GCC reports:
[1/2] Compiling C object hw/xwayland/Xwayland.p/xwayland.c.o
../hw/xwayland/xwayland.c: In function ‘try_raising_nofile_limit’:
../hw/xwayland/xwayland.c:161:72: warning: format ‘%li’ expects argument of type ‘long int’, but argument 4 has type ‘rlim_t’ {aka ‘long long unsigned int’} [-Wformat=]
161 | LogMessageVerb(X_INFO, 3, "Raising the file descriptors limit to %li\n",
| ~~^
| |
| long int
| %lli
162 | rlim.rlim_max);
| ~~~~~~~~~~~~~
| |
| rlim_t {aka long long unsigned int}
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1257>
GCC repors:
../hw/xfree86/drivers/modesetting/drmmode_display.c:4135:49: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 5 has type ‘uint64_t’ {aka ‘long long unsigned int’} [-Wformat=]
4135 | "Gamma ramp set to %ld entries on CRTC %d\n",
| ~~^
| |
| long int
| %lld
4136 | size, num);
| ~~~~
| |
| uint64_t {aka long long unsigned int}
../hw/xfree86/drivers/modesetting/drmmode_display.c:4139:57: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘uint64_t’ {aka ‘long long unsigned int’} [-Wformat=]
4139 | "Failed to allocate memory for %ld gamma ramp entries "
| ~~^
| |
| long int
| %lld
4140 | "on CRTC %d.\n",
4141 | size, num);
| ~~~~
| |
| uint64_t {aka long long unsigned int}
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1257>
The generic auth handling isn't really OS specific, and only few sites
actually need to call it, so at least it's prototypes are better off in some
separate header.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1311>
The MIT authentication handling isn't really OS specific, and only few sites
actually need to call it, so at least it's prototypes are better off in some
separate header.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1311>
The xdmcp authentication handling isn't really OS specific, and only few sites
actually need to call it, so at least it's prototypes are better off in some
separate header.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1311>
The xdmcp handling isn't really OS specific, and only few sites actually need
to call it, so at least it's prototypes are better off in some separate header.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1311>
The rpc authentication handling isn't really OS specific, and only few sites
actually need to call it, so at least it's prototypes are better off in some
separate header.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1311>
The old approach of builtin color lookup used a binary search of strings
within text blocks (their start offsets defined in the color array).
This could potentially lead to buffer overflow, if the requested color
name far outreaches the text block (eg. same prefix as some entry near to
the end, but really huge). This alone wouldn't allow remote memory readout
(just comparing), but could possibly trigger page faults (sigsegv) or used
as a building block for some more complex attack.
OTOH, the old approach is also hard to maintain, ugly programming style:
on each change, all the offset need to be carefully recounted, which is
pretty error-prone.
Both problems are solved by moving to simple, per-entry, char* pointers,
instead of the one large text block.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1313>
The "name" field doesn't actually hold the color's name, but instead the
offset of the name in the string table block. Thus, fix the field's name
to reflect this.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1313>
The actual implementation uses Bool, but forward declaration is int.
For the compiler it's practically the same, but for the programmer these
have different semantics.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1313>
I can't tell what this code was originally for - it was added in 1988,
4 years before the release of the SysV R4 release of Solaris 2.0, and
I can't find anywhere that defined SUNSYSV.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1315>
With transition from autoconf to meson, these aren't actually supported
anymore, and re-adding it isn't planned. Thus the now dead code pathes
can be completely removed.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1286>
Potentially, the pointer to the mode name could be unset, this can
occur with the xf86-video-nv DDX, in that case there isnt much we can do
except check if the next mode is any better.
Signed-off-by: Yusuf Khan <yusisamerican@gmail.com>
[585/699] Compiling C object hw/xfree86/int10/libint10.so.p/generic.c.o
../hw/xfree86/int10/generic.c:103:1: warning: ‘readIntVec’ defined but not used [-Wunused-function]
103 | readIntVec(struct pci_device *dev, unsigned char *buf, int len)
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
glamor needs to be disabled if neither gbm nor eglstream is available,
otherwise build breaks.
Closes: xorg/xserver#1631
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
No need to define XKBSRV_NEED_FILE_FUNCS, for about 15 years now
(since XKBsrv.h isn't used anymore), so drop it.
