This commit makes wl_resource_destroy automatically free all non-legacy
resource structures. Since wl_resource is now an opaque structure it
doesn't make sense for the clients to be freeing it. This checks to make
sure that it was added through wl_client_add_object or wl_client_new_object
and not wl_client_add_resource before it frees it. This way if it is a
legacy resources embedded in a structure somewhere we don't have an invalid
free.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
The implementation in this commit allows for one bit worth of flags. If
more flags are desired at a future date, then the wl_map implementation
will have to change but the wl_map API will not.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
The original wl_map implementation did no checking to ensures that ids fell
on the correct side of the WL_SERVER_ID_START line. This meant that a
client could send the server a server ID and it would happily try to use
it. Also, there was no distinction between server-side and client-side in
wl_map_remove. Because wl_map_remove added the entry to the free list
regardless of which side it came from, the following set of actions would
break the map:
1. Client creates a bunch of objects
2. Client deletes one or more of those objects
3. Client does something that causes the server to create an object
Because of the problem in wl_map_remove, the server would take an old
client-side id, apply the WL_SERVER_ID_START offset, and try to use it as a
server-side id regardless of whether or not it was valid.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
Looking at the functionality in the server library, it's clear (in
hindsight) that there are two different "things" in there: 1) The IPC
API, that is, everything that concerns wl_display, wl_client,
wl_resource and 2) and half-hearted attempt at sharing input code and
focus logic that leaves a lot of problematic structs in the API
surface, only to share less than 1000 lines of code.
We can just move those input structs and helper functions into weston
and cut libwayland-server down to just the core server side IPC API.
In the short term, compositors can copy those structs and functions
into their source, but longer term, they're probably better off
reimplementing those objects and logic their native framework
(QObject, GObject etc).
Add a destroy listener so that when the current surface associated with the
pointer is destroyed we can reset the pointer to the current surface. In order
to achieve this add a wl_pointer_set_current() which handles assigning the
surface and creating the listener.
This resolves a use-after-free error triggered with nested popup surfaces
Fixes: https://bugzilla.gnome.org/show_bug.cgi?id=696946
Reorder the error handling in the case that closure is NULL due to ENOMEM to
ensure that we can safely call wl_closure_lookup_objects on the second test.
Prior to this reordering the closure would be deferenced in the ENOMEM case
due to the invocation of the second half of the logical OR check.
This commit adds a wl_resource_init function for initializing wl_resource
structures similar to wl_client_add_object.
From this commit forward, wl_resource structures should not be initialized
manually, but should use wl_resource_init. In the event of a change to the
wl_resource structure, this allows us to protect against regressions by filling
in added fields with reasonable defaults. In this way, while changing
wl_object or wl_resource still constitutes an ABI break, compositors following
this rule will only need to be recompiled in order to properly link against the
new version.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
This commit adds a flags parameter to wl_closure_invoke(). The so far
added flags are ment to specify if the invokation is client side or
server side. When on the server side, closure arguments of type 'new_id'
should be invoked as a integer id while on the client side they should
be invoked as a pointer to a proxy object.
This fixes a bug happening when the address of a client side 'new_id'
proxy object did not fit in a 32 bit integer.
krh: Squashed test suite compile fix from Jason Ekstrand.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
The primary purpose of this patch is to clean up wl_closure and separate
closure storage, libffi, and the wire format. To that end, a number of changes
have been made:
- The maximum number of closure arguments has been changed from a magic number
to a #define WL_CLOSURE_MAX_ARGS
- A wl_argument union has been added for storing a generalized closure
argument and wl_closure has been converted to use wl_argument instead of the
combination of libffi, the wire format, and a dummy extra buffer. As of
now, the "extra" field in wl_closure should be treated as bulk storage and
never direclty referenced outside of wl_connection_demarshal.
- Everything having to do with libffi has been moved into wl_closure_invoke
and the convert_arguments_to_ffi helper function.
- Everything having to do with the wire format has been restricted to
wl_connection_demarshal and the new static serialize_closure function. The
wl_closure_send and wl_closure_queue functions are now light wrappers around
serialize_closure.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
By default the server will dump protocol for both the server and its
clients when run with WAYLAND_DEBUG=1. That's still the case, but it now
also understands WAYLAND_DEBUG=client or WAYLAND_DEBUG=server, which
will only enable debug dumping on either client or server side.
Touch grabs allow the compositor to be placed into a mode where touch events
temporarily bypass their default behavior and perform other operations.
Wayland already supports keyboard and pointer grabs, but was lacking
corresponding touch support. The default touch grab handlers here contain the
client event delivery code that was previously called directly in weston.
Signed-off-by: Matt Roper <matthew.d.roper@intel.com>
On the client side where we queue up multiple events before dispatching, we
need to look up the receiving proxy and argument proxies immediately before
calling the handler. Between queueing up multiple events and eventually
invoking the handler, previous handlers may have destroyed some of the
proxies.
The only way to make the global object listener interface thread safe is to
make it its own interface and make different listeners different wl_proxies.
The core of the problem is the callback we do when a global show up or
disappears, which we can't do with a lock held. On the other hand we can't
iterate the global list or the listener list without a lock held as new
globals or listeners may come and go during the iteration.
Making a copy of the list under the lock and then iterating after dropping
the lock wont work either. In case of the listener list, once we drop the
lock another thread may unregister a listener and destroy the callbackk
data, which means that when we eventually call that listener we'll pass it
free memory and break everything.
