Changes between Initial Version and Version 18 of Ticket #2894


Ignore:
Timestamp:
Oct 24, 2008, 12:27:03 PM (16 years ago)
Author:
stippi
Comment:

I am currently investigating this. Publishing my findings so far:

herdemir is correct: Somehow, the PS/2 driver publishes a mouse twice, even when no PS/2 mouse is attached at all. On the input_server side there will be an InputDeviceListItem created in _RegisterDevices(). Such objects have a member "fDevice" which is constructed in such a way that its "name" member points to memory by the original input_device_ref provided by the MouseDevice. Later, strcmp() to find the device is then called with the same pointers for the name, I don't know if that even works.

I've fixed this in my local tree, but I can still reproduce corrupted memory when I unplug my USB mouse. It always crashes in the heap management asserts the second time I re-plug the mouse (in _RegisterDevices()).

What also happens is that InputServer::_RegisterDevices() will not let you register the same device name twice. This is documented and correct behavior. But at least with the current implementation, if two devices are added with the same name, and the input_device_ref is deleted for the second instance in the MouseDevice, there will be a mix up and the InputDeviceListItem::fDevice::name member will point to freed memory. I don't know if that is what's actually happening though, because I don't see the output I added when removing devices. Here is some syslog output, stripped of unrelated messages: 

KERN: loaded driver /boot/beos/system/add-ons/kernel/drivers/dev/input/ps2_hid
KERN: loaded driver /boot/beos/system/add-ons/kernel/drivers/dev/input/usb_hid

KERN: InputServer::RegisterDevices() device_ref: USB Keyboard 1

KERN: MouseInputDevice::_AddDevice(/dev/input/mouse/usb/0), name: Usb Mouse 1

KERN: InputServer::RegisterDevices() device_ref: Usb Mouse 1
KERN: InputServer::RegisterDevices() device_ref: Wacom Tablets

KERN: wacom: device_open() open: 2

KERN: ps2: devfs_publish_device input/mouse/ps2/0, status = 0x00000000
KERN: void AddOnManager::MessageReceived(BMessage *) what: NMP_
KERN: MouseInputDevice::_AddDevice(/dev/input/mouse/ps2/0), name: PS/2 Mouse 1
KERN: InputServer::RegisterDevices() device_ref: PS/2 Mouse 1

KERN: ps2: probe_mouse reset failed
KERN: ps2: probing mouse input/mouse/ps2/0 failed
KERN: void AddOnManager::MessageReceived(BMessage *) what: NMP_
KERN: MouseInputDevice::_AddDevice(/dev/input/mouse/ps2/0), name: PS/2 Mouse 1
KERN: InputServer::RegisterDevices() device_ref already exists: PS/2 Mouse 1

KERN: ps2: devfs_publish_device input/keyboard/at/0, status = 0x00000000
KERN: void AddOnManager::MessageReceived(BMessage *) what: NMP_

KERN: ps2: devfs_unpublish_device input/mouse/ps2/0, status = 0x00000000
KERN: InputServer::RegisterDevices() device_ref: AT Keyboard 1

KERN: ps2: keyboard found
KERN: void AddOnManager::MessageReceived(BMessage *) what: NMP_
KERN: InputServer::RegisterDevices() device_ref already exists: AT Keyboard 1

KERN: void AddOnManager::MessageReceived(BMessage *) what: NMP_
KERN: MouseInputDevice::_RemoveDevice(/dev/input/mouse/ps2/0), name: PS/2 Mouse 1
KERN: InputServer::UnregisterDevices() device_ref: PS/2 Mouse 1

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2894

    • Property Owner changed from korli to axeld
    • Property Cc fredrik.holmqvist@… added
    • Property Milestone R1R1/alpha1
    • Property Priority normalcritical

  • Ticket #2894 – Description

    initial v18  
    1 After haiku completes the boot proces, the tracker and deskbar starts up, then after one/two seconds the input server crashes. 100% reproducible, although the stack trace changed once or twice.
     1After haiku completes the boot process, the Tracker and Deskbar starts up, then after one/two seconds the input server crashes. 100% reproducible, although the stack trace changed once or twice.
    22I think this started happening after r28241.
    33I'm testing with r28244.