2023-02-08 18:12:00 +01:00
|
|
|
/* Spa */
|
|
|
|
|
/* SPDX-FileCopyrightText: Copyright © 2018 Wim Taymans */
|
|
|
|
|
/* SPDX-License-Identifier: MIT */
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <errno.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <signal.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <pthread.h>
|
2024-04-29 15:17:45 +02:00
|
|
|
#include <threads.h>
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-10 13:36:14 +01:00
|
|
|
#include <spa/support/loop.h>
|
2019-06-04 17:07:34 +02:00
|
|
|
#include <spa/support/system.h>
|
2017-11-10 13:36:14 +01:00
|
|
|
#include <spa/support/log.h>
|
|
|
|
|
#include <spa/support/plugin.h>
|
|
|
|
|
#include <spa/utils/list.h>
|
2024-05-08 12:21:54 +02:00
|
|
|
#include <spa/utils/cleanup.h>
|
|
|
|
|
#include <spa/utils/atomic.h>
|
2019-06-21 13:31:34 +02:00
|
|
|
#include <spa/utils/names.h>
|
2023-09-30 09:29:20 +02:00
|
|
|
#include <spa/utils/ratelimit.h>
|
2019-02-20 17:51:05 +01:00
|
|
|
#include <spa/utils/result.h>
|
2018-08-23 17:47:57 +02:00
|
|
|
#include <spa/utils/type.h>
|
2017-11-10 13:36:14 +01:00
|
|
|
#include <spa/utils/ringbuffer.h>
|
2021-05-18 11:36:13 +10:00
|
|
|
#include <spa/utils/string.h>
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2023-12-23 21:07:45 +02:00
|
|
|
SPA_LOG_TOPIC_DEFINE_STATIC(log_topic, "spa.loop");
|
|
|
|
|
|
2021-09-27 15:31:35 +10:00
|
|
|
#undef SPA_LOG_TOPIC_DEFAULT
|
|
|
|
|
#define SPA_LOG_TOPIC_DEFAULT &log_topic
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2023-12-23 21:07:45 +02:00
|
|
|
|
2022-01-03 11:14:15 +01:00
|
|
|
#define MAX_ALIGN 8
|
|
|
|
|
#define ITEM_ALIGN 8
|
|
|
|
|
#define DATAS_SIZE (4096*8)
|
2022-02-08 10:09:06 +01:00
|
|
|
#define MAX_EP 32
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
/** \cond */
|
|
|
|
|
|
|
|
|
|
struct invoke_item {
|
|
|
|
|
size_t item_size;
|
|
|
|
|
spa_invoke_func_t func;
|
|
|
|
|
uint32_t seq;
|
2024-05-08 12:21:54 +02:00
|
|
|
uint32_t count;
|
2017-06-14 16:10:07 +02:00
|
|
|
void *data;
|
2017-11-20 15:26:44 +01:00
|
|
|
size_t size;
|
2017-06-26 10:41:19 +02:00
|
|
|
bool block;
|
2017-06-14 16:10:07 +02:00
|
|
|
void *user_data;
|
2017-06-26 10:41:19 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
|
|
|
|
|
2019-06-19 18:15:04 +02:00
|
|
|
static int loop_signal_event(void *object, struct spa_source *source);
|
2017-06-26 10:41:19 +02:00
|
|
|
|
2017-06-14 16:10:07 +02:00
|
|
|
struct impl {
|
|
|
|
|
struct spa_handle handle;
|
|
|
|
|
struct spa_loop loop;
|
|
|
|
|
struct spa_loop_control control;
|
|
|
|
|
struct spa_loop_utils utils;
|
|
|
|
|
|
|
|
|
|
struct spa_log *log;
|
2019-06-04 17:07:34 +02:00
|
|
|
struct spa_system *system;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
struct spa_list source_list;
|
2022-02-18 18:36:36 +01:00
|
|
|
struct spa_list destroy_list;
|
2024-04-29 12:01:48 +02:00
|
|
|
struct spa_list queue_list;
|
2017-08-08 16:56:29 +02:00
|
|
|
struct spa_hook_list hooks_list;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2019-06-06 15:21:40 +02:00
|
|
|
int poll_fd;
|
2017-06-14 16:10:07 +02:00
|
|
|
pthread_t thread;
|
2022-02-08 10:58:36 +01:00
|
|
|
int enter_count;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-06-26 10:41:19 +02:00
|
|
|
struct spa_source *wakeup;
|
2024-04-29 12:01:48 +02:00
|
|
|
|
2024-10-21 17:08:10 +02:00
|
|
|
int tss_ref;
|
2024-04-29 15:17:45 +02:00
|
|
|
tss_t queue_tss_id;
|
|
|
|
|
pthread_mutex_t queue_lock;
|
2024-05-08 12:21:54 +02:00
|
|
|
uint32_t count;
|
|
|
|
|
uint32_t flush_count;
|
2024-04-29 12:01:48 +02:00
|
|
|
|
|
|
|
|
unsigned int polling:1;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct queue {
|
|
|
|
|
struct impl *impl;
|
|
|
|
|
struct spa_list link;
|
|
|
|
|
|
2024-10-21 17:47:31 +02:00
|
|
|
int ref;
|
|
|
|
|
|
2024-08-06 12:05:11 +02:00
|
|
|
#define QUEUE_FLAG_NONE (0)
|
|
|
|
|
#define QUEUE_FLAG_ACK_FD (1<<0)
|
2024-10-21 16:45:17 +02:00
|
|
|
#define QUEUE_FLAG_IN_TSS (1<<1)
|
2024-08-06 12:05:11 +02:00
|
|
|
uint32_t flags;
|
|
|
|
|
struct queue *overflow;
|
|
|
|
|
|
2017-06-26 10:41:19 +02:00
|
|
|
int ack_fd;
|
2023-09-30 09:29:20 +02:00
|
|
|
struct spa_ratelimit rate_limit;
|
2024-10-02 09:40:54 +02:00
|
|
|
bool destroyed;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
struct spa_ringbuffer buffer;
|
2020-12-21 20:46:13 +01:00
|
|
|
uint8_t *buffer_data;
|
2022-01-03 11:14:15 +01:00
|
|
|
uint8_t buffer_mem[DATAS_SIZE + MAX_ALIGN];
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct source_impl {
|
|
|
|
|
struct spa_source source;
|
|
|
|
|
|
|
|
|
|
struct impl *impl;
|
|
|
|
|
struct spa_list link;
|
|
|
|
|
|
|
|
|
|
union {
|
|
|
|
|
spa_source_io_func_t io;
|
|
|
|
|
spa_source_idle_func_t idle;
|
|
|
|
|
spa_source_event_func_t event;
|
|
|
|
|
spa_source_timer_func_t timer;
|
|
|
|
|
spa_source_signal_func_t signal;
|
|
|
|
|
} func;
|
2022-02-19 15:12:31 +01:00
|
|
|
|
2020-04-14 18:05:45 +02:00
|
|
|
struct spa_source *fallback;
|
2022-02-19 15:12:31 +01:00
|
|
|
|
|
|
|
|
bool close;
|
|
|
|
|
bool enabled;
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
|
|
|
|
/** \endcond */
|
|
|
|
|
|
2023-09-30 09:29:20 +02:00
|
|
|
static inline uint64_t get_time_ns(struct spa_system *system)
|
|
|
|
|
{
|
|
|
|
|
struct timespec ts;
|
|
|
|
|
spa_system_clock_gettime(system, CLOCK_MONOTONIC, &ts);
|
|
|
|
|
return SPA_TIMESPEC_TO_NSEC(&ts);
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static int loop_add_source(void *object, struct spa_source *source)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2019-05-23 15:11:49 +02:00
|
|
|
source->loop = &impl->loop;
|
2022-02-08 17:21:10 +01:00
|
|
|
source->priv = NULL;
|
2022-02-19 09:40:27 +01:00
|
|
|
source->rmask = 0;
|
2019-06-06 15:21:40 +02:00
|
|
|
return spa_system_pollfd_add(impl->system, impl->poll_fd, source->fd, source->mask, source);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static int loop_update_source(void *object, struct spa_source *source)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2022-02-19 14:12:44 +01:00
|
|
|
|
|
|
|
|
spa_assert(source->loop == &impl->loop);
|
|
|
|
|
|
2019-06-06 15:21:40 +02:00
|
|
|
return spa_system_pollfd_mod(impl->system, impl->poll_fd, source->fd, source->mask, source);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
static void detach_source(struct spa_source *source)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2022-02-08 17:21:10 +01:00
|
|
|
struct spa_poll_event *e;
|
2022-02-19 14:12:44 +01:00
|
|
|
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
source->loop = NULL;
|
|
|
|
|
source->rmask = 0;
|
2022-02-19 14:12:44 +01:00
|
|
|
|
2022-02-08 17:21:10 +01:00
|
|
|
if ((e = source->priv)) {
|
|
|
|
|
/* active in an iteration of the loop, remove it from there */
|
|
|
|
|
e->data = NULL;
|
|
|
|
|
source->priv = NULL;
|
2022-02-08 10:09:06 +01:00
|
|
|
}
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int remove_from_poll(struct impl *impl, struct spa_source *source)
|
|
|
|
|
{
|
|
|
|
|
spa_assert(source->loop == &impl->loop);
|
|
|
|
|
|
2019-06-06 15:21:40 +02:00
|
|
|
return spa_system_pollfd_del(impl->system, impl->poll_fd, source->fd);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
static int loop_remove_source(void *object, struct spa_source *source)
|
|
|
|
|
{
|
2022-03-04 16:53:26 +01:00
|
|
|
struct impl *impl = object;
|
|
|
|
|
spa_assert(!impl->polling);
|
|
|
|
|
|
|
|
|
|
int res = remove_from_poll(impl, source);
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
detach_source(source);
|
|
|
|
|
|
|
|
|
|
return res;
|
|
|
|
|
}
|
|
|
|
|
|
2024-08-06 12:05:11 +02:00
|
|
|
static struct queue *loop_create_queue(void *object, uint32_t flags)
|
|
|
|
|
{
|
|
|
|
|
struct impl *impl = object;
|
|
|
|
|
struct queue *queue;
|
|
|
|
|
int res;
|
|
|
|
|
|
|
|
|
|
queue = calloc(1, sizeof(struct queue));
|
|
|
|
|
