Commit Graph

2472 Commits

Author SHA1 Message Date
Enrico Weigelt, metux IT consult 738edd3501 dix: unexport eventconvert.h functions
This header isn't installed, so no external modules could use the
functions declared there. Thus we can unexport it all.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1358>
2024-03-11 12:26:44 +01:00
Enrico Weigelt, metux IT consult 2a5e754275 dix: unexport SetAccelerationProfile()
Not used by any module, just locally within one source file, thus
unexport and make it static

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1347>
2024-03-09 18:01:52 +00:00
Enrico Weigelt, metux IT consult 1b983d7e82 dix: unexport FreeVelocityData()
Only used within one source, not used by external modules, thus unexport
and make it static.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1347>
2024-03-09 18:01:52 +00:00
Enrico Weigelt, metux IT consult 9d3766080b dix: unexport BasicComputeAcceleration()
only used locally within one source file, so unexport and make it static.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1347>
2024-03-09 18:01:52 +00:00
Enrico Weigelt, metux IT consult a09f2540d2 dix: unexport ProcessVelocityData2D()
Only used with on source file, so unexport and make it static.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1347>
2024-03-09 18:01:52 +00:00
Enrico Weigelt, metux IT consult b598727f1c dix: unexport InitTrackers()
Not used by any modules, thus no need to export it.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1347>
2024-03-09 18:01:52 +00:00
Enrico Weigelt, metux IT consult 4db1f3f760 dix: unexport InitVelocityData()
Not used by any modules, not even outside the source file, thus
no need to export it.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1347>
2024-03-09 18:01:52 +00:00
Enrico Weigelt, metux IT consult a3ebe4fa41 dix: move non-exported ptrveloc functions to separate header
unclutter ptrveloc.h by moving non-exported declarations into their own
private header file.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1347>
2024-03-09 18:01:52 +00:00
Enrico Weigelt, metux IT consult 040e41c7e9 dix: unexport global variables
Those aren't used by drivers, so no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1375>
2024-03-09 17:23:43 +00:00
Enrico Weigelt, metux IT consult b1ce5543f1 dix: unexport workqueue functions
These aren't used by drivers, so no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1376>
2024-03-07 22:57:53 +00:00
Enrico Weigelt, metux IT consult 53a0442b87 drop remains of DMX
DMX has long gone, but there's still some fallout from it's removal
yet to be cleaned up.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1362>
2024-03-05 16:57:52 +01:00
Enrico Weigelt, metux IT consult 6999bc49d3 dix: unexport AttachOffloadGPU() and DetachOffloadGPU()
These aren't externally used, thus no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1349>
2024-03-03 23:24:29 +00:00
Enrico Weigelt, metux IT consult 1277bb7143 dix: unexport AttachOutputGPU() and DetachOutputGPU()
These aren't externally used, thus no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1349>
2024-03-03 23:24:28 +00:00
Enrico Weigelt, metux IT consult 71b81a7473 dix: unexport AttachUnboundGPU() and DetachUnboundGPU()
These aren't externally used, thus no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1349>
2024-03-03 23:24:28 +00:00
Enrico Weigelt, metux IT consult 55dc4a8bdc dix: unexport RemoveGPUScreen()
This function isn't used by any modules/drivers, so no need to export it.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1349>
2024-03-03 23:24:28 +00:00
Enrico Weigelt, metux IT consult 27b83c4cd0 dix: unexport AddScreen() and AddGPUScreen()
These aren't used by any drivers/modules, just DDX'es, so no need to export.

Note: tigervnc does use it, but it has it's own DDX, therefore directly
linked in, just like the in-tree DDX'es which doesn't need exporting.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1349>
2024-03-03 23:24:28 +00:00
Enrico Weigelt, metux IT consult dc84331f5d include: drop obsolete registry.h
Now that there's no actual consumer of it left, it can be dropped.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1348>
2024-03-03 23:20:06 +00:00
Enrico Weigelt, metux IT consult 5f5d55be88 dix: unexport XREGISTRY_UNKNOWN define
It's not used by external modules, thus no need to have it in the
public API.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1348>
2024-03-03 23:20:06 +00:00
Enrico Weigelt, metux IT consult 4ebb02cdda dix: unexport extension registry functions
These aren't used by (known) external modules, thus no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1348>
2024-03-03 23:20:06 +00:00
Enrico Weigelt, metux IT consult 1f5ab6ec28 dix: unexport RegisterResourceName() and LookupResourceName()
These aren't used by external modules, thus no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1348>
2024-03-03 23:20:06 +00:00
Enrico Weigelt, metux IT consult 36e2cf64c8 dix: unexport registry setup/teardown functions
these aren't to be called by modules, thus no need to export them.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1348>
2024-03-03 23:20:06 +00:00
Enrico Weigelt, metux IT consult 489485ea7d dix: drop duplicate _X_EXPORT
These are already defined in privates.h

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1274>
2024-03-03 22:34:26 +00:00
Enrico Weigelt, metux IT consult fe1e2b7b3d dix: unexport and move maxBigRequestSize
* this symbol is a server configuration flag (can be passed via cmdline)
  for limiting the max size of big-requests. there shouldn't be any need
  to use it outside the core X server (in server modules like drivers
  or external extension) - therefore unexport it
* in order to reduce namespace pollution of public (server module API)
  headers, create a new internal header for those tings (more to come)

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1275>
2024-02-23 23:19:32 +00:00
Peter Hutterer eaa92ea422 Revert "include: move BUG_*() macros to separate header"
This breaks the xf86-input-synaptics driver:

  synaptics.c: In function 'clickpad_guess_clickfingers':
  synaptics.c:2638:5: error: implicit declaration of function 'BUG_RETURN_VAL' [-Werror=implicit-function-declaration]
   2638 |     BUG_RETURN_VAL(hw->num_mt_mask > sizeof(close_point) * 8, 0);

This reverts commit 442aec2219.

Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1316>
2024-02-23 23:11:01 +00:00
Enrico Weigelt, metux IT consult af9f70013a dix: dixutils: make workQueue pointer dix-private
The workQueue pointer is currently declared extern, so that WaitForSomething()
can check wether we've got something in the queue and call ProcessWorkQueue()
then.

But that's trivial to simplify: just let ProcessWorkQueue() return early if
workQueue == NULL. Gives us a better isolation of internal stuff as well as
ProcessWorkQueue() protecting itself from possible segfault.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1310>
2024-02-23 23:06:38 +00:00
Enrico Weigelt 442aec2219 include: move BUG_*() macros to separate header
Yet another step of uncluttering includes: move out the BUG_* macros
into a separate header, which then is included as-needed.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2024-02-15 23:33:46 +00:00
Enrico Weigelt, metux IT consult b3b86ae674 replace _X_INLINE by inline in internal static functions
Since xserver is compiled as C99, we just can use the `inline` keyword.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
2024-02-05 19:26:14 +00:00
Wanli Niu e62246641b dix: Fix segfault if CreateGC() failed in XaceHook()
CreateGC() allocates a new GC and then checks the resource access rights
with XaceHook().

If the call to XaceHook() fails (i.e. GC creation is not granted to the
client), CreateGC() exits early and calls FreeGC() to avoid leaking the
newly allocated GC.

If that happens, the screen's own CreateGC() has not yet been invoked,
and as a result the GC functions (GCfuncs) have not been set yet.

FreeGC() will invoke the funcs->DestroyClip() and the funcs->DestroyGC()
functions, but since those haven't been set, the Xserver will segfault
trying to call a NULL function.

To prevent that issue, make sure the GC's functions are initialized
prior to call them in FreeGC().

Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1625
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
2024-02-01 10:10:53 +01:00
Peter Hutterer 133e0d651c dix: fix valuator copy/paste error in the DeviceStateNotify event
Fixes 219c54b8a3
2024-01-22 21:24:58 +00:00
Peter Hutterer 26769aa71f dix: when disabling a master, float disabled slaved devices too
Disabling a master device floats all slave devices but we didn't do this
to already-disabled slave devices. As a result those devices kept their
reference to the master device resulting in access to already freed
memory if the master device was removed before the corresponding slave
device.

And to match this behavior, also forcibly reset that pointer during
CloseDownDevices().

Related to CVE-2024-21886, ZDI-CAN-22840
2024-01-16 09:24:31 +01:00
José Expósito bc1fdbe465 Xi: do not keep linked list pointer during recursion
The `DisableDevice()` function is called whenever an enabled device
is disabled and it moves the device from the `inputInfo.devices` linked
list to the `inputInfo.off_devices` linked list.

However, its link/unlink operation has an issue during the recursive
call to `DisableDevice()` due to the `prev` pointer pointing to a
removed device.

This issue leads to a length mismatch between the total number of
devices and the number of device in the list, leading to a heap
overflow and, possibly, to local privilege escalation.

Simplify the code that checked whether the device passed to
`DisableDevice()` was in `inputInfo.devices` or not and find the
previous device after the recursion.

CVE-2024-21886, ZDI-CAN-22840

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
2024-01-16 09:24:31 +01:00
Peter Hutterer 219c54b8a3 dix: fix DeviceStateNotify event calculation
The previous code only made sense if one considers buttons and keys to
be mutually exclusive on a device. That is not necessarily true, causing
a number of issues.

This function allocates and fills in the number of xEvents we need to
send the device state down the wire.  This is split across multiple
32-byte devices including one deviceStateNotify event and optional
deviceKeyStateNotify, deviceButtonStateNotify and (possibly multiple)
deviceValuator events.

The previous behavior would instead compose a sequence
of [state, buttonstate, state, keystate, valuator...]. This is not
protocol correct, and on top of that made the code extremely convoluted.

Fix this by streamlining: add both button and key into the deviceStateNotify
and then append the key state and button state, followed by the
valuators. Finally, the deviceValuator events contain up to 6 valuators
per event but we only ever sent through 3 at a time. Let's double that
troughput.

CVE-2024-0229, ZDI-CAN-22678

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
2024-01-16 09:24:01 +01:00
Peter Hutterer ece23be888 dix: Allocate sufficient xEvents for our DeviceStateNotify
If a device has both a button class and a key class and numButtons is
zero, we can get an OOB write due to event under-allocation.

This function seems to assume a device has either keys or buttons, not
both. It has two virtually identical code paths, both of which assume
they're applying to the first event in the sequence.

A device with both a key and button class triggered a logic bug - only
one xEvent was allocated but the deviceStateNotify pointer was pushed on
once per type. So effectively this logic code:

   int count = 1;
   if (button && nbuttons > 32) count++;
   if (key && nbuttons > 0) count++;
   if (key && nkeys > 32) count++; // this is basically always true
   // count is at 2 for our keys + zero button device

   ev = alloc(count * sizeof(xEvent));
   FixDeviceStateNotify(ev);
   if (button)
     FixDeviceStateNotify(ev++);
   if (key)
     FixDeviceStateNotify(ev++);   // santa drops into the wrong chimney here

If the device has more than 3 valuators, the OOB is pushed back - we're
off by one so it will happen when the last deviceValuator event is
written instead.

Fix this by allocating the maximum number of events we may allocate.
Note that the current behavior is not protocol-correct anyway, this
patch fixes only the allocation issue.

Note that this issue does not trigger if the device has at least one
button. While the server does not prevent a button class with zero
buttons, it is very unlikely.

CVE-2024-0229, ZDI-CAN-22678

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
2024-01-16 09:24:01 +01:00
Peter Hutterer 9e2ecb2af8 dix: allocate enough space for logical button maps
Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for
each logical button currently down. Since buttons can be arbitrarily mapped
to anything up to 255 make sure we have enough bits for the maximum mapping.

CVE-2023-6816, ZDI-CAN-22664, ZDI-CAN-22665

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
2024-01-16 09:23:47 +01:00
Peter Hutterer de0031eefd dix: initialize the XTest sendEventsProc for all devices
XTest requests lets the client specify a device ID, only if none
is specified do we fall back to the XTEST special device.
As of commit
  aa4074251 input: Add new hook DeviceSendEventsProc for XTEST
regular devices are no longer able to send XTest events because they
have no sendEventsProc set.

