diff -Nru plymouth-0.9.3/debian/changelog plymouth-0.9.3/debian/changelog --- plymouth-0.9.3/debian/changelog 2018-10-10 19:40:30.000000000 +0000 +++ plymouth-0.9.3/debian/changelog 2018-11-19 17:16:23.000000000 +0000 @@ -1,3 +1,14 @@ +plymouth (0.9.3-1ubuntu11) disco; urgency=medium + + * Workaround a plugin being already deactivated when we try to remove input + watchers for keyboards in DRM mode. Also guard against races at removing + input watches and new device detection at startup. (LP: #1794292) + - debian/patches/fix_unrefd_plugin_interface.patch + - debian/patches/remember_found_devices.patch + - debian/patches/keyboard_deactivation.patch + + -- Mathieu Trudel-Lapierre Mon, 19 Nov 2018 12:16:23 -0500 + plymouth (0.9.3-1ubuntu10) cosmic; urgency=medium * Grab some commits from upstream: diff -Nru plymouth-0.9.3/debian/patches/fix_unrefd_plugin_interface.patch plymouth-0.9.3/debian/patches/fix_unrefd_plugin_interface.patch --- plymouth-0.9.3/debian/patches/fix_unrefd_plugin_interface.patch 1970-01-01 00:00:00.000000000 +0000 +++ plymouth-0.9.3/debian/patches/fix_unrefd_plugin_interface.patch 2018-11-19 16:58:08.000000000 +0000 @@ -0,0 +1,39 @@ +From: Mathieu Trudel-Lapierre +Subject: If we've already freed the plugin, we can't call to it. +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1794292 + +Looks like there's some raciness where set_handler_for_input_source() gets +called to after a plugin has already been freed (or was never properly +initialized). + +In this case here, we're seeing the following: +SegvAnalysis: + Segfault happened at: 0x7f5027cb8b09 : mov 0x78(%rax),%rax + PC (0x7f5027cb8b09) ok + source "0x78(%rax)" (0x32785c6174612ddc) not located in a known VMA region (needed readable region)! + destination "%rax" ok + +In other words, renderer is good; but when trying to read at address 0x78 from +renderer->plugin_interface, we reach out of the readable memory. + +Make sure renderer->plugin_interface isn't already NULL, that does appear to +fix some of the plymouth crashes evidenced in the Ubuntu plymouth bug: +https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/1794292 + +Index: plymouth-0.9.3/src/libply-splash-core/ply-renderer.c +=================================================================== +--- plymouth-0.9.3.orig/src/libply-splash-core/ply-renderer.c ++++ plymouth-0.9.3/src/libply-splash-core/ply-renderer.c +@@ -404,6 +404,12 @@ ply_renderer_set_handler_for_input_sourc + assert (renderer != NULL); + assert (input_source != NULL); + ++ ply_trace ("set handler for input source on backend %p (device: %s) (renderer type: %d)", ++ renderer->backend, renderer->device_name, renderer->type); ++ ++ if (!renderer->plugin_interface) ++ return; ++ + renderer->plugin_interface->set_handler_for_input_source (renderer->backend, + input_source, + handler, diff -Nru plymouth-0.9.3/debian/patches/keyboard_deactivation.patch plymouth-0.9.3/debian/patches/keyboard_deactivation.patch --- plymouth-0.9.3/debian/patches/keyboard_deactivation.patch 1970-01-01 00:00:00.000000000 +0000 +++ plymouth-0.9.3/debian/patches/keyboard_deactivation.patch 2018-11-19 17:00:07.000000000 +0000 @@ -0,0 +1,30 @@ +From: Mathieu Trudel-Lapierre +Subject: Mark a keyboard inactive before deactivating to avoid races + +Mark the keyboard we're deactivating (removing watches for input) just before +actually removing the watches. This avoids running into a case where we might +try to remove the watch again in parallel from this, crashing if this happens +while we're freeing objects too. + +Index: plymouth-0.9.3/src/libply-splash-core/ply-keyboard.c +=================================================================== +--- plymouth-0.9.3.orig/src/libply-splash-core/ply-keyboard.c ++++ plymouth-0.9.3/src/libply-splash-core/ply-keyboard.c +@@ -401,6 +401,8 @@ ply_keyboard_stop_watching_for_input (pl + if (!keyboard->is_active) + return; + ++ keyboard->is_active = false; ++ + switch (keyboard->provider_type) { + case PLY_KEYBOARD_PROVIDER_TYPE_RENDERER: + ply_keyboard_stop_watching_for_renderer_input (keyboard); +@@ -410,8 +412,6 @@ ply_keyboard_stop_watching_for_input (pl + ply_keyboard_stop_watching_for_terminal_input (keyboard); + break; + } +- +- keyboard->is_active = false; + } + + void diff -Nru plymouth-0.9.3/debian/patches/remember_found_devices.patch plymouth-0.9.3/debian/patches/remember_found_devices.patch --- plymouth-0.9.3/debian/patches/remember_found_devices.patch 1970-01-01 00:00:00.000000000 +0000 +++ plymouth-0.9.3/debian/patches/remember_found_devices.patch 2018-11-19 17:02:04.000000000 +0000 @@ -0,0 +1,27 @@ +From: Mathieu Trudel-Lapierre +Subject: Make sure we remember we've found some good drm devices + +Replacing found_device again and again might mean our last call to +create_devices_for_udev_device() might return a false, confusing the device +manager into thinking we haven't found a DRM device and thus also initializing +a console as well. + +Index: plymouth-0.9.3/src/libply-splash-core/ply-device-manager.c +=================================================================== +--- plymouth-0.9.3.orig/src/libply-splash-core/ply-device-manager.c ++++ plymouth-0.9.3/src/libply-splash-core/ply-device-manager.c +@@ -314,10 +314,13 @@ create_devices_for_subsystem (ply_device + */ + if (udev_device_has_tag (device, "seat")) { + const char *node; ++ bool found = false; + node = udev_device_get_devnode (device); + if (node != NULL) { + ply_trace ("found node %s", node); +- found_device = create_devices_for_udev_device (manager, device); ++ found = create_devices_for_udev_device (manager, device); ++ if (found) ++ found_device = found; + } + } else { + ply_trace ("device doesn't have a devices tag"); diff -Nru plymouth-0.9.3/debian/patches/series plymouth-0.9.3/debian/patches/series --- plymouth-0.9.3/debian/patches/series 2018-10-10 19:21:56.000000000 +0000 +++ plymouth-0.9.3/debian/patches/series 2018-11-19 17:06:35.000000000 +0000 @@ -39,3 +39,6 @@ # Ubuntu themes ubuntu-logo.patch ubuntu-text.patch +fix_unrefd_plugin_interface.patch +remember_found_devices.patch +keyboard_deactivation.patch