Remove superfluous 'local' from 'buffer local'.
In addition, simplify the phrasing of local x/y coordinates in parameter
summaries.
See https://lists.freedesktop.org/archives/wayland-devel/2016-April/028249.html.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Without this commit, wl_display_roundtrip_queue() is vulnerable to a
race condition, causing the callback to be dispatched on the wrong
queue.
The race condition happens if some non-main thread calls
wl_display_roundtrip_queue() with its thread local queue, and the main
thread reads and dispatches the callback event from the
wl_display_sync() call before the thread local queue is set.
The issue is fixed by using a proxy wrapper, making the initialization
of the callback proxy atomic, effectively making it no longer possible
for some other thread to dispatch the proxy before the correct thread
local queue is set.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
[Pekka: check display_wrapper]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Test that doing wl_display.sync on a wrapped proxy with a special queue
works as expected.
Test that creating a wrapper on a destroyed but not freed proxy fails.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Using the libwayland-client client API with multiple threads with
thread local queues are prone to race conditions.
The problem is that one thread can read and queue events after another
thread creates a proxy but before it sets the queue.
This may result in the event to the proxy being silently dropped, or
potentially dispatched on the wrong thread had the creating thread set
the implementation before setting the queue.
This patch introduces API to solve this case by introducing "proxy
wrappers". In short, a proxy wrapper is a wl_proxy struct that will
never itself proxy any events, but may be used by the client to set a
queue, and use it instead of the original proxy when sending requests
that creates new proxies. When sending requests, the wrapper will
work in the same way as the normal proxy object, but the proxy created
by sending a request (for example wl_display.sync) will inherit to the
same proxy queue as the wrapper.
https://bugs.freedesktop.org/show_bug.cgi?id=91273
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
proxy_destroy() is just the implementation of the atomic part of
wl_proxy_destroy(), so lets make it static.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
the code is something like:
if (object == NULL && ...) {
object = NULL;
return;
}
first, the object is already NULL, second, the assignment has no effect
since we return from the function right away
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Fix grammar, spelling, tense, and other inconsistencies, based on
correctness, consistency, and precedence both here and influenced
by wayland-protocols.
- Standardize lower case for summary attribute values.
- Minor vertical whitespace removal consistency.
- Standarize references to coordinates, preferring 'surface local'
- Fix spelling, grammar, tense, and punctuation.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Analogous to last two commits.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Analogous to previous commit but for the server(-core) header.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Adding extern "C" wrapper before includes (especially system ones) is
illadvised as the headers themselves can behave diffently in that case.
See the section "Including C Headers in C++ Code" in the following
http://www.oracle.com/technetwork/articles/servers-storage-dev/mixingcandcpluspluscode-305840.html
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Adds one space to the @param lines in generated .h files,
aligning the indentation with the rest of the comment block.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Although autogen.sh has a --disable-dtd-validation option, it is
on by default, so it seems convenient to add the generated symlink
to .gitignore.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
If wl_shm_buffer_get_data() is called on a shm pool that has an external
reference and a pending resize, then the buffer may be outside the pool's
current mapping.
Log a warning if this happens.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
If a compositor is rendering in one thread while dispatching wayland
events in another, a wl_shm_pool_resize() could change the memory
mappings it's rendering from and cause a crash.
Now we defer wl_shm_pool_resize() if the compositor has references on a
pool, and perform the actual resize when it drops those references.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
This is a preliminary step towards deferring shm resize operations until
after the compositor has released all external references on a pool.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
If the client passed a size <= 0 to shm_create_pool, it would
go to err_free, which wouldn't close the fd, and thus leave it opened.
We can also move the size check before the struct wl_shm_pool
malloc, so in case the client passes a wrong size, it won't
do an unnecessary malloc and then free.
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
And insert "client" or "server" into the PROJECT_NAME to know which one we
have.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
This switches the scanner to generate doxygen-compatible tags for the
generated protocol headers, and hooks up the doxygen build to generate server
and client-side API documentation. That documentation is now in
Client/ and Server/, respectively.
GENERATE_HTML is on by default and must be disabled for the xml/man targets to
avoid messing up the new documentation. We disable all three three targets in
the doxyfile (xml and man default to NO anyway) to make it obvious that they
need to be set in the per-target instructions.
Each protocol is a separate doxygen @page, with each interface a @subpage.
Wayland only has one protocol, wayland-protocols will have these nested.
Each protocol page has a list of interfaces and the copyright and description
where available.
All interfaces are grouped by doxygen @defgroup and @ingroups and appear in
"Modules" in the generated output. Each interface subpage has the description
and a link to the actual API doc.
Function, struct and #defines are documented in doxygen style and associated
with the matching interface.
Note that pages and groups have fixed HTML file names and are directly
linkable/bookmark-able.
