wayland-scanner without arguments prints out usage. With help or --help it
waits for stdin to supply something which isn't quite as informative as
printing out the help.
This patch also moves the strcmp for args up to have all of them in one
location.
We we're using wl_event_loop_add_idle() here, but if we're failing
because of OOM, that will typically also fail. Instead, use the
existing client->error flag, which will break out of the event
handling loop and shut down the client.
Functions like wl_argument_from_va_list expect from get_next_argument,
to initialize details->type but when the signature is empty or contains
only version (like in desktop-shell-protocol.c in weston) it is left
uninitialized.
This patch fixes it, by initializing details->type with '\0' value,
signaling end of arguments.
Signed-off-by: Mariusz Ceier <mceier+wayland@gmail.com>
We can't do that there, we have to make sure it stays a valid fd until
the application calls wl_display_disconnect(). Otherwise the application
may end up poll()ing on a stale or wrong fd in case another part of the
application (or another thread) triggered a fatal error.
Getting no data from the socket is not an error condition. This may
happen in case of calling prepare_read() and then read_events() with
no other pending readers and no data in the socket. In general,
read_events() may not queue up events in the given event queue. From
a given threads point of view it doesn't matter whether events were
read and put in a different event queue or no events were read at all.
If EOF is encountered while reading from the Wayland socket, make
wl_display_read_events() return -1 so that it will be treated as an
error. The documentation for this function states that it will set
errno when there is an error so it additionally makes up an errno of
EPIPE.
If we don't do this then when the compositor quits the Wayland socket
will be become ready for reading but wl_display_dispatch will do
nothing which typically makes the application take up 100% CPU. In
particular eglSwapBuffers will likely get stuck in an infinite busy
loop because it repeatedly calls wl_display_dispatch_queue while it
waits for the frame callback.
https://bugzilla.gnome.org/show_bug.cgi?id=703892
This patch introduces wl_global_create() and wl_global_destroy() as
replacements for wl_display_add_global() and wl_display_remove_global().
The add/remove_global API did not allow a compositor to indicate
the implemented version of a global, it just took the version from
the interface meta data. The problem is that the meta data
(which lives in libwayland-server.so) can get out of sync with a
compositor implementation. The compositor will then advertise a
higher version of a global than what it actually implements.
The new API lets a compositor pass in a version when it registers
a global, which solves the problem. The add/remove API is deprecated
with this patch and will be removed.
The wl_client_add/new_object() functions sends out an NO_MEMORY error if
the allocation fails. This was convenient in a couple of places where
that was all the error handling that was needed. Unfortunately that
looks like out-of-memory isn't handled at the call site and set a bad
precedent for not cleaning up properly or not handling at all.
As we're introducing wl_resource_create() as a replacement for those two
functions, let's remove the automatic error event posting and require
the caller to do that if necessary.
This commit also introduces a new helper, wl_client_post_no_memory() to
make it possible to send NO_MEMORY events from bind where we don't have
a wl_resource.
This commit provides a layer of protection for the compositor in the form
of message version checking. We track version information in the
wl_resource and now use this version information to verify that a request
exists in that protocol version before invoking it. This way libwayland
won't accidentally invoke a request that does not exist and thereby cause
the compositor to crash.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
A new function, wl_resource_create(), lets the compositor create a
wl_resource for a given version of the interface. Passing 0 for the
object ID will allocate a new ID. The implementation, user data and
destructor can be set with wl_resource_set_implementation().
These two functions deprecates wl_client_add/new_object and the
main difference and motivation is the ability to provide a version number
for the resource. This lets the compositor track which version of the
interface a client has created and we'll use that to verify incoming requests.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
This commit adds version information to wl_message signatures and a
wl_message_get_since function to retrieve. The since version comes in the
form of a (possible) integer at the begining of the message. If the
message starts with an integer, then it specifies the "since" version of
that message. Messages present in version one do not get this "since"
information. In this way we can run-time detect the version information
for a structure on a per-message basis.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
With the work to add wl_resource accessors and port weston to use them,
we're ready to make wl_resource and wl_object opaque structs. We keep
wl_buffer in the header for EGL stacks to use, but don't expose it by
default. In time we'll remove it completely, but for now it provides a
transition paths for code that still uses wl_buffer.
Reviewed-by: Jason Ekstrand<jason@jlekstrand.net>
This commit does not break ABI. It merely changes the types of some things
and adds a wl_shm_buffer_get function.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
This commit makes wl_resource_destroy automatically free all non-legacy
resource structures. Since wl_resource is now an opaque structure it
doesn't make sense for the clients to be freeing it. This checks to make
sure that it was added through wl_client_add_object or wl_client_new_object
and not wl_client_add_resource before it frees it. This way if it is a
legacy resources embedded in a structure somewhere we don't have an invalid
free.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
The current thread model assumes that the application or toolkit will have
one thread that either polls the display fd and dispatches events or just
dispatches in a loop. Only this main thread will read from the fd while
all other threads will block on a pthread condition and expect the main
thread to deliver events to them.
This turns out to be too restrictive. We can't assume that there
always will be a thread like that. Qt QML threaded rendering will
block the main thread on a condition that's signaled by a rendering
thread after it finishes rendering. This leads to a deadlock when the
rendering threads blocks in eglSwapBuffers(), and the main thread is
waiting on the condition. Another problematic use case is with games
that has a rendering thread for a splash screen while the main thread
is busy loading game data or compiling shaders. The main thread isn't
responsive and ends up blocking eglSwapBuffers() in the rendering thread.