if (queue == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
queue->impl = impl;
|
|
|
|
|
queue->flags = flags;
|
2024-10-21 17:47:31 +02:00
|
|
|
queue->ref = 1;
|
2024-08-06 12:05:11 +02:00
|
|
|
|
|
|
|
|
queue->rate_limit.interval = 2 * SPA_NSEC_PER_SEC;
|
|
|
|
|
queue->rate_limit.burst = 1;
|
|
|
|
|
|
|
|
|
|
queue->buffer_data = SPA_PTR_ALIGN(queue->buffer_mem, MAX_ALIGN, uint8_t);
|
|
|
|
|
spa_ringbuffer_init(&queue->buffer);
|
|
|
|
|
|
|
|
|
|
if (flags & QUEUE_FLAG_ACK_FD) {
|
|
|
|
|
if ((res = spa_system_eventfd_create(impl->system,
|
|
|
|
|
SPA_FD_EVENT_SEMAPHORE | SPA_FD_CLOEXEC)) < 0) {
|
|
|
|
|
spa_log_error(impl->log, "%p: can't create ack event: %s",
|
|
|
|
|
impl, spa_strerror(res));
|
|
|
|
|
goto error;
|
|
|
|
|
}
|
|
|
|
|
queue->ack_fd = res;
|
|
|
|
|
} else {
|
|
|
|
|
queue->ack_fd = -1;
|
|
|
|
|
}
|
2024-10-21 17:47:31 +02:00
|
|
|
if (flags & QUEUE_FLAG_IN_TSS)
|
|
|
|
|
queue->ref++;
|
2024-08-06 12:05:11 +02:00
|
|
|
|
|
|
|
|
pthread_mutex_lock(&impl->queue_lock);
|
|
|
|
|
spa_list_append(&impl->queue_list, &queue->link);
|
|
|
|
|
pthread_mutex_unlock(&impl->queue_lock);
|
|
|
|
|
|
|
|
|
|
spa_log_info(impl->log, "%p created queue %p", impl, queue);
|
|
|
|
|
|
|
|
|
|
return queue;
|
|
|
|
|
|
|
|
|
|
error:
|
|
|
|
|
free(queue);
|
|
|
|
|
errno = -res;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-21 17:47:31 +02:00
|
|
|
static inline void loop_queue_ref(struct queue *queue)
|
|
|
|
|
{
|
|
|
|
|
SPA_ATOMIC_INC(queue->ref);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool loop_queue_unref(struct queue *queue)
|
|
|
|
|
{
|
|
|
|
|
bool do_free;
|
|
|
|
|
struct impl *impl = queue->impl;
|
|
|
|
|
|
|
|
|
|
do_free = SPA_ATOMIC_DEC(queue->ref) == 0;
|
|
|
|
|
if (do_free) {
|
|
|
|
|
spa_log_debug(impl->log, "%p: free queue %p", impl, queue);
|
|
|
|
|
free(queue);
|
|
|
|
|
}
|
|
|
|
|
return do_free;
|
|
|
|
|
}
|
2024-08-06 12:05:11 +02:00
|
|
|
|
2024-05-08 12:21:54 +02:00
|
|
|
static inline int32_t item_compare(struct invoke_item *a, struct invoke_item *b)
|
2019-08-16 15:04:27 +02:00
|
|
|
{
|
2024-05-08 12:21:54 +02:00
|
|
|
return (int32_t)(a->count - b->count);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void flush_all_queues(struct impl *impl)
|
|
|
|
|
{
|
|
|
|
|
uint32_t flush_count;
|
2019-08-16 15:04:27 +02:00
|
|
|
int res;
|
|
|
|
|
|
2024-05-08 12:21:54 +02:00
|
|
|
pthread_mutex_lock(&impl->queue_lock);
|
|
|
|
|
flush_count = ++impl->flush_count;
|
|
|
|
|
while (true) {
|
2024-08-06 12:05:11 +02:00
|
|
|
struct queue *cqueue, *queue = NULL;
|
2024-05-08 12:21:54 +02:00
|
|
|
struct invoke_item *citem, *item = NULL;
|
|
|
|
|
uint32_t cindex, index;
|
2022-12-07 21:18:16 +01:00
|
|
|
spa_invoke_func_t func;
|
2024-05-08 12:21:54 +02:00
|
|
|
bool block;
|
2019-08-16 15:04:27 +02:00
|
|
|
|
2024-05-08 12:21:54 +02:00
|
|
|
spa_list_for_each(cqueue, &impl->queue_list, link) {
|
|
|
|
|
if (spa_ringbuffer_get_read_index(&cqueue->buffer, &cindex) <
|
|
|
|
|
(int32_t)sizeof(struct invoke_item))
|
|
|
|
|
continue;
|
|
|
|
|
citem = SPA_PTROFF(cqueue->buffer_data, cindex & (DATAS_SIZE - 1), struct invoke_item);
|
|
|
|
|
|
|
|
|
|
if (item == NULL || item_compare(citem, item) < 0) {
|
|
|
|
|
item = citem;
|
|
|
|
|
queue = cqueue;
|
|
|
|
|
index = cindex;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (item == NULL)
|
|
|
|
|
break;
|
2019-08-16 15:04:27 +02:00
|
|
|
|
2024-04-29 12:01:48 +02:00
|
|
|
spa_log_trace_fp(impl->log, "%p: flush item %p", queue, item);
|
2022-12-07 21:18:16 +01:00
|
|
|
/* first we remove the function from the item so that recursive
|
|
|
|
|
* calls don't call the callback again. We can't update the
|
|
|
|
|
* read index before we call the function because then the item
|
|
|
|
|
* might get overwritten. */
|
2024-05-08 12:21:54 +02:00
|
|
|
func = spa_steal_ptr(item->func);
|
2024-07-30 12:04:42 +02:00
|
|
|
if (func) {
|
2024-10-21 17:47:31 +02:00
|
|
|
loop_queue_ref(queue);
|
2024-07-30 12:04:42 +02:00
|
|
|
pthread_mutex_unlock(&impl->queue_lock);
|
2024-10-21 17:47:31 +02:00
|
|
|
res = func(&impl->loop, true, item->seq, item->data,
|
2022-12-07 21:18:16 +01:00
|
|
|
item->size, item->user_data);
|
2024-07-30 12:04:42 +02:00
|
|
|
pthread_mutex_lock(&impl->queue_lock);
|
2024-10-21 17:47:31 +02:00
|
|
|
if (loop_queue_unref(queue))
|
|
|
|
|
continue;
|
|
|
|
|
item->res = res;
|
2024-07-30 12:04:42 +02:00
|
|
|
}
|
2022-12-07 21:18:16 +01:00
|
|
|
|
|
|
|
|
/* if this function did a recursive invoke, it now flushed the
|
|
|
|
|
* ringbuffer and we can exit */
|
2024-05-08 12:21:54 +02:00
|
|
|
if (flush_count != impl->flush_count)
|
2022-12-07 21:18:16 +01:00
|
|
|
break;
|
|
|
|
|
|
2022-12-08 08:01:40 +01:00
|
|
|
index += item->item_size;
|
2024-05-08 12:21:54 +02:00
|
|
|
block = item->block;
|
2024-04-29 12:01:48 +02:00
|
|
|
spa_ringbuffer_read_update(&queue->buffer, index);
|
2019-08-16 15:04:27 +02:00
|
|
|
|
2024-08-06 12:05:11 +02:00
|
|
|
if (block && queue->ack_fd != -1) {
|
2024-04-29 12:01:48 +02:00
|
|
|
if ((res = spa_system_eventfd_write(impl->system, queue->ack_fd, 1)) < 0)
|
2022-11-08 15:45:55 +01:00
|
|
|
spa_log_warn(impl->log, "%p: failed to write event fd:%d: %s",
|
2024-04-29 12:01:48 +02:00
|
|
|
queue, queue->ack_fd, spa_strerror(res));
|
2019-08-16 15:04:27 +02:00
|
|
|
}
|
|
|
|
|
}
|
2024-04-29 15:17:45 +02:00
|
|
|
pthread_mutex_unlock(&impl->queue_lock);
|
2024-04-29 12:01:48 +02:00
|
|
|
}
|
|
|
|
|
|
2017-06-14 16:10:07 +02:00
|
|
|
static int
|
2024-04-29 12:01:48 +02:00
|
|
|
loop_queue_invoke(void *object,
|
2017-06-26 10:41:19 +02:00
|
|
|
spa_invoke_func_t func,
|
|
|
|
|
uint32_t seq,
|
2017-07-25 19:52:31 +02:00
|
|
|
const void *data,
|
2017-11-20 15:26:44 +01:00
|
|
|
size_t size,
|
2017-06-26 10:41:19 +02:00
|
|
|
bool block,
|
|
|
|
|
void *user_data)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2024-04-29 12:01:48 +02:00
|
|
|
struct queue *queue = object;
|
|
|
|
|
struct impl *impl = queue->impl;
|
2017-06-14 16:10:07 +02:00
|
|
|
struct invoke_item *item;
|
2024-02-05 23:16:09 +01:00
|
|
|
int res, suppressed;
|
2020-11-16 15:16:20 +01:00
|
|
|
int32_t filled;
|
|
|
|
|
uint32_t avail, idx, offset, l0;
|
2024-02-05 19:40:05 +01:00
|
|
|
size_t need;
|
2024-02-05 23:16:09 +01:00
|
|
|
uint64_t nsec;
|
2024-04-29 15:56:00 +02:00
|
|
|
bool in_thread;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2024-04-29 15:56:00 +02:00
|
|
|
in_thread = (impl->thread == 0 || pthread_equal(impl->thread, pthread_self()));
|
2022-12-08 08:01:40 +01:00
|
|
|
|
2024-02-05 19:40:05 +01:00
|
|
|
retry:
|
2024-04-29 12:01:48 +02:00
|
|
|
filled = spa_ringbuffer_get_write_index(&queue->buffer, &idx);
|
2024-02-05 19:40:05 +01:00
|
|
|
spa_assert_se(filled >= 0 && filled <= DATAS_SIZE && "queue xrun");
|
|
|
|
|
avail = (uint32_t)(DATAS_SIZE - filled);
|
2020-11-16 15:16:20 +01:00
|
|
|
if (avail < sizeof(struct invoke_item)) {
|
2024-02-05 19:40:05 +01:00
|
|
|
need = sizeof(struct invoke_item);
|
|
|
|
|
goto xrun;
|
2020-11-16 15:16:20 +01:00
|
|
|
}
|
|
|
|
|
offset = idx & (DATAS_SIZE - 1);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2021-07-19 09:53:23 +02:00
|
|
|
/* l0 is remaining size in ringbuffer, this should always be larger than
|
|
|
|
|
* invoke_item, see below */
|
2020-11-16 15:16:20 +01:00
|
|
|
l0 = DATAS_SIZE - offset;
|
|
|
|
|
|
2024-04-29 12:01:48 +02:00
|
|
|
item = SPA_PTROFF(queue->buffer_data, offset, struct invoke_item);
|
2020-11-16 15:16:20 +01:00
|
|
|
item->func = func;
|
|
|
|
|
item->seq = seq;
|
2024-05-08 12:21:54 +02:00
|
|
|
item->count = SPA_ATOMIC_INC(impl->count);
|
2020-11-16 15:16:20 +01:00
|
|
|
item->size = size;
|
2024-04-29 15:56:00 +02:00
|
|
|
item->block = in_thread ? false : block;
|
2020-11-16 15:16:20 +01:00
|
|
|
item->user_data = user_data;
|
2022-12-07 21:18:16 +01:00
|
|
|
item->res = 0;
|
2022-01-03 11:14:15 +01:00
|
|
|