We did already solve the thread-safe callback problem, however. It's what
we do for all protocol events. So we can just make the global registry
functionality its own new interface and give each thread its own proxy.
That way, the thread will do its own callbacks (with no locks held) and
destroy the proxy when it's no longer interested in wl_registry events.
The update callback for the file descriptors was always a bit awkward and
un-intuitive. The idea was that whenever the protocol code needed to
write data to the fd it would call the 'update' function. This function
would adjust the mainloop so that it polls for POLLOUT on the fd so we
can eventually flush the data to the socket.
The problem is that in multi-threaded applications, any thread can issue
a request, which writes data to the output buffer and thus triggers the
update callback. Thus, we'll be calling out with the display mutex
held and may call from any thread.
The solution is to eliminate the udpate callback and just require that
the application or server flushes all connection buffers before blocking.
This turns out to be a simpler API, although we now require clients to
deal with EAGAIN and non-blocking writes. It also saves a few syscalls,
since the socket will be writable most of the time and most writes will
complete, so we avoid changing epoll to poll for POLLOUT, then write and
then change it back for each write.
wl_client_add_resource() used to return no error even though the new
resource wasn't added to the client. This currently makes it very easy to
DOS weston by simply posting thousands of "create_surface" requests with
an invalid ID. Weston simply assumes the wl_client_add_resource() request
succeeds but will never destroy the surface again as the "destroy" signal
is never called (because the surface isn't linked into the wl_map).
This change makes wl_client_add_resource() return the new ID of the added
object and 0 on failure. Servers (like weston) can now correctly
immediately destroy the surface when this call fails instead of leaving
the surface around and producing memory-leaks.
Instead of returning -1 on failure and 0 on success, I made it return the
new ID as this seems more appropriate. We can directly use it when calling
it with new_id==0.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
Creation of new client resources was silently ignored when
wl_client_add_resource() was used on server side and new object id was out
of range.
An error is now send out to the client in such case.
Also changed error message in wl_client_add_object, since
wl_map_insert_at() returns -1 only at invalid new id.
This makes wl_seat_set_keyboard similar to wl_seat_set_pointer in that
it's a no-op, if you try to set keyboard to NULL when it already is
NULL, instead of refusing to set it to NULL ever.
Signed-off-by: Pekka Paalanen <ppaalanen@gmail.com>
Attempting to write anything longer into the embedded char
array would create a non-null-terminated string, and all
later reads would run off the end into invalid memory.
This is a hard limitation of AF_LOCAL/AF_UNIX sockets.
Always unlink() the lock file before closing the file
descriptor for it. Otherwise, there is a race like this:
Process A closes fd, releasing the lock
Process B opens the same file, taking the lock
Process A unlinks the lock file
Process C opens the same file, which now no longer exists,
and takes the lock on the newly created lock file
Process B and C both 'own' the same display socket.
unlink()ing while holding the lock is effectively a better
way to release the lock atomically.
When the server send a new object ID, the client used to have to allocate
the proxy manually and without type-safety. We now allocate the proxy
in a client-side post-processing step on the incoming closure.
Provide a slot for keyboard modifier state inside wl_keyboard for
implementations to update, and use this to send wl_keyboard:;modifier
events whenever the keyboard or pointer focus changes.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
This event sends the current keyboard modifier/group state from the
compositor to the client, allowing all clients to have a consistent view
of the keyboard state (e.g. current layout, Caps Lock, et al). It
should be sent after a keyboard enter event, and also immediately after
any key event which changes the modifier state.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
If wl_pointer_set_focus or wl_keyboard_set_focus have been called before
a listener has been established for that seat and client combination,
the focus window will be set but the focus resource will be NULL. This
changes these functions to always attempt to search for the relevant
focus resource, allowing the resource to be set by calling
wl_keyboard_set_focus and wl_pointer_set_focus again when a listener has
been established.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
The core libwayland libraries should not handle logging, only passing
the error messages to subscribed functions.
An application linked to libwayland-server or libwayland-client
will be able to set own functions (one per library) to handle error
messages.
Change in this series: make the wl_log return int, because
of compatibility with printf. It will return the number of bytes logged.
This ends up propagating through and creating a valgrind error like:
==22573== Conditional jump or move depends on uninitialised value(s)
==22573== at 0x409E57: pointer_attach (compositor.c:1999)
==22573== by 0x34ECE05D63: ffi_call_unix64 (unix64.S:75)
==22573== by 0x34ECE05784: ffi_call (ffi64.c:486)
==22573== by 0x5674C45: wl_closure_invoke (connection.c:770)
==22573== by 0x566ECCB: wl_client_connection_data (wayland-server.c:255)
==22573== by 0x56722F1: wl_event_source_fd_dispatch (event-loop.c:79)
==22573== by 0x5672C91: wl_event_loop_dispatch (event-loop.c:410)
==22573== by 0x56705F4: wl_display_run (wayland-server.c:1003)
==22573== by 0x40C775: main (compositor.c:2937)
wl_input_device has been both renamed and split. wl_seat is now a
virtual object representing a group of logically related input devices
with related focus.
It now only generates one event: to let clients know that it has new
capabilities. It takes requests which hand back objects for the
wl_pointer, wl_keyboard and wl_touch interfaces it exposes which all
provide the old input interface, just under different names.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
