Ubuntu
xorg-server package

memory corruption in xorg-server when closing acpid

Bug #1070481 reported by Maarten Lankhorst
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xorg-server (Ubuntu)
Fix Released
Undecided
Maarten Lankhorst
Precise
Fix Released
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
Raring
Fix Released
Undecided
Maarten Lankhorst

Bug Description

[IMPACT]
 * If acpid is closed before server is shutdown (for example with shutdown -h now, or stop acpid) a memory corruption will occur, because the acpi handler frees itself from a linked list before the next entry is taken. This will cause a reliable in valgrind, and in the worst case can cause the X server to shutdown uncleanly, or corrupt silently.
 * the fix is simply taking the next member before calling the handler in xf86WakeUp

[TESTCASE]
 * Start X with valgrind --free-fill=fe
 * stop acpid
 * Server crashes

[Regression Potential]
I don't believe there's much potential for regressions, since the code is called from few places, and I do not believe any of the handlers depend on the specific order in which they're called. Potentially suitable for precise too.

[Other Info]
I originally wanted to get this in before quantal release, but lost out due to time, but this would be more involved than converting the offending function to use nt_list_for_each_entry_safe.

Original discussion at http://patchwork.freedesktop.org/patch/12156/

Maarten Lankhorst (mlankhorst)
Changed in xorg-server (Ubuntu):
status: New → In Progress
assignee: nobody → Maarten Lankhorst (mlankhorst)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.13.0-0ubuntu7

---------------
xorg-server (2:1.13.0-0ubuntu7) raring; urgency=low

  [ Maarten Lankhorst ]
  * Add 233-xf86events-valgrind.patch to fix a xserver corruption
    when acpid is stopped before Xorg is.
    (LP: #1070481)
  * Add 235-composite-tracking.patch to fix exa corruption.
    (LP: #1010794)

  [ Bryce Harrington ]
  * Add 236-use-fbdev-for-poulsbo-oaktrail-medfield.patch: Never use Intel
    driver on Poulsbo/Oaktrail/Medfield. Thanks to Matthias Klumpp.
    (LP: #1069031)
  * Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
    jumping with absolute pointing device. Initializes device
    transformation matrix to an identity matrix. Thanks to a7x.
    (LP: #1041063)

  [ Tim Lunn ]
  * 500_pointer_barrier_thresholds.diff: Update to fix gaps above
    barriers at edge of screen
    (LP: #1073724)
 -- Bryce Harrington <email address hidden> Fri, 16 Nov 2012 11:37:26 -0800

Changed in xorg-server (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Adam Conrad (adconrad) wrote : Please test proposed package

Hello Maarten, or anyone else affected,

Accepted xorg-server into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xorg-server/2:1.13.0-0ubuntu6.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed
Revision history for this message
Maarten Lankhorst (mlankhorst) wrote :

Quantal no longer crashes if I restart acpid.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.13.0-0ubuntu6.1

---------------
xorg-server (2:1.13.0-0ubuntu6.1) quantal-proposed; urgency=low

  [ Maarten Lankhorst ]
  * add 233-xf86events-valgrind.patch to fix a xserver corruption
    when acpid is stopped before Xorg is. (LP: #1070481)
  * add 235-composite-tracking.diff to fix exa corruption. (LP: #1010794)

  [ Bryce Harrington ]
  * Add 236-use-fbdev-for-poulsbo-oaktrail-medfield.patch: Never use Intel
    driver on Poulsbo/Oaktrail/Medfield. Thanks to Matthias Klumpp.
    (LP: #1069031)
  * Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
    jumping with absolute pointing device. Initializes device
    transformation matrix to an identity matrix. Thanks to a7x.
    (LP: #1041063)
 -- Timo Aaltonen <email address hidden> Tue, 27 Nov 2012 08:09:59 +0200

Changed in xorg-server (Ubuntu Quantal):
status: New → Fix Released
Revision history for this message
Chris Halse Rogers (raof) wrote : Please test proposed package

Hello Maarten, or anyone else affected,

Accepted xorg-server into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in xorg-server (Ubuntu Precise):
status: New → Fix Committed
tags: removed: verification-done
tags: added: verification-needed
Revision history for this message
Chris Halse Rogers (raof) wrote :

Hello Maarten, or anyone else affected,

Accepted xorg-server into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/xorg-server/2:1.11.4-0ubuntu10.11 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Maarten Lankhorst (mlankhorst)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg-server - 2:1.11.4-0ubuntu10.11

---------------
xorg-server (2:1.11.4-0ubuntu10.11) precise-proposed; urgency=low

  * Drop 237-dix-set-the-device-transformation-matrix.patch:
    Bug was targeted to precise, but is only confirmed to affect xserver
    1.13 and newer.
    (LP: 1041063)

xorg-server (2:1.11.4-0ubuntu10.10) precise-proposed; urgency=low

  * Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
    jumping with absolute pointing device. Initializes device
    transformation matrix to an identity matrix. Thanks to a7x.
    (LP: #1041063)

xorg-server (2:1.11.4-0ubuntu10.9) precise-proposed; urgency=low

  [ Maarten Lankhorst ]
  * add 233-xf86events-valgrind.patch to fix a xserver corruption
    when acpid is stopped before Xorg is. (LP: #1070481)
  * add 235-composite-tracking.diff to fix exa corruption. (LP: #1010794)
 -- Bryce Harrington <email address hidden> Wed, 19 Dec 2012 16:39:23 -0800

Changed in xorg-server (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.