item->item_size = SPA_ROUND_UP_N(sizeof(struct invoke_item) + size, ITEM_ALIGN);
|
2020-11-16 15:16:20 +01:00
|
|
|
|
2024-04-29 12:01:48 +02:00
|
|
|
spa_log_trace_fp(impl->log, "%p: add item %p filled:%d", queue, item, filled);
|
2020-11-16 15:16:20 +01:00
|
|
|
|
2021-07-19 10:12:15 +02:00
|
|
|
if (l0 >= item->item_size) {
|
2021-07-19 09:53:23 +02:00
|
|
|
/* item + size fit in current ringbuffer idx */
|
2021-05-06 13:41:44 +10:00
|
|
|
item->data = SPA_PTROFF(item, sizeof(struct invoke_item), void);
|
2021-07-19 09:53:23 +02:00
|
|
|
if (l0 < sizeof(struct invoke_item) + item->item_size) {
|
|
|
|
|
/* not enough space for next invoke_item, fill up till the end
|
|
|
|
|
* so that the next item will be at the start */
|
2020-11-16 15:16:20 +01:00
|
|
|
item->item_size = l0;
|
2021-07-19 09:53:23 +02:00
|
|
|
}
|
2020-11-16 15:16:20 +01:00
|
|
|
} else {
|
2021-07-19 09:53:23 +02:00
|
|
|
/* item does not fit, place the invoke_item at idx and start the
|
|
|
|
|
* data at the start of the ringbuffer */
|
2024-04-29 12:01:48 +02:00
|
|
|
item->data = queue->buffer_data;
|
2022-01-03 11:14:15 +01:00
|
|
|
item->item_size = SPA_ROUND_UP_N(l0 + size, ITEM_ALIGN);
|
2020-11-16 15:16:20 +01:00
|
|
|
}
|
2021-07-19 09:53:23 +02:00
|
|
|
if (avail < item->item_size) {
|
2024-02-05 19:40:05 +01:00
|
|
|
need = item->item_size;
|
|
|
|
|
goto xrun;
|
2021-07-19 09:53:23 +02:00
|
|
|
}
|
2020-12-21 20:46:13 +01:00
|
|
|
if (data && size > 0)
|
|
|
|
|
memcpy(item->data, data, size);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2024-04-29 12:01:48 +02:00
|
|
|
spa_ringbuffer_write_update(&queue->buffer, idx + item->item_size);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2024-04-29 15:56:00 +02:00
|
|
|
if (in_thread) {
|
|
|
|
|
flush_all_queues(impl);
|
|
|
|
|
res = item->res;
|
|
|
|
|
} else {
|
|
|
|
|
loop_signal_event(impl, impl->wakeup);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2024-08-06 12:05:11 +02:00
|
|
|
if (block && queue->ack_fd != -1) {
|
2024-04-29 15:56:00 +02:00
|
|
|
uint64_t count = 1;
|
2018-04-19 22:01:18 +02:00
|
|
|
|
2024-08-21 14:48:40 +02:00
|
|
|
spa_loop_control_hook_before(&impl->hooks_list);
|
|
|
|
|
|
2024-04-29 15:56:00 +02:00
|
|
|
if ((res = spa_system_eventfd_read(impl->system, queue->ack_fd, &count)) < 0)
|
|
|
|
|
spa_log_warn(impl->log, "%p: failed to read event fd:%d: %s",
|
|
|
|
|
queue, queue->ack_fd, spa_strerror(res));
|
2017-11-14 15:44:48 +01:00
|
|
|
|
2024-08-21 14:48:40 +02:00
|
|
|
spa_loop_control_hook_after(&impl->hooks_list);
|
|
|
|
|
|
2024-04-29 15:56:00 +02:00
|
|
|
res = item->res;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
if (seq != SPA_ID_INVALID)
|
|
|
|
|
res = SPA_RESULT_RETURN_ASYNC(seq);
|
|
|
|
|
else
|
|
|
|
|
res = 0;
|
|
|
|
|
}
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
return res;
|
2024-02-05 19:40:05 +01:00
|
|
|
|
|
|
|
|
xrun:
|
2024-08-06 12:05:11 +02:00
|
|
|
if (queue->overflow == NULL) {
|
|
|
|
|
nsec = get_time_ns(impl->system);
|
|
|
|
|
if ((suppressed = spa_ratelimit_test(&queue->rate_limit, nsec)) >= 0) {
|
|
|
|
|
spa_log_warn(impl->log, "%p: queue full %d, need %zd (%d suppressed)",
|
|
|
|
|
queue, avail, need, suppressed);
|
|
|
|
|
}
|
|
|
|
|
queue->overflow = loop_create_queue(impl, QUEUE_FLAG_NONE);
|
|
|
|
|
if (queue->overflow == NULL)
|
|
|
|
|
return -errno;
|
|
|
|
|
queue->overflow->ack_fd = queue->ack_fd;
|
2024-02-05 19:40:05 +01:00
|
|
|
}
|
2024-08-06 12:05:11 +02:00
|
|
|
queue = queue->overflow;
|
2024-02-05 19:40:05 +01:00
|
|
|
goto retry;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2017-08-11 19:16:30 +02:00
|
|
|
static void wakeup_func(void *data, uint64_t count)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
|
|
|
|
struct impl *impl = data;
|
2024-04-29 12:01:48 +02:00
|
|
|
flush_all_queues(impl);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void loop_queue_destroy(void *data)
|
|
|
|
|
{
|
|
|
|
|
struct queue *queue = data;
|
|
|
|
|
struct impl *impl = queue->impl;
|
2024-04-29 15:17:45 +02:00
|
|
|
|
2024-10-21 16:45:17 +02:00
|
|
|
if (SPA_ATOMIC_CAS(queue->destroyed, false, true)) {
|
2024-10-02 09:40:54 +02:00
|
|
|
pthread_mutex_lock(&impl->queue_lock);
|
|
|
|
|
spa_list_remove(&queue->link);
|
|
|
|
|
pthread_mutex_unlock(&impl->queue_lock);
|
|
|
|
|
|
|
|
|
|
if (queue->overflow)
|
|
|
|
|
loop_queue_destroy(queue->overflow);
|
|
|
|
|
|
|
|
|
|
if (queue->flags & QUEUE_FLAG_ACK_FD)
|
|
|
|
|
spa_system_close(impl->system, queue->ack_fd);
|
2024-10-21 17:47:31 +02:00
|
|
|
|
|
|
|
|
loop_queue_unref(queue);
|
2024-10-02 09:40:54 +02:00
|
|
|
}
|
2024-04-29 12:01:48 +02:00
|
|
|
}
|
|
|
|
|
|
2024-09-30 16:53:09 +02:00
|
|
|
static void loop_queue_destroy_tss(void *data)
|
|
|
|
|
{
|
2024-10-02 09:40:54 +02:00
|
|
|
struct queue *queue = data;
|
|
|
|
|
if (queue) {
|
2024-10-21 17:08:10 +02:00
|
|
|
SPA_ATOMIC_DEC(queue->impl->tss_ref);
|
2024-10-02 09:40:54 +02:00
|
|
|
loop_queue_destroy(queue);
|
2024-10-21 17:47:31 +02:00
|
|
|
loop_queue_unref(queue);
|
2024-10-02 09:40:54 +02:00
|
|
|
}
|
2024-09-30 16:53:09 +02:00
|
|
|
}
|
|
|
|
|
|
2024-04-29 15:17:45 +02:00
|
|
|
static int loop_invoke(void *object, spa_invoke_func_t func, uint32_t seq,
|
|
|
|
|
const void *data, size_t size, bool block, void *user_data)
|
|
|
|
|
{
|
|
|
|
|
struct impl *impl = object;
|
2024-10-02 09:40:54 +02:00
|
|
|
struct queue *local_queue;
|
2024-04-29 15:17:45 +02:00
|
|
|
|
2024-10-02 09:40:54 +02:00
|
|
|
local_queue = tss_get(impl->queue_tss_id);
|
|
|
|
|
if (local_queue == NULL) {
|
2024-10-21 16:45:17 +02:00
|
|
|
local_queue = loop_create_queue(impl, QUEUE_FLAG_ACK_FD | QUEUE_FLAG_IN_TSS);
|
2024-10-02 09:40:54 +02:00
|
|
|
if (local_queue == NULL)
|
2024-04-29 15:17:45 +02:00
|
|
|
return -errno;
|
2024-10-21 17:08:10 +02:00
|
|
|
SPA_ATOMIC_INC(impl->tss_ref);
|
2024-10-02 09:40:54 +02:00
|
|
|
tss_set(impl->queue_tss_id, local_queue);
|
2024-04-29 15:17:45 +02:00
|
|
|
}
|
|
|
|
|
return loop_queue_invoke(local_queue, func, seq, data, size, block, user_data);
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static int loop_get_fd(void *object)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2019-06-06 15:21:40 +02:00
|
|
|
return impl->poll_fd;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2019-05-20 16:11:23 +02:00
|
|
|
loop_add_hook(void *object,
|
|
|
|
|
struct spa_hook *hook,
|
|
|
|
|
const struct spa_loop_control_hooks *hooks,
|
|
|
|
|
void *data)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2023-05-06 00:24:05 +02:00
|
|
|
spa_return_if_fail(SPA_CALLBACK_CHECK(hooks, before, 0));
|
|
|
|
|
spa_return_if_fail(SPA_CALLBACK_CHECK(hooks, after, 0));
|
2017-08-08 16:56:29 +02:00
|
|
|
spa_hook_list_append(&impl->hooks_list, hook, hooks, data);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static void loop_enter(void *object)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2022-02-08 10:58:36 +01:00
|
|
|
pthread_t thread_id = pthread_self();
|
|
|
|
|
|
|
|
|
|
if (impl->enter_count == 0) {
|
|
|
|
|
spa_return_if_fail(impl->thread == 0);
|
|
|
|
|
impl->thread = thread_id;
|
|
|
|
|
impl->enter_count = 1;
|
|
|
|
|
} else {
|
|
|
|
|
spa_return_if_fail(impl->enter_count > 0);
|
2023-04-04 12:43:25 +02:00
|
|
|
spa_return_if_fail(pthread_equal(impl->thread, thread_id));
|
2022-02-08 10:58:36 +01:00
|
|
|
impl->enter_count++;
|
|
|
|
|
}
|
2023-05-05 17:41:13 +02:00
|
|
|
spa_log_trace_fp(impl->log, "%p: enter %p", impl, (void *) impl->thread);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static void loop_leave(void *object)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2022-02-08 10:58:36 +01:00
|
|
|
pthread_t thread_id = pthread_self();
|
|
|
|
|
|
|
|
|
|
spa_return_if_fail(impl->enter_count > 0);
|
2023-04-04 12:43:25 +02:00
|
|
|
spa_return_if_fail(pthread_equal(impl->thread, thread_id));
|
2022-02-08 10:58:36 +01:00
|
|
|
|
2023-05-05 17:41:13 +02:00
