RFC: fix: Prevent heap-use-after-free when tearing down
Needs ReviewPublic

Authored by zzag on Wed, Aug 7, 10:35 AM.

Details

Reviewers
None
Group Reviewers
KWin
Summary

Managing lifetime of objects during tear down is a bit clunky in KWin
mostly because the wayland server outlives the workspace.

3f4e7334684 tried to tackle one aspect of this problem, but the proposed
solution is good only in short term. If a ShellClient wants to discard
force temporarily rules, it needs to access RuleBook, whose lifetime is
bounded to the workspace, no matter what happens. Otherwise, the force
temporarily rule will be applied again on the next startup.

It's worth to mention that there was another attempt to address this
problem, see commit 826b9742e95. It was reverted because some internal
clients may need to destroy Wayland resources during tear down.

This change takes another approach. In order to ensure that ShellClient
can access RuleBook during tear down, we manually destroy Wayland clients
in destructor of the Workspace class. Something is done already for X11
clients.

Diff Detail

Repository
R108 KWin
Branch
another-patch-to-fix-heap-use-after-free
Lint
Lint OK
Unit
No Unit Test Coverage
Build Status
Buildable 14833
Build 14851: arc lint + arc unit
zzag created this revision.Wed, Aug 7, 10:35 AM
Restricted Application added a project: KWin. · View Herald TranscriptWed, Aug 7, 10:35 AM
Restricted Application added a subscriber: kwin. · View Herald Transcript
zzag requested review of this revision.Wed, Aug 7, 10:35 AM
romangg added a subscriber: romangg.Wed, Aug 7, 7:14 PM

Managing lifetime of objects during tear down is a bit clunky in KWin mostly because the wayland server outlives the workspace.

Wouldn't it make more sense then to tackle this issue directly instead of putting another small patch on it? A principal comparison between current tear-down sequence and most optimal one would be a start.

zzag added a comment.Thu, Aug 8, 8:41 AM

Wouldn't it make more sense then to tackle this issue directly instead of putting another small patch on it?

I'm open for suggestions how to fix this problem.

ShellClient's are created only when Workspace is created. This patch draws a line between what entity is responsible for destroying them - lifetime of each ShellClient is bounded to Workspace while lifetime of wayland resources is bounded to WaylandServer.