mirrors/wayland
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/wayland/wayland.git synced 2025-10-31 22:25:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

shm: Defer wl_shm_pool_resize if a pool has external references

Browse source 
If a compositor is rendering in one thread while dispatching wayland
events in another, a wl_shm_pool_resize() could change the memory
mappings it's rendering from and cause a crash.

Now we defer wl_shm_pool_resize() if the compositor has references on a
pool, and perform the actual resize when it drops those references.

Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
This commit is contained in:
Derek Foreman 2016-02-09 16:03:48 -06:00 committed by Bryce Harrington
parent 442f443586
commit ed5f5030ca
1 changed files with 35 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

47
src/wayland-shm.c
View file

@ -56,6 +56,7 @@ struct wl_shm_pool {
int external_refcount; int external_refcount;
char *data; char *data;
int32_t size; int32_t size;
int32_t new_size;
}; };
struct wl_shm_buffer { struct wl_shm_buffer {
@ -73,13 +74,36 @@ struct wl_shm_sigbus_data {
int fallback_mapping_used; int fallback_mapping_used;
}; };
static void
shm_pool_finish_resize(struct wl_shm_pool *pool)
{
void *data;
if (pool->size == pool->new_size)
return;
data = mremap(pool->data, pool->size, pool->new_size, MREMAP_MAYMOVE);
if (data == MAP_FAILED) {
wl_resource_post_error(pool->resource,
WL_SHM_ERROR_INVALID_FD,
"failed mremap");
return;
}
pool->data = data;
pool->size = pool->new_size;
}
static void static void
shm_pool_unref(struct wl_shm_pool *pool, bool external) shm_pool_unref(struct wl_shm_pool *pool, bool external)
{ {
if (external) if (external) {
pool->external_refcount--; pool->external_refcount--;
else if (pool->external_refcount == 0)
shm_pool_finish_resize(pool);
} else {
pool->internal_refcount--; pool->internal_refcount--;
}
if (pool->internal_refcount + pool->external_refcount) if (pool->internal_refcount + pool->external_refcount)
return; return;
@ -202,7 +226,6 @@ shm_pool_resize(struct wl_client *client, struct wl_resource *resource,
int32_t size) int32_t size)
{ {
struct wl_shm_pool *pool = wl_resource_get_user_data(resource); struct wl_shm_pool *pool = wl_resource_get_user_data(resource);
void *data;
if (size < pool->size) { if (size < pool->size) {
wl_resource_post_error(resource, wl_resource_post_error(resource,
@ -211,16 +234,15 @@ shm_pool_resize(struct wl_client *client, struct wl_resource *resource,
return; return;
} }
data = mremap(pool->data, pool->size, size, MREMAP_MAYMOVE); pool->new_size = size;
if (data == MAP_FAILED) {
wl_resource_post_error(resource,
WL_SHM_ERROR_INVALID_FD,
"failed mremap");
return;
}
pool->data = data; /* If the compositor has taken references on this pool it
pool->size = size; * may be caching pointers into it. In that case we
* defer the resize (which may move the entire mapping)
* until the compositor finishes dereferencing the pool.
*/
if (pool->external_refcount == 0)
shm_pool_finish_resize(pool);
} }
struct wl_shm_pool_interface shm_pool_interface = { struct wl_shm_pool_interface shm_pool_interface = {
@ -251,6 +273,7 @@ shm_create_pool(struct wl_client *client, struct wl_resource *resource,
pool->internal_refcount = 1; pool->internal_refcount = 1;
pool->external_refcount = 0; pool->external_refcount = 0;
pool->size = size; pool->size = size;
pool->new_size = size;
pool->data = mmap(NULL, size, pool->data = mmap(NULL, size,
PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
if (pool->data == MAP_FAILED) { if (pool->data == MAP_FAILED) {