I don't see a reason why we would want to preserve pixels that are going to
not be visible anyways. The rootless implementation already handles
preserving the relevant bits for us.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
If none of the four corners is fixed, we can use RL_GRAVITY_NORTH_WEST weighting
for the operation to let the implementation presetve the window bits for us.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
The implementation owns the pointer during RootlessStopDrawing and
RootlessStartDrawing and is free to (does) change it. Rootless
cannot assume ownership of this memory region. This is possibly
the cause of some hard to diagnose crashes in XQuartz over the
years.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
There are systems where softpipe is the default renderer,
e.g. when llvmpipe is not is not available. Using glamor
on such systems is never a good idea.
This mirrors what commit 0a9415cf79
did for llvmpipe.
Closes: #1417
Signed-off-by: Ivan A. Melnikov <iv@altlinux.org>
Multiple reasons, in particular:
* Doing it in every build & test job duplicates effort, resulting in
the pipeline taking longer than necessary.
* We cannot limit the number of test processes spawned by meson dist.
* There's little point running tests for dist anyway, we just want to
make sure we can build & install from the generated tarball.
This lets us actually limit the number of test processes spawned in
parallel.
(ninja test runs meson test without --num-processes, so it ends up
spawning as many processes in parallel as there are CPU cores)
For details on the protocol itself see the Wayland merge request:
https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/72
The v120 event has a value base of 120, so one wheel detent is 120, half a
wheel is 60, etc. This is the API Windows has been using since Vista but it
requires HW support from the device. Logitech mice and many Microsoft mice of
the last decade or so have support and it's enabled in the kernel since v5.0.
The new events replace wl_pointer.axis_discrete events, once you bind to
wl_pointer >= 8 you only get the v120 events. So backwards compatibility
is simple, we just multiply the discrete events if we get them and
treat everything as 120 event internally.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This will allow us to remove build-time conditionalization on COMPOSITE
while still allowing XQuartz to disable it and use ROOTLESS.
This reverts commit 9c03733669.
Leasable displays do not have any actual associated Wayland output and
are not available to regular X11 clients and left entirely to the
application who requests the lease.
As these are not actually managed by the Wayland compositor and left
entirely to the "lessee" application, the viewporter protocol required
for the XRandR emulation is not usable on such devices.
We should therefore not advertise the XRandR emulated modes for those
leasable displays.
This also solves a problem with implementations of glXGetMscRateOML()
which is used notably by Chromium/Electron. Applications using this
which will begin lagging/stuttering exponentially over
time, trying to look up a non-existent mode with 0x0 as returned by
XF86VidModeGetModeLine() with XRandR emulation for such devices.
See-also: https://github.com/labwc/labwc/issues/553
Signed-off-by: Joshua Ashton <joshua@froggi.es>
Xorg server does not correctly select the DCP for the display without a
quirk on Apple Silicon.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Suggested-by: Hector Martin <marcan@marcan.st>
Make sure info->active and info->vt_active are false after
dropping drm master.
Normally, this is done when pausing the first input device, so it
breaks when there are no input device at all.
Fixes: da9d012a9 ("xf86/logind: Fix drm_drop_master before vt_reldisp")
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1387
Signed-off-by: Jocelyn Falempe <jfalempe@redhat.com>
The X server swapping code is a huge attack surface, much of this code
is untested and prone to security issues. The use-case of byte-swapped
clients is very niche, so let's disable this by default and allow it
only when the respective config option or commandline flag is given.
For Xorg, this adds the ServerFlag "AllowByteSwappedClients" "on".
For all DDX, this adds the commandline options +byteswappedclients and
-byteswappedclients to enable or disable, respectively.
Fixes#1201https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1029
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Commit 5145742fb6 accidentally bumped the videodrv ABI version from 26.0
to 26.6 in one go.
Change it back to 26.1 as per the documented process for minor additions.
Fixes: 5145742fb6 - randr: introduce rrCrtcGetInfo DDX function
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
This fixes an issue with GLFW-based games failing to set the resolution
when the user request to switch back to the native display mode.
Signed-off-by: Minh Phan <phanquangminh217@gmail.com>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
This allows rrCrtcGetInfo to override the values in the XRRCrtcGetInfo
reply. One use case is to allow Xwayland to return the current emulated
mode for the specific client instead of the global mode.
Signed-off-by: Minh Phan <phanquangminh217@gmail.com>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
The minimal performance wins we gain by recycling pixmaps at this layer are
not worth the code complexity nor the interference with memory analysis
tools like malloc history, ASan, etc.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
Implements the xwayland_shell protocol which makes the surface
association happen via a shared serial, rather than sharing a wl_surface
resource ID across an X atom.
This solves a race that can happen if the wl_surface
associated with a WL_SURFACE_ID for a window was destroyed before the
update of the atom was processed by the compositor and another surface
(or other object) had taken its id due to recycling.
Closes: #1157
Signed-off-by: Joshua Ashton <joshua@froggi.es>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
Debian Bullseye only has 1.20, so we need to bump this.
Signed-off-by: Joshua Ashton <joshua@froggi.es>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
wayland-protocols requires wayland-scanner 1.20, but Debian bullseye has 1.18 only
Signed-off-by: Joshua Ashton <joshua@froggi.es>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
If atomic modesetting is to be enabled in the configuration file, log
whether this is supported and eventually enabled or disabled.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Martin Roukala <martin.roukala@mupuf.org>
The modesetting driver has atomic modesetting disabled by default but
can be enabled (if supported) using a configuration option.
