2011-03-08 11:32:24 +01:00
|
|
|
/*
|
|
|
|
|
* Copyright © 2008 Kristian Høgsberg
|
|
|
|
|
*
|
2015-06-10 10:54:15 -07:00
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
|
* a copy of this software and associated documentation files (the
|
|
|
|
|
* "Software"), to deal in the Software without restriction, including
|
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
|
* the following conditions:
|
2011-03-08 11:32:24 +01:00
|
|
|
*
|
2015-06-10 10:54:15 -07:00
|
|
|
* The above copyright notice and this permission notice (including the
|
|
|
|
|
* next paragraph) shall be included in all copies or substantial
|
|
|
|
|
* portions of the Software.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
|
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
|
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
|
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
|
|
|
* SOFTWARE.
|
2011-03-08 11:32:24 +01:00
|
|
|
*
|
|
|
|
|
* Authors:
|
|
|
|
|
* Kristian Høgsberg <krh@bitplanet.net>
|
|
|
|
|
* Benjamin Franzke <benjaminfranzke@googlemail.com>
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
2012-05-23 16:09:55 +03:00
|
|
|
#define _GNU_SOURCE
|
|
|
|
|
|
2019-07-22 15:58:49 +02:00
|
|
|
#include "config.h"
|
|
|
|
|
|
2014-10-03 14:39:59 -05:00
|
|
|
#include <stdbool.h>
|
2011-03-08 11:32:24 +01:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2016-07-18 12:42:25 -05:00
|
|
|
#include <stdint.h>
|
2011-03-08 11:32:24 +01:00
|
|
|
#include <string.h>
|
|
|
|
|
#include <sys/mman.h>
|
wayland-shm: Check the size of sealed memory if ignoring SIGBUS handlers
In 11623e8f, SIGBUS handlers aren't set if F_SEAL_SHRINK is configured on
the memory. This helps avoid setting up handlers with cooperative clients;
however, if an application gives an incorrect size, the compositor would
access it anyways, figuring SIGBUS is impossible, and crash.
This can be fixed by simply removing the seal-checking logic and always
setting the signal handler. However, it seems that fstat can give the size
of the memfd, so we can check that the size we were told is within the
region. Since it's sealed to shrinking, it must never be shrunk in future,
so we can really (hopefully) ignore SIGBUS.
I was worried that fstat wasn't supported for this, but shm_overview(7) does
mention that it is a possible use.
The best solution would likely be avoiding SIGBUS entirely with
MAP_NOSIGBUS, but that hasn't been merged yet and wouldn't help systems
without it (e.g. with older kernels).
A proof-of-concept of this crash is attached with the merge request. Running
it with this patch gives an invalid-shm error, which is correct.
Signed-off-by: Duncan McIntosh <duncan82013@live.ca>
2021-10-16 20:28:34 -04:00
|
|
|
#include <sys/stat.h>
|
2011-03-08 11:32:24 +01:00
|
|
|
#include <unistd.h>
|
2013-11-13 15:32:05 +00:00
|
|
|
#include <signal.h>
|
|
|
|
|
#include <pthread.h>
|
2019-04-26 22:40:18 +02:00
|
|
|
#include <errno.h>
|
2019-07-22 15:58:49 +02:00
|
|
|
#include <fcntl.h>
|
2011-03-08 11:32:24 +01:00
|
|
|
|
2021-03-15 22:25:52 +00:00
|
|
|
#include "wayland-os.h"
|
2016-05-20 22:18:36 -06:00
|
|
|
#include "wayland-util.h"
|
2012-10-19 23:06:53 -04:00
|
|
|
#include "wayland-private.h"
|
2011-03-08 11:32:24 +01:00
|
|
|
#include "wayland-server.h"
|
|
|
|
|
|
2013-11-13 15:32:05 +00:00
|
|
|
/* This once_t is used to synchronize installing the SIGBUS handler
|
|
|
|
|
* and creating the TLS key. This will be done in the first call
|
|
|
|
|
* wl_shm_buffer_begin_access which can happen from any thread */
|
|
|
|
|
static pthread_once_t wl_shm_sigbus_once = PTHREAD_ONCE_INIT;
|
|
|
|
|
static pthread_key_t wl_shm_sigbus_data_key;
|
|
|
|
|
static struct sigaction wl_shm_old_sigbus_action;
|
|
|
|
|
|
2012-04-03 12:08:50 -04:00
|
|
|
struct wl_shm_pool {
|
2013-06-01 17:40:54 -05:00
|
|
|
struct wl_resource *resource;
|
2016-02-09 16:03:47 -06:00
|
|
|
int internal_refcount;
|
|
|
|
|
int external_refcount;
|
2012-04-03 12:08:50 -04:00
|
|
|
char *data;
|
2021-03-15 22:25:52 +00:00
|
|
|
ssize_t size;
|
|
|
|
|
ssize_t new_size;
|
2022-01-10 15:10:07 +01:00
|
|
|
#ifndef MREMAP_MAYMOVE
|
2021-03-15 22:25:52 +00:00
|
|
|
/* The following three fields are needed for mremap() emulation. */
|
|
|
|
|
int mmap_fd;
|
|
|
|
|
int mmap_flags;
|
|
|
|
|
int mmap_prot;
|
2022-01-10 15:10:07 +01:00
|
|
|
#endif
|
2019-07-22 15:58:49 +02:00
|
|
|
bool sigbus_is_impossible;
|
2012-04-03 12:08:50 -04:00
|
|
|
};
|
|
|
|
|
|
2021-07-13 15:52:31 +02:00
|
|
|
/** \class wl_shm_buffer
|
|
|
|
|
*
|
|
|
|
|
* \brief A SHM buffer
|
|
|
|
|
*
|
|
|
|
|
* wl_shm_buffer provides a helper for accessing the contents of a wl_buffer
|
|
|
|
|
* resource created via the wl_shm interface.
|
|
|
|
|
*
|
|
|
|
|
* A wl_shm_buffer becomes invalid as soon as its #wl_resource is destroyed.
