Re: BUG: ff_effects lost after a fork

From: Brendan Shanks
Date: Tue Apr 21 2020 - 15:09:13 EST

Next message: Linus Torvalds: "Re: [GIT PULL] clang-format for v5.7-rc3"
Previous message: Alex Xu (Hello71): "Unrecoverable AER error when resuming from RAM (hda regression in 5.7-rc2)"
Next in thread: Dmitry Torokhov: "Re: BUG: ff_effects lost after a fork"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Nov 27, 2019, at 2:10 AM, Mathieu Maret <mathieu.maret@xxxxxxxxx> wrote:
>
> Hi,
>
> I'm using evdev for vibrator interface.
> I can register ff_effect and play them.
> But, if I do any kind of fork, all the effects are flush and cannot be
> used.
>
> You can find, below, an example of such a program.
> From some trace have put in the kernel, it's seems that at the end of
> the system() call, evdev_flush get called.
>
> evdev_flush() will call flush_effects() that will remove all the
> registered effects.
>
> I've only one device with vibrator and it's a imx6 4.1.15 kernel. But
> code looks the same that in linus master that why I'm posting it here. I
> hope that it will not waste people time
>

Hi everyone,

Iâm also hitting this bug with games that use force-feedback steering wheels under Wine/Proton. It typically shows up as EVIOCSFF ioctls failing with EINVAL, since all the effects were unexpectedly flushed.

The problem is that input_ff_flush() is called whenever a file descriptor is closed, but there can be multiple descriptors open to the same file description (through fork(), dup(), etc). input_ff_flush() removes all effects added by that file description, which the users of the other descriptors certainly don't expect.

As for the fix, maybe fd_ops->flush() shouldnât be implemented at all?
In the current design, effects âbelongâ to a file description (a struct file *), not a descriptor. This seems sensible to me: a process could open a device, upload an effect, then fork(), and it makes sense that the child would have full control of the effects created by the parent. It seems to me like nothing should be done when a descriptor is closed, and input_ff_flush() should be called only when the whole struct file is released.

Iâve attached a modified copy of Mathieuâs code, which reproduces the problem for me with a Logitech G25 steering wheel.

Brendan Shanks
CodeWeavers

#include <errno.h>
#include <fcntl.h>
#include <linux/input.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>

#define DEV_PATH "/dev/input/event10"

int main(int argc, char *argv[])
{
int fd = open(DEV_PATH, O_RDWR);
if (fd < 0) {
printf("Cannot open " DEV_PATH);
}
// Register an effect
struct ff_effect effects;
memset(&effects, 0, sizeof(effects));
effects.type = FF_CONSTANT;
effects.id = -1;
effects.replay.length = 1000;
effects.replay.delay = 0;
if (ioctl(fd, EVIOCSFF, &effects) < 0) {
printf("Cannot upload effect %s\n", strerror(errno));
return -1;
}

int fd2 = dup(fd);
close(fd2);

// ioctl fails with EINVAL
if (ioctl(fd, EVIOCSFF, &effects) < 0) {
printf("Cannot upload effect %s\n", strerror(errno));
return -1;
}

close(fd);
return 0;
}

Next message: Linus Torvalds: "Re: [GIT PULL] clang-format for v5.7-rc3"
Previous message: Alex Xu (Hello71): "Unrecoverable AER error when resuming from RAM (hda regression in 5.7-rc2)"
Next in thread: Dmitry Torokhov: "Re: BUG: ff_effects lost after a fork"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]