|
|
|
spa_log_trace_fp(impl->log, "%p: leave %p", impl, (void *) impl->thread);
|
2022-02-08 10:58:36 +01:00
|
|
|
|
2022-03-07 10:27:22 +01:00
|
|
|
if (--impl->enter_count == 0) {
|
2022-02-08 10:58:36 +01:00
|
|
|
impl->thread = 0;
|
2024-04-29 12:01:48 +02:00
|
|
|
flush_all_queues(impl);
|
2022-03-07 10:27:22 +01:00
|
|
|
impl->polling = false;
|
|
|
|
|
}
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2023-03-31 18:40:57 +02:00
|
|
|
static int loop_check(void *object)
|
|
|
|
|
{
|
|
|
|
|
struct impl *impl = object;
|
|
|
|
|
pthread_t thread_id = pthread_self();
|
|
|
|
|
return (impl->thread == 0 || pthread_equal(impl->thread, thread_id)) ? 1 : 0;
|
|
|
|
|
}
|
|
|
|
|
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
static inline void free_source(struct source_impl *s)
|
|
|
|
|
{
|
|
|
|
|
detach_source(&s->source);
|
|
|
|
|
free(s);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-18 18:36:36 +01:00
|
|
|
static inline void process_destroy(struct impl *impl)
|
|
|
|
|
{
|
|
|
|
|
struct source_impl *source, *tmp;
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
|
2022-02-18 18:36:36 +01:00
|
|
|
spa_list_for_each_safe(source, tmp, &impl->destroy_list, link)
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
free_source(source);
|
|
|
|
|
|
2022-02-18 18:36:36 +01:00
|
|
|
spa_list_init(&impl->destroy_list);
|
|
|
|
|
}
|
|
|
|
|
|
2022-06-01 16:36:56 +02:00
|
|
|
struct cancellation_handler_data {
|
|
|
|
|
struct spa_poll_event *ep;
|
|
|
|
|
int ep_count;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static void cancellation_handler(void *closure)
|
|
|
|
|
{
|
|
|
|
|
const struct cancellation_handler_data *data = closure;
|
|
|
|
|
|
|
|
|
|
for (int i = 0; i < data->ep_count; i++) {
|
|
|
|
|
struct spa_source *s = data->ep[i].data;
|
|
|
|
|
if (SPA_LIKELY(s)) {
|
|
|
|
|
s->rmask = 0;
|
|
|
|
|
s->priv = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-05 17:41:37 +02:00
|
|
|
static int loop_iterate_cancel(void *object, int timeout)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2022-02-08 17:21:10 +01:00
|
|
|
struct spa_poll_event ep[MAX_EP], *e;
|
2019-06-20 17:31:29 +02:00
|
|
|
int i, nfds;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-19 11:44:04 +01:00
|
|
|
impl->polling = true;
|
2020-09-16 13:20:19 +02:00
|
|
|
spa_loop_control_hook_before(&impl->hooks_list);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-21 17:28:43 +01:00
|
|
|
nfds = spa_system_pollfd_wait(impl->system, impl->poll_fd, ep, SPA_N_ELEMENTS(ep), timeout);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2020-09-16 13:20:19 +02:00
|
|
|
spa_loop_control_hook_after(&impl->hooks_list);
|
2022-02-19 11:44:04 +01:00
|
|
|
impl->polling = false;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-06-01 16:36:56 +02:00
|
|
|
struct cancellation_handler_data cdata = { ep, nfds };
|
|
|
|
|
pthread_cleanup_push(cancellation_handler, &cdata);
|
|
|
|
|
|
2017-06-14 16:10:07 +02:00
|
|
|
/* first we set all the rmasks, then call the callbacks. The reason is that
|
|
|
|
|
* some callback might also want to look at other sources it manages and
|
|
|
|
|
* can then reset the rmask to suppress the callback */
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
2019-06-06 15:21:40 +02:00
|
|
|
struct spa_source *s = ep[i].data;
|
2022-03-06 14:56:29 +01:00
|
|
|
|
|
|
|
|
spa_assert(s->loop == &impl->loop);
|
|
|
|
|
|
2022-02-08 17:21:10 +01:00
|
|
|
s->rmask = ep[i].events;
|
|
|
|
|
/* already active in another iteration of the loop,
|
|
|
|
|
* remove it from that iteration */
|
|
|
|
|
if (SPA_UNLIKELY(e = s->priv))
|
|
|
|
|
e->data = NULL;
|
|
|
|
|
s->priv = &ep[i];
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
|
|
|
|
|
if (SPA_UNLIKELY(!spa_list_is_empty(&impl->destroy_list)))
|
|
|
|
|
process_destroy(impl);
|
|
|
|
|
|
2017-06-14 16:10:07 +02:00
|
|
|
for (i = 0; i < nfds; i++) {
|
2019-06-06 15:21:40 +02:00
|
|
|
struct spa_source *s = ep[i].data;
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
if (SPA_LIKELY(s && s->rmask))
|
2017-06-14 16:10:07 +02:00
|
|
|
s->func(s);
|
2022-02-19 09:42:49 +01:00
|
|
|
}
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
|
2022-06-01 16:36:56 +02:00
|
|
|
pthread_cleanup_pop(true);
|
2022-02-18 18:36:36 +01:00
|
|
|
|
2018-06-01 11:16:53 +02:00
|
|
|
return nfds;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2023-05-05 17:41:37 +02:00
|
|
|
static int loop_iterate(void *object, int timeout)
|
|
|
|
|
{
|
|
|
|
|
struct impl *impl = object;
|
|
|
|
|
struct spa_poll_event ep[MAX_EP], *e;
|
|
|
|
|
int i, nfds;
|
|
|
|
|
|
|
|
|
|
impl->polling = true;
|
|
|
|
|
spa_loop_control_hook_before(&impl->hooks_list);
|
|
|
|
|
|
|
|
|
|
nfds = spa_system_pollfd_wait(impl->system, impl->poll_fd, ep, SPA_N_ELEMENTS(ep), timeout);
|
|
|
|
|
|
|
|
|
|
spa_loop_control_hook_after(&impl->hooks_list);
|
|
|
|
|
impl->polling = false;
|
|
|
|
|
|
|
|
|
|
/* first we set all the rmasks, then call the callbacks. The reason is that
|
|
|
|
|
* some callback might also want to look at other sources it manages and
|
|
|
|
|
* can then reset the rmask to suppress the callback */
|
|
|
|
|
for (i = 0; i < nfds; i++) {
|
|
|
|
|
struct spa_source *s = ep[i].data;
|
|
|
|
|
|
|
|
|
|
s->rmask = ep[i].events;
|
|
|
|
|
/* already active in another iteration of the loop,
|
|
|
|
|
* remove it from that iteration */
|
|
|
|
|
if (SPA_UNLIKELY(e = s->priv))
|
|
|
|
|
e->data = NULL;
|
|
|
|
|
s->priv = &ep[i];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (SPA_UNLIKELY(!spa_list_is_empty(&impl->destroy_list)))
|
|
|
|
|
process_destroy(impl);
|
|
|
|
|
|
2023-05-05 18:36:08 +02:00
|
|
|
for (i = 0; i < nfds; i++) {
|
|
|
|
|
struct spa_source *s = ep[i].data;
|
|
|
|
|
if (SPA_LIKELY(s && s->rmask))
|
|
|
|
|
s->func(s);
|
|
|
|
|
}
|
2023-05-05 17:41:37 +02:00
|
|
|
for (i = 0; i < nfds; i++) {
|
|
|
|
|
struct spa_source *s = ep[i].data;
|
|
|
|
|
if (SPA_LIKELY(s)) {
|
|
|
|
|
s->rmask = 0;
|
|
|
|
|
s->priv = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nfds;
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-14 16:10:07 +02:00
|
|
|
static void source_io_func(struct spa_source *source)
|
|
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
|
|
|
|
spa_log_trace_fp(s->impl->log, "%p: io %08x", s, source->rmask);
|
|
|
|
|
s->func.io(source->data, source->fd, source->rmask);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static struct spa_source *loop_add_io(void *object,
|
2017-06-14 16:10:07 +02:00
|
|
|
int fd,
|
2019-06-06 15:21:40 +02:00
|
|
|
uint32_t mask,
|
2017-06-14 16:10:07 +02:00
|
|
|
bool close, spa_source_io_func_t func, void *data)
|
|
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2017-06-14 16:10:07 +02:00
|
|
|
struct source_impl *source;
|
2019-06-20 17:31:29 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source = calloc(1, sizeof(struct source_impl));
|
|
|
|
|
if (source == NULL)
|
2019-06-20 17:31:29 +02:00
|
|
|
goto error_exit;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source->source.func = source_io_func;
|
|
|
|
|
source->source.data = data;
|
|
|
|
|
source->source.fd = fd;
|
|
|
|
|
source->source.mask = mask;
|
|
|
|
|
source->impl = impl;
|
|
|
|
|
source->close = close;
|
|
|
|
|
source->func.io = func;
|
|
|
|
|
|
2020-04-14 18:05:45 +02:00
|
|
|
if ((res = loop_add_source(impl, &source->source)) < 0) {
|
|
|
|
|
if (res != -EPERM)
|
|
|
|
|
goto error_exit_free;
|
|
|
|
|
|
|
|
|
|
/* file fds (stdin/stdout/...) give EPERM in epoll. Those fds always
|
|
|
|
|
* return from epoll with the mask set, so we can handle this with
|
|
|
|
|
* an idle source */
|
|
|
|
|
source->source.rmask = mask;
|
|
|
|
|
source->fallback = spa_loop_utils_add_idle(&impl->utils,
|
|
|
|
|
mask & (SPA_IO_IN | SPA_IO_OUT) ? true : false,
|
|
|
|
|
(spa_source_idle_func_t) source_io_func, source);
|
2021-09-27 15:31:35 +10:00
