memory corruption in xorg-server when closing acpid

Bug #1070481 reported by Maarten Lankhorst on 2012-10-23
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xorg-server (Ubuntu)
Undecided
Maarten Lankhorst
Precise
Undecided
Unassigned
Quantal
Undecided
Unassigned
Raring
Undecided
Maarten Lankhorst

Bug Description

[IMPACT]
 * If acpid is closed before server is shutdown (for example with shutdown -h now, or stop acpid) a memory corruption will occur, because the acpi handler frees itself from a linked list before the next entry is taken. This will cause a reliable in valgrind, and in the worst case can cause the X server to shutdown uncleanly, or corrupt silently.
 * the fix is simply taking the next member before calling the handler in xf86WakeUp

[TESTCASE]
 * Start X with valgrind --free-fill=fe
 * stop acpid
 * Server crashes

[Regression Potential]
I don't believe there's much potential for regressions, since the code is called from few places, and I do not believe any of the handlers depend on the specific order in which they're called. Potentially suitable for precise too.

[Other Info]
I originally wanted to get this in before quantal release, but lost out due to time, but this would be more involved than converting the offending function to use nt_list_for_each_entry_safe.

Original discussion at http://patchwork.freedesktop.org/patch/12156/

Changed in xorg-server (Ubuntu):
status: New → In Progress
assignee: nobody → Maarten Lankhorst (mlankhorst)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.13.0-0ubuntu7

---------------
xorg-server (2:1.13.0-0ubuntu7) raring; urgency=low

  [ Maarten Lankhorst ]
  * Add 233-xf86events-valgrind.patch to fix a xserver corruption
    when acpid is stopped before Xorg is.
    (LP: #1070481)
  * Add 235-composite-tracking.patch to fix exa corruption.
    (LP: #1010794)

  [ Bryce Harrington ]
  * Add 236-use-fbdev-for-poulsbo-oaktrail-medfield.patch: Never use Intel
    driver on Poulsbo/Oaktrail/Medfield. Thanks to Matthias Klumpp.
    (LP: #1069031)
  * Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
    jumping with absolute pointing device. Initializes device
    transformation matrix to an identity matrix. Thanks to a7x.
    (LP: #1041063)

  [ Tim Lunn ]
  * 500_pointer_barrier_thresholds.diff: Update to fix gaps above
    barriers at edge of screen
    (LP: #1073724)
 -- Bryce Harrington <email address hidden> Fri, 16 Nov 2012 11:37:26 -0800

Changed in xorg-server (Ubuntu):
status: In Progress → Fix Released

Hello Maarten, or anyone else affected,

Accepted xorg-server into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xorg-server/2:1.13.0-0ubuntu6.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Maarten Lankhorst (mlankhorst) wrote :

Quantal no longer crashes if I restart acpid.

tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.13.0-0ubuntu6.1

---------------
xorg-server (2:1.13.0-0ubuntu6.1) quantal-proposed; urgency=low

  [ Maarten Lankhorst ]
  * add 233-xf86events-valgrind.patch to fix a xserver corruption
    when acpid is stopped before Xorg is. (LP: #1070481)
  * add 235-composite-tracking.diff to fix exa corruption. (LP: #1010794)

  [ Bryce Harrington ]
  * Add 236-use-fbdev-for-poulsbo-oaktrail-medfield.patch: Never use Intel
    driver on Poulsbo/Oaktrail/Medfield. Thanks to Matthias Klumpp.
    (LP: #1069031)
  * Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
    jumping with absolute pointing device. Initializes device
    transformation matrix to an identity matrix. Thanks to a7x.
    (LP: #1041063)
 -- Timo Aaltonen <email address hidden> Tue, 27 Nov 2012 08:09:59 +0200

Changed in xorg-server (Ubuntu Quantal):
status: New → Fix Released

Hello Maarten, or anyone else affected,

Accepted xorg-server into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in xorg-server (Ubuntu Precise):
status: New → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
Chris Halse Rogers (raof) wrote :

Hello Maarten, or anyone else affected,

Accepted xorg-server into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.11 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.11.4-0ubuntu10.11

---------------
xorg-server (2:1.11.4-0ubuntu10.11) precise-proposed; urgency=low

  * Drop 237-dix-set-the-device-transformation-matrix.patch:
    Bug was targeted to precise, but is only confirmed to affect xserver
    1.13 and newer.
    (LP: 1041063)

xorg-server (2:1.11.4-0ubuntu10.10) precise-proposed; urgency=low

  * Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
    jumping with absolute pointing device. Initializes device
    transformation matrix to an identity matrix. Thanks to a7x.
    (LP: #1041063)

xorg-server (2:1.11.4-0ubuntu10.9) precise-proposed; urgency=low

  [ Maarten Lankhorst ]
  * add 233-xf86events-valgrind.patch to fix a xserver corruption
    when acpid is stopped before Xorg is. (LP: #1070481)
  * add 235-composite-tracking.diff to fix exa corruption. (LP: #1010794)
 -- Bryce Harrington <email address hidden> Wed, 19 Dec 2012 16:39:23 -0800

Changed in xorg-server (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers