This updates rootless to treat pixmaps consistently with COMPOSITE,
using the screen_x and screen_y values rather than doing hacky math.
This will allow for proper bounds checking on a given PixmapRec.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
The X server swapping code is a huge attack surface, much of this code
is untested and prone to security issues. The use-case of byte-swapped
clients is very niche, so let's disable this by default and allow it
only when the respective config option or commandline flag is given.
For Xorg, this adds the ServerFlag "AllowByteSwappedClients" "on".
For all DDX, this adds the commandline options +byteswappedclients and
-byteswappedclients to enable or disable, respectively.
Fixes#1201https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1029
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The minimal performance wins we gain by recycling pixmaps at this layer are
not worth the code complexity nor the interference with memory analysis
tools like malloc history, ASan, etc.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
PixmapDirtyCopyArea() is about to be used outside of pixmap.c, so fix up
its interface by specifying the dirty area directly rather than passing a
`PixmapDirtyUpdatePtr`. This makes it easier to use outside of pixmap.c, as
the caller doesn't need to create a bulky PixmapDirtyUpdateRec to use this
function.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
This fixes an OOB read and the resulting information disclosure.
Length calculation for the request was clipped to a 32-bit integer. With
the correct stuff->num_items value the expected request size was
truncated, passing the REQUEST_FIXED_SIZE check.
The server then proceeded with reading at least stuff->num_items bytes
(depending on stuff->format) from the request and stuffing whatever it
finds into the property. In the process it would also allocate at least
stuff->num_items bytes, i.e. 4GB.
The same bug exists in ProcChangeProperty and ProcXChangeDeviceProperty,
so let's fix that too.
CVE-2022-46344, ZDI-CAN 19405
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
Despite e957a2e5dd ("dix: Add hybrid full-size/empty-clip mode to
SetRootClip"), I was still seeing all X11 client windows flashing when
the root window size changes with rootless Xwayland (e.g. due to
hotplugging a monitor).
Skipping this code for ROOT_CLIP_INPUT_ONLY fixes the issue for me.
Most of these came from a mass bcopy() -> memmove() substitution in 1993
with a commit comment of "Ansification (changed bfuncs -> mfuncs)"
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Commit c7311654 cached the value of ResourceClientBits(), but that value
depends on the `MaxClients` value set either from the command line or
from the configuration file.
For the latter, a call to ResourceClientBits() is issued before the
configuration file is read, meaning that the cached value is from the
default, not from the maximum number of clients set in the configuration
file.
That obviously causes all sort of issues, including memory corruption
and crashes of the Xserver when reaching the default limit value.
To avoid that issue, also keep the LimitClient value, and recompute the
ilog2() value if that changes, as on startup when the value is set from
the the xorg.conf ServerFlags section.
v2: Drop the `cache == 0` test
Rename cache vars
Fixes: c7311654 - dix: cache ResourceClientBits() value
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1310
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
GTK3 menu widget creates a selection for touch and other events and
after receiving touch events creates an async grab that excludes touch
events. Unfortunately it relies on X server not sending the touch end
event in order to function properly. Sending touch end event will cause
it to think that the initiating touch ended and when it actually ends,
the ButtonRelease event will make it think that the menu should be
closed. As a result, the menu will be open only for the duration of the
touch making it useless.
This commit reverts f682e0563f.
Fixes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1255
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
This fixes access to freed heap memory via dev->master. E.g. when
running BarrierNotify.ReceivesNotifyEvents/7 test from
xorg-integration-tests:
==24736==ERROR: AddressSanitizer: heap-use-after-free on address
0x619000065020 at pc 0x55c450e2b9cf bp 0x7fffc532fd20 sp 0x7fffc532fd10
READ of size 4 at 0x619000065020 thread T0
#0 0x55c450e2b9ce in GetMaster ../../../dix/devices.c:2722
#1 0x55c450e9d035 in IsFloating ../../../dix/events.c:346
#2 0x55c4513209c6 in GetDeviceUse ../../../Xi/xiquerydevice.c:525
../../../Xi/xichangehierarchy.c:95
#4 0x55c450e3455c in RemoveDevice ../../../dix/devices.c:1204
../../../hw/xfree86/common/xf86Xinput.c:1142
#6 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
#7 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
#8 0x55c450e837ef in dix_main ../../../dix/main.c:302
#9 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
#11 0x55c450d0113d in _start (/usr/lib/xorg/Xorg+0x117713d)
0x619000065020 is located 160 bytes inside of 912-byte region
[0x619000064f80,0x619000065310)
freed by thread T0 here:
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10d7cf)
#1 0x55c450e19f1c in CloseDevice ../../../dix/devices.c:1014
#2 0x55c450e343a4 in RemoveDevice ../../../dix/devices.c:1186
../../../hw/xfree86/common/xf86Xinput.c:1142
#4 0x55c450e17b04 in CloseDeviceList ../../../dix/devices.c:1038
#5 0x55c450e1de85 in CloseDownDevices ../../../dix/devices.c:1068
#6 0x55c450e837ef in dix_main ../../../dix/main.c:302
#7 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
previously allocated by thread T0 here:
(/usr/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
#1 0x55c450e1c57b in AddInputDevice ../../../dix/devices.c:259
#2 0x55c450e34840 in AllocDevicePair ../../../dix/devices.c:2755
#3 0x55c45130318f in add_master ../../../Xi/xichangehierarchy.c:152
../../../Xi/xichangehierarchy.c:465
#5 0x55c4512cb9f5 in ProcIDispatch ../../../Xi/extinit.c:390
#6 0x55c450e6a92b in Dispatch ../../../dix/dispatch.c:551
#7 0x55c450e834b7 in dix_main ../../../dix/main.c:272
#8 0x55c4517a8d93 in main ../../../dix/stubmain.c:34
(/lib/x86_64-linux-gnu/libc.so.6+0x28564)
The problem is caused by dev->master being not reset when disabling the
device, which then causes dangling pointer when the master device itself
is being deleted when exiting whole server.
Note that RecalculateMasterButtons() requires dev->master to be still
valid, so we can reset it only at the end of function.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
When processing events we operate on InternalEvent pointers. They may
actually refer to a an instance of DeviceEvent, GestureEvent or any
other event that comprises the InternalEvent union. This works well in
practice because we always look into event type before doing anything,
except in the case of copying the event.
*dst_event = *src_event would copy whole InternalEvent event and would
cause out of bounds read in case the pointed to event was not
InternalEvent but e.g. DeviceEvent.
This regression has been introduced in
23a8b62d34.
Fixes https://gitlab.freedesktop.org/xorg/xserver/-/issues/1261
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
Fix the following race:
Possible data race during read of size 8 at 0xA112510 by thread #6
Locks held: 1, at address 0x366B40
at 0x14C8B9: GetMaster (devices.c:2691)
by 0x15CFC5: IsFloating (events.c:346)
by 0x2B9554: miPointerGetScreen (mipointer.c:527)
by 0x1A5136: xf86PostButtonEventM (xf86Xinput.c:1379)
by 0x1A52BD: xf86PostButtonEvent (xf86Xinput.c:1345)
by 0x485F45B: EvdevProcessEvent (in /usr/lib64/xorg/modules/input/evdev_drv.so)
by 0x485FDAC: EvdevReadInput (in /usr/lib64/xorg/modules/input/evdev_drv.so)
by 0x195427: xf86ReadInput (xf86Events.c:247)
by 0x2CC113: InputReady (inputthread.c:180)
by 0x2CE4EA: ospoll_wait (ospoll.c:657)
by 0x2CC077: InputThreadDoWork (inputthread.c:369)
by 0x484A336: mythread_wrapper (hg_intercepts.c:406)
This conflicts with a previous write of size 8 by thread #1
Locks held: none
at 0x14D2C6: AttachDevice (devices.c:2609)
by 0x15CF85: ReattachToOldMaster (events.c:1457)
by 0x1647DD: DeactivateKeyboardGrab (events.c:1700)
by 0x25D7F1: ProcXIUngrabDevice (xigrabdev.c:169)
by 0x2552AD: ProcIDispatch (extinit.c:398)
by 0x155291: Dispatch (dispatch.c:479)
by 0x158CBA: dix_main (main.c:276)
by 0x143A3D: main (stubmain.c:34)
Address 0xa112510 is 336 bytes inside a block of size 904 alloc'd
at 0x4846571: calloc (vg_replace_malloc.c:1328)
by 0x14A0B3: AddInputDevice (devices.c:260)
by 0x1A31A0: xf86ActivateDevice (xf86Xinput.c:365)
by 0x1A4549: xf86NewInputDevice (xf86Xinput.c:948)
by 0x1A4B44: NewInputDeviceRequest (xf86Xinput.c:1090)
by 0x1B81FE: device_added (udev.c:282)
by 0x1B8516: config_udev_init (udev.c:439)
by 0x1B7091: config_init (config.c:50)
by 0x197970: InitInput (xf86Init.c:814)
by 0x158C6B: dix_main (main.c:250)
by 0x143A3D: main (stubmain.c:34)
Block was alloc'd by thread #1
The steps to trigger the race are:
1. Main thread does cleanup at mipointer.c:360 setting the slave device's
miPointerPtr to null.
2. Input thread use MIPOINTER in mipointer.c and get the slave's
miPointerPtr = null.
3. Main thread updates dev->master at devices.c:2609.
4. MIPOINTER would now return the master's miPointerPtr but the input
thread already got the slave's miPointerPtr in step 2 and segfaults by
null ptr deref.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1260
Signed-off-by: Thomas Lindroth <thomas.lindroth@gmail.com>
This fixes a crash when a DeviceEvent struct converted to
InteralEvent was beeing copied as InternalEvent (and thus
causing out of bounds reads) in ActivateGrabNoDelivery()
in events.c: 3876 *grabinfo->sync.event = *real_event;
Possible fix for https://gitlab.freedesktop.org/xorg/xserver/-/issues/1253
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Adding the offset between the realloc result and the old allocation to
update pointers into the new allocation is undefined behaviour: the
old pointers are no longer valid after realloc() according to the C
standard. While this works on almost all architectures and compilers,
it causes problems on architectures that track pointer bounds (e.g.
CHERI or Arm's Morello): the DevPrivateKey pointers will still have the
bounds of the previous allocation and therefore any dereference will
result in a run-time trap.
I found this due to a crash (dereferencing an invalid capability) while
trying to run `XVnc` on a CHERI-RISC-V system. With this commit I can
successfully connect to the XVnc instance running inside a QEMU with a
VNC viewer on my host.
This also changes the check whether the allocation was moved to use
uintptr_t instead of a pointer since according to the C standard:
"The value of a pointer becomes indeterminate when the object it
points to (or just past) reaches the end of its lifetime." Casting to an
integer type avoids this undefined behaviour.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
In some scenarios, the Wayland compositor might have more knowledge
than the X11 server and may be able to perform pointer emulation for
touch events better. Add a command-line switch to allow compositors
to turn Xwayland pointer emulation off.
Signed-off-by: Simon Ser <contact@emersion.fr>
It is copied using memcpy() and not modified so we can add const. This
fixes a -Wincompatible-pointer-types-discards-qualifiers compiler warning
that was failing a -Werror XVnc build for me.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
When the command line option "-terminate" is used, it could be
interesting to give it an optional grace period to let the Xserver
running for a little longer in case a new connection occurs.
This adds an optional parameter to the "-terminate" command line option
for this purpose.
v2: Use a delay in seconds instead of milliseconds
(Martin Peres <martin.peres@mupuf.org>)
v3: Clarify man page entry, ensure terminateDelay is always >= 0,
simplify TimerFree(). (Peter Hutterer <peter.hutterer@who-t.net>)
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
With Wayland compositors now being able to start Xwayland on demand, the
next logical step is to be able to stop Xwayland when there is no more
need for it.
The Xserver itself is capable of terminating itself once all X11 clients
are gone, yet in a typical full session, there are a number of X11
clients running continuously (e.g. the Xsettings daemon, IBus, etc.).
Those always-running clients will prevent the Xserver from terminating,
because the actual number of X11 clients will never drop to 0. Worse,
the X11 window manager of a Wayland compositor also counts as an X11
client, hence also preventing Xwayland from stopping.
Some compositors such as mutter use the XRes extension to query the X11
clients connected, match their PID with the actual executable name and
compare those with a list of executables that can be ignored when
deciding to kill the Xserver.
But that's not just clumsy, it is also racy, because a new X11 client
might initiate a connection the X11 server right when the compositor is
about to kill it.
To solve this issue directly at the Xserver level, this add new entries
to the XFixes extension to let the X11 clients themselves specify the
disconnect mode they expect.
Typically, those X11 daemon clients would specify the disconnect mode
XFixesClientDisconnectFlagTerminate to let the Xserver know that they
should not be accounted for when checking the remaining clients prior
to terminate.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
This fixes an problem left in f682e0563f
due to an incorrect cherry-pick.
We must use old listener->listener to deliver the touch event. Otherwise
grab won't let the event through and the abovementioned commit has no
effect.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
Trying to change the pointer control settings on a device without
PtrFeedbackPtr would be a bug and a crash in the Xserver.
Guard against that case by returning early with a BadImplementation
error, that might kill the X11 client but the Xserver would survive.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Related: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1137
This add a new flag POINTER_RAWONLY for GetPointerEvents() which does
pretty much the opposite of POINTER_NORAW.
Basically, this tells GetPointerEvents() that we only want the
DeviceChanged events and any raw events for this motion but no actual
motion events.
This is preliminary work for Xwayland to be able to use relative motion
events for raw events. Xwayland would use absolute events for raw
events, but some X11 clients (wrongly) assume raw events to be always
relative.
To allow such clients to work with Xwayland, it needs to switch to
relative raw events (if those are available from the Wayland
compositor).
However, Xwayland cannot use relative motion events for actual pointer
location because that would cause a drift over time, the pointer being
actually controlled by the Wayland compositor.
So Xwayland needs to be able to send only relative raw events, hence
this API.
Bump the ABI_XINPUT_VERSION minor version to reflect that API addition.
v2: Actually avoid sending motion events (Peter)
v3: Keep sending raw emulated events with RAWONLY (Peter)
Suggested-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Related: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1130
If a XI2 client started listening to touches due to a selection and then
creates an active async grab that does not include touch events, then it
currently won't get the touch end event which will produce inconsistent
view of the pending touches.
Note that we only need to consider touch listeners and can ignore
pointer emulation. Under XI2 if a active grab replaces a passive
implicit grab and the active grab does not include the button release
event, the client won't get it either.
Resolves warning from Oracle Parfait static analyser:
Warning: Impossible or redundant condition
Impossible or redundant condition [impossible-redundant-condition]:
Condition 'dev != NULL' of branch is determined by previous branch
at line 270 of dix/devices.c in function 'AddInputDevice'.
Condition 'dev != NULL' from this branch implies following branch is always true at line 262
Fixes: commit 493ad83323
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Avoid leaking un-initalized memory to clients by zeroing the
whole pixmap on initial allocation.
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Most (but not all) of these were found by using
codespell --builtin clear,rare,usage,informal,code,names
but not everything reported by that was fixed.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
If a client is in the process of being closed down, then its client->osPrivate
pointer will be set to NULL by CloseDownConnection. This can cause a crash if
freeing the client's resources results in a call to AttendClient. For example,
if the client has a pending sync fence:
Thread 1 "X" received signal SIGSEGV, Segmentation fault.
AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942
(gdb) bt
#0 AttendClient (client=0x5571c4aed9a0) at ../os/connection.c:942
#1 0x00005571c3dbb865 in SyncAwaitTriggerFired (pTrigger=<optimized out>) at ../Xext/sync.c:694
#2 0x00005571c3dd5749 in miSyncDestroyFence (pFence=0x5571c5063980) at ../miext/sync/misync.c:120
#3 0x00005571c3dbbc69 in FreeFence (obj=<optimized out>, id=<optimized out>) at ../Xext/sync.c:1909
#4 0x00005571c3d7a01d in doFreeResource (res=0x5571c506e3d0, skip=skip@entry=0) at ../dix/resource.c:880
#5 0x00005571c3d7b1dc in FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1146
#6 FreeClientResources (client=0x5571c4aed9a0) at ../dix/resource.c:1109
#7 0x00005571c3d5525f in CloseDownClient (client=0x5571c4aed9a0) at ../dix/dispatch.c:3473
#8 0x00005571c3d55eeb in Dispatch () at ../dix/dispatch.c:492
#9 0x00005571c3d59e96 in dix_main (argc=3, argv=0x7ffe7854bc28, envp=<optimized out>) at ../dix/main.c:276
#10 0x00007fea4837cb6b in __libc_start_main (main=0x5571c3d1d060 <main>, argc=3, argv=0x7ffe7854bc28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe7854bc18) at ../csu/libc-start.c:308
#11 0x00005571c3d1d09a in _start () at ../Xext/sync.c:2378
(gdb) print client->osPrivate
$1 = (void *) 0x0
Since the client is about to be freed, its ignore count doesn't matter and
AttendClient can simply be a no-op. Check for client->clientGone in AttendClient
and remove similar checks from two callers that had them.
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
This ensures that any prep work for the drawable we're about to read
from is already done before we call down to GetImage. This should be no
functional change as most of the callers with a non-trivial
SourceValidate are already wrapping GetImage and doing the equivalent
thing, but we'll be simplifying that shortly.
More importantly this ensures that if any of that prep work would
generate events - like automatic compositing flushing rendering to a
parent pixmap which then triggers damage - then it happens entirely
before we start writing the GetImage reply header.
Note that we do not do the same for GetSpans, but that's okay. The only
way to get to GetSpans is through miCopyArea or miCopyPlane - where the
callers must already call SourceValidate - or miGetImage - which this
commit now protects with SourceValidate.
Fixes: xorg/xserver#902
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Slightly simplifies the callers since they don't need to check for
non-NULL anymore.
I do extremely hate the workarounds here to suppress misprite taking the
cursor down though. Surely there's a better way.
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
When we set these up initially, no subsystems have allocated any
privates yet, so the storage address will be null, and memset(NULL, ...)
is undefined.
Request-handlers as registered in the requestVector array, always get
passed the clientPtr for the client which sent the request.
But the implementation of many request-handlers typically consists of
a generic handler calling implementation specific callbacks and / or
various helpers often multiple levels deep and in many cases the clientPtr
does not get passed to the callbacks / helpers.
This means that in some places where we would like to have access to the
current-client, we cannot easily access it and fixing this would require
a lot of work and often would involve ABI breakage.
This commit adds a GetCurrentClient helper which can be used as a
shortcut to get access to the clienPtr for the currently being processed
request without needing a lot of refactoring and ABI breakage.
Note using this new GetCurrentClient helper is only safe for code
which only runs from the main thread, this new variable MUST NOT be used
by code which runs from signal handlers or from the input-thread.
The specific use-case which resulted in the creation of this patch is adding
support for emulation of randr / vidmode resolution changes to Xwayland.
This emulation will not actually change the monitor resolution instead it
will scale any window with a size which exactly matches the requested
resolution to fill the entire monitor. The main use-case for this is
games which are hard-coded to render at a specific resolution and have
sofar relied on randr / vidmode to change the monitor resolution when going
fullscreen.
To make this emulation as robust as possible (e.g. avoid accidentally scaling
windows from other apps) we want to make the emulated resolution a per client
state. But e.g. the RRSetCrtc function does not take a client pointer; and is
a (used) part of the Xorg server ABI (note the problem is not just limited
to RRSetCrtc).
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
There is a race when reseting the XServer that causes spriteInfo to be
NULL in GetPairedDevice resulting a segfault and subsequent crash. The
problem was noticed when opening a connection, creating master devices,
destroying master devices and closing the connection during testing.
Signed-off-by: Arthur Williams <taaparthur@gmail.com>
When compiling with link time optimization, GCC thinks it's discovered
undefined behavior:
events.c: In function 'XineramaConfineCursorToWindow':
events.c:609:13: warning: iteration 2147483647 invokes undefined behavior [-Waggressive-loop-optimizations]
events.c:609:11: note: within this loop
events.c:605:49: warning: array subscript -1 is below array bounds of 'struct _Window *[16]' [-Warray-bounds]
events.c:606:31: warning: array subscript -1 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
events.c:610:39: warning: array subscript -2 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
events.c:617:38: warning: array subscript -2 is below array bounds of 'struct _Window *[16]' [-Warray-bounds]
events.c:619:35: warning: array subscript -2 is below array bounds of 'struct _Screen *[16]' [-Warray-bounds]
This results from
i = PanoramiXNumScreens - 1;
RegionCopy(&pSprite->Reg1, &pSprite->windows[i]->borderSize);
off_x = screenInfo.screens[i]->x;
off_y = screenInfo.screens[i]->y;
where GCC believes that PanoramiXNumScreens might be 0. Unfortunately
GCC is just smart enough to be an annoyance because this case is not
actually possible: XineramaConfineCursorToWindow() is only called when
noPanoramiXExtension is false, and if noPanoramiXExtension is false then
PanoramiXNumScreens must be >1 (see PanoramiXExtensionInit()).
So, add an assert(!noPanoramiXExtension), which to my surprise provides
GCC with information even in release builds and lets GCC understand that
the code is not doing anything that is undefined behavior.
I chose this solution instead of the proposed assert(i >= 0) because the
same pattern occurs in CheckVirtualMotion() but is inside an
'if (!noPanoramiXExtension)' and does not generate any warnings.
Fixes: xorg/xserver#590
Signed-off-by: Matt Turner <mattst88@gmail.com>
Separate each statement of the form "assert(a && b);" into "assert(a);"
and "assert(b);" for more precise diagnostics, except for this clever
use in drmmode_display.c where it was used to pass a hint to developers:
assert(num_infos <= 32 && "update return type");
We hide CWBackingStore from the screen hook if nothing's actually
changing, which means compChangeWindowAttributes no longer needs to
compare the requested state with the present one.
Terms:
dev->last.valuator[] is the last value given to us by the driver
dev->valuator.axisVal[] is the last value sent to the client
dev->last.scroll[] is the abs value of the scroll axis as given by the driver,
used for button emulation calculation (and the remainder)
This function updates the device's last.valuator state based on the current
master axis state. This way, relative motion continues fluidly when switching
between devices. Before mouse 2 comes into effect, it's valuator state is
updated to wherever the pointer currently is so the relative event applies on
top of that.
This can only work for x/y axes, all other axes aren't guaranteed to have the
same meaning and/or may not be present:
- xtest device: no valuator 2
- mouse: valuator 2 is horizontal scroll axis
- tablet: valuator 2 is pressure
Scaling the current value from the pressure range into the range for
horizontal scrolling makes no sense. And it causes scroll jumps:
- scroll down, last.valuator == axisVal == 20
- xdotool click 1, the XTest device doesn't have that valuator
- scroll up
- updateSlaveDeviceCoords reset last.valuator to 0 (axisVal == 20)
- DeviceClassesChangedEvent includes value 20 for the axis
- event is processed, last.value changes from 0 to -1
- axisVal is updated to -1, causing a jump of -21
The same applies when we switch from tablet to mouse wheel if the pressure
value is 0 on proximity out (basically guaranteed). So let's drop this code
altogether and only leave the scaling for the relative x/y motion.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The `LimitClient` is set once and for all at startup, whereas the
function `ResourceClientBits()` which returns the client field offset
within the XID based on the value of `LimitClient` can be called
repeatedly.
Small optimization, cache the result of `ilog2()`, that saves running
the same loop over and over each time `ResourceClientBits()` is called.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
If the server resets, most client workqueues are cleaned up as the
clients are killed.
The one exception is the server's client, which is exempt from
the killing spree.
If that client has a queued work procedure active, it won't get
cleared on reset.
This commit ensures it gets cleared too.
c67f2eac56 ("dix: always send focus event on grab change") made dix
always sent events when it's a NotifyGrab or NotifyUngrab, even if
from == to, because 'from' can just come from a previous XSetInputFocus
call.
However, when an application calls XGrabKeyboard several times on
the same window, we are now sending spurious FocusOut+FocusIn with
NotifyGrab, even if the grab does not actually change. This makes screen
readers for blind people spuriously emit activity events which disturb
screen reading workflow when e.g. switching between menus.
This commit avoids calling DoFocusEvents in that precise case, i.e. when
oldWin is a previous grab and the new grab is the same window.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
The screensaver can regularly move its window to random offsets. It should
use the ConfigureWindow function instead of calling the Screen's MoveWindow
directly. Some MoveWindow implementations, such as compMoveWindow, rely on
Screen's ConfigNotify being called first as it happens in ConfigureWindow.
Reviewed-by: Adam Jackson <ajax@redhat.com>
This reverts commit b45c74f0f2.
It broke the cursor in other games. Apparently those use cursor data
with premultiplied alpha, but with some pixels having r/g/b values
larger than the alpha value (which corresponds to original r/g/b
values > 1.0), triggering the workaround.
Seems the cure turned out worse than the disease, so revert.
Bugzilla: https://bugs.freedesktop.org/108650
Turns out some apps (e.g. the Civilization VI game) use
non-premultiplied cursor data which doesn't have any pixels with 0 alpha
but non-0 non-alpha, but can still result in visual artifacts.
This uses the method suggested by Kamil in
https://bugs.freedesktop.org/92309#c19: check for pixels where any
colour component value is larger than the alpha value, which isn't
possible with premultiplied alpha.
There can still be non-premultiplied data which won't be caught by this,
but that should result in slightly incorrect colours and/or blending at
the worst, not wildly incorrect colours such as shown in the bug report
below.
Bugzilla: https://bugs.freedesktop.org/108355
Suggested-by: Kamil Paral <kamil.paral@gmail.com>
This hasn't done anything besides return TRUE in a long long time.
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
This variable was no longer being read anywhere. MAXCLIENTS the macro is
the compile-time maximum limit, LIMITCLIENTS the macro is the default
limit, LimitClients the variable is the limit for the current server.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Coverity complains about a use after free in here after the
freeing, I can't follow the linked list so well, but whot
says the device can only be on one list once, so break should
fix it.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Not sure what if anything calls XSetDeviceModifierMapping() but this would've
failed all the time. check_modmap_change() returns Success but we were
treating it like a boolean. Fix this.
Reported-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
GLX registers an extension before we know if there are any screens that
can actually do it. It's inconvenient to shrink the extension list, so
instead allow the extension to simply zero out its base opcode to
indicate that it needed to panic and disable itself.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Focus events are useless when 'from' and 'to' are the same. But when
this is the result of a (Un)GrabKeyboard request, we should always send
them, including when the window manager had previously used XSetInputFocus
to specify the focus on a window which happens to be now taking a grab.
This is notably needed for window manager using XI to always get keyboard
events even during grabs, so they can determine exactly when grabbing is
active.
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
../dix/getevents.c: In function ‘transformAbsolute’:
../dix/getevents.c:1195:28: warning: ‘oy’ may be used uninitialized in this function [-Wmaybe-uninitialized]
struct pixman_f_vector p = {.v = {*x, *y, 1} };
^
../dix/getevents.c🔢22: note: ‘oy’ was declared here
double x, y, ox, oy;
^~
This one is truly special. Even though both ox and oy are set and read
along the same paths, only oy is marked for this warning! Initializing
just oy = 0.0 fixes it entirely, but let's not make a weird thing
weirder.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Keith Packard <keithp@keithp.com>
PtrCtrl really makes sense for relative pointing device only, absolute
devices such as touch devices do not have any PtrCtrl set.
In some cases, if the client issues a XGetPointerControl() immediatlely
after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
a NULL pointer dereference will occur leading to a crash of Xwayland.
Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
return the default control values otherwise, to avoid the NULL pointer
dereference.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Roundhouse kick replacing the various (sizeof(foo)/sizeof(foo[0])) with
the ARRAY_SIZE macro from dix.h when possible. A semantic patch for
coccinelle has been used first. Additionally, a few macros have been
inlined as they had only one or two users.
Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This allows making the master screen's pixmap_dirty_list entries
explicitly reflect that we're now tracking the root window instead of
the screen pixmap, in order to allow Present page flipping on master
outputs while there are active slave outputs.
Define HAS_DIRTYTRACKING_DRAWABLE_SRC for drivers to check, but leave
HAS_DIRTYTRACKING_ROTATION defined as well to make things slightly
easier for drivers.
Reviewed-by: Adam Jackson <ajax@redhat.com>
This appears to be essentially unused. The only known client-side
library for the SELinux extension is xcb, which does not look for the
name "Flask". The "SGI-GLX" alias for GLX appears to be a bit of
superstition at this point, NVIDIA's driver does not expose it and Mesa
does not check for it.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Acked-by: Keith Packard <keithp@keithp.com>
The SendEvent request holds xEvent which is exactly 32 bytes long, no more,
no less. Both ProcSendEvent and SProcSendEvent verify that the received data
exactly match the request size. However nothing stops the client from passing
in event with xEvent::type = GenericEvent and any value of
xGenericEvent::length.
In the case of ProcSendEvent, the event will be eventually passed to
WriteEventsToClient which will see that it is Generic event and copy the
arbitrary length from the receive buffer (and possibly past it) and send it to
the other client. This allows clients to copy unitialized heap memory out of X
server or to crash it.
In case of SProcSendEvent, it will attempt to swap the incoming event by
calling a swapping function from the EventSwapVector array. The swapped event
is written to target buffer, which in this case is local xEvent variable. The
xEvent variable is 32 bytes long, but the swapping functions for GenericEvents
expect that the target buffer has size matching the size of the source
GenericEvent. This allows clients to cause stack buffer overflows.
Signed-off-by: Michal Srb <msrb@suse.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If the root window borderClip region is null, the PointInWindowIsVisible()
check fails if pointer warping is attempted on the root window, making
the warping operation bail out early.
Assume coordinates always lay inside the root window for this case,
the actual position will be clamped later within screen coordinates anyway.
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Delay removing the client from these two queues until all potential
I/O has completed in case we mark the client as ready for reading or
with pending output during the close operation.
Bugzilla: https://bugs.freedesktop.org/100957
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Nick Sarnie <commendsarnex@gmail.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
This is a work in progress that builds Xvfb, Xephyr, Xwayland, Xnest,
and Xdmx so far. The outline of Xquartz/Xwin support is in tree, but
hasn't been built yet. The unit tests are also not done.
The intent is to build this as a complete replacement for the
autotools system, then eventually replace autotools. meson is faster
to generate the build, faster to run the bulid, shorter to write the
build files in, and less error-prone than autotools.
v2: Fix indentation nits, move version declaration to project(), use
existing meson_options for version-config.h's vendor name/web.
Signed-off-by: Eric Anholt <eric@anholt.net>
Acked-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Found when the meson conversion set the symbol to defined, instead of
defined to 1.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Most of this is a legacy of the old "extmod" design where you could load
_some_ extensions dynamically but only if the server had been built with
support for them in the first place.
Note that since we now only initialize the DPMS extension if at least
one screen supports it, we no longer need DPMSCapableFlag: if it would
be false, we would never read its value.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
None of this is actually wired up to anything, so we can also remove the
devPrivates from the DamageRec. The DamageExtRec is what would need
devPrivates for selinux labeling, in principle.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
This touches everything that ends up in the Xorg binary; the big missing
part is GLX since that's all generated code. Cuts about 14k from the
binary on amd64.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
This will be used by in-server features that need to react to property
changes. The first one will be _XWAYLAND_ALLOW_COMMITS.
Signed-off-by: Adam Jackson <ajax@redhat.com>
[Pekka: add commit message body]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Instead of just the atom. No functional change.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
The root window, and by extension any damage records referencing it,
may be destroyed before shared pixmaps referencing it, which resulted in
use-after-free / double-free in PixmapStopDirtyTracking.
Fixes: b5b292896f ("prime: Sync shared pixmap from root window instead of screen pixmap")
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
The screen pixmap doesn't receive updates while there's a Present flip
window.
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
A client which is attended while a grab is blocking execution of its
requests needs to be placed in the saved_ready_clients list so that it
will get scheduled once the grab terminates. Otherwise, if the client
never sends another request, there is no way for it to be placed in
the ready_clients list.
v2: Wrap comment above mark_client_saved_ready.
Remove test for OS_COMM_IGNORED which will always be true.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99333
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
The custom os/os.O library reuses *.o files of os/libos.la.
The current rule assumes automake puts all the objects into per-target
am__*_la_OBJECTS variable. At least with AC_REPLACE_FUNCS, this no
longer holds (as wanted objects are put into LTLIBOBJS instead).
Depend on automake's result, the *.la library instead, to express demand
of any its dependencies being built.
Should be fixing randomly occuring "undefined reference to `strlcpy'"
errors when linking Xvfb and other DDX-es that could use os.O.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Mihail Konev <k.mvc@ya.ru>
Commits 816015648f and
fee0827a9a made it so that
wl_keyboard::enter doesn't result in X clients getting KeyPress events
while still updating our internal xkb state to be in sync with the
host compositor.
wl_keyboard::leave needs to be handled in the same way as its
semantics from an X client POV should be the same as an X grab getting
triggered, i.e. X clients shouldn't get KeyRelease events for keys
that are still down at that point.
This patch uses LeaveNotify for these events on wl_keyboard::leave and
changes the current use of KeymapNotify to EnterNotify instead just to
keep some symmetry between both cases.
On ProcessDeviceEvent() we still need to deactivate X grabs if needed
for KeyReleases.
Signed-off-by: Rui Matos <tiagomatos@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
I think it is possible that output could get queued to a client during
CloseDownClient. After it is removed from the pending queue, active
grabs are released, the client is awoken if sleeping and any work
queue entries related to the client are processed.
To fix this, move the call removing it from the output_pending chain
until after clientGone has been set and then check clientGone in
output_pending_mark.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1382444
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
[This was originally a workaround for a client-side resource leak:
http://lists.freedesktop.org/archives/xorg-devel/2012-November/034555.html
Obviously that's a broken app, but the performance problem it
illustrates - that walking the linked list ends up burning all your CPU
time - is real enough. - ajax]
v2: Replace with a shorter code sequence which computes the same
results for all but numBits == 7
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Add a valuator mask setter for setting absolute coordinate combined
with unaccelerated motion deltas. This will later be used by Xwayland
to combine a wl_pointer.motion() event with the unaccelerated delta of
a wp_relative_pointer.relative_motion() event.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
GetImage is allowed to return window border contents, so don't remove
that from the returned image.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
This allows us to remove darwinEvents_lock() and darwinEvents_unlock()
and remove the serverRunning hack from dix
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This function will be called when a pointer is grabbed non-root window
set as the 'confineTo'. This will enable the ddx to handle the
confinement their own way.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
This new vfunc will be called, if set, after a client has issued a
WarpPointer request. This is necessary for implementing pointer warp
emulation in Xwayland.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
pClient does not contain a live value after the transition to lists
https://bugs.freedesktop.org/show_bug.cgi?id=97765
Application Specific Information:
X.Org X Server 1.18.99.1 Build Date: 20160910
=================================================================
==16921==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000108ce3834 at pc 0x000108880766 bp 0x7000045f76c0 sp 0x7000045f76b8
READ of size 4 at 0x000108ce3834 thread T6
#0 0x108880765 in SmartScheduleClient dispatch.c:365
#1 0x10887ecc5 in Dispatch dispatch.c:422
#2 0x1088c05f1 in dix_main main.c:301
#3 0x1082aabba in server_thread quartzStartup.c:66
#4 0x7fffc5f16aaa in _pthread_body (libsystem_pthread.dylib+0x3aaa)
#5 0x7fffc5f169f6 in _pthread_start (libsystem_pthread.dylib+0x39f6)
#6 0x7fffc5f161fc in thread_start (libsystem_pthread.dylib+0x31fc)
Regressed-in: 8f1edf4bd3
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
This ensures that the deviceProc is never called while the input
thread is processing data from the device.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Currently with PRIME if we detect a secondary GPU,
we switch to using SW cursors, this isn't optimal,
esp for the intel/nvidia combinations, we have
no choice for the USB offload devices.
This patch checks on each slave screen if hw
cursors are enabled, and also calls set cursor
and move cursor on all screens.
Cc: Aaron Plattner <aplattner@nvidia.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
This is a preparation patch for adding prime hw-cursor support.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Fix a couple of copy-and-paste errors preventing FocusIn grabs from working.
Perhaps the extension version should be bumped though to distinguish between
working and non-working extension versions.
Signed-off-by: Michael Thayer <michael.thayer@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Make sure the whole event is initialized, instead of leaving the pad
bytes unset.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Eliminates all of the fd_set mangling in the server main thread
v2: Listen for POLLOUT while writes are blocked.
v3: Only mark client not ready on EAGAIN return from read
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This converts the dispatch loop into using a list of ready clients
instead of an array. This changes the WaitForSomething API so that it
notifies DIX when a client becomes ready to read, instead of returning
the set of ready clients.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
The intermediate grabState, "GrabKickout", was used to trigger
dispatch into going back to WaitForSomething after doing a GrabServer
so that the set of ready clients would be recomputed to match what the
server should be processing. As we only process one client per
WaitForSomething call, we will always hit WaitForSomething after
finishing the current client, and so don't need any special case here.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Instead of having scheduling done in two places (one in
WaitForSomething, and the other in SmartScheduleClient), just stick
all of the scheduling in SmartScheduleClient.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This removes the last uses of fd_set from the server interfaces
outside of the OS layer itself.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
With no users of the interface needing the readmask anymore, we can
remove it from the argument passed to these functions.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This new libXfont API eliminates exposing internal X server symbols to
the font library, replacing those with a struct full of the entire API
needed to use that library.
v2: Use libXfont2 instead of libXfont_2
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Some games incorrectly use non-premultiplied ARGB cursor data, presumably
because that's what Windows uses. On some hardware (and with SWcursor),
this breaks areas of the cursor which are supposed to be transparent
(and presumably also translucent areas, but that's less noticeable).
This change checks for pixels with alpha == 0 and any non-alpha component
!= 0. If any such pixel is found, the data is assumed to be
non-premultiplied and fixed up by multiplying the RGB components with the
alpha component.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=92309
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
The screen block and wakeup handlers are the only ones which provide a
well known ordering between the wrapping layers; placing these as
close as possible to the server blocking provides a way for the driver
to control the flow of execution correctly.
Switch the shadow code to run in the screen block handler so that it
now occurrs just before the server goes to sleep.
Switch glamor to call down to the driver after it has executed its own
block handler piece, in case the driver needs to perform additional
flushing work after glamor has called glFlush.
These changes ensure that the following modules update the screen in
the correct order:
animated cursors (uses RegisterBlockAndWakeupHandlers dynamically)
composite (dynamic wrapping)
misprite (dynamic wrapping)
shadow (static wrapping)
glamor (static wrapping)
driver (static wrapping)
It looks like there's still a bit of confusion between composite and
misprite; if composite updates after misprite, then it's possible
you'd exit the block handler chain with the cursor left hidden. To fix
that, misprite should be wrapping during ScreenInit time and not
unwrapping. And composite might as well join in that fun, just to make
things consistent.
[v2] Unwrap BlockHandler in shadowCloseScreen (ajax)
[v3] ephyr: Use screen block handler for flushing changes
ephyr needs to make sure it calls glXSwapBuffers after glamor finishes
its rendering. As the screen block handler is now called last, we have
to use that instead of a registered block/wakeup handler to make sure
the GL rendering is done before we copy it to the front buffer.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
A single provider can be both a offload and source slave at the same time,
the use of seperate lists breaks in this case e.g. :
xrandr --listproviders
Providers: number : 2
Provider 0: id: 0x7b cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 3 outputs: 2 associated providers: 0 name:modesetting
Provider 1: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 0 name:modesetting
xrandr --setprovideroutputsource 1 0x7b
xrandr --listproviders
Providers: number : 2
Provider 0: id: 0x7b cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 3 outputs: 2 associated providers: 1 name:modesetting
Provider 1: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 1 name:modesetting
xrandr --setprovideroffloadsink 1 0x7b
xrandr --listproviders
Providers: number : 3
Provider 0: id: 0x7b cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 3 outputs: 2 associated providers: 2 name:modesetting
Provider 1: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 2 name:modesetting
Provider 2: id: 0x46 cap: 0xf, Source Output, Sink Output, Source Offload, Sink Offload crtcs: 2 outputs: 5 associated providers: 2 name:modesetting
Not good. The problem is that the provider with id 0x46 now is on both
the output_slave_list and the offload_slave_list of the master screen.
This commit fixes this by unifying all 3 lists into a single slaves list.
Note that this does change the struct _Screen definition, so this is an ABI
break. I do not expect any of the drivers to actually use the removed / changed
fields so a recompile should suffice.
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
There are no in-tree consumers of the audit hooks, and they are in any
case redundant with the dtrace dispatch hooks. Neither is there any
in-tree user of the core request dispatch hook. The extension hook is
only used for non-default security cases, but in the absence of LTO we
always have to take the function call into XaceHookDispatch to find out
that there's no callback registered.
Cc: Eamon Walsh <ewalsh@tycho.nsa.gov>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
This is an ABI break, in that we now pass NULL to a function that hasn't
accepted it before.
Alex Goins had a different patch for this but it wasn't symmetrical, it
freed something in a very different place than it allocated it, this
attempts to retain symmetry in the releasing of the backing bo.
v2: use a new toplevel API, though it still passes NULL to something
that wasn't expecting it.
v3: pass -1 instead of 0.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Tested-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Alex Goins <agoins at nvidia.com>
In patch 137ac094e7, Adam moved an
expensive call to UpdateCurrentTime out of the main dispatch
loop. That's a good change as the original fix from Chase was a bit
expensive. However, it breaks grab processing and so a couple of the
calls to UpdateCurrenTime need to be removed.
Input event processing can generate a stream of events; a button press
that activates a grab will send a press followed by a sequence of
enter/leave events. All of these should have the same time stamp on
the wire as they occur at the 'same' time.
More importantly, the grab time recorded in the device is pulled from
currentTime after all of the events are delivered, so if currentTime
doesn't match the time in the device event, then future grab
modifications will fail as the time marked in the device will be
'later' than the grab time known to the client (which is defined as
the timestamp from the activating input event).
A bit of history here -- it used to be that currentTime was driven
*entirely* by input events; those timestamps didn't even have to be
related to the system time in any way. Then we started doing ICCCM
stuff and people got confused when PropertyNotify events would have
the same timestamp even when delivered minutes apart because no input
events were delivered.
We added code in the server to go update the time, but only if no
input events were pending (so that the clock "wouldn't" go
backwards). The only places where this is necessary is in request
processing which may generate an event with a timestamp, and there
only at the very top of the request processing code so that the whole
request would be processed at the 'same time', just like events.
cc: Chase Douglas <chase.douglas@canonical.com>
cc: Peter Hutterer <peter.hutterer@who-t.net>
cc: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Michel Dänzer <michel.daenzer@amd.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
These are local to inputthread.c; the ones in globals.c aren't
declared in any header file.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Now that input is threaded, malloc can be used at event time to resize
the touchpoint buffer as needed.x
v2: Remove "Need to grow the queue means dropping events."
from comment as it no longer applies. (Peter Hutterer)
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
The current SIGIO signal handler method, used at generation of input events,
has a bunch of oddities. This patch introduces an alternative way using a
thread, which is used to select() all input device file descriptors.
A mutex was used to control the access to input structures by the main and input
threads. Two pipes to emit alert events (such hotplug ones) and guarantee the
proper communication between them was also used.
Co-authored-by: Fernando Carrijo <fcarrijo@freedesktop.org>
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
v2: Fix non-Xorg link. Enable where supported by default.
This also splits out the actual enabling of input threads to
DDX-specific patches which follow
v3: Make the input lock recursive
v4: Use regular RECURSIVE_MUTEXes instead of rolling our own
Respect the --disable-input-thread configuration option by
providing stubs that expose the same API/ABI.
Respond to style comments from Peter Hutterer.
v5: use __func__ in inputthread debug and error mesages.
Respond to style comments from Peter Hutterer.
v6: use AX_PTHREAD instead of inlining pthread tests.
Suggested by Emil Velikov <emil.l.velikov@gmail.com>
v7: Use pthread_sigmask instead of sigprocmask when using threads
Suggested by Adam Jackson <ajax@redhat.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This removes all of the SIGIO handling support used for input
throughout the X server, preparing the way for using threads for input
handling instead.
Places calling OsBlockSIGIO and OsReleaseSIGIO are marked with calls
to stub functions input_lock/input_unlock so that we don't lose this
information.
xfree86 SIGIO support is reworked to use internal versions of
OsBlockSIGIO and OsReleaseSIGIO.
v2: Don't change locking order (Peter Hutterer)
v3: Comment weird && FALSE in xf86Helper.c
Leave errno save/restore in xf86ReadInput
Squash with stub adding patch (Peter Hutterer)
v4: Leave UseSIGIO config parameter so that
existing config files don't break (Peter Hutterer)
v5: Split a couple of independent patch bits out
of kinput.c (Peter Hutterer)
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
This changes XInput 2's propagation of NotifyPointer focus out events to
include the pointer window as well, similar to core events. This fixes
a potential permanent focus in GDK when the focus moves to PointerRoot.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=93539
Signed-off-by: Andrew Comminos <andrew@comminos.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This was added in:
commit 312910b4e3
Author: Chase Douglas <chase.douglas@canonical.com>
Date: Wed Apr 18 11:15:40 2012 -0700
Update currentTime in dispatch loop
Unfortunately this is equivalent to calling GetTimeInMillis() once per
request. In the absolute best case (as on Linux) you're only hitting the
vDSO; on other platforms that's a syscall. Either way it puts a pretty
hard ceiling on request throughput.
Instead, push the call down to the requests that need it; basically,
grab processing and event generation.
Cc: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
-Wlogical-op now tells us:
devices.c:1685:23: warning: logical ‘and’ of equal expressions
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
This was fine back when valuators were integer. Device
properties are float (not double), so some instances remain.
Signed-off-by: Simon Thum <simon.thum@gmx.de>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This was quite unlikely except in situations where a proper startup
would have been impossible anyway, but since automated checks don't
grade likelyhood just fix it.
Detected by Jeremy Huddleston's clang checks.
Signed-off-by: Simon Thum <simon.thum@gmx.de>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This is a variant of ClientSignal() that signals all clients with an
optional matching sleeping client, function and closure.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
216bdbc735 removed the SetRootClip call in the XWayland output-hotplug
handler when running rootless (e.g. as a part of Weston/Mutter), since
the root window has no storage, so generating exposures will result in
writes to invalid memory.
Unfortunately, preventing the segfault also breaks sprite confinement.
SetRootClip updates winSize and borderSize for the root window, which
when combined with RRScreenSizeChanged calling ScreenRestructured,
generates a new sprite-confinment area to update it to the whole screen.
Removing this call results in the window geometry being reported
correctly, but winSize/borderSize never changing from their values at
startup, i.e. out of sync with the root window geometry / screen
information in the connection info / XRandR.
This patch introduces a hybrid mode, where we update winSize and
borderSize for the root window, enabling sprite confinement to work
correctly, but keep the clip emptied so exposures are never generated.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Tested-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
This makes sure that the destination pixmap contents will be fully
initialized. Without this, a PRIME output starts out with garbage.
Signed-off-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Font initialization was split into two stages, the first was to set up
font privates with a call to ResetFontPrivateIndex, then much later
the call to InitFonts to set up all of the FPEs. Doing the full font
initialization before initializing the video drivers means that we can
move the call to ResetFontPrivateIndex inside InitFonts.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
This allows the server to call GetTimeInMillis() after each request is
processed to avoid needing setitimer. -dumbSched now turns off the
setitimer.
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Add a new event source type for keypress events synthesised from focus
notifications (e.g. KeymapNotify from the parent server, when running
nested). This is used to keep the keys-down array in sync with the host
server's, without sending actual keypress events to clients.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Add a flag to DeviceEvents, giving the source of the event. Currently
this only supports a 'normal' flag, but will be used later to add a
'focus-in' flag, noting events synthesised from key/button arrays on
focus-in notifications.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Michael Stapelberg <stapelberg@google.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Patch 3ab6cd31cb fixed Xinerama
interactions with font servers by not putting clients to sleep
multiple times. However, it introduced additional changes dealing with
libXfont routine returning Suspended more than once for the same
request. This additional change was to abandon processing of the
current request and free the closure data by jumping to
'xinerama_sleep' in each of the functions.
Font library functions shouldn't return Suspended more than once,
except for ListFontsWithInfo, which produces multiple replies, and
thus ends up returning Suspended many times during processing.
With the jump to xinerama_sleep occurring after the first reply was
processed, the closure for the request was freed and future calls into
the ListFontsWithInfo callback resulted in dereferencing freed
memory.
This patch removes the added branches, reverting the code to its
previous behaviour, which permitted multiple Suspended returns and
simply waited for the client to be signaled again so that the callback
could continue processing the request.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
If the increment is 0 but this is a scroll axis, it's definitely a bug.
Nonetheless, it has happened, so put a warning in and a return statement
that we avoid the infinite loop and hopefully be able to reproduce later.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
The modesetting driver corrupts memory when used after a server regeneration
because not enough memory is allocated for its pixmap privates. This happens
because its call to dixRegisterScreenSpecificPrivateKey() does nothing because
key->initialized is still TRUE from the first server generation. However, the
key is not in the screen's linked list of screen-specific privates because
that's freed and reallocated during the server generation loop in dix_main().
Fix this by clearing key->initialized before CloseScreen and add a call to
dixFreeScreenSpecificPrivates() for GPU screens.
v2: Just set key->initialized to FALSE and move dixFreeScreenSpecificPrivates()
calls to after CloseScreen.
v3: Move dixFreeScreenSpecificPrivates() calls back to just before CloseScreen.
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
xserver/build.x86_64/../dix/touch.c:468:16: error: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘size_t’ [-Werror=format=]
%zu is C99, but is already used in a few places. Perhaps doc/c-extensions needs
to mention it.
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Make the maximum number of clients user configurable, either from the command
line or from xorg.conf
This patch works by using the MAXCLIENTS (raised to 512) as the maximum
allowed number of clients, but allowing the actual limit to be set by the
user to a lower value (keeping the default of 256).
There is a limit size of 29 bits to be used to store both the client ID and
the X resources ID, so by reducing the number of clients allowed to connect to
the X server, the user can increase the number of X resources per client or
vice-versa.
Parts of this patch are based on a similar patch from Adam Jackson
<ajax@redhat.com>
This now requires at least xproto 7.0.28
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
We're always creating ~230 atoms at startup, might as well tune it so we
don't hit the realloc path before Dispatch.
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Removes the last cpp conditional on ROOTLESS from dix code.
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
One of the lacking features with output offloading was
that screen rotation didn't work at all.
This patch makes 0/90/180/270 rotation work with USB output
and GPU outputs.
When it allocates the shared pixmap it allocates it rotated,
and any updates to the shared pixmap are done using a composite
path that does the rotation. The slave GPU then doesn't need
to know about the rotation and just displays the pixmap.
v2:
rewrite the sync dirty helper to use the dst pixmap, and
avoid any strange hobbits and rotations.
This breaks ABI in two places.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
I doubt anyone builds with this turned off or has done for a long
time.
It helps my eyes bleed slightly less when reading the code, I've left
the define in place as some drivers use it.
Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
If present, access the unaccelerated valuator mask values for DGA and XI2 raw
events.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Allows a mask to carry both accelerated and unaccelerated motion at the same
time.
This is required for xf86-input-libinput where the pointer acceleration
happens in libinput already, but parts of the server, specifically raw events
and DGA rely on device-specific unaccelerated data.
To ease integration add this as a second set to the ValuatorMask rather than
extending all APIs to carry a second, possibly NULL set of valuators.
Note that a valuator mask should only be used in either accel/unaccel or
standard mode at any time. Switching requires either a valuator_mask_zero()
call or unsetting all valuators one-by-one. Trying to mix the two will produce
a warning.
The server has a shortcut for changing a mask with the
valuator_mask_drop_unaccelerated() call. This saves us from having to loop
through all valuators on every event, we can just drop the bits we know we
don't want.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
If a device does not have any valuators, it makes no sense to set the
device transformation. Return a BadMatch error to let the caller know
that they're trying something stupid.
Signed-off-by: Jason Gerecke <jason.gerecke@wacom.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
The refactoring in commit efc1035ca9
removed the actual update of currentTime.
Signed-off-by: Rui Matos <tiagomatos@gmail.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
It's going to multiply anyway, so if we have non-constant values, might
as well let it do the multiplication instead of adding another multiply,
and good versions of calloc will check for & avoid overflow in the process.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
Nothing was using it and if anyone had they would've gotten a warning and
noticed that it doesn't actually work. Drop this, it has been unused for years.
Input ABI 22
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Use typedefs to work around dtrace dropping const qualifiers from probe
arguments when generating Xserver-dtrace.h. Add new probes.h header to
avoid having to replicate these typedefs in every file with dtrace probes.
Gets rid of these warnings from gcc 4.8:
getevents.c:1096:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' discards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1096:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1651:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1651:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1791:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1791:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1921:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1921:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
For two ScreenRecs abs pointer positioning was working fine, but touch events
stuck to the lower/right edge on any screen but the one with a 0/0 origin.
Cause is a missing offset by the screen coordinates, causing the root
coordinates in the event to desktop-wide, not screen-wide.
Offset properly, just like we do for pointer events.
X.Org Bug 86655 <http://bugs.freedesktop.org/show_bug.cgi?id=86655>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The length checking code validates PutImage height and byte width by
making sure that byte-width >= INT32_MAX / height. If height is zero,
this generates a divide by zero exception. Allow zero height requests
explicitly, bypassing the INT32_MAX check.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
RegionSizeof contains several integer overflows if a large length
value is passed in. Once we fix it to return 0 on overflow, we
also have to fix the callers to handle this error condition
v2: Fixed limit calculation in RegionSizeof as pointed out by jcristau.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
ProcPutImage() calculates a length field from a width, left pad and depth
specified by the client (if the specified format is XYPixmap).
The calculations for the total amount of memory the server needs for the
pixmap can overflow a 32-bit number, causing out-of-bounds memory writes
on 32-bit systems (since the length is stored in a long int variable).
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: John Hunter <zhaojunwang@pku.edu.cn>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
window.c:3246:36: warning: comparison of constant -1 with expression of type
'CARD32' (aka 'unsigned int') is always true
[-Wtautological-constant-out-of-range-compare]
if (optional->backingBitPlanes != ~0L)
~~~~~~~~~~~~~~~~~~~~~~~~~~ ^ ~~~
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Michel Dänzer <michel@daenzer.net>
inpututils.c:243:26: warning: comparison of constant 256 with expression of
type 'KeyCode' (aka 'unsigned char') is always false
[-Wtautological-constant-out-of-range-compare]
if (modkeymap[i] >= MAP_LENGTH)
~~~~~~~~~~~~ ^ ~~~~~~~~~~
MAP_LENGTH depends on MAX_BUTTONS which is somewhat arbitrarily chosen. We
don't expect this to ever change, but just in case leave the condition there
so the code is correct if we drop the number down.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
tranformAbsolute has a pretty simple job, that of running the X/Y
values from a device through the transformation matrix. The tricky bit
comes when the current device state doesn't include one of the
values. In that case, the last delivered value is back-converted to
device space and used instead.
The logic was twisted though, confusing GCC's uninitialized value
detection logic and emitting warnings.
This has been fixed by changing the code to:
1) Detect whether the ValuatorMask includes X/Y values
2) If either are missing, back-convert the current values into ox/oy
3) When X/Y are present, set ox/oy to the current value
4) Transform
5) Store X/Y values if changed or if they were set before.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Again, this changes FixesCreateRegionFromGC to throw BadMatch when fed a
GC with no client clip.
v2: Fix Xnest and some variable names (Keith)
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
No DDX is overriding this and it's fairly absurd to expose it as a
screen operation anyway.
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
A careful read shows that it was always NULL. It hasn't always been; as
the DDX spec indicates, it was the "occluded region that has backing
store", but since that backing store code is long gone, we can nuke it.
mi{,Overlay}WindowExposures get slightly simpler here, and will get even
simpler in just a moment.
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
There's no XPrint extension (anymore).
Signed-off-by: Daniel Martin <consume.noise@gmail.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Instead of making the inclusion of the registry code a global
conditional, split the registry into two pieces; the bits required by
the X-Resource extension (the resource names) and the bits required by
the XCSECURITY extension (the protocol names). Build each set of code
if the related extension is being built.
v2: Check for both XCSECURITY and XSELINUX.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Don't leave this file open during the whole server execution process;
close it once all of the extensions are initialized.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
For doing reverese optimus to multiple outputs on a secondary GPU
the GPU can store the blits into a large screen pixmap, unfortunately
this means we need a destination offset into the dirty code, so
add a new API that just adds this interface.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>
Introduced in 45fb3a934d. When a device is
enabled, the master's locked state is pushed to the slave. If the device is
floating, no master exists and we triggered a NULL-pointer dereference
in XkbPushLockedStateToSlaves.
X.Org Bug 81885 <http://bugs.freedesktop.org/show_bug.cgi?id=81885>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Keith Packard <keithp@keithp.com>
XKB allows to override the BellProc() ringing the 'keyboard bell':
instead an event is sent to an X client which can perform an
appropriate action.
In most cases this effectively prevents the core protocol bell
from ringing: if no BellProc() is set for the device, no attempt
is made to ring a bell.
This patch ensures that an XKB bell event is sent also when
the core protocol bell is rung end thus an appropriate action
can be taken by a client.
Signed-off-by: Egbert Eich <eich@freedesktop.org>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
isItTimeToYield in the conditional effectively didn't do anything here.
Take it out, and remove the comment since LBX proxies aren't a thing for
us anymore.
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
This reverts commit d90b5f8301.
Reverting for two reasons:
* the scaling does not work on devices that don't advertise resolution, and
the default resolution used (100 units/mm) is higher than most devices,
resulting in a significant slowdown of the touchpads.
* the scaling is still affected by resolution changing. The patch worked
before acceleration but since it maps into resolution-dependent dx/dy
coordinates the acceleration may distort the movement after the fact. So the
same input data generates different movements depending on the resolution.
This can't easily be fixed for all affected devices as synaptics has its own
velocity calculation method whereas wacom doesn't. So anything in the server
won't work for both at the same time.
Revert this for now, until a more integrated solution can be implemented.
The goal of all this is to get an x/y motion reflecting the motion
on the device, i.e. a circle on the device is a circle on the screen.
This is currently done by scaling the y coordinate depending on the screen
ratio vs device ratio. Depending on that ratio the movement on the y axis may
be accelerated (ratio < 1) or slowed (ratio > 1). This leads to the weird
effect that changing the screen ratio by plugging a new monitor changes the
speed of the touchpad.
Use a different algorithm: calculate the physical movement on the device, map
that to the same-ish distance on the screen, then convert that back into a
device-specific vector. This way we get the same mapping regardless of the
current screen dimensions.
Since the pointer accel code doesn't take device resolution into account, make
sure we apply our crazy mapping before we accelerate. This way we accelerate
resolution-independent.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
The server is leaking a pixmap (created by CreateDefaultStipple()) on
reset. The leak is caused by some X Server graphics contexts not being
freed on reset by the machine independent cursor code in the server,
which in turn is caused by the cursor cleanup code
(miSpriteDeviceCursorCleanup()) not being called.
Ensures the DeviceCursorCleanup() function is called when the associated
input device is closed on server reset.
Signed-off-by: Frank Binns <frank.binns@imgtec.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
The new current cursor was being referenced twice, resulting in a
memory leak when the current server generation ended.
Signed-off-by: Frank Binns <frank.binns@imgtec.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Commit 2f1aedcaed added several bug checks. Some
of them are not correct.
Checks in Init(Ptr|String|Bell|Led|Integer)FeedbackClassDeviceStruct verify
that no feedback struct was set yet, but that is not required. If any feedback
structs are already present, the function will chain them behind the new one.
Signed-off-by: Michal Srb <msrb@suse.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
GLX is trying to track whether the context it wants is current, to
avoid the glFlush() (and the rest of the overhead) that occurs on all
MakeCurrent calls. However, its cache can be incorrect now that
glamor exists. This is a step toward getting glamor to coordinate
with GLX.
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
On systems without these directories, we don't need to be complaining
loudly.
Reviewed-by: Kristian Hoegsberg <krh@bitplanet.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
This allows DDXen to override the window picking to account for
native windows not seen by the X server. The bulk of the picking logic
is exposed as a new helper function, miSpriteTrace(). This function
completes the sprite trace filled out by the caller, and can be set up
to start the search from a given toplevel window.
v2: Leave existing XYToWindow API in place for API compatibility
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
Handle -displayfd and an explicit display number sensibly, e.g. use the
explicitly specified display number, and write it to the displayfd
v2: displayfd might be 0, so use -1 as invalid value
v3: Rebase for addition of NoListenAll flag
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Kristian Høgsberg <krh@bitplanet.net>
miOpqStipDrawable resets the stipple after painting. When that stipple
was NULL, ChangeGC needs to handle that and not crash.
Signed-off-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Eric Anholt <eric@anholt.net>
Reviewed-off-by: Eric Anholt <eric@anholt.net>
Whenever the master changes, push the locked modifier state to the attached
slave devices, then update the indicators. This way, when NumLock or CapsLock
are hit on any device, the LED will light up on all devices. Likewise, a new
keyboard attached to a master device will light up with the correct
indicators.
The indicators are handled per-keyboard, depending on the layout, i.e. if one
keyboard has grp_led:num set, the NumLock LED won't light up on that keyboard.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
If there is a selection left over from a previous execution of the
main loop, and that selection has privates allocated for it, the X
server will crash. This is because dixResetPrivates() resets the
privates refcounts to zero without accounting for the reference held
by the selection object. When the selection is then deleted in
InitSelections() after the call to dixResetPrivates(), the refcount
for its privates type goes negative and bad things happen.
To fix this, we should delete any existing selections before calling
dixResetPrivates(). This will properly release the selection's
privates and avoid the crash.
A more thorough description of the problem and a test case to
reproduce the crash is available at a previous mail:
"Negative Selection devPrivates refcount?"
By Andrew Eikum to xorg-devel on 10 Dec 2013
http://lists.freedesktop.org/archives/xorg-devel/2013-December/039492.html
Signed-off-by: Andrew Eikum <aeikum@codeweavers.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
dispatch.c: In function 'SetVendorString':
dispatch.c:481:29: warning: declaration of 'string' shadows a global declaration [-Wshadow]
SetVendorString(const char *string)
^
dispatch.c:135:21: warning: shadowed declaration is here [-Wshadow]
typedef const char *string;
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
dev->button->down is a bitmask, not a normal array. Use the helper function to
check, we technically allow the mapping to change after the physical button
has been pressed (but not yet processed yet), so only check BUTTON_PROCESSED.
From XSetPointerMapping(3):
"If any of the buttons to be altered are logically in the down state,
XSetPointerMapping returns MappingBusy, and the mapping is not changed."
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
The server internally relies on arrays with a MAX_BUTTONS maximum size (which
is the max the core protocol can transport). Make sure a driver adheres to
that.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Fallout from fecc7eb1cf, and reverts most of the
rest of that patch.
The device name is allocated and may even change during PreInit. The const
warnings came from the test codes, the correct fix here is to fix the test
code.
touch.c: In function ‘touch_init’:
touch.c:254:14: warning: assignment discards ‘const’ qualifier from pointer target type [enabled by default]
dev.name = "test device";
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Introduced in fecc7eb1cf and reverts most of
that but it's helpfully mixed with other stuff.
InputAttributes are not const, they're strdup'd everywhere but the test code
and freed properly. Revert the const char changes and fix the test up instead.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Checked against randrproto.txt & randr.h
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
Flagged by cppcheck 1.62:
[dix/dixfonts.c:1792]: (error) Common realloc mistake:
'font_path_string' nulled but not freed upon failure
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Keith Packard <keithp@keithp.com>
A client which is ready, but hasn't run for a while, should receive
the same benefit as one which has simply been idle for a while. Use
the smart_stop_tick to see how long it has been since a client has
run instead of smart_check_tick, which got reset each time a client
was ready, even if it didn't get to run.
Reported-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Keith Packard <keithp@keithp.com>
Tested-by: Chris Wilson <chris@chris-wilson.co.uk>
This just removes the comment markers from around the formals in
several function prototypes near where pointer -> void * changes were
made. There are plenty more of these to fix.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
This lets us stop using the 'pointer' typedef in Xdefs.h as 'pointer'
is used throughout the X server for other things, and having duplicate
names generates compiler warnings.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Lots more const char stuff.
Remove duplicate defs of CoreKeyboardProc and CorePointerProc from
test/xi2/protocol-common.c
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
As usual, mostly const char changes. However, filter_device_events had
a potentially uninitialized value, 'raw', which I added a bunch of
checks for. I suspect most of those are 'can't happen', but it's hard
to see that inside the function.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
CheckPassiveGrabsOnWindow() calls AllocGrab() which can fail and return NULL.
This return value is not checked, and can cause NULL pointer dereferences.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
GrabDevice() calls AllocGrab() which can fail and return NULL.
This return value is not checked, and can cause NULL pointer dereferences.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
If either the initial calloc or the xi2mask_new fails, grab is NULL,
but if a src grab is passed in, it was always being written to by
CopyGrab (and if that failed, dereferenced again in teardown).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Jeremy Huddleston Sequoia
Peter Hutterer
Sultan Alsawaf
Michel Dänzer
Alan Coopersmith
Olivier Fourdan
Povilas Kanapickas
tholin
Matthieu Herrb
Alex Richardson
Ignacio Casal Quinteiro
Simon Ser
Dave Airlie
Aaron Plattner
Adam Jackson
Hans de Goede
Arthur Williams
Matt Turner
Adam Richter
Ray Strode
Samuel Thibault
Michal Srb
Marco Trevisan (Treviño)
Michel Dänzer
Eric Anholt
Emil Velikov
Giuseppe Bilotta
Daniel Martin
Nathan Kidd
Jan Beich
Carlos Garnacho
Keith Packard
Mihail Konev
Rui Matos
Peter Harris
Jonas Ådahl
Michael Thayer
Dave Airlie
Andrew Comminos
Simon Thum
Chris Wilson
Daniel Stone
Michael Stapelberg
Tiago Vignatti
Robert Hooker
Jon TURNEY
Jason Gerecke
John Hunter
Egbert Eich
Brendan King
Jasper St. Pierre
Andrew Eikum