As well as wl_display_dispatch_queue_pending_single.
The motivation is writing libwayland bindings for a dynamic language
with exceptions/non-local returns. Since it is invalid for a
wl_dispatcher_func_t callback provided to libwayland to not return,
there is no way to prevent dispatching of further events in the case of
an exception in the dynamic language event handler.
Furthermore, since creating/destroying Wayland objects in an event
handler affects the dispatching of subsequent events by libwayland,
it is not possible to collect Wayland events in a queue outside
libwayland and dispatch them one-by-one after
wl_display_dispatch_pending() returns.
Adding libwayland API to dispatch at most one pending event solves this
problem cleanly. The bindings can have libwayland dispatch a single
event, wait for wl_display_dispatch_pending_single() to return, run the
dynamic language event handler (which may longjmp away), and continue
the loop for as long as there are more events to dispatch.
References: https://codeberg.org/ifreund/janet-wayland
Signed-off-by: Isaac Freund <mail@isaacfreund.com>
Calling a function with the wrong type is immediate undefined behavior,
even if the ABI says it should be harmless. UBSAN picks it up
immediately, and any decent control-flow integrity mechanism will as
well.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
When using fixed size connection buffers, if either the client or the
server is sending requests faster than the other end can cope with, the
connection buffers will fill up, eventually killing the connection.
This can be a problem for example with Xwayland mapping a lot of
windows, faster than the Wayland compositor can cope with, or a
high-rate mouse flooding the Wayland client with pointer events.
To avoid the issue, resize the connection buffers dynamically when they
get full.
Both data and fd buffers are resized on demand.
The default max buffer size is controlled via the wl_display interface
while each client's connection buffer size is adjustable for finer
control.
The purpose is to explicitly have larger connection buffers for specific
clients such as Xwayland, or set a larger buffer size for the client
with pointer focus to deal with a higher input events rate.
v0: Manuel:
Dynamically resize connection buffers - Both data and fd buffers are
resized on demand.
v1: Olivier
1. Add support for unbounded buffers on the client side and growable
(yet limited) connection buffers on the server side.
2. Add the API to set the default maximum size and a limit for a given
client.
3. Add tests for growable connection buffers and adjustable limits.
v2: Additional fixes by John:
1. Fix the size calculation in ring_buffer_check_space()
2. Fix wl_connection_read() to return gracefully once it has read up to
the max buffer size, rather than returning an error.
3. If wl_connection_flush() fails with EAGAIN but the transmit
ring-buffer has space remaining (or can be expanded),
wl_connection_queue() should store the message rather than
returning an error.
4. When the receive ring-buffer is at capacity but more data is
available to be read, wl_connection_read() should attempt to
expand the ring-buffer in order to read the remaining data.
v3: Thomas Lukaszewicz <tluk@chromium.org>
Add a test for unbounded buffers
v4: Add a client API as well to force bounded buffers (unbounded
by default (Olivier)
v5: Simplify ring_buffer_ensure_space() (Sebastian)
Co-authored-by: Olivier Fourdan <ofourdan@redhat.com>
Co-authored-by: John Lindgren <john@jlindgren.net>
Co-authored-by: Sebastian Wick <sebastian@sebastianwick.net>
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Signed-off-by: John Lindgren <john@jlindgren.net>
Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/237
Ensure dynamically created and destroyed globals which are filtered
don't trigger any global/global_remove event.
Signed-off-by: Simon Ser <contact@emersion.fr>
Currently libwayland assumes GNU extensions will be available, but
doesn't define the C standard to use. Instead, let's unconditionally
enable POSIX extensions, and enable GNU extensions on a case-by-case
basis as needed.
Signed-off-by: Simon Ser <contact@emersion.fr>
Calling wl_display_terminate() will exit the wl_display event loop
at the start of the next loop iteration. This works fine when
wl_display_terminate() is called after the event loop wakes up
from polling on the added event sources. If, however, it is
called before polling starts, the event loop will not exit until
one or more event sources trigger. Depending on the types of event
sources, they may never trigger (or may not trigger for a long time),
so the event loop may never exit.
Add an extra event source to the wl_display event loop that will trigger
whenever wl_display_terminate() is called, so that the event loop will
always exit.
Fixes#201
Signed-off-by: Damian Hobson-Garcia <dhobsong@igel.co.jp>
While the default Unix socket buffer size on Linux is relatively
small, on some computers the default size may be configured to
be huge, making the overflow test never actually overflow the
Wayland display socket.
The changed code now explicitly sets the display socket send buffer
size to be small enough to guarantee an overflow.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
This change ensures that the compositor process is not able to respond
to any of the noop requests sent by the client process, by using the
test compositor's `stop_display` mechanism to coordinate when the
compositor should stop processing messages.
(Before this change, it was possible that one of the calls of
wl_event_loop_dispatch in the compositor process could respond to all
the client's noop requests before returning.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
At higher warning levels, GCC complains about unused variables.
Remove two completely unused, and one set-but-not-used, variables from
display-test to make it happy.
