SPA_MEMBER is misleading, all we're doing here is pointer+offset and a
type-casting the result. Rename to SPA_PTROFF which is more expressive (and
has the same number of characters so we don't need to re-indent).
Allows monitors (eg. bluez5) free any sm_objects they hold in
session_destroy. In session_shutdown, destroy such objects before the
event, and free them only afterward.
Fixes double-free in bluez monitor.
To resolve monitor and policy core global ids racing with each other,
use separate registry event handlers for both cores. Each handles only
their own objects, determined by where the object handle was created.
Postpone handling of policy core new global events after monitor sync,
which orders them after the corresponding monitor proxy and registry
events. Monitor core is then more up-to-date, so we resolve id clashes
in favor of monitor globals, which avoids duplicate objects.
Fix use-after-free by tracking whether a monitor holds references to
sm_object. Keep also objects pending for id in a list, so that they can
be cleaned up on session_shutdown (monitors may leak objects at
shutdown, because spa objectinfo events won't be handled then).
Caveats:
Zombie objects may still created if policy core is late by several
events, but in those cases the corresponding remove events are already
in the queue.
Also, there's a (theoretical) possibility that pw_registry_bind will
bind the wrong object, if the registry event is handled too late and an
id is reused by the server.
For details, see reverted 77e4fdb1e4
for which this is a another approach.
Every time a new operation is started, schedule a rescan. This
ensures that there are no more pending actions before the policy
module scans the nodes.
This has the effect that all devices and nodes are up to data and
ready to be used by policy-node.
Fixes#789
The prefix was used to filter the properties when loading and
saving but since the conversion to the core provided functions, this
feature is not longer available.
It's not exactly a problem, we could implement the filtering ourselves
afterwards but there is little point because we just ignore the unknown
items and never write invalid items.
When duplicate objects are created, the new object has missed its
registry_global event, and is missing its proxy.
In this case, bind a proxy for the new object.
sm_object may be owned by either (i) monitors, created via
sm_media_session_create/export*, or (ii) registry, via
registry_global+bind_object. However, registry adds the objects to its
globals list when their proxy appears, even if it does not own them.
Only owner should call sm_object_destroy which unrefs obj->handle,
because the sm_object structure is stored inside the handle's user_data
and becomes invalid afterward.
The sm_object_destroy call removes the object from the registry globals
map, so if monitor calls first, there is no problem. However, sometimes
the registry wins the race.
Previously, registry did sm_object_destroy regardless of whether it owns
the object or not, possibly causing the monitor's sm_object_destroy to
refer to freed memory. This could cause segfaults, e.g.
CARD=XX:XX:XX:XX:XX:XX
bluetootctl connect $CARD
while true; do pactl set-card-profile bluez_card.$CARD a2dp-sink; pactl set-card-profile bluez_card.$CARD off; done
leads to a race between bluez5_remove_node and registry_global_remove,
and problems appear when the latter wins. (As usual, if it doesn't
segfault, a heisenbug appears instead.)
Fix this by keeping track who owns the objects, and having registry
destroy the objects only if it owns them. Otherwise, it just removes
them from its lists.
Also call pw_proxy_unref unconditionally in sm_object_destroy, so its
asserts catch refcounting errors (although now there shouldn't be any).
***
Another problem is conflict between bound_proxy and register_global,
which generates duplicate objects with the same id. We resolve this by
keeping the object not owned by the registry and discarding the other
one.
This fixes a memory leak, and possible consistency problems in session
modules (due to session_create events for different objects with same
id; now there will be paired session_remove ones in between).
Replace unwanted chars in the name with _. This makes it compatible
with pulseaudio names and avoids problems with regex.
Replace unwanred chars in the nick with ' '. This ensures JACK
clients don't receive ':' in the device names, which cause it to
fail when parsing the ports.
See #714 and #130
Make methods to load_config and load/save state. For now the config
and state directories are the same but it might not be. Implement
the search path for all config/state files as:
$XDG_CONFIG_HOME/[$prefix]/$name
$HOME/.config/[$prefix]/$name
$PIPEWIRE_CONFIG_DIR/pipewire/[$prefix]/$name
/etc/pipewire/[$prefix]/$name
Make some config files for jack and RT clients. Make pw-cat use the
client-rt config.
Use core state and config management in media-session.
Move all session manager state and config files to the build dir and
set the PIPEWIRE_CONFIG_DIR to this build dir.
Move the daemon config file loading to a new conf.c file used by
the context to load the configuration. This replaces the module
profiles and some hacks to move properties around.
If there is nothing other specified with $PIPEWIRE_CONFIG_NAME or
a property, the client.conf file is loaded as a fallback.
Update the session manager config file to load the modules via the
config now. Rename the session modules section to another name.
Update pipewire-pulse to also load a specific pulse property file.
This then makes it pssible to assign specific RT priorities for the
pipewire-pulse process.
The motivation is to have both existing and new streams that have been
created without explicit target node, to be directed to the same devices
at all times. To achieve this:
Consider what find_node returns as the "default node".
Consider streams that auto+reconnect and don't have an explicit target,
as following default. In rescan, if the default node has changed,
relink such streams to the new default.
Remove the old code that explicitly moved streams when the default.*
metadata changed, as it implements a similar thing but in a less robust
way (may fail to do what's intended, because the default device
metadata is commonly unset, or the metadata callback comes before
session_create has seen the new nodes).
Enable this feature based on "policy-node.streams-follow-default"
property. Allow setting the property also by loading the
streams-follow-default module. Enable it by default only for the
with-pulseaudio module group.
Remove -e and -d options
Manage modules in media-session.conf
Add alsa-monitor.conf that can match node/device properties with
a regex and update properties on it. All previous configuration and
more cane be done with this.
Save settings as jason and use a small json compatible tokenizer to
load settings instead of our own less flexible format.
Save settings with a prefix and filter out entries without prefix
Listen for changes in restore.stream metadata and update properties.
Don't start the pulse-bridge automatically because we don't
know what socket to listen on.
Also, listen by default on a safe socket, not used by pulseaudio.
Remove the hooks we installed on objects in the destroy/free event
or before calling _destroy. This is not really needed but it is
a nice thing to do because it calls the hook removed callbacks.
A rescan can trigger a new rescan and with a blocking rountrip this
can recursively never end. Catch a rescan while rescanning and queue
it for when we end the current scan.
Fixes#364