This caused issue #1574 and the crash was fixed with commit
  e820030de xtest: Check whether there is a sendEventsProc to call
but we still cannot send XTest events through a specific device.

Fix this by defaulting every device to the XTest send function and
punting it to the DDX (i.e. Xwayland) to override the devices as
necessary.

Fixes e820030de2
Fixes aa4074251f
2024-01-09 00:45:31 +00:00
Peter Hutterer d0b0137a95 Two whitespace fixes 2024-01-09 09:49:54 +10:00
Peter Hutterer 0a9f223eec dix: factor out the duplicate the RemoveDevice code paths
This is the same loop twice, once over inputInfo.devices and once over
inputInfo.off_devices, let's make both the same.
2024-01-09 09:49:54 +10:00
Peter Hutterer 2cee5fb36c test: fix various leaks in the tests 2024-01-09 09:49:54 +10:00
Peter Hutterer 373cd80081 dix: use valuator_mask_free() to free the last touches vmask
No functional effect since that one is just a free() call anyway.
2024-01-09 09:49:54 +10:00
Peter Hutterer 7aba2514b2 dix: don't allow for devices with 0 axes
This just makes the existing behavior explicit, previously we relied on
a malloc(numAxes * ...) to return NULL to error out.
2024-01-09 09:49:54 +10:00
Peter Hutterer 0c1a93d319 Xi: allocate enough XkbActions for our buttons
button->xkb_acts is supposed to be an array sufficiently large for all
our buttons, not just a single XkbActions struct. Allocating
insufficient memory here means when we memcpy() later in
XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
leading to the usual security ooopsiedaisies.

CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
2023-12-13 10:44:49 +10:00
Peter Hutterer 45009fb7f5 dix: clean up the GestureInfoRec on device close
Direct leak of 1080 byte(s) in 3 object(s) allocated from:
    #0 0x7f00a4ed8cc7 in calloc (/lib64/libasan.so.8+0xd8cc7) (BuildId: 6f17f87dc4c1aa9f9dde7c4856604c3a25ba4872)
    #1 0x59f740 in InitGestureClassDeviceStruct ../dix/devices.c:1692
    #2 0x418a0b in xwl_pointer_proc_pointer_gestures ../hw/xwayland/xwayland-input.c:325
    #3 0x598e5c in ActivateDevice ../dix/devices.c:578
    #4 0x420207 in init_pointer_gestures_device ../hw/xwayland/xwayland-input.c:1677
    #5 0x420bf1 in seat_handle_capabilities ../hw/xwayland/xwayland-input.c:1801
    #6 0x7f00a4145055 in ffi_call_unix64 (/lib64/libffi.so.8+0x9055) (BuildId: 308041eea4a8d89d9265d3c24b7261dfbe44a61e)

Acked-by: Olivier Fourdan <ofourdan@redhat.com>
2023-12-05 14:21:28 +10:00
Peter Hutterer 564ccf2ce9 mi: reset the PointerWindows reference on screen switch
PointerWindows[] keeps a reference to the last window our sprite
entered - changes are usually handled by CheckMotion().

If we switch between screens via XWarpPointer our
dev->spriteInfo->sprite->win is set to the new screen's root window.
If there's another window at the cursor location CheckMotion() will
trigger the right enter/leave events later. If there is not, it skips
that process and we never trigger LeaveWindow() - PointerWindows[] for
the device still refers to the previous window.

If that window is destroyed we have a dangling reference that will
eventually cause a use-after-free bug when checking the window hierarchy
later.

To trigger this, we require:
- two protocol screens
- XWarpPointer to the other screen's root window
- XDestroyWindow before entering any other window

This is a niche bug so we hack around it by making sure we reset the
PointerWindows[] entry so we cannot have a dangling pointer. This
doesn't handle Enter/Leave events correctly but the previous code didn't
either.

CVE-2023-5380, ZDI-CAN-21608

This vulnerability was discovered by:
Sri working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2023-10-25 00:37:47 +00:00
Alan Coopersmith d6b20f5e36 Remove "All rights reserved" from Oracle copyright notices
Oracle no longer includes this term in our copyright & license notices.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2023-02-25 09:40:41 -08:00
Yao Wei 7ce57e179b dix: Force update LEDs after device state update in EnableDevice
This is to make sure the hardware gets the device states regardless
whether the internal state has changed or not, to overcome situations
that device LEDs are out of sync e.g. switching between VTs.

Signed-off-by: Yao Wei (魏銘廷) <yao.wei@canonical.com>
2023-02-21 03:43:05 +00:00
Peter Hutterer d2158d4063 dix: fix wheel emulation lockup when a negative increment is set
The increment sign wasn't taking into account when checking if the next
value is past our current value. The result was that for negative
increments, we kept looping indefinitely, locking up the server.

Easiest to reproduce with the evdev driver which has a negative
increment on the y axis.

Fixes 0a22502c34
  dix: switch scroll button emulation to multiples of increment

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-02-20 15:11:23 +10:00
Peter Hutterer 0a22502c34 dix: switch scroll button emulation to multiples of increment
The current algorithm triggers a bug in Xwayland when two devices have
different granularity of scrolling. In Xwayland, the scroll increment is
1 and all physical devices scroll through the same (x)wayland pointer
device.

This may cause events to get lost when changing devices:
- mouse scrolls by full increment, current value is 1.0
  last scroll button was sent for valuator value 0.0,
  delta is 1.0 and we emulate a button event.
- touchpad scrolls by partial increment, current value is 1.3
  last scroll button was sent for valuator value 1.0, delta is 0.3
  and no button event is emulated
- mouse scrolls by full increment, current value is -0.7,
  last scroll button was sent for valuator value 1.0, delta is -0.7
  and no button event is emulated

Thus the wheel event appears to get lost. Xwayland cannot reliably
detect this case because we don't see the physical devices.

We can work around this by instead emulating buttons whenever we cross
a multiple of increment. However, this has a drawback:
high-resolution scroll devices can now trigger a button event storm by
jittering across the multiple of increment. e.g. in the example above
the touchpad moving from 1.3 to 1.0 would cause a click, despite this
being a third of an increment.

Fixes #1339

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
2023-02-16 10:25:16 +00:00
Peter Hutterer 6f0cd15155 dix: remove pointless "flexible" x/y axis mapping
storeLastValuators() takes the index in the mask for the x and y axis.
Completely pointless because any device that doesn't have x/y on 0 and
1, respectively, is going to break in fun ways anyway. And we only have
two callers two this function, both of which hardcode 0 and 1.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-02-16 10:25:16 +00:00
Olivier Fourdan e196535abb dix: Clear device sprite after free in AttachDevice()
The code in AttachDevice() may free the dev->spriteInfo->sprite under
some circumstances and later call GetCurrentRootWindow() which uses
the same dev->spriteInfo->sprite.

While it seems unlikely that this is actually an issue, considering the
cases where one or the other get called, it still makes the code look
suspicious.

Make sure to clear set dev->spriteInfo->sprite to NULL  immediately
after it's freed to avoid any confusion, even if only to clarify the
code.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1436
2023-02-09 23:54:11 +00:00
Mike Gorse 2ef5ef57bd dix: Use CopyPartialInternalEvent in EnqueueEvent
The event might be a DeviceEvent allocated on the stack, in
AccessXKeyboardEvent for instance. Fixes out-of-bounds read.

Signed-off-by: Mike Gorse <mgorse@suse.com>
2023-01-25 02:02:48 +00:00
Jeremy Huddleston Sequoia 16e7cdba48 rootless: Use screen_x and screen_y instead of pixmap pointer hacks
This updates rootless to treat pixmaps consistently with COMPOSITE,
using the screen_x and screen_y values rather than doing hacky math.

This will allow for proper bounds checking on a given PixmapRec.

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
2023-01-20 17:10:54 +00:00
Peter Hutterer 412777664a Disallow byte-swapped clients by default
The X server swapping code is a huge attack surface, much of this code
is untested and prone to security issues. The use-case of byte-swapped
clients is very niche, so let's disable this by default and allow it
only when the respective config option or commandline flag is given.

For Xorg, this adds the ServerFlag "AllowByteSwappedClients" "on".
For all DDX, this adds the commandline options +byteswappedclients and
-byteswappedclients to enable or disable, respectively.

Fixes #1201

https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1029

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-01-06 11:59:37 +10:00
Peter Hutterer f69280ddcd dix: localize two variables
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-01-06 11:59:37 +10:00
Peter Hutterer a8c2e60d8d dix: remove unused PANORAMIX_DEBUG ifdef
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-01-06 11:59:37 +10:00
Peter Hutterer 73d6e888c6 Fix some indentation issues
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2023-01-06 11:59:37 +10:00
Jeremy Huddleston Sequoia 3cb3024fea dix: Remove pScratchPixmap and other associated ABI changes
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
2022-12-30 01:32:25 +00:00
Jeremy Huddleston Sequoia 6ee937b3be dix: Stop recycling scratch pixmaps
The minimal performance wins we gain by recycling pixmaps at this layer are
not worth the code complexity nor the interference with memory analysis
tools like malloc history, ASan, etc.

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
2022-12-30 01:32:25 +00:00
Sultan Alsawaf 08183c66e8 pixmap: make PixmapDirtyCopyArea public
PixmapDirtyCopyArea() is about to be used outside of pixmap.c, so fix up
its interface by specifying the dirty area directly rather than passing a
`PixmapDirtyUpdatePtr`. This makes it easier to use outside of pixmap.c, as
the caller doesn't need to create a bulky PixmapDirtyUpdateRec to use this
function.

Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
2022-12-19 23:56:27 -08:00
Peter Hutterer 8f454b793e Xi: avoid integer truncation in length check of ProcXIChangeProperty
This fixes an OOB read and the resulting information disclosure.

Length calculation for the request was clipped to a 32-bit integer. With
the correct stuff->num_items value the expected request size was
truncated, passing the REQUEST_FIXED_SIZE check.

The server then proceeded with reading at least stuff->num_items bytes
(depending on stuff->format) from the request and stuffing whatever it
finds into the property. In the process it would also allocate at least
stuff->num_items bytes, i.e. 4GB.

The same bug exists in ProcChangeProperty and ProcXChangeDeviceProperty,
so let's fix that too.

CVE-2022-46344, ZDI-CAN 19405

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
2022-12-14 11:02:40 +10:00
Michel Dänzer f778b56a74 dix: Skip more code in SetRootClip for ROOT_CLIP_INPUT_ONLY
Despite e957a2e5dd ("dix: Add hybrid full-size/empty-clip mode to
SetRootClip"), I was still seeing all X11 client windows flashing when
the root window size changes with rootless Xwayland (e.g. due to
hotplugging a monitor).

Skipping this code for ROOT_CLIP_INPUT_ONLY fixes the issue for me.
2022-09-12 10:51:05 +00:00
Alan Coopersmith 5cc24dbb4c dix: Use memcpy() instead of memmove() when buffers are known not to overlap
Most of these came from a mass bcopy() -> memmove() substitution in 1993
with a commit comment of "Ansification (changed bfuncs -> mfuncs)"

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2022-08-29 21:10:51 +00:00
Olivier Fourdan 2efa6d6595 dix: Fix overzealous caching of ResourceClientBits()
Commit c7311654 cached the value of ResourceClientBits(), but that value
depends on the `MaxClients` value set either from the command line or
from the configuration file.

For the latter, a call to ResourceClientBits() is issued before the
configuration file is read, meaning that the cached value is from the
default, not from the maximum number of clients set in the configuration
file.

That obviously causes all sort of issues, including memory corruption
and crashes of the Xserver when reaching the default limit value.

To avoid that issue, also keep the LimitClient value, and recompute the
ilog2() value if that changes, as on startup when the value is set from
the the xorg.conf ServerFlags section.

v2: Drop the `cache == 0` test
    Rename cache vars

Fixes: c7311654 - dix: cache ResourceClientBits() value
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1310
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2022-07-27 17:09:29 +02:00
Alan Coopersmith 6f9fce0360 Replace "the the" with a single "the" in docs & comments
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Martin Roukala <martin.roukala@mupuf.org>
2022-03-31 13:27:57 -07:00
Povilas Kanapickas 43e934a19f dix: Don't send touch end to clients that do async grab without touches
GTK3 menu widget creates a selection for touch and other events and
after receiving touch events creates an async grab that excludes touch
events. Unfortunately it relies on X server not sending the touch end
event in order to function properly. Sending touch end event will cause
it to think that the initiating touch ended and when it actually ends,
the ButtonRelease event will make it think that the menu should be
closed. As a result, the menu will be open only for the duration of the
touch making it useless.

This commit reverts f682e0563f.

Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1255

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
2022-02-12 15:26:30 +00:00
Povilas Kanapickas 1801fe0ac3 dix: Fix use after free in input device shutdown
This fixes access to freed heap memory via dev->master. E.g. when
running BarrierNotify.ReceivesNotifyEvents/7 test from
xorg-integration-tests:

==24736==ERROR: AddressSanitizer: heap-use-after-free on address
0x619000065020 at pc 0x55c450e2b9cf bp 0x7fffc532fd20 sp 0x7fffc532fd10
READ of size 4 at 0x619000065020 thread T0
    #0 0x55c450e2b9ce in GetMaster ../../../dix/devices.c:2722
    #1 0x55c450e9d035 in IsFloating ../../../dix/events.c:346
    #2 0x55c4513209c6 in GetDeviceUse ../../../Xi/xiquerydevice.c:525
../../../Xi/xichangehierarchy.c:95
    #4 0x55c450e3455c in RemoveDevice ../../../dix/devices.c:1204
../../../hw/xfree86/common/xf86Xinput.c:1142
    #6 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
    #7 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
    #8 0x55c450e837ef in dix_main ../../../dix/main.c:302
    #9 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
    #11 0x55c450d0113d in _start (/usr/lib/xorg/Xorg+0x117713d)

0x619000065020 is located 160 bytes inside of 912-byte region
[0x619000064f80,0x619000065310)
freed by thread T0 here:
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
    #1 0x55c450e19f1c in CloseDevice ../../../dix/devices.c:1014
    #2 0x55c450e343a4 in RemoveDevice ../../../dix/devices.c:1186
../../../hw/xfree86/common/xf86Xinput.c:1142
    #4 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
    #5 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
    #6 0x55c450e837ef in dix_main ../../../dix/main.c:302
    #7 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)

previously allocated by thread T0 here:
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
    #1 0x55c450e1c57b in AddInputDevice ../../../dix/devices.c:259
    #2 0x55c450e34840 in AllocDevicePair ../../../dix/devices.c:2755
    #3 0x55c45130318f in add_master ../../../Xi/xichangehierarchy.c:152
../../../Xi/xichangehierarchy.c:465
    #5 0x55c4512cb9f5 in ProcIDispatch ../../../Xi/extinit.c:390
    #6 0x55c450e6a92b in Dispatch ../../../dix/dispatch.c:551
    #7 0x55c450e834b7 in dix_main ../../../dix/main.c:272
    #8 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)

The problem is caused by dev->master being not reset when disabling the
device, which then causes dangling pointer when the master device itself
is being deleted when exiting whole server.

Note that RecalculateMasterButtons() requires dev->master to be still
valid, so we can reset it only at the end of function.

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
2022-02-09 11:36:48 +00:00
Povilas Kanapickas 6ef5c05728 dix: Correctly save replayed event into GrabInfoRec
When processing events we operate on InternalEvent pointers. They may
actually refer to a an instance of DeviceEvent, GestureEvent or any
other event that comprises the InternalEvent union. This works well in
practice because we always look into event type before doing anything,
except in the case of copying the event.

*dst_event = *src_event would copy whole InternalEvent event and would
cause out of bounds read in case the pointed to event was not
InternalEvent but e.g. DeviceEvent.

This regression has been introduced in
23a8b62d34.

Fixes https://gitlab.freedesktop.org/xorg/xserver/-/issues/1261

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
2022-02-09 11:33:03 +00:00
tholin dc7cb45482 dix: Hold input lock for AttachDevice()
Fix the following race:

Possible data race during read of size 8 at 0xA112510 by thread #6
Locks held: 1, at address 0x366B40
   at 0x14C8B9: GetMaster (devices.c:2691)
   by 0x15CFC5: IsFloating (events.c:346)
   by 0x2B9554: miPointerGetScreen (mipointer.c:527)
   by 0x1A5136: xf86PostButtonEventM (xf86Xinput.c:1379)
   by 0x1A52BD: xf86PostButtonEvent (xf86Xinput.c:1345)
   by 0x485F45B: EvdevProcessEvent (in /usr/lib64/xorg/modules/input/evdev_drv.so)
   by 0x485FDAC: EvdevReadInput (in /usr/lib64/xorg/modules/input/evdev_drv.so)
   by 0x195427: xf86ReadInput (xf86Events.c:247)
   by 0x2CC113: InputReady (inputthread.c:180)
   by 0x2CE4EA: ospoll_wait (ospoll.c:657)
   by 0x2CC077: InputThreadDoWork (inputthread.c:369)
   by 0x484A336: mythread_wrapper (hg_intercepts.c:406)

This conflicts with a previous write of size 8 by thread #1
Locks held: none
   at 0x14D2C6: AttachDevice (devices.c:2609)
   by 0x15CF85: ReattachToOldMaster (events.c:1457)
   by 0x1647DD: DeactivateKeyboardGrab (events.c:1700)
   by 0x25D7F1: ProcXIUngrabDevice (xigrabdev.c:169)
   by 0x2552AD: ProcIDispatch (extinit.c:398)
   by 0x155291: Dispatch (dispatch.c:479)
   by 0x158CBA: dix_main (main.c:276)
   by 0x143A3D: main (stubmain.c:34)
 Address 0xa112510 is 336 bytes inside a block of size 904 alloc'd
   at 0x4846571: calloc (vg_replace_malloc.c:1328)
   by 0x14A0B3: AddInputDevice (devices.c:260)
   by 0x1A31A0: xf86ActivateDevice (xf86Xinput.c:365)
   by 0x1A4549: xf86NewInputDevice (xf86Xinput.c:948)
   by 0x1A4B44: NewInputDeviceRequest (xf86Xinput.c:1090)
   by 0x1B81FE: device_added (udev.c:282)
   by 0x1B8516: config_udev_init (udev.c:439)
   by 0x1B7091: config_init (config.c:50)
   by 0x197970: InitInput (xf86Init.c:814)
   by 0x158C6B: dix_main (main.c:250)
   by 0x143A3D: main (stubmain.c:34)
 Block was alloc'd by thread #1

The steps to trigger the race are:
1. Main thread does cleanup at mipointer.c:360 setting the slave device's
   miPointerPtr to null.
2. Input thread use MIPOINTER in mipointer.c and get the slave's
   miPointerPtr = null.
3. Main thread updates dev->master at devices.c:2609.
4. MIPOINTER would now return the master's miPointerPtr but the input
   thread already got the slave's miPointerPtr in step 2 and segfaults by
   null ptr deref.

Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260
Signed-off-by: Thomas Lindroth <thomas.lindroth@gmail.com>
2022-02-03 16:56:53 +00:00
Matthieu Herrb 5b8817a019 Convert more funcs to use InternalEvent.
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
in events.c: 3876    *grabinfo->sync.event = *real_event;

Possible fix for https://gitlab.freedesktop.org/xorg/xserver/-/issues/1253

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
2021-12-19 20:01:04 +00:00
Povilas Kanapickas c97397dc47 Remove autotools support
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
2021-10-27 13:15:40 +03:00
Alex Richardson f9f705bf3c dix/privates.c: Avoid undefined behaviour after realloc()
Adding the offset between the realloc result and the old allocation to
update pointers into the new allocation is undefined behaviour: the
old pointers are no longer valid after realloc() according to the C
standard. While this works on almost all architectures and compilers,
it causes  problems on architectures that track pointer bounds (e.g.
CHERI or Arm's Morello): the DevPrivateKey pointers will still have the
bounds of the previous allocation and therefore any dereference will
result in a run-time trap.

I found this due to a crash (dereferencing an invalid capability) while
trying to run `XVnc` on a CHERI-RISC-V system. With this commit I can
successfully connect to the XVnc instance running inside a QEMU with a
VNC viewer on my host.

This also changes the check whether the allocation was moved to use
uintptr_t instead of a pointer since according to the C standard:
"The value of a pointer becomes indeterminate when the object it
points to (or just past) reaches the end of its lifetime." Casting to an
integer type avoids this undefined behaviour.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
2021-10-08 09:59:11 +00:00
Ignacio Casal Quinteiro 1fd5dec11b touchevents: set the screen pointer after checking the device is enabled
If the device is disabled the sprite is NULL so we get a seg fault
2021-09-07 16:58:10 +02:00
Simon Ser 7d34b1f2b7 xwayland: add -noTouchPointerEmulation
In some scenarios, the Wayland compositor might have more knowledge
than the X11 server and may be able to perform pointer emulation for
touch events better. Add a command-line switch to allow compositors
to turn Xwayland pointer emulation off.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-09-06 21:19:46 +00:00
Alex Richardson d83c84bd9d Mark the dixChangeWindowProperty() value argument as const
It is copied using memcpy() and not modified so we can add const. This
fixes a -Wincompatible-pointer-types-discards-qualifiers compiler warning
that was failing a -Werror XVnc build for me.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
2021-07-30 08:36:35 +00:00
Olivier Fourdan 6b47321bc6 dix: Add optional terminate delay
When the command line option "-terminate" is used, it could be
interesting to give it an optional grace period to let the Xserver
running for a little longer in case a new connection occurs.

This adds an optional parameter to the "-terminate" command line option
for this purpose.

v2: Use a delay in seconds instead of milliseconds
    (Martin Peres <martin.peres@mupuf.org>)
v3: Clarify man page entry, ensure terminateDelay is always >= 0,
    simplify TimerFree(). (Peter Hutterer <peter.hutterer@who-t.net>)

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2021-06-07 17:28:05 +02:00
Olivier Fourdan e167299f60 xfixes: Add ClientDisconnectMode
With Wayland compositors now being able to start Xwayland on demand, the
next logical step is to be able to stop Xwayland when there is no more
need for it.

The Xserver itself is capable of terminating itself once all X11 clients
are gone, yet in a typical full session, there are a number of X11
clients running continuously (e.g. the Xsettings daemon, IBus, etc.).

Those always-running clients will prevent the Xserver from terminating,
because the actual number of X11 clients will never drop to 0. Worse,
the X11 window manager of a Wayland compositor also counts as an X11
client, hence also preventing Xwayland from stopping.

Some compositors such as mutter use the XRes extension to query the X11
clients connected, match their PID with the actual executable name and
compare those with a list of executables that can be ignored when
deciding to kill the Xserver.

But that's not just clumsy, it is also racy, because a new X11 client
might initiate a connection the X11 server right when the compositor is
about to kill it.

To solve this issue directly at the Xserver level, this add new entries
to the XFixes extension to let the X11 clients themselves specify the
disconnect mode they expect.

Typically, those X11 daemon clients would specify the disconnect mode
XFixesClientDisconnectFlagTerminate to let the Xserver know that they
should not be accounted for when checking the remaining clients prior
to terminate.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2021-06-07 17:28:05 +02:00
Povilas Kanapickas 5163fc8bc2 Implement gesture processing logic 2021-05-30 13:26:42 +03:00
Povilas Kanapickas 100a2ad6da dix: Implement gesture event submission code path 2021-05-30 13:26:40 +03:00
Povilas Kanapickas 7656a9c8dd dix: Implement internal gesture state handling 2021-05-30 13:26:39 +03:00
Povilas Kanapickas 0bf4123fd3 dix: Implement gesture event fixups before delivery 2021-05-30 13:26:38 +03:00
Povilas Kanapickas 227f601de3 xi: Implement conversions from internal to Xi2 gesture event structs 2021-05-30 13:26:37 +03:00
Povilas Kanapickas 080bac39c8 xi: Implement grab support for new gesture event types 2021-05-30 13:26:32 +03:00
Povilas Kanapickas 22fa31ed56 dix: Add new internal event enums for gesture events 2021-05-30 13:26:30 +03:00
Povilas Kanapickas 99e7ccffb3 dix: Fix URL to description of focus in/out model
The current URL points to an unrelated patch for acpid.