|
|
|
spa_log_trace(impl->log, "%p: adding fallback %p", impl,
|
2020-04-14 18:05:45 +02:00
|
|
|
source->fallback);
|
|
|
|
|
}
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
spa_list_insert(&impl->source_list, &source->link);
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
return &source->source;
|
|
|
|
|
|
|
|
|
|
error_exit_free:
|
|
|
|
|
free(source);
|
|
|
|
|
errno = -res;
|
|
|
|
|
error_exit:
|
|
|
|
|
return NULL;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-06 15:21:40 +02:00
|
|
|
static int loop_update_io(void *object, struct spa_source *source, uint32_t mask)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2020-04-14 18:05:45 +02:00
|
|
|
struct impl *impl = object;
|
|
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
|
|
|
|
int res;
|
2022-02-19 19:38:08 +01:00
|
|
|
|
2022-02-19 14:12:44 +01:00
|
|
|
spa_assert(s->impl == object);
|
2022-02-19 19:17:42 +01:00
|
|
|
spa_assert(source->func == source_io_func);
|
2022-02-19 14:12:44 +01:00
|
|
|
|
2022-02-19 19:38:08 +01:00
|
|
|
spa_log_trace(impl->log, "%p: update %08x -> %08x", s, source->mask, mask);
|
2017-06-14 16:10:07 +02:00
|
|
|
source->mask = mask;
|
2022-02-19 19:38:08 +01:00
|
|
|
|
2020-04-14 18:05:45 +02:00
|
|
|
if (s->fallback)
|
|
|
|
|
res = spa_loop_utils_enable_idle(&impl->utils, s->fallback,
|
|
|
|
|
mask & (SPA_IO_IN | SPA_IO_OUT) ? true : false);
|
|
|
|
|
else
|
|
|
|
|
res = loop_update_source(object, source);
|
|
|
|
|
return res;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void source_idle_func(struct spa_source *source)
|
|
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
|
|
|
|
s->func.idle(source->data);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-19 18:15:04 +02:00
|
|
|
static int loop_enable_idle(void *object, struct spa_source *source, bool enabled)
|
2019-05-23 15:11:49 +02:00
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
2019-06-19 18:15:04 +02:00
|
|
|
int res = 0;
|
2019-05-23 15:11:49 +02:00
|
|
|
|
2022-02-19 14:12:44 +01:00
|
|
|
spa_assert(s->impl == object);
|
2022-02-19 19:17:42 +01:00
|
|
|
spa_assert(source->func == source_idle_func);
|
2022-02-19 14:12:44 +01:00
|
|
|
|
2022-02-21 16:24:34 +01:00
|
|
|
if (enabled && !s->enabled) {
|
|
|
|
|
if ((res = spa_system_eventfd_write(s->impl->system, source->fd, 1)) < 0)
|
2022-11-08 15:45:55 +01:00
|
|
|
spa_log_warn(s->impl->log, "%p: failed to write idle fd:%d: %s",
|
2019-06-04 17:07:34 +02:00
|
|
|
source, source->fd, spa_strerror(res));
|
2022-02-21 16:24:34 +01:00
|
|
|
} else if (!enabled && s->enabled) {
|
2019-06-04 17:07:34 +02:00
|
|
|
uint64_t count;
|
2022-02-21 16:24:34 +01:00
|
|
|
if ((res = spa_system_eventfd_read(s->impl->system, source->fd, &count)) < 0)
|
2022-11-08 15:45:55 +01:00
|
|
|
spa_log_warn(s->impl->log, "%p: failed to read idle fd:%d: %s",
|
2019-06-04 17:07:34 +02:00
|
|
|
source, source->fd, spa_strerror(res));
|
2019-05-23 15:11:49 +02:00
|
|
|
}
|
2022-02-21 16:24:34 +01:00
|
|
|
s->enabled = enabled;
|
2019-06-19 18:15:04 +02:00
|
|
|
return res;
|
2019-05-23 15:11:49 +02:00
|
|
|
}
|
2020-04-14 18:05:45 +02:00
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static struct spa_source *loop_add_idle(void *object,
|
2017-06-14 16:10:07 +02:00
|
|
|
bool enabled, spa_source_idle_func_t func, void *data)
|
|
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2017-06-14 16:10:07 +02:00
|
|
|
struct source_impl *source;
|
2019-06-20 17:31:29 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source = calloc(1, sizeof(struct source_impl));
|
|
|
|
|
if (source == NULL)
|
2019-06-20 17:31:29 +02:00
|
|
|
goto error_exit;
|
|
|
|
|
|
|
|
|
|
if ((res = spa_system_eventfd_create(impl->system, SPA_FD_CLOEXEC | SPA_FD_NONBLOCK)) < 0)
|
|
|
|
|
goto error_exit_free;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source->source.func = source_idle_func;
|
|
|
|
|
source->source.data = data;
|
2019-06-20 17:31:29 +02:00
|
|
|
source->source.fd = res;
|
2017-06-14 16:10:07 +02:00
|
|
|
source->impl = impl;
|
|
|
|
|
source->close = true;
|
|
|
|
|
source->source.mask = SPA_IO_IN;
|
|
|
|
|
source->func.idle = func;
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
if ((res = loop_add_source(impl, &source->source)) < 0)
|
|
|
|
|
goto error_exit_close;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
spa_list_insert(&impl->source_list, &source->link);
|
|
|
|
|
|
|
|
|
|
if (enabled)
|
2019-05-23 15:11:49 +02:00
|
|
|
loop_enable_idle(impl, &source->source, true);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
return &source->source;
|
2019-06-07 10:11:23 +02:00
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
error_exit_close:
|
|
|
|
|
spa_system_close(impl->system, source->source.fd);
|
|
|
|
|
error_exit_free:
|
2019-06-07 10:11:23 +02:00
|
|
|
free(source);
|
2019-06-20 17:31:29 +02:00
|
|
|
errno = -res;
|
|
|
|
|
error_exit:
|
|
|
|
|
return NULL;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void source_event_func(struct spa_source *source)
|
|
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
2021-03-27 19:23:34 +01:00
|
|
|
uint64_t count = 0;
|
2019-06-04 17:07:34 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-12-01 19:52:23 +01:00
|
|
|
if ((res = spa_system_eventfd_read(s->impl->system, source->fd, &count)) < 0) {
|
|
|
|
|
if (res != -EAGAIN)
|
|
|
|
|
spa_log_warn(s->impl->log, "%p: failed to read event fd:%d: %s",
|
|
|
|
|
source, source->fd, spa_strerror(res));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2022-02-21 16:24:34 +01:00
|
|
|
s->func.event(source->data, count);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static struct spa_source *loop_add_event(void *object,
|
2017-06-14 16:10:07 +02:00
|
|
|
spa_source_event_func_t func, void *data)
|
|
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2017-06-14 16:10:07 +02:00
|
|
|
struct source_impl *source;
|
2019-06-20 17:31:29 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source = calloc(1, sizeof(struct source_impl));
|
|
|
|
|
if (source == NULL)
|
2019-06-20 17:31:29 +02:00
|
|
|
goto error_exit;
|
|
|
|
|
|
|
|
|
|
if ((res = spa_system_eventfd_create(impl->system, SPA_FD_CLOEXEC | SPA_FD_NONBLOCK)) < 0)
|
|
|
|
|
goto error_exit_free;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source->source.func = source_event_func;
|
|
|
|
|
source->source.data = data;
|
2019-06-20 17:31:29 +02:00
|
|
|
source->source.fd = res;
|
2017-06-14 16:10:07 +02:00
|
|
|
source->source.mask = SPA_IO_IN;
|
|
|
|
|
source->impl = impl;
|
|
|
|
|
source->close = true;
|
|
|
|
|
source->func.event = func;
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
if ((res = loop_add_source(impl, &source->source)) < 0)
|
|
|
|
|
goto error_exit_close;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
spa_list_insert(&impl->source_list, &source->link);
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
return &source->source;
|
2019-06-07 10:11:23 +02:00
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
error_exit_close:
|
|
|
|
|
spa_system_close(impl->system, source->source.fd);
|
|
|
|
|
error_exit_free:
|
2019-06-07 10:11:23 +02:00
|
|
|
free(source);
|
2019-06-20 17:31:29 +02:00
|
|
|
errno = -res;
|
|
|
|
|
error_exit:
|
|
|
|
|
return NULL;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-06-19 18:15:04 +02:00
|
|
|
static int loop_signal_event(void *object, struct spa_source *source)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
2019-06-04 17:07:34 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-19 14:12:44 +01:00
|
|
|
spa_assert(s->impl == object);
|
2022-02-19 19:17:42 +01:00
|
|
|
spa_assert(source->func == source_event_func);
|
2022-02-19 14:12:44 +01:00
|
|
|
|
2022-02-21 16:24:34 +01:00
|
|
|
if (SPA_UNLIKELY((res = spa_system_eventfd_write(s->impl->system, source->fd, 1)) < 0))
|
2022-11-08 15:45:55 +01:00
|
|
|
spa_log_warn(s->impl->log, "%p: failed to write event fd:%d: %s",