|
|
|
|
|
*/
|
2011-03-08 11:32:24 +01:00
|
|
|
struct wl_shm_buffer {
|
2013-06-20 20:36:49 -05:00
|
|
|
struct wl_resource *resource;
|
|
|
|
|
int32_t width, height;
|
2011-03-08 11:32:24 +01:00
|
|
|
int32_t stride;
|
2011-08-30 21:26:19 -04:00
|
|
|
uint32_t format;
|
2012-05-22 15:39:40 +03:00
|
|
|
int offset;
|
2012-04-03 12:08:50 -04:00
|
|
|
struct wl_shm_pool *pool;
|
2011-03-08 11:32:24 +01:00
|
|
|
};
|
|
|
|
|
|
2013-11-13 15:32:05 +00:00
|
|
|
struct wl_shm_sigbus_data {
|
|
|
|
|
struct wl_shm_pool *current_pool;
|
|
|
|
|
int access_count;
|
|
|
|
|
int fallback_mapping_used;
|
|
|
|
|
};
|
|
|
|
|
|
2021-03-15 22:25:52 +00:00
|
|
|
static void *
|
|
|
|
|
shm_pool_grow_mapping(struct wl_shm_pool *pool)
|
|
|
|
|
{
|
|
|
|
|
void *data;
|
|
|
|
|
|
|
|
|
|
#ifdef MREMAP_MAYMOVE
|
|
|
|
|
data = mremap(pool->data, pool->size, pool->new_size, MREMAP_MAYMOVE);
|
|
|
|
|
#else
|
|
|
|
|
data = wl_os_mremap_maymove(pool->mmap_fd, pool->data, &pool->size,
|
|
|
|
|
pool->new_size, pool->mmap_prot,
|
|
|
|
|
pool->mmap_flags);
|
2022-09-16 09:53:39 +02:00
|
|
|
if (pool->size != 0 && pool->resource != NULL) {
|
2021-03-15 22:25:52 +00:00
|
|
|
wl_resource_post_error(pool->resource,
|
|
|
|
|
WL_SHM_ERROR_INVALID_FD,
|
|
|
|
|
"leaked old mapping");
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
return data;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-09 16:03:48 -06:00
|
|
|
static void
|
|
|
|
|
shm_pool_finish_resize(struct wl_shm_pool *pool)
|
|
|
|
|
{
|
|
|
|
|
void *data;
|
|
|
|
|
|
|
|
|
|
if (pool->size == pool->new_size)
|
|
|
|
|
return;
|
|
|
|
|
|
2021-03-15 22:25:52 +00:00
|
|
|
data = shm_pool_grow_mapping(pool);
|
2016-02-09 16:03:48 -06:00
|
|
|
if (data == MAP_FAILED) {
|
2022-09-16 09:53:39 +02:00
|
|
|
if (pool->resource != NULL)
|
|
|
|
|
wl_resource_post_error(pool->resource,
|
|
|
|
|
WL_SHM_ERROR_INVALID_FD,
|
|
|
|
|
"failed mremap");
|
2016-02-09 16:03:48 -06:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pool->data = data;
|
|
|
|
|
pool->size = pool->new_size;
|
|
|
|
|
}
|
|
|
|
|
|
2012-04-03 12:08:50 -04:00
|
|
|
static void
|
2016-02-09 16:03:47 -06:00
|
|
|
shm_pool_unref(struct wl_shm_pool *pool, bool external)
|
2012-04-03 12:08:50 -04:00
|
|
|
{
|
2016-02-09 16:03:48 -06:00
|
|
|
if (external) {
|
2016-02-09 16:03:47 -06:00
|
|
|
pool->external_refcount--;
|
2024-06-30 22:36:11 +05:30
|
|
|
if (!(pool->external_refcount >= 0))
|
|
|
|
|
wl_abort("Requested to unref an external reference to "
|
|
|
|
|
"pool but none found\n");
|
2016-02-09 16:03:48 -06:00
|
|
|
if (pool->external_refcount == 0)
|
|
|
|
|
shm_pool_finish_resize(pool);
|
|
|
|
|
} else {
|
2016-02-09 16:03:47 -06:00
|
|
|
pool->internal_refcount--;
|
2024-06-30 22:36:11 +05:30
|
|
|
if (!(pool->internal_refcount >= 0))
|
|
|
|
|
wl_abort("Requested to unref an internal reference to "
|
|
|
|
|
"pool but none found\n");
|
|
|
|
|
|
2016-02-09 16:03:48 -06:00
|
|
|
}
|
2016-02-09 16:03:47 -06:00
|
|
|
|
2021-06-02 16:35:30 +02:00
|
|
|
if (pool->internal_refcount + pool->external_refcount > 0)
|
2012-04-03 12:08:50 -04:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
munmap(pool->data, pool->size);
|
2022-01-10 15:10:07 +01:00
|
|
|
#ifndef MREMAP_MAYMOVE
|
2021-03-15 22:25:52 +00:00
|
|
|
close(pool->mmap_fd);
|
2022-01-10 15:10:07 +01:00
|
|
|
#endif
|
2012-04-03 12:08:50 -04:00
|
|
|
free(pool);
|
|
|
|
|
}
|
|
|
|
|
|
2011-03-08 11:32:24 +01:00
|
|
|
static void
|
2011-08-18 17:53:50 -04:00
|
|
|
destroy_buffer(struct wl_resource *resource)
|
2011-03-08 11:32:24 +01:00
|
|
|
{
|
2013-06-01 17:40:54 -05:00
|
|
|
struct wl_shm_buffer *buffer = wl_resource_get_user_data(resource);
|
2011-03-08 11:32:24 +01:00
|
|
|
|
2021-06-02 16:22:54 +02:00
|
|
|
shm_pool_unref(buffer->pool, false);
|
2011-03-08 11:32:24 +01:00
|
|
|
free(buffer);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2011-08-18 17:53:50 -04:00
|
|
|
shm_buffer_destroy(struct wl_client *client, struct wl_resource *resource)
|
2011-03-08 11:32:24 +01:00
|
|
|
{
|
Switch protocol to using serial numbers for ordering events and requests
The wayland protocol, as X, uses timestamps to match up certain
requests with input events. The problem is that sometimes we need to
send out an event that doesn't have a corresponding timestamped input
event. For example, the pointer focus surface goes away and new
surface needs to receive a pointer enter event. These events are
normally timestamped with the evdev event timestamp, but in this case,
we don't have a evdev timestamp. So we have to go to gettimeofday (or
clock_gettime()) and then we don't know if it's coming from the same
time source etc.
