsh
QA Contact:
Depends on: 8937
Blocks: xorg-7.2
  Show dependency treegraph
Reported: 2006-11-03 17:20 UTC by Alan Coopersmith
Modified: 2006-11-07 13:04 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Description Alan Coopersmith 2006-11-03 17:20:35 UTC
Run Xorg 7.2RC1 with no clients, connect to it with xdpyinfo and watch the
server crash when it tries to reset after it's last client disconnects.

It's crashing here:
t@1 (l@1) signal SEGV (no mapping at the fault address) in
SecurityClientStateCallback at line 1125 in file "security.c"
 1125           TRUSTLEVEL(serverClient) = XSecurityClientTrusted;

((ClientPtr ) serverClient)->devPrivates[securityClientPrivateIndex].ptr = (nil)

This is because the security extension only calls AllocateClientPrivateIndex
from SecurityExtensionSetup(), which is called the first time the security
extension is loaded, but not when the server resets and resets all privates
info.   It needs to be called from SecurityExtensionInit() to be called on 
server reset, but that may be too late for the AllocateExtensionPrivateIndex to
be called.
Comment 1 Eamon Walsh 2006-11-06 10:16:26 UTC
I see SecurityExtensionSetup called from InitExtensions() which is within the
server loop, right above the call to InitClientPrivates(serverClient).  So it
should be called on every reset...

Recompiling now so I can get gdb running.
Comment 2 Eamon Walsh 2006-11-06 11:30:17 UTC
I cannot reproduce this bug using the method described.  On my system, the
server resets just fine.

I am continuing to investigate.
Comment 3 Eamon Walsh 2006-11-06 12:45:38 UTC
I have tracked down the following path by which the offending code is being
called.  During this call, the client passed in to the callback is different
from serverClient.  I have committed a check to the ClientStateInitial callback
to make sure that it is only excercised for the serverClient.  Please update
from git and retest.

#0  SecurityClientStateCallback (pcbl=0x82414fc, nulldata=0x0, 
    calldata=0xbff3a7e0) at security.c:1125
#1  0x08092f8e in _CallCallbacks (pcbl=0x82414fc, call_data=0xbff3a7e0)
    at dixutils.c:772
#2  0x080933a8 in CallCallbacks (pcbl=0x82414fc, call_data=0xbff3a7e0)
    at dixutils.c:915
#3  0x0808d390 in NextAvailableClient (ospriv=0xa28da88) at dispatch.c:3763
#4  0x081fe3d9 in AllocNewConnection (trans_conn=0xa2d1b50, fd=14, 
    conn_time=3204844227) at connection.c:765
#5  0x081fe772 in EstablishNewConnections (clientUnused=0x0, closure=0x8242ac0)
    at connection.c:872
#6  0x08092b25 in ProcessWorkQueue () at dixutils.c:556
#7  0x081f98ce in WaitForSomething (pClientsReady=0xbff3ac90) at WaitFor.c:171
#8  0x08084383 in Dispatch () at dispatch.c:383
#9  0x0806df59 in main (argc=1, argv=0xbff3b1c4, envp=0xbff3b1cc) at main.c:445
Comment 4 Eamon Walsh 2006-11-07 09:46:23 UTC
Found reason why setup function is not being called on reset.  There are two
InitExtensions functions, depending on whether XFree86LOADER is defined or not.
 The one for XFree86LOADER defined does not call the setup functions every time,
while the one without XFree86Loader does.  Working on fix.
Comment 5 Eamon Walsh 2006-11-07 12:59:08 UTC
Changed loader to call setup functions on each server reset; the only setup
functions (besides the SECURITY one), XvRegister and Xf86DGARegister, simply set
some global variables to static values so calling them multiple times should be
Comment 6 Eamon Walsh 2006-11-07 13:04:11 UTC
*** Bug 8827 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.