Fixes: e5f002edde
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Apollo Domain/OS died in the 1990's and has never been supported in
the modular Xserver builds.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Yet another step of uncluttering includes: move out the BUG_* macros
into a separate header, which then is included as-needed.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
And other 32-bit architectures, where uint32_t and CARD32 are
not the same type. Otherwise the build will fail with GCC 14
with errors like:
../hw/xwayland/xwayland-glamor.c: In function ‘xwl_glamor_get_formats’:
../hw/xwayland/xwayland-glamor.c:291:43: error: passing argument 3 of ‘xwl_get_formats_for_device’ from incompatible pointer type [-Wincompatible-pointer-types]
291 | num_formats, formats);
| ^~~~~~~~~~~
| |
| CARD32 * {aka long unsigned int *}
../hw/xwayland/xwayland-glamor.c:238:38: note: expected ‘uint32_t *’ {aka ‘unsigned int *’} but argument is of type ‘CARD32 *’ {aka ‘long unsigned int *’}
238 | uint32_t *num_formats, uint32_t **formats)
| ~~~~~~~~~~^~~~~~~~~~~
../hw/xwayland/xwayland-glamor.c:291:56: error: passing argument 4 of ‘xwl_get_formats_for_device’ from incompatible pointer type [-Wincompatible-pointer-types]
291 | num_formats, formats);
| ^~~~~~~
| |
| CARD32 ** {aka long unsigned int **}
../hw/xwayland/xwayland-glamor.c:238:62: note: expected ‘uint32_t **’ {aka ‘unsigned int **’} but argument is of type ‘CARD32 **’ {aka ‘long unsigned int **’}
238 | uint32_t *num_formats, uint32_t **formats)
| ~~~~~~~~~~~^~~~~~~
../hw/xwayland/xwayland-glamor.c:295:28: error: passing argument 3 of ‘xwl_get_formats’ from incompatible pointer type [-Wincompatible-pointer-types]
295 | num_formats, formats);
| ^~~~~~~~~~~
| |
| CARD32 * {aka long unsigned int *}
../hw/xwayland/xwayland-glamor.c:217:26: note: expected ‘uint32_t *’ {aka ‘unsigned int *’} but argument is of type ‘CARD32 *’ {aka ‘long unsigned int *’}
217 | uint32_t *num_formats, uint32_t **formats)
| ~~~~~~~~~~^~~~~~~~~~~
../hw/xwayland/xwayland-glamor.c:295:41: error: passing argument 4 of ‘xwl_get_formats’ from incompatible pointer type [-Wincompatible-pointer-types]
295 | num_formats, formats);
| ^~~~~~~
| |
| CARD32 ** {aka long unsigned int **}
../hw/xwayland/xwayland-glamor.c:217:50: note: expected ‘uint32_t **’ {aka ‘unsigned int **’} but argument is of type ‘CARD32 **’ {aka ‘long unsigned int **’}
217 | uint32_t *num_formats, uint32_t **formats)
| ~~~~~~~~~~~^~~~~~~
CreateGC() allocates a new GC and then checks the resource access rights
with XaceHook().
If the call to XaceHook() fails (i.e. GC creation is not granted to the
client), CreateGC() exits early and calls FreeGC() to avoid leaking the
newly allocated GC.
If that happens, the screen's own CreateGC() has not yet been invoked,
and as a result the GC functions (GCfuncs) have not been set yet.
FreeGC() will invoke the funcs->DestroyClip() and the funcs->DestroyGC()
functions, but since those haven't been set, the Xserver will segfault
trying to call a NULL function.
To prevent that issue, make sure the GC's functions are initialized
prior to call them in FreeGC().
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1625
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
This cleans up some of the mess this code was in. Functions we need to
wrap can now have a standard implementation using WRAP_FUNCTION - that
macro declares the __real and __wrap functions and a wrapped_$func
global variable.
Tests can set that variable to their desired functions and it will be
then be called on demand.
The tests have inadvertent dependencies on each other so let's avoid
those by changing to a system that returns a null-terminated list of
test functions and our test runner iterates over those and forks off one
process per function.
This allows e.g.
xfwm4 --vblank=xpresent
to hit the page flip path instead of copies.
In the future, Mesa might also use the Present extension with software
rendering.
Multiple benefits, in particular:
* Fullscreen windows can hit the page flip path
* X client presentation is properly synchronized to the Wayland
compositor refresh cycle via frame events
By default, Xwayland (as any Wayland client) uses the keymap set by the
Wayland compositor using the standard Wayland protocol.
There are some specific uses cases where a user would want to let the
X11 clients control the keymap. However, the Wayland compositor may
(re)send the keymap at any time, overriding whatever change was made
using the X11 mechanisms.
Add a new "-nokeymap" option to Xwayland to instruct Xwayland to simply
ignore the standard Wayland mechanism to set the keymap, hence leaving
the control entirely to the X11 clients.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
If the old window pixmap was the screen pixmap.
Fixes screen->GetScreenPixmap() returning a stale pointer to a destroyed
pixmap with rootful Xwayland. It would result in a crash after resizing
the Xwayland window, or at the latest when shutting down.
Fixes: 6779ec5bf6 ("xwayland: Use window pixmap as a window buffer")
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1621
The cursor in DIX is actually split in two parts, the cursor itself and
the cursor bits, each with their own devPrivates.
The cursor itself includes the cursor bits, meaning that the cursor bits
devPrivates in within structure of the cursor.
Both Xephyr and Xwayland were using the private key for the cursor bits
to store the data for the cursor, and when using XSELINUX which comes
with its own special devPrivates, the data stored in that cursor bits'
devPrivates would interfere with the XSELINUX devPrivates data and the
SELINUX security ID would point to some other unrelated data, causing a
crash in the XSELINUX code when trying to (re)use the security ID.
CVE-2024-0409
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
The XSELINUX code will label resources at creation by checking the
access mode. When the access mode is DixCreateAccess, it will call the
function to label the new resource SELinuxLabelResource().
However, GLX buffers do not go through the XACE hooks when created,
hence leaving the resource actually unlabeled.
When, later, the client tries to create another resource using that
drawable (like a GC for example), the XSELINUX code would try to use
the security ID of that object which has never been labeled, get a NULL
pointer and crash when checking whether the requested permissions are
granted for subject security ID.
To avoid the issue, make sure to call the XACE hooks when creating the
GLX buffers.
Credit goes to Donn Seeley <donn@xmission.com> for providing the patch.
CVE-2024-0408
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Disabling a master device floats all slave devices but we didn't do this
to already-disabled slave devices. As a result those devices kept their
reference to the master device resulting in access to already freed
memory if the master device was removed before the corresponding slave
device.
And to match this behavior, also forcibly reset that pointer during
CloseDownDevices().
Related to CVE-2024-21886, ZDI-CAN-22840
Enrico Weigelt, metux IT consult
Alan Coopersmith
Yusuf Khan
Matthieu Herrb
Florian Weimer
Wanli Niu
Peter Hutterer
Michel Dänzer
Olivier Fourdan
José Expósito
Simon Ser