However for all these cases we don't need a real time timestamp, we
just need a serial number that encodes the order of events inside the
server. So we introduce a serial number mechanism that we can use to
order events. We still need real-time timestamps for actual input
device events (motion, buttons, keys, touch), to be able to reason
about double-click speed and movement speed so events that correspond to user input carry both a serial number and a timestamp.
The serial number also give us a mechanism to key together events that
are "logically the same" such as a unicode event and a keycode event,
or a motion event and a relative event from a raw device.
2012-04-11 22:25:51 -04:00
|
|
|
wl_resource_destroy(resource);
|
2011-03-08 11:32:24 +01:00
|
|
|
}
|
|
|
|
|
|
2012-03-22 11:33:35 +02:00
|
|
|
static const struct wl_buffer_interface shm_buffer_interface = {
|
2011-03-08 11:32:24 +01:00
|
|
|
shm_buffer_destroy
|
|
|
|
|
};
|
|
|
|
|
|
2014-10-03 14:39:59 -05:00
|
|
|
static bool
|
2013-08-06 20:05:53 +02:00
|
|
|
format_is_supported(struct wl_client *client, uint32_t format)
|
|
|
|
|
{
|
|
|
|
|
struct wl_display *display = wl_client_get_display(client);
|
|
|
|
|
struct wl_array *formats;
|
|
|
|
|
uint32_t *p;
|
|
|
|
|
|
|
|
|
|
switch (format) {
|
|
|
|
|
case WL_SHM_FORMAT_ARGB8888:
|
|
|
|
|
case WL_SHM_FORMAT_XRGB8888:
|
2014-10-03 14:39:59 -05:00
|
|
|
return true;
|
2013-08-06 20:05:53 +02:00
|
|
|
default:
|
|
|
|
|
formats = wl_display_get_additional_shm_formats(display);
|
|
|
|
|
wl_array_for_each(p, formats)
|
2016-02-04 21:48:21 +01:00
|
|
|
if (*p == format)
|
2014-10-03 14:39:59 -05:00
|
|
|
return true;
|
2013-08-06 20:05:53 +02:00
|
|
|
}
|
|
|
|
|
|
2014-10-03 14:39:59 -05:00
|
|
|
return false;
|
2013-08-06 20:05:53 +02:00
|
|
|
}
|
|
|
|
|
|
2012-04-03 12:08:50 -04:00
|
|
|
static void
|
|
|
|
|
shm_pool_create_buffer(struct wl_client *client, struct wl_resource *resource,
|
|
|
|
|
uint32_t id, int32_t offset,
|
|
|
|
|
int32_t width, int32_t height,
|
|
|
|
|
int32_t stride, uint32_t format)
|
2011-03-08 11:32:24 +01:00
|
|
|
{
|
2013-06-01 17:40:54 -05:00
|
|
|
struct wl_shm_pool *pool = wl_resource_get_user_data(resource);
|
2011-03-08 11:32:24 +01:00
|
|
|
struct wl_shm_buffer *buffer;
|
|
|
|
|
|
2013-08-06 20:05:53 +02:00
|
|
|
if (!format_is_supported(client, format)) {
|
2012-04-03 12:08:50 -04:00
|
|
|
wl_resource_post_error(resource,
|
|
|
|
|
WL_SHM_ERROR_INVALID_FORMAT,
|
2013-08-06 20:05:53 +02:00
|
|
|
"invalid format 0x%x", format);
|
2012-04-03 12:08:50 -04:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (offset < 0 || width <= 0 || height <= 0 || stride < width ||
|
2021-09-16 11:11:05 +02:00
|
|
|
INT32_MAX / stride < height ||
|
2012-04-03 12:08:50 -04:00
|
|
|
offset > pool->size - stride * height) {
|
|
|
|
|
wl_resource_post_error(resource,
|
|
|
|
|
WL_SHM_ERROR_INVALID_STRIDE,
|
|
|
|
|
"invalid width, height or stride (%dx%d, %u)",
|
|
|
|
|
width, height, stride);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-31 22:23:30 +01:00
|
|
|
buffer = zalloc(sizeof *buffer);
|
2012-04-03 12:08:50 -04:00
|
|
|
if (buffer == NULL) {
|
2013-07-02 15:39:03 -04:00
|
|
|
wl_client_post_no_memory(client);
|
2012-04-03 12:08:50 -04:00
|
|
|
return;
|
|
|
|
|
}
|
2011-03-08 11:32:24 +01:00
|
|
|
|
2013-06-20 20:36:49 -05:00
|
|
|
buffer->width = width;
|
|
|
|
|
buffer->height = height;
|
2011-08-30 21:26:19 -04:00
|
|
|
buffer->format = format;
|
2011-03-08 11:32:24 +01:00
|
|
|
buffer->stride = stride;
|
2012-05-22 15:39:40 +03:00
|
|
|
buffer->offset = offset;
|
2012-04-03 12:08:50 -04:00
|
|
|
buffer->pool = pool;
|
2016-02-09 16:03:47 -06:00
|
|
|
pool->internal_refcount++;
|
2011-03-08 11:32:24 +01:00
|
|
|
|
2013-06-27 20:09:20 -05:00
|
|
|
buffer->resource =
|
|
|
|
|
wl_resource_create(client, &wl_buffer_interface, 1, id);
|
2013-07-02 15:39:03 -04:00
|
|
|
if (buffer->resource == NULL) {
|
|
|
|
|
wl_client_post_no_memory(client);
|
2016-02-09 16:03:47 -06:00
|
|
|
shm_pool_unref(pool, false);
|
2013-07-02 15:39:03 -04:00
|
|
|
free(buffer);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-27 20:09:20 -05:00
|
|
|
wl_resource_set_implementation(buffer->resource,
|
|
|
|
|
&shm_buffer_interface,
|
|
|
|
|
buffer, destroy_buffer);
|
2011-03-08 11:32:24 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2012-04-03 12:08:50 -04:00
|
|
|
destroy_pool(struct wl_resource *resource)
|
2011-03-08 11:32:24 +01:00
|
|
|
{
|
2013-06-01 17:40:54 -05:00
|
|
|
struct wl_shm_pool *pool = wl_resource_get_user_data(resource);
|
2011-03-08 11:32:24 +01:00
|
|
|
|
2022-09-16 09:53:39 +02:00
|
|
|
pool->resource = NULL;
|
2016-02-09 16:03:47 -06:00
|
|
|
shm_pool_unref(pool, false);
|
2012-04-03 12:08:50 -04:00
|
|
|
}
|
2011-08-30 21:26:19 -04:00
|
|
|
|
2012-04-03 12:08:50 -04:00
|
|
|
static void
|
|
|
|
|
shm_pool_destroy(struct wl_client *client, struct wl_resource *resource)
|
|
|
|
|
{
|
Switch protocol to using serial numbers for ordering events and requests
The wayland protocol, as X, uses timestamps to match up certain
requests with input events. The problem is that sometimes we need to
send out an event that doesn't have a corresponding timestamped input
event. For example, the pointer focus surface goes away and new
surface needs to receive a pointer enter event. These events are
normally timestamped with the evdev event timestamp, but in this case,
we don't have a evdev timestamp. So we have to go to gettimeofday (or
clock_gettime()) and then we don't know if it's coming from the same
time source etc.
