session-lock: fix assertion failure due to race

There's currently a potential race in the implementation that can be hit
during unlocking. This is not a security vulnerability, but it does
cause the compositor to crash due to a failed assertion.

This commit simplifies the code and fixes the race as well as tightening
up the assertions around this state/control flow even further.

river/Output.zig

@@ -530,7 +530,7 @@ fn handlePresent(
     const self = @fieldParentPtr(Self, "present", listener);
 
     switch (self.lock_render_state) {
-        .unlocked => return,
+        .unlocked => assert(server.lock_manager.state != .locked),
         .pending_blank, .pending_lock_surface => {
             if (!event.presented) {
                 self.lock_render_state = .unlocked;
@@ -548,7 +548,7 @@ fn handlePresent(
                 server.lock_manager.maybeLock();
             }
         },
-        .blanked, .lock_surface => unreachable,
+        .blanked, .lock_surface => {},
     }
 }
 

river/render.zig

@@ -98,11 +98,18 @@ pub fn renderOutput(output: *Output) void {
             return;
         };
 
+        if (server.lock_manager.state == .locked) {
+            switch (output.lock_render_state) {
+                .unlocked, .pending_blank, .pending_lock_surface => unreachable,
+                .blanked, .lock_surface => {},
+            }
+        } else {
             if (output.lock_surface == null) {
                 output.lock_render_state = .pending_blank;
             } else {
                 output.lock_render_state = .pending_lock_surface;
             }
+        }
 
         return;
     }