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
2021-03-25 23:18:14 +02:00
Povilas Kanapickas af17b5c499 dix: Use correct listener to deliver touch end events
This fixes an problem left in f682e0563f
due to an incorrect cherry-pick.

We must use old listener->listener to deliver the touch event. Otherwise
grab won't let the event through and the abovementioned commit has no
effect.

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
2021-02-17 04:29:48 +00:00
Olivier Fourdan dee2bb033e dix: Guard against non-existing PtrFeedbackPtr
Trying to change the pointer control settings on a device without
PtrFeedbackPtr would be a bug and a crash in the Xserver.

Guard against that case by returning early with a BadImplementation
error, that might kill the X11 client but the Xserver would survive.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Related: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1137
2021-02-16 09:37:46 +01:00
Olivier Fourdan b5e1f13681 dix: Add POINTER_RAWONLY flag
This add a new flag POINTER_RAWONLY for GetPointerEvents() which does
pretty much the opposite of POINTER_NORAW.

Basically, this tells GetPointerEvents() that we only want the
DeviceChanged events and any raw events for this motion but no actual
motion events.

This is preliminary work for Xwayland to be able to use relative motion
events for raw events. Xwayland would use absolute events for raw
events, but some X11 clients (wrongly) assume raw events to be always
relative.

To allow such clients to work with Xwayland, it needs to switch to
relative raw events (if those are available from the Wayland
compositor).

However, Xwayland cannot use relative motion events for actual pointer
location because that would cause a drift over time, the pointer being
actually controlled by the Wayland compositor.

So Xwayland needs to be able to send only relative raw events, hence
this API.

Bump the ABI_XINPUT_VERSION minor version to reflect that API addition.

v2: Actually avoid sending motion events (Peter)
v3: Keep sending raw emulated events with RAWONLY (Peter)

Suggested-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Related: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1130
2021-02-15 09:42:00 +01:00
Povilas Kanapickas f682e0563f dix: Send touch end to clients that do async grab without touch events
If a XI2 client started listening to touches due to a selection and then
creates an active async grab that does not include touch events, then it
currently won't get the touch end event which will produce inconsistent
view of the pending touches.

Note that we only need to consider touch listeners and can ignore
pointer emulation. Under XI2 if a active grab replaces a passive
implicit grab and the active grab does not include the button release
event, the client won't get it either.
2021-02-08 05:21:29 +02:00
Povilas Kanapickas f5220117e9 dix: Extract FreezeThisEventIfNeededForSyncGrab() 2020-11-25 04:20:22 +00:00
Povilas Kanapickas 36f8dacc06 dix: Extract ActivateGrabNoDeliver() 2020-11-25 04:20:22 +00:00
Povilas Kanapickas 23a8b62d34 dix: Store replayed event into GrabInfoRec struct as InternalEvent* 2020-11-25 04:20:22 +00:00
Povilas Kanapickas 8bd8b3af19 dix: Rename LISTENER_* to TOUCH_LISTENER_* 2020-11-25 04:20:22 +00:00
Povilas Kanapickas 56d7205921 dix: Extract DeliverDeviceClassesChangedEvent() utility function 2020-11-25 04:20:21 +00:00
Povilas Kanapickas 5b0c5344b7 dix: Extract CopySprite() utility 2020-11-25 04:20:21 +00:00
Povilas Kanapickas acd819ac07 dix: Extract FixUpXI2DeviceEventFromWindow() 2020-11-25 04:20:21 +00:00
Alan Coopersmith d00594ebc7 AddInputDevice: only need to check once if we failed to calloc dev
Resolves warning from Oracle Parfait static analyser:

Warning: Impossible or redundant condition
   Impossible or redundant condition [impossible-redundant-condition]:
      Condition 'dev != NULL' of branch is determined by previous branch
        at line 270 of dix/devices.c in function 'AddInputDevice'.
          Condition 'dev != NULL' from this branch implies following branch is always true at line 262

Fixes: commit 493ad83323
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2020-11-17 18:43:39 -08:00
Matthieu Herrb aac28e162e fix for ZDI-11426
Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.

This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2020-07-31 14:51:23 +00:00
Dave Airlie ea47af87f6 xserver/output: rename some badly named variables/APIs.
This is an API and ABI break

Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2020-07-10 06:17:44 +10:00
Alan Coopersmith 23e83724df Fix spelling/wording issues
Most (but not all) of these were found by using
  codespell --builtin clear,rare,usage,informal,code,names
but not everything reported by that was fixed.

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2020-07-05 13:07:33 -07:00
Aaron Plattner 4308f5d3d1 os: Don't crash in AttendClient if the client is gone
If a client is in the process of being closed down, then its client->osPrivate
pointer will be set to NULL by CloseDownConnection. This can cause a crash if
freeing the client's resources results in a call to AttendClient. For example,
if the client has a pending sync fence:

 Thread 1 "X" received signal SIGSEGV, Segmentation fault.
 AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942
 (gdb) bt
 #0  AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942
 #1  0x00005571c3dbb865 in SyncAwaitTriggerFired (pTrigger=<optimized out>) at ../Xext/sync.c:694
 #2  0x00005571c3dd5749 in miSyncDestroyFence (pFence=0x5571c5063980) at ../miext/sync/misync.c:120
 #3  0x00005571c3dbbc69 in FreeFence (obj=<optimized out>, id=<optimized out>) at ../Xext/sync.c:1909
 #4  0x00005571c3d7a01d in doFreeResource (res=0x5571c506e3d0, skip=skip@entry=0) at ../dix/resource.c:880
 #5  0x00005571c3d7b1dc in FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1146
 #6  FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1109
 #7  0x00005571c3d5525f in CloseDownClient (client=0x5571c4aed9a0) at ../dix/dispatch.c:3473
 #8  0x00005571c3d55eeb in Dispatch () at ../dix/dispatch.c:492
 #9  0x00005571c3d59e96 in dix_main (argc=3, argv=0x7ffe7854bc28, envp=<optimized out>) at ../dix/main.c:276
 #10 0x00007fea4837cb6b in __libc_start_main (main=0x5571c3d1d060 <main>, argc=3, argv=0x7ffe7854bc28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe7854bc18) at ../csu/libc-start.c:308
 #11 0x00005571c3d1d09a in _start () at ../Xext/sync.c:2378
 (gdb) print client->osPrivate
 $1 = (void *) 0x0

Since the client is about to be freed, its ignore count doesn't matter and
AttendClient can simply be a no-op. Check for client->clientGone in AttendClient
and remove similar checks from two callers that had them.

Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
2019-11-19 10:15:05 -08:00
Adam Jackson 516e75dbb6 dix: Call SourceValidate before GetImage
This ensures that any prep work for the drawable we're about to read
from is already done before we call down to GetImage. This should be no
functional change as most of the callers with a non-trivial
SourceValidate are already wrapping GetImage and doing the equivalent
thing, but we'll be simplifying that shortly.

More importantly this ensures that if any of that prep work would
generate events - like automatic compositing flushing rendering to a
parent pixmap which then triggers damage - then it happens entirely
before we start writing the GetImage reply header.

Note that we do not do the same for GetSpans, but that's okay. The only
way to get to GetSpans is through miCopyArea or miCopyPlane - where the
callers must already call SourceValidate - or miGetImage - which this
commit now protects with SourceValidate.

Fixes: xorg/xserver#902
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
2019-10-30 16:26:01 +00:00
Adam Jackson ff310903f3 mi: Add a default no-op miSourceValidate
Slightly simplifies the callers since they don't need to check for
non-NULL anymore.

I do extremely hate the workarounds here to suppress misprite taking the
cursor down though. Surely there's a better way.

Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
2019-10-30 16:26:01 +00:00
Adam Jackson 89a9927b1e include: Remove now-empty site.h 2019-10-30 16:17:04 +00:00
Adam Jackson ff4e2c24ec dix: Move default screensaver defaults into globals.c 2019-10-30 16:17:04 +00:00
Adam Jackson 2d1ed64d2a dix: Remove -to option to set the default connection timeout
One minute is admittedly arbitrary, but again, pretty sure this never
gets set on the command line in practice.
2019-10-30 16:17:04 +00:00
Adam Jackson 56ea4c769c dix: Remove -fn and -fc options to set default text/cursor fonts
I strongly suspect these never get used in the wild, and it's not an
especially useful thing to do in any case.
2019-10-30 16:17:04 +00:00
Adam Jackson ec659f021e dix: Remove now-unused SetVendorString 2019-10-30 16:17:04 +00:00
Adam Jackson 592525386a dix: Fix undefined memset in _dixInitScreenPrivates
Again, memset(0, ...) is undefined.
2019-10-15 14:06:50 -04:00
Adam Jackson 1e5f478b7e dix: Fix undefined shift in HashResourceID
Again, we need all of the bits of an unsigned int to make this work.
2019-10-15 14:06:21 -04:00
Adam Jackson a41d45eedc dix: Fix undefined memset in dixInitPrivates
When we set these up initially, no subsystems have allocated any
privates yet, so the storage address will be null, and memset(NULL, ...)
is undefined.
2019-10-15 14:05:38 -04:00
Hans de Goede 834a467af9 dix: Add GetCurrentClient helper
Request-handlers as registered in the requestVector array, always get
passed the clientPtr for the client which sent the request.
But the implementation of many request-handlers typically consists of
a generic handler calling implementation specific callbacks and / or
various helpers often multiple levels deep and in many cases the clientPtr
does not get passed to the callbacks / helpers.

This means that in some places where we would like to have access to the
current-client, we cannot easily access it and fixing this would require
a lot of work and often would involve ABI breakage.

This commit adds a GetCurrentClient helper which can be used as a
shortcut to get access to the clienPtr for the currently being processed
request without needing a lot of refactoring and ABI breakage.

Note using this new GetCurrentClient helper is only safe for code
which only runs from the main thread, this new variable MUST NOT be used
by code which runs from signal handlers or from the input-thread.

The specific use-case which resulted in the creation of this patch is adding
support for emulation of randr / vidmode resolution changes to Xwayland.
This emulation will not actually change the monitor resolution instead it
will scale any window with a size which exactly matches the requested
resolution to fill the entire monitor. The main use-case for this is
games which are hard-coded to render at a specific resolution and have
sofar relied on randr / vidmode to change the monitor resolution when going
fullscreen.

To make this emulation as robust as possible (e.g. avoid accidentally scaling
windows from other apps) we want to make the emulated resolution a per client
state. But e.g. the RRSetCrtc function does not take a client pointer; and is
a (used) part of the Xorg server ABI (note the problem is not just limited
to RRSetCrtc).

Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2019-10-12 12:19:14 +02:00
Arthur Williams e693c9657f dix: Check for NULL spriteInfo in GetPairedDevice
There is a race when reseting the XServer that causes spriteInfo to be
NULL in GetPairedDevice resulting a segfault and subsequent crash. The
problem was noticed when opening a connection, creating master devices,
destroying master devices and closing the connection during testing.