However for all these cases we don't need a real time timestamp, we
just need a serial number that encodes the order of events inside the
server. So we introduce a serial number mechanism that we can use to
order events. We still need real-time timestamps for actual input
device events (motion, buttons, keys, touch), to be able to reason
about double-click speed and movement speed so events that correspond to user input carry both a serial number and a timestamp.
The serial number also give us a mechanism to key together events that
are "logically the same" such as a unicode event and a keycode event,
or a motion event and a relative event from a raw device.
2012-04-11 22:25:51 -04:00
|
|
|
wl_resource_destroy(resource);
|
2012-04-03 12:08:50 -04:00
|
|
|
}
|
|
|
|
|
|
2012-05-22 15:39:40 +03:00
|
|
|
static void
|
|
|
|
|
shm_pool_resize(struct wl_client *client, struct wl_resource *resource,
|
|
|
|
|
int32_t size)
|
|
|
|
|
{
|
2013-06-01 17:40:54 -05:00
|
|
|
struct wl_shm_pool *pool = wl_resource_get_user_data(resource);
|
2012-05-22 15:39:40 +03:00
|
|
|
|
2014-04-07 14:42:20 -07:00
|
|
|
if (size < pool->size) {
|
|
|
|
|
wl_resource_post_error(resource,
|
|
|
|
|
WL_SHM_ERROR_INVALID_FD,
|
|
|
|
|
"shrinking pool invalid");
|
|
|
|
|
return;
|
|
|
|
|
}
|
2012-05-22 15:39:40 +03:00
|
|
|
|
2016-02-09 16:03:48 -06:00
|
|
|
pool->new_size = size;
|
2012-05-22 15:39:40 +03:00
|
|
|
|
2016-02-09 16:03:48 -06:00
|
|
|
/* If the compositor has taken references on this pool it
|
|
|
|
|
* may be caching pointers into it. In that case we
|
|
|
|
|
* defer the resize (which may move the entire mapping)
|
|
|
|
|
* until the compositor finishes dereferencing the pool.
|
|
|
|
|
*/
|
|
|
|
|
if (pool->external_refcount == 0)
|
|
|
|
|
shm_pool_finish_resize(pool);
|
2012-05-22 15:39:40 +03:00
|
|
|
}
|
|
|
|
|
|
2016-08-12 12:04:41 -07:00
|
|
|
static const struct wl_shm_pool_interface shm_pool_interface = {
|
2012-04-03 12:08:50 -04:00
|
|
|
shm_pool_create_buffer,
|
2012-05-22 15:39:40 +03:00
|
|
|
shm_pool_destroy,
|
|
|
|
|
shm_pool_resize
|
2012-04-03 12:08:50 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
shm_create_pool(struct wl_client *client, struct wl_resource *resource,
|
|
|
|
|
uint32_t id, int fd, int32_t size)
|
|
|
|
|
{
|
|
|
|
|
struct wl_shm_pool *pool;
|
wayland-shm: Check the size of sealed memory if ignoring SIGBUS handlers
In 11623e8f, SIGBUS handlers aren't set if F_SEAL_SHRINK is configured on
the memory. This helps avoid setting up handlers with cooperative clients;
however, if an application gives an incorrect size, the compositor would
access it anyways, figuring SIGBUS is impossible, and crash.
This can be fixed by simply removing the seal-checking logic and always
setting the signal handler. However, it seems that fstat can give the size
of the memfd, so we can check that the size we were told is within the
region. Since it's sealed to shrinking, it must never be shrunk in future,
so we can really (hopefully) ignore SIGBUS.
I was worried that fstat wasn't supported for this, but shm_overview(7) does
mention that it is a possible use.
The best solution would likely be avoiding SIGBUS entirely with
MAP_NOSIGBUS, but that hasn't been merged yet and wouldn't help systems
without it (e.g. with older kernels).
A proof-of-concept of this crash is attached with the merge request. Running
it with this patch gives an invalid-shm error, which is correct.
Signed-off-by: Duncan McIntosh <duncan82013@live.ca>
2021-10-16 20:28:34 -04:00
|
|
|
struct stat statbuf;
|
2019-07-22 15:58:49 +02:00
|
|
|
int seals;
|
2021-03-15 22:25:52 +00:00
|
|
|
int prot;
|
|
|
|
|
int flags;
|
2023-11-21 16:57:31 +01:00
|
|
|
uint32_t version;
|
2012-04-03 12:08:50 -04:00
|
|
|
|
|
|
|
|
if (size <= 0) {
|
2011-09-01 09:53:33 -04:00
|
|
|
wl_resource_post_error(resource,
|
|
|
|
|
WL_SHM_ERROR_INVALID_STRIDE,
|
2012-04-03 12:08:50 -04:00
|
|
|
"invalid size (%d)", size);
|
2016-02-18 23:59:29 +01:00
|
|
|
goto err_close;
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-31 22:23:30 +01:00
|
|
|
pool = zalloc(sizeof *pool);
|
2016-02-18 23:59:29 +01:00
|
|
|
if (pool == NULL) {
|
|
|
|
|
wl_client_post_no_memory(client);
|
|
|
|
|
goto err_close;
|
2011-03-08 11:32:24 +01:00
|
|
|
}
|
|
|
|
|
|
2019-07-22 15:58:49 +02:00
|
|
|
#ifdef HAVE_MEMFD_CREATE
|
|
|
|
|
seals = fcntl(fd, F_GET_SEALS);
|
|
|
|
|
if (seals == -1)
|
|
|
|
|
seals = 0;
|
wayland-shm: Check the size of sealed memory if ignoring SIGBUS handlers
In 11623e8f, SIGBUS handlers aren't set if F_SEAL_SHRINK is configured on
the memory. This helps avoid setting up handlers with cooperative clients;
however, if an application gives an incorrect size, the compositor would
access it anyways, figuring SIGBUS is impossible, and crash.