The @mainpage is a separate file that's included at build time. It doesn't
contain much other than links to where the interesting bits are. It's a static
file though that supports markdown, so we can extend it easily in the future.
For doxygen we need the new options EXTRACT_ALL and OPTIMIZE_OUTPUT_FOR_C so
it scans C code properly. EXTRACT_STATIC is needed since most of the protocol
hooks are static.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Before this patch:
$ scanelf -lpqe ./wayland-scanner
RWX --- --- ./wayland-scanner
That indicates the stack is executable, which is a bad thing for
security. Wayland-scanner does not actually need an executable stack, it
is just an oversight from using an .S file in the sources.
Add a special incantation in dtddata.S to make it not cause the stack to
become executable.
Reported-by: Mart Raudsepp <leio@gentoo.org>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Tested-by: Mart Raudsepp <leio@gentoo.org>
When configured with --disable-dtd-validation:
CPPAS src/dtddata.o
src/dtddata.S: Assembler messages:
src/dtddata.S:39: Error: file not found: src/wayland.dtd.embed
Makefile:1520: recipe for target 'src/dtddata.o' failed
This is because the variable name used does not match the implicit
variable name in autoconf.
Fix the variable name, making both --disable-dtd-validation and
--enable-dtd-validation to what they should.
Do not try to build dtddata.S if dtd-validation is disabled. It depends
on wayland.dtd.embed which is created by configure only if
dtd-validation is enabled.
If not building dtddata.S, also make sure the extern definitions in
scanner.c are compiled out.
Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=575212
Reported-by: leio@gentoo.org
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Tested-by: Bryce Harrington <bryce@osg.samsung.com>
test if receiving an error on already destroyed object won't
do any harm
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Tested-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
If an error is received on a destroyed object, we'd get NULL passed
to display_handle_error() instead of a pointer to a valid wl_proxy.
The logging is changed to report [unknown interface] and [unknown id]
instead of the actual interface name and id.
The wl_display_get_protocol_error() documentation is updated to handle
the situation. For when the proxy was NULL, the object id 0 and
interface NULL is written.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
[Pekka: changed the error message wording]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Acked-by: Jonas Ådahl <jadahl@gmail.com>
This reverts commit 88ff135ad4.
The parent interface version may be higher than this interface version,
and the child object should inherit that version.
This check is wrong.
This reverts commit 8125919b0d.
This makes things far more annoying than intended, especially since
the list of default warnings isn't consistent from distro to distro.
New --enable-fatal-warnings ./configure option that just adds -Werror
to GCC_CFLAGS
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
We shouldn't ever create a resource with version less than 1 or
greater than the interface version.
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
We're creating resources with versions up to 4. wl_display isn't version 4,
so this is technically verifying that we can do something we shouldn't.
wl_seat already has versions this high, so switch to that.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
When we are adding padding bytes making our wl_buffer buffer content 4
byte aligned, we are just moving the pointer. Since the buffer is
allocated using plain malloc(), this means our padding bytes are
effectively uninitialized data, which could be anything previously
allocated in the server process. As we'll be sharing this buffer
content with arbitrary clients, we are effectively sharing private
memory with every client, and even though a well behaving client will
discard any such memory, a malicious client may not.
Therefor, to avoid any potential missuse of the uninitialized padding
memory shared between the server and client, initialize the buffer
content to 0, making the padding bytes always 0.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Some copyright strings could result in broken generated header files with
unmatched */
This change:
Runs the loop long enough so the copyright[i] == 0 test can actually
happen. (if there was no \n no copyright text was printed, */ still was)
Prints the opening /* even if there was whitespace at the start of
the very first line.
Only emits a */ if a /* was printed.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Jon A. Cruz <jonc@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Don't just print prefix the errors with "protocol", but the actual file
name, if wayland-scanner was passed with the filename of the protocol
file. If wayland-scanner is reading from stdin, errors will be prefixed
with "<stdin>" instead of "protocol".
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: David Fort <contact@hardening-consulting.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
0 is not a valid version number for registry bind requests, so
let's check for it in registry_bind.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Add a note to the wl_data_device_manager global interface about the
different requirements for operating the objects created from the bound
global.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Carlos Garnacho <carlosg@gnome.org>
This adds an API to get the file descriptor for a client.
The client file descriptor can be used for a wayland compositor to validate
a request from a client if there are any additional information provided from
the client's file descriptor.
For instance, this will be helpful in some linux distributions, in which SELinux
or SMACK is enabled. In those environments, each file (including socket) will have
each security contexts in its inode as xattr member variable. A wayland compositor
can validate a client request by getting the file descriptor of the client and
by checking the security contexts associated with the file descriptor.
Signed-off-by: Sung-Jin Park <input.hacker@gmail.com>