We also can't assume that there will be only one thread polling on the
file descriptor. A valid use case is a thread receiving data from a
custom wayland interface as well as a device fd or network socket.
The thread may want to wait on either events from the wayland
interface or data from the fd, in which case it needs to poll on both
the wayland display fd and the device/network fd.
The solution seems pretty straightforward: just let all threads read
from the fd. However, the main-thread restriction was introduced to
avoid a race. Simplified, main loops will do something like this:
wl_display_dispatch_pending(display);
/* Race here if other thread reads from fd and places events
* in main eent queue. We go to sleep in poll while sitting on
* events that may stall the application if not dispatched. */
poll(fds, nfds, -1);
/* Race here if other thread reads and doesn't queue any
* events for main queue. wl_display_dispatch() below will block
* trying to read from the fd, while other fds in the mainloop
* are ignored. */
wl_display_dispatch(display);
The restriction that only the main thread can read from the fd avoids
these races, but has the problems described above.
This patch introduces new API to solve both problems. We add
int wl_display_prepare_read(struct wl_display *display);
and
int wl_display_read_events(struct wl_display *display);
wl_display_prepare_read() registers the calling thread as a potential
reader of events. Once data is available on the fd, all reader
threads must call wl_display_read_events(), at which point one of the
threads will read from the fd and distribute the events to event
queues. When that is done, all threads return from
wl_display_read_events().
From the point of view of a single thread, this ensures that between
calling wl_display_prepare_read() and wl_display_read_events(), no
other thread will read from the fd and queue events in its event
queue. This avoids the race conditions described above, and we avoid
relying on any one thread to be available to read events.
I got a little over-eager with my sanity checks and didn't realize that the
client uses wl_map_insert_at to mark objects as zombies when they come from
the server-side.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
In order to use the second-lowest bit of each pointer in wl_map for the
WL_MAP_ENTRY_LEGACY flag, every pointer has to be a multiple of 4. This
was a good assumption, except with WL_ZOMBIE_OBJECT. This commit creates
an actual static variable to which WL_ZOMBIE_OBJECT now points. Since
things are only every compared to WL_ZOMBIE_OBJECT with "==" or "!=", the
only thing that matters is that it is unique.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
The implementation in this commit allows for one bit worth of flags. If
more flags are desired at a future date, then the wl_map implementation
will have to change but the wl_map API will not.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
The original wl_map implementation did no checking to ensures that ids fell
on the correct side of the WL_SERVER_ID_START line. This meant that a
client could send the server a server ID and it would happily try to use
it. Also, there was no distinction between server-side and client-side in
wl_map_remove. Because wl_map_remove added the entry to the free list
regardless of which side it came from, the following set of actions would
break the map:
1. Client creates a bunch of objects
2. Client deletes one or more of those objects
3. Client does something that causes the server to create an object
Because of the problem in wl_map_remove, the server would take an old
client-side id, apply the WL_SERVER_ID_START offset, and try to use it as a
server-side id regardless of whether or not it was valid.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
Looking at the functionality in the server library, it's clear (in
hindsight) that there are two different "things" in there: 1) The IPC
API, that is, everything that concerns wl_display, wl_client,
wl_resource and 2) and half-hearted attempt at sharing input code and
focus logic that leaves a lot of problematic structs in the API
surface, only to share less than 1000 lines of code.
We can just move those input structs and helper functions into weston
and cut libwayland-server down to just the core server side IPC API.
In the short term, compositors can copy those structs and functions
into their source, but longer term, they're probably better off
reimplementing those objects and logic their native framework
(QObject, GObject etc).
If an unknown id is deleted then the lookup in the map will return NULL and
so we should avoid dereferencing that.
As this is unexpected behaviour log a message about the problem too.
Add a destroy listener so that when the current surface associated with the
pointer is destroyed we can reset the pointer to the current surface. In order
to achieve this add a wl_pointer_set_current() which handles assigning the
surface and creating the listener.
This resolves a use-after-free error triggered with nested popup surfaces
Fixes: https://bugzilla.gnome.org/show_bug.cgi?id=696946
use the wl_notify_func type, and not void *, or else wl_signal_get
will not be usable by a c++ plugin because it will not cast
void * to a function pointer.
Reorder the error handling in the case that closure is NULL due to ENOMEM to
ensure that we can safely call wl_closure_lookup_objects on the second test.
Prior to this reordering the closure would be deferenced in the ENOMEM case
due to the invocation of the second half of the logical OR check.
This commit adds a wl_resource_init function for initializing wl_resource
structures similar to wl_client_add_object.
From this commit forward, wl_resource structures should not be initialized
manually, but should use wl_resource_init. In the event of a change to the
wl_resource structure, this allows us to protect against regressions by filling
in added fields with reasonable defaults. In this way, while changing
wl_object or wl_resource still constitutes an ABI break, compositors following
this rule will only need to be recompiled in order to properly link against the
new version.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
This commit adds a flags parameter to wl_closure_invoke(). The so far
added flags are ment to specify if the invokation is client side or
server side. When on the server side, closure arguments of type 'new_id'
should be invoked as a integer id while on the client side they should
be invoked as a pointer to a proxy object.
This fixes a bug happening when the address of a client side 'new_id'
proxy object did not fit in a 32 bit integer.
krh: Squashed test suite compile fix from Jason Ekstrand.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