Signed-off-by: Daniel Stone <daniels@collabora.com>
This test makes sure that after wl_global_remove:
* The global_remove event is sent to existing clients
* Binding to the removed global still works
* A new client will not see the removed global advertised
Signed-off-by: Simon Ser <contact@emersion.fr>
The new display test runs a client that makes a very large number of
trivial requests. After responding to initial setup requests, the server
is paused, letting the trivial requests fill up the Unix socket buffer,
making further writes to the socket fail. The test then checks that the
client sets an appropriate error code, and does not abort or crash.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Rather than have two versions of the macro with slightly different
interfaces, just use wl_container_of internally.
This also removes use of statement expressions, a GNU C extension.
Signed-off-by: Michael Forney <mforney@mforney.org>
Many languages such as C++ or Rust have an unwinding error-reporting
mechanism. Code in these languages can (and must!) wrap request handling
callbacks in unwind guards to avoid undefined behaviour.
As a consequence such code will detect internal server errors, but have
no way to communicate such failures to the client.
This adds a WL_DISPLAY_ERROR_IMPLEMENTATION error to wl_display so that
such code can notify (and disconnect) clients which hit internal bugs.
While servers can currently abuse other wl_display errors for the same
effect, adding an explicit error code allows clients to tell the
difference between errors which are their fault and errors which are the
server's fault. This is particularly interesting for automated bug
reporting.
v2: Rename error from "internal" to "implementation", in sympathy with
X11's BadImplementation error.
Add more justification in the commit message.
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Until recently, if an event attempting to deliver an fd to a zombie
object was demarshalled after the object was made into a zombie, we
leaked the fd and left it in the buffer.
If another event attempting to deliver an fd to a live object was in that
same buffer, the zombie's fd would be delivered instead.
This test recreates that situation.
While this is a ridiculously contrived way to force this race - delivering
an event from a destruction handler - I do have reports of this race
being hit in real world code.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Acked-by: Daniel Stone <daniels@collabora.com>
Until recently, if a client destroying a resource raced with the
server generating an event on that resource that delivered a file
descriptor, we would leak the fd.
This tests for a leaked fd from that race condition.
Reviewed-by: Daniel Stone <daniels@collabora.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Some headers and source files have been using types such as uint32_t
without explicitly including stdint.h.
Explicitly include stdint.h where appropriate.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
we split a function while refactoring in c643781 and now
the comment makes no sense
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
test if receiving an error on already destroyed object won't
do any harm
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Tested-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Add a test that confirms that proxy versions are always 0 for display
and correct otherwise.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
If a client is terminated due to some reason, it should always be
possible to retrieve protocol error associated with the termination.
Test that, while either using the dispatch helpers
(wl_display_dispatch(_queue)() or the prepare read API, it should be
possible to retrieve the error after EPIPE.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Change the API to pass an "void *" argument to the client main
function, allowing the caller to call the same main function with
different input.
A helper (client_create_noarg) is added for when no argument is passed,
and the existing test cases are changed to use this function instead.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Sanity tests for leak checks in clients of test compositor
and also check if the test-compositor itself is not leaking
anything.
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
We didn't free the struct client that we got from client_connect()
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
When a thread is sleeping, waiting until another thread read
from the display, it always returns 0. Even when an error
occured. In documentation stands:
"return 0 on success or -1 on error. In case of error errno will
be set accordingly"
So this is a fix for this.
Along with the read_events, fix a test so that it now complies
with this behaviour (and we have this tested)
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
The former one was already used in tests, but was private.
These functions can be shared across the tests, so make them
public.
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
When wl_connection_read() in wl_display_read_events() returns with EAGAIN,
we want the sleeping threads to be woken up. Test it!
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
man usleep says that bahaviour of using usleep with SIGALRM signal
is unspecified. So create our own usleep that calls nanosleep instead.
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
This function is used in one test only, but its functionality can be
used in another tests to (create thread and wait until it is sleeping).
We just need to pass the starting function for the thread as an argument.
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
This test shows that it's possible to successfully call wl_display_prepare_read
and wl_display_read_events after an error occurred. That may lead to
deadlock.
When you call prepare read from two threads and then call read_events,
one thread gets sleeping. The call from the other thread will return -1 and invokes
display_fatal_error, but since
we have display->last_error already set, the broadcast is not called and
the sleeping thread sleeps indefinitely.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
wl_display_read_events() can make a thread wait until some other thread
ends reading. Normally it wakes up all threads after the reading is
done. But there's a place when it does not get to waking up the threads
- when an error occurs. This test reveals bug that can block programs.
If a thread is waiting in wl_display_read_events() and another thread
calls wl_display_read_events and the reading fails,
then the sleeping thread is not woken up. This is because
display_handle_error is using old pthread_cond instead of new
display->reader_cond, that was added along with wl_display_read_events().
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
With the work to add wl_resource accessors and port weston to use them,
we're ready to make wl_resource and wl_object opaque structs. We keep
wl_buffer in the header for EGL stacks to use, but don't expose it by
default. In time we'll remove it completely, but for now it provides a
transition paths for code that still uses wl_buffer.
Reviewed-by: Jason Ekstrand<jason@jlekstrand.net>