This can be fixed by simply removing the seal-checking logic and always
setting the signal handler. However, it seems that fstat can give the size
of the memfd, so we can check that the size we were told is within the
region. Since it's sealed to shrinking, it must never be shrunk in future,
so we can really (hopefully) ignore SIGBUS.
I was worried that fstat wasn't supported for this, but shm_overview(7) does
mention that it is a possible use.
The best solution would likely be avoiding SIGBUS entirely with
MAP_NOSIGBUS, but that hasn't been merged yet and wouldn't help systems
without it (e.g. with older kernels).
A proof-of-concept of this crash is attached with the merge request. Running
it with this patch gives an invalid-shm error, which is correct.
Signed-off-by: Duncan McIntosh <duncan82013@live.ca>
2021-10-16 20:28:34 -04:00
|
|
|
|
|
|
|
|
if ((seals & F_SEAL_SHRINK) && fstat(fd, &statbuf) >= 0)
|
|
|
|
|
pool->sigbus_is_impossible = statbuf.st_size >= size;
|
|
|
|
|
else
|
|
|
|
|
pool->sigbus_is_impossible = false;
|
2019-07-22 15:58:49 +02:00
|
|
|
#else
|
|
|
|
|
pool->sigbus_is_impossible = false;
|
|
|
|
|
#endif
|
|
|
|
|
|
2016-02-09 16:03:47 -06:00
|
|
|
pool->internal_refcount = 1;
|
|
|
|
|
pool->external_refcount = 0;
|
2012-04-03 12:08:50 -04:00
|
|
|
pool->size = size;
|
2016-02-09 16:03:48 -06:00
|
|
|
pool->new_size = size;
|
2021-03-15 22:25:52 +00:00
|
|
|
prot = PROT_READ | PROT_WRITE;
|
|
|
|
|
flags = MAP_SHARED;
|
|
|
|
|
pool->data = mmap(NULL, size, prot, flags, fd, 0);
|
2012-04-03 12:08:50 -04:00
|
|
|
if (pool->data == MAP_FAILED) {
|
2021-03-15 22:25:52 +00:00
|
|
|
wl_resource_post_error(resource, WL_SHM_ERROR_INVALID_FD,
|
2019-04-26 22:40:18 +02:00
|
|
|
"failed mmap fd %d: %s", fd,
|
|
|
|
|
strerror(errno));
|
2016-02-18 23:59:29 +01:00
|
|
|
goto err_free;
|
2011-03-08 11:32:24 +01:00
|
|
|
}
|
2022-01-10 15:10:07 +01:00
|
|
|
#ifndef MREMAP_MAYMOVE
|
2021-03-15 22:25:52 +00:00
|
|
|
/* We may need to keep the fd, prot and flags to emulate mremap(). */
|
|
|
|
|
pool->mmap_fd = fd;
|
|
|
|
|
pool->mmap_prot = prot;
|
|
|
|
|
pool->mmap_flags = flags;
|
2022-01-10 15:10:07 +01:00
|
|
|
#else
|
|
|
|
|
close(fd);
|
|
|
|
|
#endif
|
2023-11-21 16:57:31 +01:00
|
|
|
|
|
|
|
|
version = wl_resource_get_version(resource);
|
2013-06-27 20:09:20 -05:00
|
|
|
pool->resource =
|
2023-11-21 16:57:31 +01:00
|
|
|
wl_resource_create(client, &wl_shm_pool_interface, version, id);
|
2013-07-02 15:39:03 -04:00
|
|
|
if (!pool->resource) {
|
|
|
|
|
wl_client_post_no_memory(client);
|
|
|
|
|
munmap(pool->data, pool->size);
|
|
|
|
|
free(pool);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2012-04-03 12:08:50 -04:00
|
|
|
|
2013-06-27 20:09:20 -05:00
|
|
|
wl_resource_set_implementation(pool->resource,
|
|
|
|
|
&shm_pool_interface,
|
|
|
|
|
pool, destroy_pool);
|
2012-07-09 11:35:57 +02:00
|
|
|
|
2012-07-09 21:50:39 -04:00
|
|
|
return;
|
|
|
|
|
|
2012-07-09 11:35:57 +02:00
|
|
|
err_free:
|
|
|
|
|
free(pool);
|
2016-02-18 23:59:29 +01:00
|
|
|
err_close:
|
|
|
|
|
close(fd);
|
2011-03-08 11:32:24 +01:00
|
|
|
}
|
|
|
|
|
|
2023-11-21 16:59:20 +01:00
|
|
|
static void
|
|
|
|
|
shm_release(struct wl_client *client, struct wl_resource *resource)
|
|
|
|
|
{
|
|
|
|
|
wl_resource_destroy(resource);
|
|
|
|
|
}
|
|
|
|
|
|
2012-03-22 11:33:35 +02:00
|
|
|
static const struct wl_shm_interface shm_interface = {
|
2023-11-21 16:59:20 +01:00
|
|
|
shm_create_pool,
|
|
|
|
|
shm_release,
|
2011-03-08 11:32:24 +01:00
|
|
|
};
|
|
|
|
|
|
2011-08-19 16:57:48 -04:00
|
|
|
static void
|
|
|
|
|
bind_shm(struct wl_client *client,
|
|
|
|
|
void *data, uint32_t version, uint32_t id)
|
|
|
|
|
{
|
2011-08-30 21:26:19 -04:00
|
|
|
struct wl_resource *resource;
|
2013-08-06 20:05:53 +02:00
|
|
|
struct wl_display *display = wl_client_get_display(client);
|
|
|
|
|
struct wl_array *additional_formats;
|
|
|
|
|
uint32_t *p;
|
2011-08-30 21:26:19 -04:00
|
|
|
|
2023-11-21 16:57:31 +01:00
|
|
|
resource = wl_resource_create(client, &wl_shm_interface, version, id);
|
2013-07-02 15:39:03 -04:00
|
|
|
if (!resource) {
|
|
|
|
|
wl_client_post_no_memory(client);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2013-06-27 20:09:20 -05:00
|
|
|