|
2019-06-04 17:07:34 +02:00
|
|
|
source, source->fd, spa_strerror(res));
|
2019-06-19 18:15:04 +02:00
|
|
|
return res;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void source_timer_func(struct spa_source *source)
|
|
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
2021-03-27 19:23:34 +01:00
|
|
|
uint64_t expirations = 0;
|
2019-06-04 17:07:34 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-21 16:24:34 +01:00
|
|
|
if (SPA_UNLIKELY((res = spa_system_timerfd_read(s->impl->system,
|
2022-12-01 19:52:23 +01:00
|
|
|
source->fd, &expirations)) < 0)) {
|
|
|
|
|
if (res != -EAGAIN)
|
|
|
|
|
spa_log_warn(s->impl->log, "%p: failed to read timer fd:%d: %s",
|
|
|
|
|
source, source->fd, spa_strerror(res));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2022-02-21 16:24:34 +01:00
|
|
|
s->func.timer(source->data, expirations);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static struct spa_source *loop_add_timer(void *object,
|
2017-06-14 16:10:07 +02:00
|
|
|
spa_source_timer_func_t func, void *data)
|
|
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2017-06-14 16:10:07 +02:00
|
|
|
struct source_impl *source;
|
2019-06-20 17:31:29 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source = calloc(1, sizeof(struct source_impl));
|
|
|
|
|
if (source == NULL)
|
2019-06-20 17:31:29 +02:00
|
|
|
goto error_exit;
|
|
|
|
|
|
|
|
|
|
if ((res = spa_system_timerfd_create(impl->system, CLOCK_MONOTONIC,
|
|
|
|
|
SPA_FD_CLOEXEC | SPA_FD_NONBLOCK)) < 0)
|
|
|
|
|
goto error_exit_free;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source->source.func = source_timer_func;
|
|
|
|
|
source->source.data = data;
|
2019-06-20 17:31:29 +02:00
|
|
|
source->source.fd = res;
|
2017-06-14 16:10:07 +02:00
|
|
|
source->source.mask = SPA_IO_IN;
|
|
|
|
|
source->impl = impl;
|
|
|
|
|
source->close = true;
|
|
|
|
|
source->func.timer = func;
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
if ((res = loop_add_source(impl, &source->source)) < 0)
|
|
|
|
|
goto error_exit_close;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
spa_list_insert(&impl->source_list, &source->link);
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
return &source->source;
|
2019-06-07 10:11:23 +02:00
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
error_exit_close:
|
|
|
|
|
spa_system_close(impl->system, source->source.fd);
|
|
|
|
|
error_exit_free:
|
2019-06-07 10:11:23 +02:00
|
|
|
free(source);
|
2019-06-20 17:31:29 +02:00
|
|
|
errno = -res;
|
|
|
|
|
error_exit:
|
|
|
|
|
return NULL;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int
|
2019-05-20 16:11:23 +02:00
|
|
|
loop_update_timer(void *object, struct spa_source *source,
|
2017-06-14 16:10:07 +02:00
|
|
|
struct timespec *value, struct timespec *interval, bool absolute)
|
|
|
|
|
{
|
2022-02-19 14:12:44 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
2017-06-14 16:10:07 +02:00
|
|
|
struct itimerspec its;
|
2019-06-20 17:31:29 +02:00
|
|
|
int flags = 0, res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-19 14:12:44 +01:00
|
|
|
spa_assert(s->impl == object);
|
2022-02-19 19:17:42 +01:00
|
|
|
spa_assert(source->func == source_timer_func);
|
2022-02-19 14:12:44 +01:00
|
|
|
|
2017-06-14 16:10:07 +02:00
|
|
|
spa_zero(its);
|
2020-03-16 12:52:28 +01:00
|
|
|
if (SPA_LIKELY(value)) {
|
2017-06-14 16:10:07 +02:00
|
|
|
its.it_value = *value;
|
|
|
|
|
} else if (interval) {
|
2024-06-28 16:49:59 -07:00
|
|
|
// timer initially fires after one interval
|
2017-06-14 16:10:07 +02:00
|
|
|
its.it_value = *interval;
|
2024-06-28 16:49:59 -07:00
|
|
|
absolute = false;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
2020-03-16 12:52:28 +01:00
|
|
|
if (SPA_UNLIKELY(interval))
|
2017-06-14 16:10:07 +02:00
|
|
|
its.it_interval = *interval;
|
2020-03-16 12:52:28 +01:00
|
|
|
if (SPA_LIKELY(absolute))
|
2019-06-04 17:07:34 +02:00
|
|
|
flags |= SPA_FD_TIMER_ABSTIME;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-19 14:12:44 +01:00
|
|
|
if (SPA_UNLIKELY((res = spa_system_timerfd_settime(s->impl->system, source->fd, flags, &its, NULL)) < 0))
|
2019-06-20 17:31:29 +02:00
|
|
|
return res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
return 0;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void source_signal_func(struct spa_source *source)
|
|
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
2021-03-27 19:23:34 +01:00
|
|
|
int res, signal_number = 0;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-12-01 19:52:23 +01:00
|
|
|
if ((res = spa_system_signalfd_read(s->impl->system, source->fd, &signal_number)) < 0) {
|
|
|
|
|
if (res != -EAGAIN)
|
|
|
|
|
spa_log_warn(s->impl->log, "%p: failed to read signal fd:%d: %s",
|
|
|
|
|
source, source->fd, spa_strerror(res));
|
|
|
|
|
return;
|
|
|
|
|
}
|
2022-02-21 16:24:34 +01:00
|
|
|
s->func.signal(source->data, signal_number);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static struct spa_source *loop_add_signal(void *object,
|
2017-06-14 16:10:07 +02:00
|
|
|
int signal_number,
|
|
|
|
|
spa_source_signal_func_t func, void *data)
|
|
|
|
|
{
|
2019-05-20 16:11:23 +02:00
|
|
|
struct impl *impl = object;
|
2017-06-14 16:10:07 +02:00
|
|
|
struct source_impl *source;
|
2019-06-20 17:31:29 +02:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source = calloc(1, sizeof(struct source_impl));
|
|
|
|
|
if (source == NULL)
|
2019-06-20 17:31:29 +02:00
|
|
|
goto error_exit;
|
|
|
|
|
|
|
|
|
|
if ((res = spa_system_signalfd_create(impl->system,
|
|
|
|
|
signal_number, SPA_FD_CLOEXEC | SPA_FD_NONBLOCK)) < 0)
|
|
|
|
|
goto error_exit_free;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
source->source.func = source_signal_func;
|
|
|
|
|
source->source.data = data;
|
2019-06-20 17:31:29 +02:00
|
|
|
source->source.fd = res;
|
2017-06-14 16:10:07 +02:00
|
|
|
source->source.mask = SPA_IO_IN;
|
|
|
|
|
source->impl = impl;
|
|
|
|
|
source->close = true;
|
|
|
|
|
source->func.signal = func;
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
if ((res = loop_add_source(impl, &source->source)) < 0)
|
|
|
|
|
goto error_exit_close;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
spa_list_insert(&impl->source_list, &source->link);
|
|
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
return &source->source;
|
2019-06-07 10:11:23 +02:00
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
error_exit_close:
|
|
|
|
|
spa_system_close(impl->system, source->source.fd);
|
|
|
|
|
error_exit_free:
|
2019-06-07 10:11:23 +02:00
|
|
|
free(source);
|
2019-06-20 17:31:29 +02:00
|
|
|
errno = -res;
|
|
|
|
|
error_exit:
|
|
|
|
|
return NULL;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static void loop_destroy_source(void *object, struct spa_source *source)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2022-02-21 16:24:34 +01:00
|
|
|
struct source_impl *s = SPA_CONTAINER_OF(source, struct source_impl, source);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-19 14:12:44 +01:00
|
|
|
spa_assert(s->impl == object);
|
|
|
|
|
|
2022-02-21 16:24:34 +01:00
|
|
|
spa_log_trace(s->impl->log, "%p ", s);
|
2020-04-14 18:05:45 +02:00
|
|
|
|
2022-02-21 16:24:34 +01:00
|
|
|
spa_list_remove(&s->link);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-21 16:24:34 +01:00
|
|
|
if (s->fallback)
|
|
|
|
|
loop_destroy_source(s->impl, s->fallback);
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
else
|
|
|
|
|
remove_from_poll(s->impl, source);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2022-02-21 16:24:34 +01:00
|
|
|
if (source->fd != -1 && s->close) {
|
|
|
|
|
spa_system_close(s->impl->system, source->fd);
|
2017-08-08 16:56:29 +02:00
|
|
|
source->fd = -1;
|
|
|
|
|
}
|
spa: support: loop: fix use-after-free when loop is reentered
The core of the issue is the following: what happens if an
active source is destroyed before it could be dispatched?
