When we receive a message with fds and we are at the end of the
buffer, we will call clear_buffer, which moves the next fds over the
fds of this message before we copy the fds into the message. This
results in the fd being leaked and the message using the fd of the next
message instead.
Avoid this by first copying the fds into the message and then move the
new ones over the old ones.
This fixes some wrong fds being used by clients.
Add spa_json_begin_array/object to replace
spa_json_init+spa_json_begin_array/object
This function is better because it does not waste a useless spa_json
structure as an iterator. The relaxed versions also error out when the
container is mismatched because parsing a mismatched container is not
going to give any results anyway.
Add a new extension that can create a server on a user provided socket
with user provided security properties.
This is mainly used in flatpaks that want to create and bind a pipewire
socket with specific permissions for the flatpak app.
The flatpak will also provide an fd that will be closed when the server
can be removed.
Add a function to check if a specfic custom log level has been defined
for a topic.
We can use this to dynamically check if we need to do the connection debug
messages.
We can also get rid of the conn.* pattern hack to disable connection
messages by default.
Allow PIPEWIRE_REMOTE / PW_KEY_REMOTE_NAME to contain a JSON array of
sockets to try to connect to, in order, instead of just one name.
JSON is restricted to utf-8 encoding. Also, this forces using JSON
syntax for paths that start with '['. This probably will not usually
cause much problem.
Remove some includes of private.h
Add some methods to get the mempool of client and context so that we can
remove direct access.
Move some things around.
Use methods to get pw_loop variables.
See #3243
When we consumed all the buffer data, don't clear all the fds but only
those that were already consumed in the message. It is possible that we
already have fds for the next message and we don't want to discard
those.
Fixes some intermittend memory map errors.
Emit both the bound_id and bound_props events from the protocol on
the core_resource.
Doing the dispatching of the bound_id/bound_props in the core to the
proxy doesn't handle the case where the client has a listener directly
on the core_resource.
Fixes#3109
this event extends the bound_id event and sends the global properties as
well.
This can be used to get the object.serial, for example.
It can also be used in the future to let the server generate unique
property values, like the node.name, and let the client know about the
new property value.
Always first use the env var and then check the properties. So that
PIPEWIRE_CORE=pipewire-1 PIPEWIRE_REMOTE=pipewire-1 make run runs
everything on pipewire-1 sockets regardless of the config files.
Also PIPEWIRE_NODE always needs to be taken into account first.
This fixes several integer overflow problems in the POD parser, as well
as fixing a returns-twice warning from GCC and integer truncation
problems in SPA_FLAG_CLEAR and SPA_ROUND_DOWN_N. The integer overflows
can result in a tiny POD being treated as a huge one, causing
out-of-bounds reads.
We use the done event to send the object serial to the client. Use an
invalid object id for this and filter it out on the receiver or else
the client might get an unexpected done event.
Fixes#2253
Not all clients have an existing registry, and the registry generation
number will not be updated for them. However, we would like to check
for stale globals also elsewhere, eg. metadata, and it must work also
in this case.
To avoid failing to update client registry generation, on global
addition which the client would see if it had a registry, send done
message for the new global id instead.
Message footer should be handled before attempting to find the object
the main message is sent to / checking permissions, because it is not
aimed at a specific object. E.g. the registry generation updates should
be handled regardless of whether the main message is valid or not,
because the updates will not be re-sent.
Fixes registry generation updates sometimes going missing.
Some client messages have bare ids (as opposed to proxies/resources),
eg. as in pw_registry_bind/destroy. If the client is processing
messages late, these may refer to an object that was already removed,
and the id may now refers to a differnt objects. I.e. the following
race condition needs to be resolved:
server client
Global 1 (gen. 1)
Global 1
Global 1 remove
Global 1 (gen. 2)
Bind/destroy 1
Where the client would bind/destroy the wrong global, since it did not
yet see the messages for the second one.
To keep track of which object the client means, the server keeps track of
the "generation number" of its global registry, and what generation
the client is at.
Each global remembers at what generation of registry they were
registered. When processing the messages that use bare ids, check the
registry generation of the client, to know whether the message refers to
a stale global that was already removed.
Messages where client sends bare ids to server are:
pw_registry_bind, pw_registry_destroy, metadata_set_property
In pw_registry_* do the staleness check directly. Also add staleness
check in pw_impl_client_check_permissions, so that also the metadata
case is handled.
The generation numbers are passed around in message footers, but only if
they have changed. When the generation number changes on server, we
send the updated value to the client in a message footer. When client
has received an update value, it will send the value back in the footer
of the next message it sends to the server.
Based on: Wim Taymans <wtaymans@redhat.com> "impl-core: check serial number"
Extend version 3 protocol with message footers, which are for passing
around global state data that is not addressed to a specific object.
The extension is backward compatible with previous v3 clients, and won't
e.g. result to error spam in logs.
The footer is a single SPA POD, appended after the main message POD.
Because both the protocol message and the message POD record their
length, it's possible to append trailing data. Earlier clients will
ignore any data trailing the message POD.
The footer POD contains a sequence [Id opcode, Struct {...}]*,
so there is room to extend with new opcodes later as necessary.
There are separate marshal/demarshal routines for messages aimed at
resources and proxies.
Most feature checks already use #ifdef, and do not care about
the value of the macro. Convert all feature checks to do that,
and simplify the meson build scripts by replacing
if cond
cdata.set('X', 1)
endif
with
cdata.set('X', cond)
For now, put a limit on the amount of items we can send and receive
over the native protocol. A more complex way of allocating and freeing
can be implemented later when we really need to raise the limits.
Fixes#2070
At the moment, file descriptors may be leaked
due to a malicious/buggy client:
1. If the control messages have been truncated, some file descriptors
may still have been successfully transferred. Currently, seeing
the MSG_CTRUNC bit causes `refill_buffer()` to immediately return
-EPROTO without doing anything with the control messages, which
may contain file descriptors.
2. When there is no truncation, it is still possible that the current
batch of file descriptors causes the total file descriptor count
to go over the maximum number of fds for the given buffer (currently 1024).
In this case, too, `refill_buffer()` immediately returns -EPROTO
without closing the file descriptors that can not be saved.
Fix both of these cases by closing all file descriptors in all
remaining cmsgs when one of the mentioned conditions occur.
Given that 10-bit colour is now becoming supported on Wayland, PipeWire
should be able to represent all the possible colour formats in order
for screen capture to work.
This commit adds all possible orderings of 10-bit RGB channels and 2
extra bits used for nothing or alpha in little endian to enum
spa_video_format. Note that Wayland only uses little endian for its
10-bit colour formats, and these are not the same as the big endian
formats in reverse order.
This is more complicated than a normal module because we have two
logging topics: mod.protocol-native and conn.protocol-native for wire
messages. Because the latter use spa_debug (through spa_debug_pod) we
need to #define our way around so those too use the right topics.
Note that this removes the previous "connection" category, it is now
"conn.protocol-native" instead.
This test needs an environment set up to load everything correctly,
running it directly results in a segfault. Let's make sure we assert on
a NULL loop to make this look slightly more planned.
spa_strstartswith() is more immediately understandable.
Coccinelle spatch file:
@@
expression E1, E2;
@@
- strstr(E1, E2) != E1
+ !spa_strstartswith(E1, E2)
@@
expression E1, E2;
@@
- strstr(E1, E2) == E1
+ spa_strstartswith(E1, E2)
Applied to the tree except for alsa/acp/compat.h because it looks like
that header is still mostly as-is from PA.