Signed-off-by: Arthur Williams <taaparthur@gmail.com>
2019-10-06 12:18:13 -07:00
Adam Jackson 7d0e660e0e meson: Add dtrace support 2019-08-27 17:38:59 -04:00
Adam Jackson e0e051a392 dtrace: s/#if/#ifdef/ for XSERVER_DTRACE
No functional change, matches meson style.
2019-08-27 17:38:59 -04:00
Adam Jackson 7968d10fad dtrace: Move Xserver.d from dix/ to include/
dix/ is typically not in the include path, and this properly belongs in
include anyway since it's needed from os/ too.
2019-08-27 17:38:54 -04:00
Adam Jackson 4fa43fc513 dtrace: Remove Xserver-dtrace.h.in hack
This was a workaround for very old versions of dtrace(1) that didn't
support the -h switch. We no longer support such old OSes.
2019-08-27 15:43:50 -04:00
Matt Turner 61aa40aeb3 dix: Assert noPanoramiXExtension is false in PanoramiX code
When compiling with link time optimization, GCC thinks it's discovered
undefined behavior:

events.c: In function 'XineramaConfineCursorToWindow':
events.c:609:13: warning: iteration 2147483647 invokes undefined behavior [-Waggressive-loop-optimizations]
events.c:609:11: note: within this loop
events.c:605:49: warning: array subscript -1 is below array bounds of 'struct _Window *[16]' [-Warray-bounds]
events.c:606:31: warning: array subscript -1 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
events.c:610:39: warning: array subscript -2 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
events.c:617:38: warning: array subscript -2 is below array bounds of 'struct _Window *[16]' [-Warray-bounds]
events.c:619:35: warning: array subscript -2 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]

This results from

    i = PanoramiXNumScreens - 1;

    RegionCopy(&pSprite->Reg1, &pSprite->windows[i]->borderSize);
    off_x = screenInfo.screens[i]->x;
    off_y = screenInfo.screens[i]->y;

where GCC believes that PanoramiXNumScreens might be 0. Unfortunately
GCC is just smart enough to be an annoyance because this case is not
actually possible: XineramaConfineCursorToWindow() is only called when
noPanoramiXExtension is false, and if noPanoramiXExtension is false then
PanoramiXNumScreens must be >1 (see PanoramiXExtensionInit()).

So, add an assert(!noPanoramiXExtension), which to my surprise provides
GCC with information even in release builds and lets GCC understand that
the code is not doing anything that is undefined behavior.

I chose this solution instead of the proposed assert(i >= 0) because the
same pattern occurs in CheckVirtualMotion() but is inside an
'if (!noPanoramiXExtension)' and does not generate any warnings.

Fixes: xorg/xserver#590
Signed-off-by: Matt Turner <mattst88@gmail.com>
2019-08-09 20:45:01 -07:00
Adam Richter 9d25408a59 assert(a && b) --> assert(a); assert(b)
Separate each statement of the form "assert(a && b);" into "assert(a);"
and "assert(b);" for more precise diagnostics, except for this clever
use in drmmode_display.c where it was used to pass a hint to developers:

	assert(num_infos <= 32 && "update return type");
2019-05-02 15:02:36 -07:00
Adam Jackson 6975807945 dix: Remove WindowRec::backStorage
This is only being set, never read.
2019-04-12 21:53:03 +00:00
Adam Jackson 0f477cc68b dix, composite: Optimize setting window backing store state
We hide CWBackingStore from the screen hook if nothing's actually
changing, which means compChangeWindowAttributes no longer needs to
compare the requested state with the present one.
2019-04-12 21:53:03 +00:00
Peter Hutterer d7b1753d44 dix: leave last.valuators alone on slave switch
Terms:
dev->last.valuator[] is the last value given to us by the driver
dev->valuator.axisVal[] is the last value sent to the client
dev->last.scroll[] is the abs value of the scroll axis as given by the driver,
        used for button emulation calculation (and the remainder)

This function updates the device's last.valuator state based on the current
master axis state. This way, relative motion continues fluidly when switching
between devices. Before mouse 2 comes into effect, it's valuator state is
updated to wherever the pointer currently is so the relative event applies on
top of that.

This can only work for x/y axes, all other axes aren't guaranteed to have the
same meaning and/or may not be present:
- xtest device: no valuator 2
- mouse: valuator 2 is horizontal scroll axis
- tablet: valuator 2 is pressure

Scaling the current value from the pressure range into the range for
horizontal scrolling makes no sense. And it causes scroll jumps:

- scroll down, last.valuator == axisVal == 20
- xdotool click 1, the XTest device doesn't have that valuator
- scroll up
  - updateSlaveDeviceCoords reset last.valuator to 0 (axisVal == 20)
  - DeviceClassesChangedEvent includes value 20 for the axis
  - event is processed, last.value changes from 0 to -1
  - axisVal is updated to -1, causing a jump of -21

The same applies when we switch from tablet to mouse wheel if the pressure
value is 0 on proximity out (basically guaranteed). So let's drop this code
altogether and only leave the scaling for the relative x/y motion.

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2019-03-29 03:44:29 +00:00
Adam Jackson 3904216b01 dix: Outdent Unmap{Window,Subwindows} a bit
No functional change, just folding some conditionals together.
2019-03-11 17:02:28 +00:00
Olivier Fourdan c731165402 dix: cache ResourceClientBits() value
The `LimitClient` is set once and for all at startup, whereas the
function `ResourceClientBits()` which returns the client field offset
within the XID based on the value of `LimitClient` can be called
repeatedly.

Small optimization, cache the result of `ilog2()`, that saves running
the same loop over and over each time `ResourceClientBits()` is called.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
2018-12-11 18:41:33 +00:00
Ray Strode 8738ce85df dix: ensure work queues are cleared on reset
If the server resets, most client workqueues are cleaned up as the
clients are killed.

The one exception is the server's client, which is exempt from
the killing spree.

If that client has a queued work procedure active, it won't get
cleared on reset.

This commit ensures it gets cleared too.
2018-11-19 19:37:10 +00:00
Samuel Thibault 364d649815 dix: do not send focus event when grab actually does not change
c67f2eac56 ("dix: always send focus event on grab change") made dix
always sent events when it's a NotifyGrab or NotifyUngrab, even if
from == to, because 'from' can just come from a previous XSetInputFocus
call.

However, when an application calls XGrabKeyboard several times on
the same window, we are now sending spurious FocusOut+FocusIn with
NotifyGrab, even if the grab does not actually change. This makes screen
readers for blind people spuriously emit activity events which disturb
screen reading workflow when e.g. switching between menus.

This commit avoids calling DoFocusEvents in that precise case, i.e. when
oldWin is a previous grab and the new grab is the same window.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2018-11-19 13:56:51 -05:00
Michal Srb fbdd4d679a dix/window: Use ConfigureWindow instead of MoveWindow
The screensaver can regularly move its window to random offsets. It should
use the ConfigureWindow function instead of calling the Screen's MoveWindow
directly. Some MoveWindow implementations, such as compMoveWindow, rely on
Screen's ConfigNotify being called first as it happens in ConfigureWindow.

Reviewed-by: Adam Jackson <ajax@redhat.com>
2018-11-13 11:02:41 -05:00
Marco Trevisan (Treviño) 2118e4471b dix/events: reuse grab pointer value 2018-11-12 02:57:10 +00:00
Michel Dänzer 6ef025a872 Revert "dix: Work around non-premultiplied ARGB cursor data harder"
This reverts commit b45c74f0f2.

It broke the cursor in other games. Apparently those use cursor data
with premultiplied alpha, but with some pixels having r/g/b values
larger than the alpha value (which corresponds to original r/g/b
values > 1.0), triggering the workaround.

Seems the cure turned out worse than the disease, so revert.

Bugzilla: https://bugs.freedesktop.org/108650
2018-11-06 11:33:19 +01:00
Michel Dänzer b45c74f0f2 dix: Work around non-premultiplied ARGB cursor data harder
Turns out some apps (e.g. the Civilization VI game) use
non-premultiplied cursor data which doesn't have any pixels with 0 alpha
but non-0 non-alpha, but can still result in visual artifacts.

This uses the method suggested by Kamil in
https://bugs.freedesktop.org/92309#c19: check for pixels where any
colour component value is larger than the alpha value, which isn't
possible with premultiplied alpha.

There can still be non-premultiplied data which won't be caught by this,
but that should result in slightly incorrect colours and/or blending at
the worst, not wildly incorrect colours such as shown in the bug report
below.

Bugzilla: https://bugs.freedesktop.org/108355
Suggested-by: Kamil Paral <kamil.paral@gmail.com>
2018-10-25 14:33:09 +00:00
Adam Jackson 53d32c94f3 dix: Remove the magic WhenMapped backing store hack
Automatic compositing exists, if that's what you want then use it.

Signed-off-by: Adam Jackson <ajax@redhat.com>
2018-10-23 18:37:46 +00:00
Adam Jackson 03b2125005 dix: Remove LegalModifier()
This hasn't done anything besides return TRUE in a long long time.

Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
2018-09-28 16:25:17 -04:00
Adam Jackson 3a4d7c79e7 dix: Remove MaxClients
This variable was no longer being read anywhere. MAXCLIENTS the macro is
the compile-time maximum limit, LIMITCLIENTS the macro is the default
limit, LimitClients the variable is the limit for the current server.

Signed-off-by: Adam Jackson <ajax@redhat.com>
2018-09-12 19:31:07 +00:00
Dave Airlie ba0f5d854f devices: break after finding and removing device from lists
Coverity complains about a use after free in here after the
freeing, I can't follow the linked list so well, but whot
says the device can only be on one list once, so break should
fix it.

Signed-off-by: Dave Airlie <airlied@redhat.com>
2018-09-12 12:26:48 +10:00
Peter Hutterer 4fe02b8da3 dix: check_modmap_change() returns Success, not true
Not sure what if anything calls XSetDeviceModifierMapping() but this would've
failed all the time. check_modmap_change() returns Success but we were
treating it like a boolean. Fix this.

Reported-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
2018-08-08 09:45:27 -04:00
Eric Anholt e1ccd0fa0e dix: Fix a warning about GetTimeInMillis return value in XFont2.
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2018-05-08 11:59:28 -04:00
Adam Jackson fc25bceb51 dix: Allow an extension to disable itself
GLX registers an extension before we know if there are any screens that
can actually do it. It's inconvenient to shrink the extension list, so
instead allow the extension to simply zero out its base opcode to
indicate that it needed to panic and disable itself.

Signed-off-by: Adam Jackson <ajax@redhat.com>
2018-04-24 14:36:04 -04:00
Adam Jackson 73a1cb9c92 dix: Factor out extension availability check
Signed-off-by: Adam Jackson <ajax@redhat.com>
2018-04-24 14:36:03 -04:00
Samuel Thibault c67f2eac56 dix: always send focus event on grab change
Focus events are useless when 'from' and 'to' are the same.  But when
this is the result of a (Un)GrabKeyboard request, we should always send
them, including when the window manager had previously used XSetInputFocus
to specify the focus on a window which happens to be now taking a grab.

This is notably needed for window manager using XI to always get keyboard
events even during grabs, so they can determine exactly when grabbing is
active.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2018-04-10 14:50:08 -04:00
Adam Jackson 6f0903ddc9 dix: Hush an almost certainly bogus warning
../dix/getevents.c: In function ‘transformAbsolute’:
../dix/getevents.c:1195:28: warning: ‘oy’ may be used uninitialized in this function [-Wmaybe-uninitialized]
     struct pixman_f_vector p = {.v = {*x, *y, 1} };
                            ^
../dix/getevents.c🔢22: note: ‘oy’ was declared here
     double x, y, ox, oy;
                      ^~

This one is truly special. Even though both ox and oy are set and read
along the same paths, only oy is marked for this warning! Initializing
just oy = 0.0 fixes it entirely, but let's not make a weird thing
weirder.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Keith Packard <keithp@keithp.com>
2018-04-05 14:18:52 -04:00
Adam Jackson ab063cf967 meson: Fix installing protocol.txt
One fix the constructed path, two actually install it.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
2018-03-27 10:13:18 -04:00
Emil Velikov 85ff1cdbd3 protocol.txt: add GLX req. 35 - SetClientInfo2ARB
Noticed while skimming for the typo'd version ;-)

Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2018-02-27 13:08:35 -05:00
Olivier Fourdan 9f7a9be13d dix: avoid deferencing NULL PtrCtrl
PtrCtrl really makes sense for relative pointing device only, absolute
devices such as touch devices do not have any PtrCtrl set.

In some cases, if the client issues a XGetPointerControl() immediatlely
after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
a NULL pointer dereference will occur leading to a crash of Xwayland.

Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
return the default control values otherwise, to avoid the NULL pointer
dereference.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
2017-12-06 11:59:28 -05:00
Adam Jackson 2e7f790b57 dix: Remove ffs.c
Your libc has ffs, I promise.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2017-11-06 17:22:46 -05:00
Giuseppe Bilotta 2dafa1bdaf dix/window: fix typos
Reviewed-by: Adam Jackson <ajax@redhat.com>
2017-11-06 16:46:32 -05:00
Daniel Martin d5379b350f Use ARRAY_SIZE all over the tree
Roundhouse kick replacing the various (sizeof(foo)/sizeof(foo[0])) with
the ARRAY_SIZE macro from dix.h when possible. A semantic patch for
coccinelle has been used first. Additionally, a few macros have been
inlined as they had only one or two users.

Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2017-10-30 13:45:20 -04:00
Nathan Kidd b747da5e25 Unvalidated extra length in ProcEstablishConnection (CVE-2017-12176)
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Nathan Kidd <nkidd@opentext.com>
Signed-off-by: Julien Cristau <jcristau@debian.org>
2017-10-10 23:33:44 +02:00
Michel Dänzer 8e3b26ceaa Make PixmapDirtyUpdateRec::src a DrawablePtr
This allows making the master screen's pixmap_dirty_list entries
explicitly reflect that we're now tracking the root window instead of
the screen pixmap, in order to allow Present page flipping on master
outputs while there are active slave outputs.

Define HAS_DIRTYTRACKING_DRAWABLE_SRC for drivers to check, but leave
HAS_DIRTYTRACKING_ROTATION defined as well to make things slightly
easier for drivers.

Reviewed-by: Adam Jackson <ajax@redhat.com>
2017-08-15 17:01:39 +09:00
Jan Beich abe49b0090 dix: unbreak --with-dtrace (default) on FreeBSD 11.1+
gmake[2]: Entering directory '/path/to/xserver/dix'
/usr/sbin/dtrace -G -C -o dtrace-dix.o -s ../dix/Xserver.d .libs/atom.o ...
dtrace: failed to compile script ../dix/Xserver.d: line 26: useless declaration
gmake[2]: *** [Makefile:1007: dtrace-dix.o] Error 1

Signed-off-by: Jan Beich <jbeich@FreeBSD.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
2017-07-31 13:32:35 -04:00
Adam Jackson f44e0af4da dix: Remove extension aliases
This appears to be essentially unused. The only known client-side
library for the SELinux extension is xcb, which does not look for the
name "Flask". The "SGI-GLX" alias for GLX appears to be a bit of
superstition at this point, NVIDIA's driver does not expose it and Mesa
does not check for it.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Keith Packard <keithp@keithp.com>
2017-06-20 16:37:24 -04:00
Michal Srb 215f894965 dix: Disallow GenericEvent in SendEvent request.
The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
no less. Both ProcSendEvent and SProcSendEvent verify that the received data
exactly match the request size. However nothing stops the client from passing
in event with xEvent::type = GenericEvent and any value of
xGenericEvent::length.

In the case of ProcSendEvent, the event will be eventually passed to
WriteEventsToClient which will see that it is Generic event and copy the
arbitrary length from the receive buffer (and possibly past it) and send it to
the other client. This allows clients to copy unitialized heap memory out of X
server or to crash it.

In case of SProcSendEvent, it will attempt to swap the incoming event by
calling a swapping function from the EventSwapVector array. The swapped event
is written to target buffer, which in this case is local xEvent variable. The
xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
expect that the target buffer has size matching the size of the source
GenericEvent. This allows clients to cause stack buffer overflows.

Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2017-06-19 11:58:50 +10:00
Carlos Garnacho f065721e6f dix: assume warping on the RootWindow always happens on visible coords
If the root window borderClip region is null, the PointInWindowIsVisible()
check fails if pointer warping is attempted on the root window, making
the warping operation bail out early.

Assume coordinates always lay inside the root window for this case,
the actual position will be clamped later within screen coordinates anyway.

Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2017-06-07 14:34:29 +10:00
Keith Packard d9e23ea422 dix: Remove clients from input and output ready queues after closing
Delay removing the client from these two queues until all potential
I/O has completed in case we mark the client as ready for reading or
with pending output during the close operation.

Bugzilla: https://bugs.freedesktop.org/100957
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Nick Sarnie <commendsarnex@gmail.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
2017-05-12 00:21:16 -07:00
Eric Anholt 1549e30372 Add a Meson build system alongside autotools.
This is a work in progress that builds Xvfb, Xephyr, Xwayland, Xnest,
and Xdmx so far.  The outline of Xquartz/Xwin support is in tree, but
hasn't been built yet.  The unit tests are also not done.

The intent is to build this as a complete replacement for the
autotools system, then eventually replace autotools.  meson is faster
to generate the build, faster to run the bulid, shorter to write the
build files in, and less error-prone than autotools.

v2: Fix indentation nits, move version declaration to project(), use
    existing meson_options for version-config.h's vendor name/web.

Signed-off-by: Eric Anholt <eric@anholt.net>
Acked-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2017-04-26 15:25:27 -07:00
Eric Anholt ace6bfd590 dix: Remove a redundant #define
Found when the meson conversion set the symbol to defined, instead of
defined to 1.

Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
2017-04-26 17:29:44 -04:00
Adam Jackson 3360418767 dpms: Consolidate a bunch of stuff into Xext/dpms.c
Most of this is a legacy of the old "extmod" design where you could load
_some_ extensions dynamically but only if the server had been built with
support for them in the first place.

Note that since we now only initialize the DPMS extension if at least
one screen supports it, we no longer need DPMSCapableFlag: if it would
be false, we would never read its value.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
2017-03-27 15:59:47 -04:00
Adam Jackson 4e76c27117 dix: Remove PRIVATE_DAMAGE
None of this is actually wired up to anything, so we can also remove the
devPrivates from the DamageRec. The DamageExtRec is what would need
devPrivates for selinux labeling, in principle.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
2017-03-21 11:20:26 -04:00
Adam Jackson dc7ceda90f dispatch: Mark swapped dispatch as _X_COLD
This touches everything that ends up in the Xorg binary; the big missing
part is GLX since that's all generated code. Cuts about 14k from the
binary on amd64.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
2017-03-01 10:16:20 -05:00
Adam Jackson 8e3f9ce6c0 dix: Add a callback chain for window property state change
This will be used by in-server features that need to react to property
changes. The first one will be _XWAYLAND_ALLOW_COMMITS.

Signed-off-by: Adam Jackson <ajax@redhat.com>
[Pekka: add commit message body]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
2017-02-23 13:30:11 -05:00
Adam Jackson 50bcea8be3 dix: Pass the whole property into deliverPropertyNotifyEvent
Instead of just the atom.  No functional change.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
2017-02-23 13:30:11 -05:00
Michel Dänzer a6566f9e4d prime: Clear PixmapDirtyUpdateRec::damage when it's destroyed
The root window, and by extension any damage records referencing it,
may be destroyed before shared pixmaps referencing it, which resulted in
use-after-free / double-free in PixmapStopDirtyTracking.

Fixes: b5b292896f ("prime: Sync shared pixmap from root window instead of screen pixmap")
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
2017-02-16 14:14:11 -05:00
Michel Dänzer b5b292896f prime: Sync shared pixmap from root window instead of screen pixmap
The screen pixmap doesn't receive updates while there's a Present flip
window.

Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
2017-02-08 12:08:51 -05:00
Keith Packard 785053d033 AttendClient of grab-pervious client must queue to saved_ready_clients [v2]
A client which is attended while a grab is blocking execution of its
requests needs to be placed in the saved_ready_clients list so that it
will get scheduled once the grab terminates. Otherwise, if the client
never sends another request, there is no way for it to be placed in
the ready_clients list.

v2: Wrap comment above mark_client_saved_ready.
    Remove test for OS_COMM_IGNORED which will always be true.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99333
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
2017-01-11 14:31:43 -05:00
Mihail Konev 5b74e260e0 os,dix: Depend custom libs on libs, not objects
The custom os/os.O library reuses *.o files of os/libos.la.

The current rule assumes automake puts all the objects into per-target
am__*_la_OBJECTS variable.  At least with AC_REPLACE_FUNCS, this no
longer holds (as wanted objects are put into LTLIBOBJS instead).

Depend on automake's result, the *.la library instead, to express demand
of any its dependencies being built.

Should be fixing randomly occuring "undefined reference to `strlcpy'"
errors when linking Xvfb and other DDX-es that could use os.O.

Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Mihail Konev <k.mvc@ya.ru>
2017-01-02 12:45:28 -05:00
Adam Jackson 98caba9f56 dix: Clear graphicsExposures for scratch GCs in one place
... instead of in all the CreateScratchGC callers.

Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
2016-12-12 14:09:59 -05:00
Adam Jackson e900a00f8d dix: Rename (and retype) PixmapPerDepth[1] to defaultStipple
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
2016-12-12 14:09:59 -05:00
Rui Matos 5611585b87 xwayland: Don't send KeyRelease events on wl_keyboard::leave
Commits 816015648f and
fee0827a9a made it so that
wl_keyboard::enter doesn't result in X clients getting KeyPress events
while still updating our internal xkb state to be in sync with the
host compositor.

wl_keyboard::leave needs to be handled in the same way as its
semantics from an X client POV should be the same as an X grab getting
triggered, i.e. X clients shouldn't get KeyRelease events for keys
that are still down at that point.

This patch uses LeaveNotify for these events on wl_keyboard::leave and
changes the current use of KeymapNotify to EnterNotify instead just to
keep some symmetry between both cases.

On ProcessDeviceEvent() we still need to deactivate X grabs if needed
for KeyReleases.

Signed-off-by: Rui Matos <tiagomatos@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-11-29 18:44:54 +10:00
Keith Packard ea8efb3a99 dix: Make sure client is not in output_pending chain after closed (RH 1382444)
I think it is possible that output could get queued to a client during
CloseDownClient. After it is removed from the pending queue, active
grabs are released, the client is awoken if sleeping and any work
queue entries related to the client are processed.

To fix this, move the call removing it from the output_pending chain
until after clientGone has been set and then check clientGone in
output_pending_mark.

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1382444
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2016-11-15 08:05:15 -08:00
Keith Packard c85f81825e dix: Bump MAXHASHSIZE for the resource db [v2]
[This was originally a workaround for a client-side resource leak:

http://lists.freedesktop.org/archives/xorg-devel/2012-November/034555.html

Obviously that's a broken app, but the performance problem it
illustrates - that walking the linked list ends up burning all your CPU
time - is real enough. - ajax]

v2: Replace with a shorter code sequence which computes the same
    results for all but numBits == 7

Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
2016-10-28 09:28:32 -07:00
Peter Harris 97a8353ec1 Fix id in error when resource does not exist
Always set client->errorValue before returning an error.

Test program:

int main(int argc, char *argv[]) {
    int screen = 0;
    xcb_connection_t *c = xcb_connect(NULL, &screen);
    if (!c) {
        printf("Cannot connect\n");
        return 1;
    }

    xcb_void_cookie_t tok = xcb_free_gc_checked(c, BAD_VALUE);
    xcb_g_context_error_t *err = (xcb_g_context_error_t *)xcb_request_check(c, tok);
    if (!err) {
        printf("Unexpected request success\n");
        return 1;
    }
    if (err->bad_value != BAD_VALUE) {
        printf("Error: Got 0x%X, expected 0x%X\n", err->bad_value, BAD_VALUE);
        return 1;
    }
    printf("Success! Got expected bad value of 0x%X\n", BAD_VALUE);
    return 0;
}

Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Peter Harris <pharris@opentext.com>
2016-10-06 14:50:42 -04:00
Jonas Ådahl 0fae3be068 dix: Add valuator_mask_set_absolute_unaccelerated
Add a valuator mask setter for setting absolute coordinate combined
with unaccelerated motion deltas. This will later be used by Xwayland
to combine a wl_pointer.motion() event with the unaccelerated delta of
a wp_relative_pointer.relative_motion() event.

Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-10-05 13:46:29 -04:00
Keith Packard 6c6f09aac7 xace: Don't censor window borders
GetImage is allowed to return window border contents, so don't remove
that from the returned image.

Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
2016-09-28 15:25:07 -04:00
Jeremy Huddleston Sequoia 7d6ebf3f4e XQuartz: Adopt input_lock() and input_unlock()
This allows us to remove darwinEvents_lock() and darwinEvents_unlock()
and remove the serverRunning hack from dix

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
2016-09-22 14:55:02 -07:00
Jeremy Huddleston Sequoia 2740dc1937 dix: Silence TSan warnings when checking for pending input
V2: Moves InputCheckPending() into dix.h

Bumps required version of xproto to 7.0.30

==================
WARNING: ThreadSanitizer: data race (pid=4943)
  Read of size 4 at 0x00010c4e3854 by thread T8:
    #0 WaitForSomething WaitFor.c:237 (X11.bin+0x00010049216c)
    #1 Dispatch dispatch.c:413 (X11.bin+0x000100352ed9)
    #2 dix_main main.c:287 (X11.bin+0x00010036e894)
    #3 server_thread quartzStartup.c:66 (X11.bin+0x000100039e63)

  Previous write of size 4 at 0x00010c4e3854 by thread T12 (mutexes: write M856, write M1976):
    #0 mieqEnqueue mieq.c:263 (X11.bin+0x000100448d14)
    #1 DarwinSendDDXEvent darwinEvents.c:641 (X11.bin+0x000100033613)
    #2 DarwinProcessFDAdditionQueue_thread darwinEvents.c:338 (X11.bin+0x000100032039)

  Location is global 'miEventQueue' at 0x00010c4e3850 (X11.bin+0x0001005ab854)

  Mutex M856 (0x00010c4c8c80) created at:
    #0 pthread_mutex_lock <null>:144 (libclang_rt.tsan_osx_dynamic.dylib+0x0000000321fe)
    #1 DarwinListenOnOpenFD darwinEvents.c:300 (X11.bin+0x000100031607)
    #2 socket_handoff bundle-main.c:288 (X11.bin+0x000100002b40)
    #3 __do_request_fd_handoff_socket_block_invoke bundle-main.c:379 (X11.bin+0x0001000029ba)
    #4 __tsan::invoke_and_release_block(void*) <null>:144 (libclang_rt.tsan_osx_dynamic.dylib+0x00000005d97b)
    #5 _dispatch_client_callout <null>:33 (libdispatch.dylib+0x0000000020ef)

  Mutex M1976 (0x00010c4e3d68) created at:
    #0 pthread_mutex_init <null>:144 (libclang_rt.tsan_osx_dynamic.dylib+0x0000000253c3)
    #1 input_lock inputthread.c:103 (X11.bin+0x00010049fd10)
    #2 TimerSet WaitFor.c:343 (X11.bin+0x0001004926c2)
    #3 RootlessQueueRedisplay rootlessScreen.c:594 (X11.bin+0x000100065d7f)
    #4 RootlessInstallColormap rootlessScreen.c:514 (X11.bin+0x000100069f1a)
    #5 miSpriteInstallColormap misprite.c:562 (X11.bin+0x000100467095)
    #6 miCreateDefColormap micmap.c:270 (X11.bin+0x000100440399)
    #7 DarwinScreenInit darwin.c:285 (X11.bin+0x0001000303bb)
    #8 AddScreen dispatch.c:3908 (X11.bin+0x00010036c417)
    #9 InitOutput darwin.c:671 (X11.bin+0x00010002fdeb)
    #10 dix_main main.c:197 (X11.bin+0x00010036e228)
    #11 server_thread quartzStartup.c:66 (X11.bin+0x000100039e63)

  Thread T8 (tid=4198779, running) created by main thread at:
    #0 pthread_create <null>:144 (libclang_rt.tsan_osx_dynamic.dylib+0x000000024490)
    #1 create_thread quartzStartup.c:78 (X11.bin+0x000100039dad)
    #2 QuartzInitServer quartzStartup.c:95 (X11.bin+0x000100039c16)
    #3 X11ApplicationMain X11Application.m:1238 (X11.bin+0x00010001cde4)
    #4 X11ControllerMain X11Controller.m:984 (X11.bin+0x00010002a642)
    #5 server_main quartzStartup.c:136 (X11.bin+0x00010003a03b)
    #6 do_start_x11_server bundle-main.c:436 (X11.bin+0x000100002eb5)
    #7 _Xstart_x11_server mach_startupServer.c:189 (X11.bin+0x000100004e99)
    #8 mach_startup_server mach_startupServer.c:399 (X11.bin+0x000100005734)
    #9 mach_msg_server mach_msg.c:563 (libsystem_kernel.dylib+0x000000012186)
    #10 start <null>:29 (libdyld.dylib+0x000000005254)

  Thread T12 (tid=4198797, running) created by thread T8 at:
    #0 pthread_create <null>:144 (libclang_rt.tsan_osx_dynamic.dylib+0x000000024490)
    #1 create_thread darwinEvents.c:121 (X11.bin+0x000100031ecf)
    #2 DarwinEQInit darwinEvents.c:365 (X11.bin+0x000100031860)
    #3 InitInput darwin.c:571 (X11.bin+0x00010002ea09)
    #4 dix_main main.c:261 (X11.bin+0x00010036e7ce)
    #5 server_thread quartzStartup.c:66 (X11.bin+0x000100039e63)

SUMMARY: ThreadSanitizer: data race WaitFor.c:237 in WaitForSomething
==================
==================
WARNING: ThreadSanitizer: data race (pid=22841)
  Write of size 4 at 0x000105bbd864 by main thread (mutexes: write M1945):
    #0 mieqEnqueue mieq.c:263 (X11.bin+0x000100448cf4)
    #1 DarwinSendDDXEvent darwinEvents.c:642 (X11.bin+0x000100033693)
    #2 -[X11Controller set_window_menu:] X11Controller.m:275 (X11.bin+0x0001000222fd)
    #3 -[X11Application set_window_menu:] X11Application.m:486 (X11.bin+0x000100018b44)
    #4 -[X11Application handleMachMessage:] X11Application.m:177 (X11.bin+0x000100016678)
    #5 __NSFireMachPort <null>:69 (Foundation+0x00000009b62b)
    #6 X11ControllerMain X11Controller.m:984 (X11.bin+0x00010002a5f2)
    #7 server_main quartzStartup.c:136 (X11.bin+0x000100039ffb)
    #8 do_start_x11_server bundle-main.c:436 (X11.bin+0x000100002e65)
    #9 _Xstart_x11_server mach_startupServer.c:189 (X11.bin+0x000100004e49)
    #10 mach_startup_server mach_startupServer.c:399 (X11.bin+0x0001000056e4)
    #11 mach_msg_server mach_msg.c:563 (libsystem_kernel.dylib+0x000000012186)
    #12 start <null>:29 (libdyld.dylib+0x000000005254)

  Previous read of size 4 at 0x000105bbd864 by thread T7:
    #0 Dispatch dispatch.c:434 (X11.bin+0x000100352fc8)
    #1 dix_main main.c:287 (X11.bin+0x00010036e874)
    #2 server_thread quartzStartup.c:66 (X11.bin+0x000100039e23)

  Location is global 'miEventQueue' at 0x000105bbd860 (X11.bin+0x0001005ab864)

  Mutex M1945 (0x000105bbdd78) created at:
    #0 pthread_mutex_init <null>:144 (libclang_rt.tsan_osx_dynamic.dylib+0x0000000253c3)
    #1 input_lock inputthread.c:103 (X11.bin+0x00010049fd10)
    #2 TimerSet WaitFor.c:348 (X11.bin+0x0001004926c2)
    #3 RootlessQueueRedisplay rootlessScreen.c:594 (X11.bin+0x000100065d3f)
    #4 RootlessInstallColormap rootlessScreen.c:514 (X11.bin+0x000100069eda)
    #5 miSpriteInstallColormap misprite.c:562 (X11.bin+0x000100467075)
    #6 miCreateDefColormap micmap.c:270 (X11.bin+0x000100440379)
    #7 DarwinScreenInit darwin.c:285 (X11.bin+0x00010003036b)
    #8 AddScreen dispatch.c:3914 (X11.bin+0x00010036c3f7)
    #9 InitOutput darwin.c:671 (X11.bin+0x00010002fd9b)
    #10 dix_main main.c:197 (X11.bin+0x00010036e208)
    #11 server_thread quartzStartup.c:66 (X11.bin+0x000100039e23)

  Thread T7 (tid=4257217, running) created by main thread at:
    #0 pthread_create <null>:144 (libclang_rt.tsan_osx_dynamic.dylib+0x000000024490)
    #1 create_thread quartzStartup.c:78 (X11.bin+0x000100039d6d)
    #2 QuartzInitServer quartzStartup.c:95 (X11.bin+0x000100039bd6)
    #3 X11ApplicationMain X11Application.m:1238 (X11.bin+0x00010001cd94)
    #4 X11ControllerMain X11Controller.m:984 (X11.bin+0x00010002a5f2)
    #5 server_main quartzStartup.c:136 (X11.bin+0x000100039ffb)
    #6 do_start_x11_server bundle-main.c:436 (X11.bin+0x000100002e65)
    #7 _Xstart_x11_server mach_startupServer.c:189 (X11.bin+0x000100004e49)
    #8 mach_startup_server mach_startupServer.c:399 (X11.bin+0x0001000056e4)
    #9 mach_msg_server mach_msg.c:563 (libsystem_kernel.dylib+0x000000012186)
    #10 start <null>:29 (libdyld.dylib+0x000000005254)

SUMMARY: ThreadSanitizer: data race mieq.c:263 in mieqEnqueue
==================

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
2016-09-22 14:55:01 -07:00
Jeremy Huddleston Sequoia d0c5d205a9 dix: Make InitCoreDevices() failures more verbose.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-09-21 21:11:40 +10:00
Jonas Ådahl 5998da7855 dix: Incroduce CursorConfinedTo vfunc in Screen
This function will be called when a pointer is grabbed non-root window
set as the 'confineTo'. This will enable the ddx to handle the
confinement their own way.

Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
2016-09-19 08:55:02 -07:00
Jonas Ådahl daf48a3aba dix: Introduce CursorWarpedTo vfunc in Screen
This new vfunc will be called, if set, after a client has issued a
WarpPointer request. This is necessary for implementing pointer warp
emulation in Xwayland.

Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
2016-09-19 08:54:56 -07:00
Jeremy Huddleston Sequoia d81f9ce12a dix/dispatch: Fix SmartScheduleClient interval adjustment to use best rather than pClient
pClient does not contain a live value after the transition to lists

https://bugs.freedesktop.org/show_bug.cgi?id=97765

Application Specific Information:
X.Org X Server 1.18.99.1 Build Date: 20160910
=================================================================
==16921==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000108ce3834 at pc 0x000108880766 bp 0x7000045f76c0 sp 0x7000045f76b8
READ of size 4 at 0x000108ce3834 thread T6
    #0 0x108880765 in SmartScheduleClient dispatch.c:365
    #1 0x10887ecc5 in Dispatch dispatch.c:422
    #2 0x1088c05f1 in dix_main main.c:301
    #3 0x1082aabba in server_thread quartzStartup.c:66
    #4 0x7fffc5f16aaa in _pthread_body (libsystem_pthread.dylib+0x3aaa)
    #5 0x7fffc5f169f6 in _pthread_start (libsystem_pthread.dylib+0x39f6)
    #6 0x7fffc5f161fc in thread_start (libsystem_pthread.dylib+0x31fc)

Regressed-in: 8f1edf4bd3
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
2016-09-15 21:41:22 -07:00
Keith Packard 52d6a1e832 Hold input lock for deviceProc
This ensures that the deviceProc is never called while the input
thread is processing data from the device.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-09-15 07:50:38 +10:00
Dave Airlie 7b634067c1 xf86Cursor: Add hw cursor support for prime
Currently with PRIME if we detect a secondary GPU,
we switch to using SW cursors, this isn't optimal,
esp for the intel/nvidia combinations, we have
no choice for the USB offload devices.

This patch checks on each slave screen if hw
cursors are enabled, and also calls set cursor
and move cursor on all screens.

Cc: Aaron Plattner <aplattner@nvidia.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
2016-09-13 10:27:19 +02:00
Dave Airlie a52530a655 dix: Add dixPrivatesCreated helper function
This is a preparation patch for adding prime hw-cursor support.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
2016-09-13 10:26:40 +02:00
Michael Thayer d8c288ec37 xi2: fix FocusIn grabs
Fix a couple of copy-and-paste errors preventing FocusIn grabs from working.
Perhaps the extension version should be bumped though to distinguish between
working and non-working extension versions.