wl_resource_set_implementation(resource, &shm_interface, data, NULL);
|
2011-08-30 21:26:19 -04:00
|
|
|
|
2012-03-02 17:08:59 +02:00
|
|
|
wl_shm_send_format(resource, WL_SHM_FORMAT_ARGB8888);
|
|
|
|
|
wl_shm_send_format(resource, WL_SHM_FORMAT_XRGB8888);
|
2013-08-06 20:05:53 +02:00
|
|
|
|
|
|
|
|
additional_formats = wl_display_get_additional_shm_formats(display);
|
|
|
|
|
wl_array_for_each(p, additional_formats)
|
|
|
|
|
wl_shm_send_format(resource, *p);
|
2011-08-19 16:57:48 -04:00
|
|
|
}
|
2011-03-08 11:32:24 +01:00
|
|
|
|
2012-03-26 16:33:24 -04:00
|
|
|
WL_EXPORT int
|
|
|
|
|
wl_display_init_shm(struct wl_display *display)
|
2011-03-08 11:32:24 +01:00
|
|
|
{
|
2023-11-21 16:59:20 +01:00
|
|
|
if (!wl_global_create(display, &wl_shm_interface, 2, NULL, bind_shm))
|
2012-03-26 16:33:24 -04:00
|
|
|
return -1;
|
2011-03-08 11:32:24 +01:00
|
|
|
|
2012-03-26 16:33:24 -04:00
|
|
|
return 0;
|
2011-03-08 11:32:24 +01:00
|
|
|
}
|
|
|
|
|
|
2013-06-20 20:36:48 -05:00
|
|
|
WL_EXPORT struct wl_shm_buffer *
|
|
|
|
|
wl_shm_buffer_get(struct wl_resource *resource)
|
|
|
|
|
{
|
2013-06-27 20:09:18 -05:00
|
|
|
if (resource == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2013-06-20 20:36:48 -05:00
|
|
|
if (wl_resource_instance_of(resource, &wl_buffer_interface,
|
|
|
|
|
&shm_buffer_interface))
|
|
|
|
|
return wl_resource_get_user_data(resource);
|
|
|
|
|
else
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2011-03-08 11:32:24 +01:00
|
|
|
WL_EXPORT int32_t
|
2023-07-06 18:18:37 +02:00
|
|
|
wl_shm_buffer_get_stride(const struct wl_shm_buffer *buffer)
|
2011-03-08 11:32:24 +01:00
|
|
|
{
|
|
|
|
|
return buffer->stride;
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-14 12:28:51 +00:00
|
|
|
|
|
|
|
|
/** Get a pointer to the memory for the SHM buffer
|
|
|
|
|
*
|
|
|
|
|
* \param buffer The buffer object
|
|
|
|
|
*
|
|
|
|
|
* Returns a pointer which can be used to read the data contained in
|
|
|
|
|
* the given SHM buffer.
|
|
|
|
|
*
|
2014-09-10 13:46:09 -05:00
|
|
|
* As this buffer is memory-mapped, reading from it may generate
|
2013-11-14 12:28:51 +00:00
|
|
|
* SIGBUS signals. This can happen if the client claims that the
|
|
|
|
|
* buffer is larger than it is or if something truncates the
|
|
|
|
|
* underlying file. To prevent this signal from causing the compositor
|
|
|
|
|
* to crash you should call wl_shm_buffer_begin_access and
|
|
|
|
|
* wl_shm_buffer_end_access around code that reads from the memory.
|
|
|
|
|
*
|
|
|
|
|
* \memberof wl_shm_buffer
|
|
|
|
|
*/
|
2011-03-08 11:32:24 +01:00
|
|
|
WL_EXPORT void *
|
2013-06-20 20:36:48 -05:00
|
|
|
wl_shm_buffer_get_data(struct wl_shm_buffer *buffer)
|
2011-03-08 11:32:24 +01:00
|
|
|
{
|
2016-02-09 16:29:49 -06:00
|
|
|
if (buffer->pool->external_refcount &&
|
|
|
|
|
(buffer->pool->size != buffer->pool->new_size))
|
|
|
|
|
wl_log("Buffer address requested when its parent pool "
|
|
|
|
|
"has an external reference and a deferred resize "
|
|
|
|
|
"pending.\n");
|
2015-11-05 13:57:47 -06:00
|
|
|
return buffer->pool->data + buffer->offset;
|
2011-03-08 11:32:24 +01:00
|
|
|
}
|
2011-08-30 21:26:19 -04:00
|
|
|
|
|
|
|
|
WL_EXPORT uint32_t
|
2023-07-06 18:18:37 +02:00
|
|
|
wl_shm_buffer_get_format(const struct wl_shm_buffer *buffer)
|
2011-08-30 21:26:19 -04:00
|
|
|
{
|
|
|
|
|
return buffer->format;
|
|
|
|
|
}
|
2012-07-20 12:04:42 -04:00
|
|
|
|
2012-07-20 12:30:07 -04:00
|
|
|
WL_EXPORT int32_t
|
2023-07-06 18:18:37 +02:00
|
|
|
wl_shm_buffer_get_width(const struct wl_shm_buffer *buffer)
|
2012-07-20 12:04:42 -04:00
|
|
|
{
|
2013-06-20 20:36:49 -05:00
|
|
|
return buffer->width;
|
2012-07-20 12:04:42 -04:00
|
|
|
}
|
|
|
|
|
|
2012-07-20 12:30:07 -04:00
|
|
|
WL_EXPORT int32_t
|
2023-07-06 18:18:37 +02:00
|
|
|
wl_shm_buffer_get_height(const struct wl_shm_buffer *buffer)
|
2012-07-20 12:04:42 -04:00
|
|
|
{
|
2013-06-20 20:36:49 -05:00
|
|
|
return buffer->height;
|
2012-07-20 12:04:42 -04:00
|
|
|
}
|
2013-11-13 15:32:05 +00:00
|
|
|
|
2015-10-19 20:54:49 -05:00
|
|
|
/** Get a reference to a shm_buffer's shm_pool
|
|
|
|
|
*
|
|
|
|
|
* \param buffer The buffer object
|
|
|
|
|
*
|
|
|
|
|
* Returns a pointer to a buffer's shm_pool and increases the
|
|
|
|
|
* shm_pool refcount.