For loop-managed sources (`struct source_impl`) this was addressed
by storing all destroyed sources in a list, and only freeing them
after dispatching has been finished. (0eb73f0f06a2e40362990080007db295141f6f1f)
This approach works for both strictly single-threaded
and `pw_thread_loop` loops assuming the loop is not
reentered.
However, if the loop is reentered, there can still be issues.
Assume that in one iteration sources A and B are active,
and returned from the system call, and source B is destroyed
before the loop starts dispatching. Consider what happens when
"A" is dispatched first, and it reenters the loop with timeout 0.
Imagine there are no new events, so `loop_iterate()` will immediately
return, but it will first destroy everything in the destroy list
(this is done at the end of `loop_iterate()`).
And herein lies the problem. In the previous iteration,
there exists a `spa_poll_event` object which points to source "B",
but that has just been destroyed at the end of the recursive
iteration. This will trigger a use-after-free once the previous
iteration inspects it.
Fix that by processing the destroy list right after first
processing the returned `spa_poll_event` objects, and
"detach" the source from the loop and its iterations
in `process_destroy()` before the source is destroyed.
See #2114 #2147
2022-02-19 13:31:01 +01:00
|
|
|
|
|
|
|
|
if (!s->impl->polling)
|
|
|
|
|
free_source(s);
|
|
|
|
|
else
|
|
|
|
|
spa_list_insert(&s->impl->destroy_list, &s->link);
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static const struct spa_loop_methods impl_loop = {
|
|
|
|
|
SPA_VERSION_LOOP_METHODS,
|
|
|
|
|
.add_source = loop_add_source,
|
|
|
|
|
.update_source = loop_update_source,
|
|
|
|
|
.remove_source = loop_remove_source,
|
|
|
|
|
.invoke = loop_invoke,
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
|
|
|
|
|
2023-05-05 17:41:37 +02:00
|
|
|
static const struct spa_loop_control_methods impl_loop_control_cancel = {
|
|
|
|
|
SPA_VERSION_LOOP_CONTROL_METHODS,
|
|
|
|
|
.get_fd = loop_get_fd,
|
|
|
|
|
.add_hook = loop_add_hook,
|
|
|
|
|
.enter = loop_enter,
|
|
|
|
|
.leave = loop_leave,
|
|
|
|
|
.iterate = loop_iterate_cancel,
|
|
|
|
|
.check = loop_check,
|
|
|
|
|
};
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static const struct spa_loop_control_methods impl_loop_control = {
|
|
|
|
|
SPA_VERSION_LOOP_CONTROL_METHODS,
|
|
|
|
|
.get_fd = loop_get_fd,
|
|
|
|
|
.add_hook = loop_add_hook,
|
|
|
|
|
.enter = loop_enter,
|
|
|
|
|
.leave = loop_leave,
|
|
|
|
|
.iterate = loop_iterate,
|
2023-03-31 18:40:57 +02:00
|
|
|
.check = loop_check,
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
|
|
|
|
|
2019-05-20 16:11:23 +02:00
|
|
|
static const struct spa_loop_utils_methods impl_loop_utils = {
|
|
|
|
|
SPA_VERSION_LOOP_UTILS_METHODS,
|
|
|
|
|
.add_io = loop_add_io,
|
|
|
|
|
.update_io = loop_update_io,
|
|
|
|
|
.add_idle = loop_add_idle,
|
|
|
|
|
.enable_idle = loop_enable_idle,
|
|
|
|
|
.add_event = loop_add_event,
|
|
|
|
|
.signal_event = loop_signal_event,
|
|
|
|
|
.add_timer = loop_add_timer,
|
|
|
|
|
.update_timer = loop_update_timer,
|
|
|
|
|
.add_signal = loop_add_signal,
|
|
|
|
|
.destroy_source = loop_destroy_source,
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
|
|
|
|
|
2019-12-19 13:15:10 +01:00
|
|
|
static int impl_get_interface(struct spa_handle *handle, const char *type, void **interface)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
|
|
|
|
struct impl *impl;
|
|
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
spa_return_val_if_fail(handle != NULL, -EINVAL);
|
|
|
|
|
spa_return_val_if_fail(interface != NULL, -EINVAL);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
impl = (struct impl *) handle;
|
|
|
|
|
|
2021-05-18 11:36:13 +10:00
|
|
|
if (spa_streq(type, SPA_TYPE_INTERFACE_Loop))
|
2017-06-14 16:10:07 +02:00
|
|
|
*interface = &impl->loop;
|
2021-05-18 11:36:13 +10:00
|
|
|
else if (spa_streq(type, SPA_TYPE_INTERFACE_LoopControl))
|
2017-06-14 16:10:07 +02:00
|
|
|
*interface = &impl->control;
|
2021-05-18 11:36:13 +10:00
|
|
|
else if (spa_streq(type, SPA_TYPE_INTERFACE_LoopUtils))
|
2017-06-14 16:10:07 +02:00
|
|
|
*interface = &impl->utils;
|
2019-12-19 13:15:10 +01:00
|
|
|
else
|
2017-11-13 09:41:41 +01:00
|
|
|
return -ENOENT;
|
2019-12-19 13:15:10 +01:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
return 0;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int impl_clear(struct spa_handle *handle)
|
|
|
|
|
{
|
|
|
|
|
struct impl *impl;
|
2018-09-25 13:05:13 +02:00
|
|
|
struct source_impl *source;
|
2024-04-29 12:01:48 +02:00
|
|
|
struct queue *queue;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
spa_return_val_if_fail(handle != NULL, -EINVAL);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
impl = (struct impl *) handle;
|
|
|
|
|
|
2022-11-08 15:45:55 +01:00
|
|
|
if (impl->enter_count != 0 || impl->polling)
|
|
|
|
|
spa_log_warn(impl->log, "%p: loop is entered %d times polling:%d",
|
|
|
|
|
impl, impl->enter_count, impl->polling);
|
2022-03-05 22:00:18 +01:00
|
|
|
|
2018-09-25 13:05:13 +02:00
|
|
|
spa_list_consume(source, &impl->source_list, link)
|
2019-05-20 16:11:23 +02:00
|
|
|
loop_destroy_source(impl, &source->source);
|
2024-04-29 12:01:48 +02:00
|
|
|
spa_list_consume(queue, &impl->queue_list, link)
|
|
|
|
|
loop_queue_destroy(queue);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2024-10-02 09:18:14 +02:00
|
|
|
/* free the tss from this thread if any */
|
2024-10-02 09:40:54 +02:00
|
|
|
loop_queue_destroy_tss(tss_get(impl->queue_tss_id));
|
2024-10-02 09:18:14 +02:00
|
|
|
|
2019-06-06 15:21:40 +02:00
|
|
|
spa_system_close(impl->system, impl->poll_fd);
|
2024-04-29 15:17:45 +02:00
|
|
|
pthread_mutex_destroy(&impl->queue_lock);
|
2024-10-21 17:08:10 +02:00
|
|
|
|
|
|
|
|
if (SPA_ATOMIC_DEC(impl->tss_ref) != 0)
|
|
|
|
|
spa_log_warn(impl->log, "%p: loop still has %d queues in TSS",
|
|
|
|
|
impl, impl->tss_ref);
|
2024-04-29 15:17:45 +02:00
|
|
|
tss_delete(impl->queue_tss_id);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
return 0;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2018-04-09 10:06:17 +02:00
|
|
|
static size_t
|
|
|
|
|
impl_get_size(const struct spa_handle_factory *factory,
|
|
|
|
|
const struct spa_dict *params)
|
|
|
|
|
{
|
|
|
|
|
return sizeof(struct impl);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-29 15:17:45 +02:00
|
|
|
#define CHECK(expression,label) \
|
|
|
|