Signed-off-by: Michael Thayer <michael.thayer@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-09-02 12:57:42 -04:00
Keith Packard fa2bc06407 dix: Avoid writing uninitialized bytes in deliverPropertyNotifyEvent
Make sure the whole event is initialized, instead of leaving the pad
bytes unset.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
2016-08-15 08:54:45 -07:00
Keith Packard f993091e7d os: Switch server to poll(2) [v3]
Eliminates all of the fd_set mangling in the server main thread

v2: Listen for POLLOUT while writes are blocked.

v3: Only mark client not ready on EAGAIN return from read

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-07-21 15:04:47 -04:00
Keith Packard 8f1edf4bd3 dix: Use list for ready clients
This converts the dispatch loop into using a list of ready clients
instead of an array. This changes the WaitForSomething API so that it
notifies DIX when a client becomes ready to read, instead of returning
the set of ready clients.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-07-21 15:04:47 -04:00
Keith Packard a414db0215 dix: Intermediate GrabServer state 'GrabKickout' not needed
The intermediate grabState, "GrabKickout", was used to trigger
dispatch into going back to WaitForSomething after doing a GrabServer
so that the set of ready clients would be recomputed to match what the
server should be processing. As we only process one client per
WaitForSomething call, we will always hit WaitForSomething after
finishing the current client, and so don't need any special case here.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-07-18 15:27:51 -04:00
Keith Packard 7762a602c1 dix/os: Merge priority computation into SmartScheduleClient
Instead of having scheduling done in two places (one in
WaitForSomething, and the other in SmartScheduleClient), just stick
all of the scheduling in SmartScheduleClient.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-07-18 15:27:51 -04:00
Keith Packard 9d15912aa4 Remove fd_set from Block/Wakeup handler API
This removes the last uses of fd_set from the server interfaces
outside of the OS layer itself.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-07-18 15:27:51 -04:00
Keith Packard fb0802113b Remove readmask from screen block/wakeup handler
With no users of the interface needing the readmask anymore, we can
remove it from the argument passed to these functions.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-07-18 15:27:51 -04:00
Keith Packard 05a793f5b3 dix: Switch to the libXfont2 API (v2)
This new libXfont API eliminates exposing internal X server symbols to
the font library, replacing those with a struct full of the entire API
needed to use that library.

v2: Use libXfont2 instead of libXfont_2

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-07-18 15:25:59 -04:00
Michel Dänzer 401a8d6e13 dix: Work around non-premultiplied ARGB cursor data
Some games incorrectly use non-premultiplied ARGB cursor data, presumably
because that's what Windows uses. On some hardware (and with SWcursor),
this breaks areas of the cursor which are supposed to be transparent
(and presumably also translucent areas, but that's less noticeable).

This change checks for pixels with alpha == 0 and any non-alpha component
!= 0. If any such pixel is found, the data is assumed to be
non-premultiplied and fixed up by multiplying the RGB components with the
alpha component.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92309
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2016-07-15 09:53:07 -04:00
Keith Packard fb1edccf3c dix: Call screen block/wakeup handlers closest to blocking [v3]
The screen block and wakeup handlers are the only ones which provide a
well known ordering between the wrapping layers; placing these as
close as possible to the server blocking provides a way for the driver
to control the flow of execution correctly.

Switch the shadow code to run in the screen block handler so that it
now occurrs just before the server goes to sleep.

Switch glamor to call down to the driver after it has executed its own
block handler piece, in case the driver needs to perform additional
flushing work after glamor has called glFlush.

These changes ensure that the following modules update the screen in
the correct order:

animated cursors        (uses RegisterBlockAndWakeupHandlers dynamically)
composite               (dynamic wrapping)
misprite                (dynamic wrapping)
shadow                  (static wrapping)
glamor                  (static wrapping)
driver                  (static wrapping)

It looks like there's still a bit of confusion between composite and
misprite; if composite updates after misprite, then it's possible
you'd exit the block handler chain with the cursor left hidden. To fix
that, misprite should be wrapping during ScreenInit time and not
unwrapping. And composite might as well join in that fun, just to make
things consistent.

[v2] Unwrap BlockHandler in shadowCloseScreen (ajax)
[v3] ephyr: Use screen block handler for flushing changes

ephyr needs to make sure it calls glXSwapBuffers after glamor finishes
its rendering. As the screen block handler is now called last, we have
to use that instead of a registered block/wakeup handler to make sure
the GL rendering is done before we copy it to the front buffer.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-06-20 11:54:57 -07:00
Hans de Goede 5c7af02b10 xrandrprovider: Do not use separate lists for unbound / source / offload slaves
A single provider can be both a offload and source slave at the same time,
the use of seperate lists breaks in this case e.g. :

xrandr --listproviders
Providers: number : 2
Provider 0: id: 0x7b cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 3 outputs: 2 associated providers: 0 name:modesetting
Provider 1: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 0 name:modesetting

xrandr --setprovideroutputsource 1 0x7b
xrandr --listproviders
Providers: number : 2
Provider 0: id: 0x7b cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 3 outputs: 2 associated providers: 1 name:modesetting
Provider 1: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 1 name:modesetting

xrandr --setprovideroffloadsink 1 0x7b
xrandr --listproviders
Providers: number : 3
Provider 0: id: 0x7b cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 3 outputs: 2 associated providers: 2 name:modesetting
Provider 1: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 2 name:modesetting
Provider 2: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 2 name:modesetting

Not good. The problem is that the provider with id 0x46 now is on both
the output_slave_list and the offload_slave_list of the master screen.

This commit fixes this by unifying all 3 lists into a single slaves list.

Note that this does change the struct _Screen definition, so this is an ABI
break. I do not expect any of the drivers to actually use the removed / changed
fields so a recompile should suffice.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
2016-06-17 11:35:58 +02:00
Adam Jackson 6cb34816af xace: Remove the audit hooks and tune dispatch
There are no in-tree consumers of the audit hooks, and they are in any
case redundant with the dtrace dispatch hooks. Neither is there any
in-tree user of the core request dispatch hook. The extension hook is
only used for non-default security cases, but in the absence of LTO we
always have to take the function call into XaceHookDispatch to find out
that there's no callback registered.

Cc: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
2016-06-10 13:26:19 -04:00
Dave Airlie a6b6e8ba02 prime: clean up slave bo properly. (v3)
This is an ABI break, in that we now pass NULL to a function that hasn't
accepted it before.

Alex Goins had a different patch for this but it wasn't symmetrical, it
freed something in a very different place than it allocated it, this
attempts to retain symmetry in the releasing of the backing bo.

v2: use a new toplevel API, though it still passes NULL to something
that wasn't expecting it.
v3: pass -1 instead of 0.

Signed-off-by: Dave Airlie <airlied@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alex Goins <agoins at nvidia.com>
2016-06-08 12:51:51 -04:00
Keith Packard 7c77c42fe8 dix: Don't update current time in the middle of input event processing
In patch 137ac094e7, Adam moved an
expensive call to UpdateCurrentTime out of the main dispatch
loop. That's a good change as the original fix from Chase was a bit
expensive. However, it breaks grab processing and so a couple of the
calls to UpdateCurrenTime need to be removed.

Input event processing can generate a stream of events; a button press
that activates a grab will send a press followed by a sequence of
enter/leave events. All of these should have the same time stamp on
the wire as they occur at the 'same' time.

More importantly, the grab time recorded in the device is pulled from
currentTime after all of the events are delivered, so if currentTime
doesn't match the time in the device event, then future grab
modifications will fail as the time marked in the device will be
'later' than the grab time known to the client (which is defined as
the timestamp from the activating input event).

A bit of history here -- it used to be that currentTime was driven
*entirely* by input events; those timestamps didn't even have to be
related to the system time in any way. Then we started doing ICCCM
stuff and people got confused when PropertyNotify events would have
the same timestamp even when delivered minutes apart because no input
events were delivered.

We added code in the server to go update the time, but only if no
input events were pending (so that the clock "wouldn't" go
backwards). The only places where this is necessary is in request
processing which may generate an event with a timestamp, and there
only at the very top of the request processing code so that the whole
request would be processed at the 'same time', just like events.

cc: Chase Douglas <chase.douglas@canonical.com>
cc: Peter Hutterer <peter.hutterer@who-t.net>
cc: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Michel Dänzer <michel.daenzer@amd.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-06-01 10:31:52 -07:00
Keith Packard 2bed654be7 dix: Remove bogus input_mutex and input_mutex_count definitions from globals.c
These are local to inputthread.c; the ones in globals.c aren't
declared in any header file.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-05-30 00:17:15 -07:00
Keith Packard f84703b50c dix: Reallocate touchpoint buffer at input event time [v2]
Now that input is threaded, malloc can be used at event time to resize
the touchpoint buffer as needed.x

v2: Remove "Need to grow the queue means dropping events."
    from comment as it no longer applies. (Peter Hutterer)

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-05-26 16:07:54 -07:00
Keith Packard 30ac756798 Create a threaded mechanism for input [v7]
The current SIGIO signal handler method, used at generation of input events,
has a bunch of oddities. This patch introduces an alternative way using a
thread, which is used to select() all input device file descriptors.

A mutex was used to control the access to input structures by the main and input
threads. Two pipes to emit alert events (such hotplug ones) and guarantee the
proper communication between them was also used.

Co-authored-by: Fernando Carrijo <fcarrijo@freedesktop.org>
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>

v2: Fix non-Xorg link. Enable where supported by default.

    This also splits out the actual enabling of input threads to
    DDX-specific patches which follow

v3: Make the input lock recursive

v4: Use regular RECURSIVE_MUTEXes instead of rolling our own
    Respect the --disable-input-thread configuration option by
    providing stubs that expose the same API/ABI.

    Respond to style comments from Peter Hutterer.

v5: use __func__ in inputthread debug and error mesages.

    Respond to style comments from Peter Hutterer.

v6: use AX_PTHREAD instead of inlining pthread tests.

    Suggested by Emil Velikov <emil.l.velikov@gmail.com>

v7: Use pthread_sigmask instead of sigprocmask when using threads

    Suggested by Adam Jackson <ajax@redhat.com>

Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
2016-05-26 16:07:54 -07:00
Keith Packard 6a5a4e6037 Remove SIGIO support for input [v5]
This removes all of the SIGIO handling support used for input
throughout the X server, preparing the way for using threads for input
handling instead.

Places calling OsBlockSIGIO and OsReleaseSIGIO are marked with calls
to stub functions input_lock/input_unlock so that we don't lose this
information.

xfree86 SIGIO support is reworked to use internal versions of
OsBlockSIGIO and OsReleaseSIGIO.

v2: Don't change locking order (Peter Hutterer)
v3: Comment weird && FALSE in xf86Helper.c
    Leave errno save/restore in xf86ReadInput
    Squash with stub adding patch (Peter Hutterer)
v4: Leave UseSIGIO config parameter so that
    existing config files don't break (Peter Hutterer)
v5: Split a couple of independent patch bits out
    of kinput.c (Peter Hutterer)

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-05-26 16:07:54 -07:00
Andrew Comminos 2fbf5c2f91 Input: Send XI2 FocusOut NotifyPointer events to the pointer window.
This changes XInput 2's propagation of NotifyPointer focus out events to
include the pointer window as well, similar to core events. This fixes
a potential permanent focus in GDK when the focus moves to PointerRoot.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=93539

Signed-off-by: Andrew Comminos <andrew@comminos.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
2016-05-16 15:19:54 +10:00
Adam Jackson 137ac094e7 dix: Push UpdateCurrentTimeIf down out of the main loop
This was added in:

    commit 312910b4e3
    Author: Chase Douglas <chase.douglas@canonical.com>
    Date:   Wed Apr 18 11:15:40 2012 -0700

        Update currentTime in dispatch loop

Unfortunately this is equivalent to calling GetTimeInMillis() once per
request. In the absolute best case (as on Linux) you're only hitting the
vDSO; on other platforms that's a syscall. Either way it puts a pretty
hard ceiling on request throughput.

Instead, push the call down to the requests that need it; basically,
grab processing and event generation.

Cc: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
2016-05-04 10:58:01 -04:00