|
|
|
|
|
*
|
|
|
|
|
* The compositor must remember to call wl_shm_pool_unref when
|
|
|
|
|
* it no longer needs the reference to ensure proper destruction
|
|
|
|
|
* of the pool.
|
|
|
|
|
*
|
|
|
|
|
* \memberof wl_shm_buffer
|
|
|
|
|
* \sa wl_shm_pool_unref
|
|
|
|
|
*/
|
|
|
|
|
WL_EXPORT struct wl_shm_pool *
|
|
|
|
|
wl_shm_buffer_ref_pool(struct wl_shm_buffer *buffer)
|
|
|
|
|
{
|
2024-06-30 22:36:11 +05:30
|
|
|
if (!(buffer->pool->internal_refcount +
|
|
|
|
|
buffer->pool->external_refcount))
|
|
|
|
|
wl_abort("Can't get reference to pool that has been freed\n");
|
2015-10-19 20:54:49 -05:00
|
|
|
|
2016-02-09 16:03:47 -06:00
|
|
|
buffer->pool->external_refcount++;
|
2015-10-19 20:54:49 -05:00
|
|
|
return buffer->pool;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Unreference a shm_pool
|
|
|
|
|
*
|
2015-12-29 09:47:20 +08:00
|
|
|
* \param pool The pool object
|
2015-10-19 20:54:49 -05:00
|
|
|
*
|
|
|
|
|
* Drops a reference to a wl_shm_pool object.
|
|
|
|
|
*
|
|
|
|
|
* This is only necessary if the compositor has explicitly
|
|
|
|
|
* taken a reference with wl_shm_buffer_ref_pool(), otherwise
|
|
|
|
|
* the pool will be automatically destroyed when appropriate.
|
|
|
|
|
*
|
|
|
|
|
* \memberof wl_shm_pool
|
|
|
|
|
* \sa wl_shm_buffer_ref_pool
|
|
|
|
|
*/
|
|
|
|
|
WL_EXPORT void
|
|
|
|
|
wl_shm_pool_unref(struct wl_shm_pool *pool)
|
|
|
|
|
{
|
2016-02-09 16:03:47 -06:00
|
|
|
shm_pool_unref(pool, true);
|
2015-10-19 20:54:49 -05:00
|
|
|
}
|
|
|
|
|
|
2013-11-13 15:32:05 +00:00
|
|
|
static void
|
|
|
|
|
reraise_sigbus(void)
|
|
|
|
|
{
|
|
|
|
|
/* If SIGBUS is raised for some other reason than accessing
|
|
|
|
|
* the pool then we'll uninstall the signal handler so we can
|
|
|
|
|
* reraise it. This would presumably kill the process */
|
|
|
|
|
sigaction(SIGBUS, &wl_shm_old_sigbus_action, NULL);
|
|
|
|
|
raise(SIGBUS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
sigbus_handler(int signum, siginfo_t *info, void *context)
|
|
|
|
|
{
|
|
|
|
|
struct wl_shm_sigbus_data *sigbus_data =
|
|
|
|
|
pthread_getspecific(wl_shm_sigbus_data_key);
|
|
|
|
|
struct wl_shm_pool *pool;
|
|
|
|
|
|
|
|
|
|
if (sigbus_data == NULL) {
|
|
|
|
|
reraise_sigbus();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
pool = sigbus_data->current_pool;
|
|
|
|
|
|
|
|
|
|
/* If the offending address is outside the mapped space for
|
|
|
|
|
* the pool then the error is a real problem so we'll reraise
|
|
|
|
|
* the signal */
|
|
|
|
|
if (pool == NULL ||
|
|
|
|
|
(char *) info->si_addr < pool->data ||
|
|
|
|
|
(char *) info->si_addr >= pool->data + pool->size) {
|
|
|
|
|
reraise_sigbus();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sigbus_data->fallback_mapping_used = 1;
|
|
|
|
|
|
|
|
|
|
/* This should replace the previous mapping */
|
2021-03-19 11:24:05 +00:00
|
|
|
if (mmap(pool->data, pool->size, PROT_READ | PROT_WRITE,
|
|
|
|
|
MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0, 0) == MAP_FAILED) {
|
2013-11-13 15:32:05 +00:00
|
|
|
reraise_sigbus();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
destroy_sigbus_data(void *data)
|
|
|
|
|
{
|
|
|
|
|
struct wl_shm_sigbus_data *sigbus_data = data;
|
|
|
|
|
|
|
|
|
|
free(sigbus_data);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
init_sigbus_data_key(void)
|
|
|
|
|
{
|
|
|
|
|
struct sigaction new_action = {
|
|
|
|
|
.sa_sigaction = sigbus_handler,
|
|
|
|
|
.sa_flags = SA_SIGINFO | SA_NODEFER
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
sigemptyset(&new_action.sa_mask);
|
|
|
|
|
|
|
|
|
|
sigaction(SIGBUS, &new_action, &wl_shm_old_sigbus_action);
|
|
|
|
|
|
|
|
|
|
pthread_key_create(&wl_shm_sigbus_data_key, destroy_sigbus_data);
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-14 12:28:51 +00:00
|
|
|
/** Mark that the given SHM buffer is about to be accessed
|
|
|
|
|
*
|
|
|
|
|
* \param buffer The SHM buffer
|
|
|
|
|
*
|
|
|
|
|
* An SHM buffer is a memory-mapped file given by the client.
|
|
|
|
|
* According to POSIX, reading from a memory-mapped region that
|
|
|
|
|
* extends off the end of the file will cause a SIGBUS signal to be
|
|
|
|
|
* generated. Normally this would cause the compositor to terminate.