|
do { \
|
|
|
|
|
if ((errno = (expression)) != 0) { \
|
|
|
|
|
res = -errno; \
|
|
|
|
|
spa_log_error(impl->log, #expression ": %s", strerror(errno)); \
|
|
|
|
|
goto label; \
|
|
|
|
|
} \
|
|
|
|
|
} while(false);
|
|
|
|
|
|
2017-06-14 16:10:07 +02:00
|
|
|
static int
|
|
|
|
|
impl_init(const struct spa_handle_factory *factory,
|
|
|
|
|
struct spa_handle *handle,
|
|
|
|
|
const struct spa_dict *info,
|
|
|
|
|
const struct spa_support *support,
|
|
|
|
|
uint32_t n_support)
|
|
|
|
|
{
|
|
|
|
|
struct impl *impl;
|
2023-05-05 17:41:37 +02:00
|
|
|
const char *str;
|
2024-04-29 15:17:45 +02:00
|
|
|
pthread_mutexattr_t attr;
|
2019-06-18 10:47:12 -04:00
|
|
|
int res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
spa_return_val_if_fail(factory != NULL, -EINVAL);
|
|
|
|
|
spa_return_val_if_fail(handle != NULL, -EINVAL);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
handle->get_interface = impl_get_interface;
|
|
|
|
|
handle->clear = impl_clear;
|
|
|
|
|
|
|
|
|
|
impl = (struct impl *) handle;
|
2019-05-20 16:11:23 +02:00
|
|
|
impl->loop.iface = SPA_INTERFACE_INIT(
|
|
|
|
|
SPA_TYPE_INTERFACE_Loop,
|
|
|
|
|
SPA_VERSION_LOOP,
|
|
|
|
|
&impl_loop, impl);
|
|
|
|
|
impl->control.iface = SPA_INTERFACE_INIT(
|
|
|
|
|
SPA_TYPE_INTERFACE_LoopControl,
|
|
|
|
|
SPA_VERSION_LOOP_CONTROL,
|
|
|
|
|
&impl_loop_control, impl);
|
|
|
|
|
impl->utils.iface = SPA_INTERFACE_INIT(
|
|
|
|
|
SPA_TYPE_INTERFACE_LoopUtils,
|
|
|
|
|
SPA_VERSION_LOOP_UTILS,
|
|
|
|
|
&impl_loop_utils, impl);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2023-05-05 17:41:37 +02:00
|
|
|
if (info) {
|
|
|
|
|
if ((str = spa_dict_lookup(info, "loop.cancel")) != NULL &&
|
|
|
|
|
spa_atob(str))
|
|
|
|
|
impl->control.iface.cb.funcs = &impl_loop_control_cancel;
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-29 15:17:45 +02:00
|
|
|
CHECK(pthread_mutexattr_init(&attr), error_exit);
|
|
|
|
|
CHECK(pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE), error_exit);
|
|
|
|
|
CHECK(pthread_mutex_init(&impl->queue_lock, &attr), error_exit);
|
|
|
|
|
|
2019-12-19 13:15:10 +01:00
|
|
|
impl->log = spa_support_find(support, n_support, SPA_TYPE_INTERFACE_Log);
|
2021-09-27 15:31:35 +10:00
|
|
|
spa_log_topic_init(impl->log, &log_topic);
|
2019-12-19 13:15:10 +01:00
|
|
|
impl->system = spa_support_find(support, n_support, SPA_TYPE_INTERFACE_System);
|
|
|
|
|
|
2019-06-06 15:21:40 +02:00
|
|
|
if (impl->system == NULL) {
|
2021-09-27 15:31:35 +10:00
|
|
|
spa_log_error(impl->log, "%p: a System is needed", impl);
|
2019-06-18 10:47:12 -04:00
|
|
|
res = -EINVAL;
|
2024-04-29 15:17:45 +02:00
|
|
|
goto error_exit_free_mutex;
|
2019-06-06 15:21:40 +02:00
|
|
|
}
|
2019-06-20 17:31:29 +02:00
|
|
|
if ((res = spa_system_pollfd_create(impl->system, SPA_FD_CLOEXEC)) < 0) {
|
2021-09-27 15:31:35 +10:00
|
|
|
spa_log_error(impl->log, "%p: can't create pollfd: %s",
|
2019-06-20 17:31:29 +02:00
|
|
|
impl, spa_strerror(res));
|
2024-04-29 15:17:45 +02:00
|
|
|
goto error_exit_free_mutex;
|
2019-06-18 10:47:12 -04:00
|
|
|
}
|
2019-06-20 17:31:29 +02:00
|
|
|
impl->poll_fd = res;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
|
|
|
|
spa_list_init(&impl->source_list);
|
2024-04-29 12:01:48 +02:00
|
|
|
spa_list_init(&impl->queue_list);
|
2022-02-18 18:36:36 +01:00
|
|
|
spa_list_init(&impl->destroy_list);
|
2017-08-08 16:56:29 +02:00
|
|
|
spa_hook_list_init(&impl->hooks_list);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2019-05-23 15:11:49 +02:00
|
|
|
impl->wakeup = loop_add_event(impl, wakeup_func, impl);
|
2019-06-18 10:47:12 -04:00
|
|
|
if (impl->wakeup == NULL) {
|
|
|
|
|
res = -errno;
|
2021-09-27 15:31:35 +10:00
|
|
|
spa_log_error(impl->log, "%p: can't create wakeup event: %m", impl);
|
2019-06-20 17:31:29 +02:00
|
|
|
goto error_exit_free_poll;
|
2019-06-18 10:47:12 -04:00
|
|
|
}
|
2024-04-29 12:01:48 +02:00
|
|
|
|
2024-09-30 16:53:09 +02:00
|
|
|
if (tss_create(&impl->queue_tss_id, (tss_dtor_t)loop_queue_destroy_tss) != thrd_success) {
|
2024-04-29 12:01:48 +02:00
|
|
|
res = -errno;
|
2024-04-29 15:17:45 +02:00
|
|
|
spa_log_error(impl->log, "%p: can't create tss: %m", impl);
|
2019-06-20 17:31:29 +02:00
|
|
|
goto error_exit_free_wakeup;
|
2019-06-18 10:47:12 -04:00
|
|
|
}
|
2024-10-21 17:08:10 +02:00
|
|
|
impl->tss_ref = 1;
|
2024-04-29 15:17:45 +02:00
|
|
|
|
2021-09-27 15:31:35 +10:00
|
|
|
spa_log_debug(impl->log, "%p: initialized", impl);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
return 0;
|
2019-06-18 10:47:12 -04:00
|
|
|
|
2019-06-20 17:31:29 +02:00
|
|
|
error_exit_free_wakeup:
|
2019-06-18 10:47:12 -04:00
|
|
|
loop_destroy_source(impl, impl->wakeup);
|
2019-06-20 17:31:29 +02:00
|
|
|
error_exit_free_poll:
|
2019-06-18 10:47:12 -04:00
|
|
|
spa_system_close(impl->system, impl->poll_fd);
|
2024-04-29 15:17:45 +02:00
|
|
|
error_exit_free_mutex:
|
|
|
|
|
pthread_mutex_destroy(&impl->queue_lock);
|
2019-06-20 17:31:29 +02:00
|
|
|
error_exit:
|
2019-06-18 10:47:12 -04:00
|
|
|
return res;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const struct spa_interface_info impl_interfaces[] = {
|
2018-08-27 15:03:11 +02:00
|
|
|
{SPA_TYPE_INTERFACE_Loop,},
|
|
|
|
|
{SPA_TYPE_INTERFACE_LoopControl,},
|
|
|
|
|
{SPA_TYPE_INTERFACE_LoopUtils,},
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
impl_enum_interface_info(const struct spa_handle_factory *factory,
|
|
|
|
|
const struct spa_interface_info **info,
|
2017-11-13 09:41:41 +01:00
|
|
|
uint32_t *index)
|
2017-06-14 16:10:07 +02:00
|
|
|
{
|
2017-11-13 09:41:41 +01:00
|
|
|
spa_return_val_if_fail(factory != NULL, -EINVAL);
|
|
|
|
|
spa_return_val_if_fail(info != NULL, -EINVAL);
|
|
|
|
|
spa_return_val_if_fail(index != NULL, -EINVAL);
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
if (*index >= SPA_N_ELEMENTS(impl_interfaces))
|
|
|
|
|
return 0;
|
2017-06-14 16:10:07 +02:00
|
|
|
|
2017-11-13 09:41:41 +01:00
|
|
|
*info = &impl_interfaces[(*index)++];
|
|
|
|
|
return 1;
|
2017-06-14 16:10:07 +02:00
|
|
|
}
|
|
|
|
|
|
2019-02-06 11:38:12 +01:00
|
|
|
const struct spa_handle_factory spa_support_loop_factory = {
|
2017-06-14 18:32:39 +02:00
|
|
|
SPA_VERSION_HANDLE_FACTORY,
|
2019-06-21 13:31:34 +02:00
|
|
|
SPA_NAME_SUPPORT_LOOP,
|
2017-06-14 16:10:07 +02:00
|
|
|
NULL,
|
2018-04-09 10:06:17 +02:00
|
|
|
impl_get_size,
|
2017-06-14 16:10:07 +02:00
|
|
|
impl_init,
|
2017-06-14 18:32:39 +02:00
|
|
|
impl_enum_interface_info
|
2017-06-14 16:10:07 +02:00
|
|
|
};
|