Add this option in the man page.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Martin Roukala <martin.roukala@mupuf.org>
This adds support for TearFree page flips to eliminate tearing without the
use of a compositor. It allocates two shadow buffers for each CRTC, a back
buffer and a front buffer, and uses damage tracking to minimize excessive
copying between buffers and skip unnecessary flips when the screen's
contents remain unchanged. It works on transformed screens too, such as
rotated and scaled CRTCs.
When PageFlip is enabled, TearFree won't force fullscreen DRI clients to
synchronize their page flips to the vblank interval.
TearFree is disabled by default.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
The DRM event queue in the kernel is quite small and can be easily
exhausted by DRI clients. When the event queue is full, that means nothing
can be queued onto it anymore, which can lead to incorrect presentation
times for DRI clients and failure when attempting to queue a page flip.
To make matters worse, once an event is placed onto the kernel's event
queue, there's no straightforward way to prematurely remove it from the
kernel's event queue in userspace, which means that aborting a sequence
number doesn't free up space in the event queue.
Since vblank events from DRI clients are the largest consumers of the
event queue, and since it's often easy to know the desired target MSC of
their vblank events without querying the kernel for a CRTC's current MSC,
we can coalesce vblank events occurring at the same MSC such that only one
of them is placed onto the kernel's event queue, instead of allowing
duplicate vblank events to pollute the event queue.
This is achieved by tracking the next kernel-queued event's MSC on a
per-CRTC basis and then running all of that CRTC's vblank event handlers
which have reached their target MSC when the queued MSC is signaled.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
When a driver uses TearFree to flip all frames synchronized to the vblank
interval, Present has no idea and still assumes that each presentation
occurs immediately upon copying its damages to the primary scanout. This
faulty assumption breaks presentation timestamping, potentially leading to
A/V de-synchronization and dropped frames.
Present needs to have some awareness of a driver using TearFree so that it
can know when each presentation actually becomes visible on the screen.
Teach Present about drivers using TearFree by expanding PresentFlipReason
to allow drivers to export some contextual info about TearFree when Present
cannot page-flip directly anyway.
PRESENT_FLIP_REASON_DRIVER_TEARFREE indicates that a driver has TearFree
enabled but doesn't have a TearFree flip currently pending.
PRESENT_FLIP_REASON_DRIVER_TEARFREE_FLIPPING indicates that a driver has a
TearFree flip currently pending.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
do_queue_flip_on_crtc() is about to be used to flip buffers other than the
primary scanout (`ms->drmmode.fb_id`), so make it generic to accept any
frame buffer ID, as well as x and y coordinates in the frame buffer, to
flip on a given CRTC. Move the retry logic from queue_flip_on_crtc() into
it as well, so that it's robust for all callers.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
Shadow buffers are about to be used for TearFree, so make the shadow buffer
helpers generic such that they can be used to create arbitrary per-CRTC
shadows aside from just the per-CRTC rotated buffer.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
xf86RotateCrtcRedisplay() is about to be used outside of xf86Rotate.c in
order to copy transformed pixmaps, so fix up its interface by specifying
the source drawable and destination pixmap rather than assuming the root
drawable and rotated pixmap, respectively. In addition, add an argument to
make xf86RotateCrtcRedisplay() not perform any transformations, which is an
indicator that it should only copy a transformed pixmap rather than
actually transform a pixmap.
These changes make it possible to use xf86RotateCrtcRedisplay() to not
only copy transformed pixmaps, but also actually transform pixmaps, making
it very useful outside of xf86Rotate.c.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
PixmapDirtyCopyArea() is about to be used outside of pixmap.c, so fix up
its interface by specifying the dirty area directly rather than passing a
`PixmapDirtyUpdatePtr`. This makes it easier to use outside of pixmap.c, as
the caller doesn't need to create a bulky PixmapDirtyUpdateRec to use this
function.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
In commit b320ca0 the mask was inadvertently changed from octal 0177 to
hexadecimal 0x177.
Fixes commit b320ca0ffe
Xtest: disallow GenericEvents in XTestSwapFakeInput
Found by Stuart Cassoff
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Unlike other elements of the keymap, this pointer was freed but not
reset. On a subsequent XkbGetKbdByName request, the server may access
already freed memory.
CVE-2022-4283, ZDI-CAN-19530
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
This fixes an OOB read and the resulting information disclosure.
Length calculation for the request was clipped to a 32-bit integer. With
the correct stuff->num_items value the expected request size was
truncated, passing the REQUEST_FIXED_SIZE check.
The server then proceeded with reading at least stuff->num_items bytes
(depending on stuff->format) from the request and stuffing whatever it
finds into the property. In the process it would also allocate at least
stuff->num_items bytes, i.e. 4GB.
The same bug exists in ProcChangeProperty and ProcXChangeDeviceProperty,
so let's fix that too.
CVE-2022-46344, ZDI-CAN 19405
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
Both ProcXChangeDeviceProperty and ProcXIChangeProperty checked the
property for validity but didn't actually return the potential error.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
This fixes a use-after-free bug:
When a client first calls ScreenSaverSetAttributes(), a struct
ScreenSaverAttrRec is allocated and added to the client's
resources.
When the same client calls ScreenSaverSetAttributes() again, a new
struct ScreenSaverAttrRec is allocated, replacing the old struct. The
old struct was freed but not removed from the clients resources.
Later, when the client is destroyed the resource system invokes
ScreenSaverFreeAttr and attempts to clean up the already freed struct.
Fix this by letting the resource system free the old attrs instead.
CVE-2022-46343, ZDI-CAN 19404
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
Jeremy Huddleston Sequoia
Ivan A. Melnikov
Michel Dänzer
Peter Hutterer
Joshua Ashton
Eric Curtin
Jocelyn Falempe
Olivier Fourdan
Minh Phan
Julian Orth
Sultan Alsawaf
John D Pell