|
|
|
|
|
* In order to make the compositor robust against clients that change
|
|
|
|
|
* the size of the underlying file or lie about its size, you should
|
|
|
|
|
* protect access to the buffer by calling this function before
|
|
|
|
|
* reading from the memory and call wl_shm_buffer_end_access
|
|
|
|
|
* afterwards. This will install a signal handler for SIGBUS which
|
|
|
|
|
* will prevent the compositor from crashing.
|
|
|
|
|
*
|
|
|
|
|
* After calling this function the signal handler will remain
|
|
|
|
|
* installed for the lifetime of the compositor process. Note that
|
|
|
|
|
* this function will not work properly if the compositor is also
|
|
|
|
|
* installing its own handler for SIGBUS.
|
|
|
|
|
*
|
|
|
|
|
* If a SIGBUS signal is received for an address within the range of
|
|
|
|
|
* the SHM pool of the given buffer then the client will be sent an
|
|
|
|
|
* error event when wl_shm_buffer_end_access is called. If the signal
|
|
|
|
|
* is for an address outside that range then the signal handler will
|
|
|
|
|
* reraise the signal which would will likely cause the compositor to
|
|
|
|
|
* terminate.
|
|
|
|
|
*
|
|
|
|
|
* It is safe to nest calls to these functions as long as the nested
|
|
|
|
|
* calls are all accessing the same buffer. The number of calls to
|
|
|
|
|
* wl_shm_buffer_end_access must match the number of calls to
|
|
|
|
|
* wl_shm_buffer_begin_access. These functions are thread-safe and it
|
|
|
|
|
* is allowed to simultaneously access different buffers or the same
|
|
|
|
|
* buffer from multiple threads.
|
|
|
|
|
*
|
|
|
|
|
* \memberof wl_shm_buffer
|
|
|
|
|
*/
|
2013-11-13 15:32:05 +00:00
|
|
|
WL_EXPORT void
|
|
|
|
|
wl_shm_buffer_begin_access(struct wl_shm_buffer *buffer)
|
|
|
|
|
{
|
|
|
|
|
struct wl_shm_pool *pool = buffer->pool;
|
|
|
|
|
struct wl_shm_sigbus_data *sigbus_data;
|
|
|
|
|
|
2019-07-22 15:58:49 +02:00
|
|
|
if (pool->sigbus_is_impossible)
|
|
|
|
|
return;
|
|
|
|
|
|
2013-11-13 15:32:05 +00:00
|
|
|
pthread_once(&wl_shm_sigbus_once, init_sigbus_data_key);
|
|
|
|
|
|
|
|
|
|
sigbus_data = pthread_getspecific(wl_shm_sigbus_data_key);
|
|
|
|
|
if (sigbus_data == NULL) {
|
2015-08-26 12:00:06 +08:00
|
|
|
sigbus_data = zalloc(sizeof *sigbus_data);
|
2013-11-13 15:32:05 +00:00
|
|
|
if (sigbus_data == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
pthread_setspecific(wl_shm_sigbus_data_key, sigbus_data);
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-30 22:36:11 +05:30
|
|
|
if (!(sigbus_data->current_pool == NULL ||
|
|
|
|
|
sigbus_data->current_pool == pool))
|
|
|
|
|
wl_abort("Incorrect pool passed for current thread\n");
|
2013-11-13 15:32:05 +00:00
|
|
|
|
|
|
|
|
sigbus_data->current_pool = pool;
|
|
|
|
|
sigbus_data->access_count++;
|
|
|
|
|
}
|
|
|
|
|
|
2013-11-14 12:28:51 +00:00
|
|
|
/** Ends the access to a buffer started by wl_shm_buffer_begin_access
|
|
|
|
|
*
|
|
|
|
|
* \param buffer The SHM buffer
|
|
|
|
|
*
|
|
|
|
|
* This should be called after wl_shm_buffer_begin_access once the
|
|
|
|
|
* buffer is no longer being accessed. If a SIGBUS signal was
|
|
|
|
|
* generated in-between these two calls then the resource for the
|
|
|
|
|
* given buffer will be sent an error.
|
|
|
|
|
*
|
|
|
|
|
* \memberof wl_shm_buffer
|
|
|
|
|
*/
|
2013-11-13 15:32:05 +00:00
|
|
|
WL_EXPORT void
|
|
|
|
|
wl_shm_buffer_end_access(struct wl_shm_buffer *buffer)
|
|
|
|
|
{
|
2019-07-22 15:58:49 +02:00
|
|
|
struct wl_shm_pool *pool = buffer->pool;
|
|
|
|
|
struct wl_shm_sigbus_data *sigbus_data;
|
2013-11-13 15:32:05 +00:00
|
|
|
|
2019-07-22 15:58:49 +02:00
|
|
|
if (pool->sigbus_is_impossible)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
sigbus_data = pthread_getspecific(wl_shm_sigbus_data_key);
|
2024-06-30 22:36:11 +05:30
|
|
|
if (!(sigbus_data && sigbus_data->access_count >= 1))
|
|
|
|
|
wl_abort("sigbus_data is NULL or wl_shm_buffer_begin_access "
|
|
|
|
|
"wasn't called before\n");
|
2013-11-13 15:32:05 +00:00
|
|
|
|
|
|
|
|
if (--sigbus_data->access_count == 0) {
|
|
|
|
|
if (sigbus_data->fallback_mapping_used) {
|
|
|
|
|
wl_resource_post_error(buffer->resource,
|
|
|
|
|
WL_SHM_ERROR_INVALID_FD,
|
|
|
|
|
"error accessing SHM buffer");
|
|
|
|
|
sigbus_data->fallback_mapping_used = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sigbus_data->current_pool = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-11-05 13:57:46 -06:00
|
|
|
|
|
|
|
|
/** \cond */ /* Deprecated functions below. */
|
|
|
|
|
|
|
|
|
|
WL_EXPORT struct wl_shm_buffer *
|
|
|
|
|
wl_shm_buffer_create(struct wl_client *client,
|
|
|
|
|
uint32_t id, int32_t width, int32_t height,
|
|
|
|
|
int32_t stride, uint32_t format)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** \endcond */
|
|
|
|
|
|
|
|
|
|
/* Functions at the end of this file are deprecated. Instead of adding new
|
|
|
|
|
* code here, add it before the comment above that states:
|
|
|
|
|
* Deprecated functions below.
|
|
|
|
|
*/
|
