The wl_display events (error and delete_id) need to be handled even
if the default queue doesn't get dispatched for a while. For example,
a busy EGL rendering loop hits wl_display.sync every eglSwapBuffers()
and we need to process the delete_id events to maintain the object ID
data structure.
As it is, that doesn't happen, but with this change we special case
wl_display events. We put them on a custom, private queue and when
dispatching events, we always dispatch display_queue events first.
The wl_display proxy should still be the default_queue, so that objects
created from wl_display requests get assigned to that.
The previous implementation of the wl_container_of macro was
dereferencing the sample pointer in order to get an address of the
member to calculate the offset. Ideally this shouldn't cause any
problems because the dereference doesn't actually cause the address to
be read from so it shouldn't matter if the pointer is uninitialised.
However this is probably technically invalid and could cause undefined
behavior. Clang appears to take advantage of this undefined behavior
and doesn't bother doing the subtraction. It also gives a warning when
it does this.
The documentation for wl_container_of implies that it should only be
given an initialised pointer and if that is done then there is no
problem with clang. However this is quite easy to forget and doesn't
cause any problems or warnings with gcc so it's quite easy to
accidentally break clang.
To fix the problem this changes the macro to use pointer -
offsetof(__typeof__(sample), member) so that it doesn't need to deref
the sample pointer. This does however require that the __typeof__
operator is supported by the compiler. In practice we probably only
care about gcc and clang and both of these happily support the
operator.
The previous implementation was also using __typeof__ but it had a
fallback path avoiding it when the operator isn't available. The
fallback effectively has undefined behaviour and it is targetting
unknown compilers so it is probably not a good idea to leave it in.
Instead, this patch just removes it. If someone finds a compiler that
doesn't have __typeof__ but does work with the old implementation then
maybe they could add it back in as a special case.
This patch removes the initialisation anywhere where the sample
pointer was being unitialised before using wl_container_of. The
documentation for the macro has also been updated to specify that this
is OK.
In wl_display_add_shm_format(), check the return value from
wl_array_add() before dereferencing it and assigning it a value.
Return the resulting pointer back to the caller.
Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
POSIX says to set errno=0 before calling strtol since
the return value alne cannot tell a failure.
on ubuntu armel I get:
../src/wayland-scanner client-header < ../../protocol/wayland.xml > wayland-client-protocol.h
<stdin>:1188: error: invalid integer (2)
Signed-off-by: Adrian Negreanu <adrian.m.negreanu@intel.com>
Restart the poll() if we take a signal. This is easily triggered in
an application that ends up blocking in eglSwapBuffers(), and causes EGL
to fail to allocate a back buffer.
This will be useful in order to implement the
EGL_WL_create_wayland_buffer_from_image extension. The buffers created
within Mesa's Wayland platform are created using the the wl_drm object
as a proxy factory which means they will be set to use Mesa's internal
event queue. However, these buffers will be owned by the client
application so they ideally need to use the default event loop. This
function provides a way to set the proxy's event queue back to the
default.
krh: Edited from Neils original patch to just use wl_proxy_set_queue() with
a NULL argument instead of introducing a new function.
Otherwise the tail of fds_in buffer would just shift beyond the beginning.
That confuses the actual request handler and results in a crash further on
due to corrupted tail.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
A bug in Weston's toytoolkit gave me an hour of debugging headaches.
Improve the error messages that we send if a client requests an invalid
global, either by name or by version.
The server requires clients to only allocate one ID ahead of the previously
highest ID in order to keep the ID range tight. Failure to do so will
make the server close the client connection. However, the way we allocate
new IDs is racy. The generated code looks like:
new_proxy = wl_proxy_create(...);
wl_proxy_marshal(proxy, ... new_proxy, ...);
If two threads do this at the same time, there's a chance that thread A
will allocate a proxy, then get pre-empted by thread B which then allocates
a proxy and then passes it to wl_proxy_marshal(). The ID for thread As
proxy will be one higher that the currently highest ID, but the ID for
thread Bs proxy will be two higher. But since thread B prempted thread A
before it could send its new ID, B will send its new ID first, the server
will see the ID from thread Bs proxy first, and will reject it.
We fix this by introducing wl_proxy_marshal_constructor(). This
function is identical to wl_proxy_marshal(), except that it will
allocate a wl_proxy for NEW_ID arguments and send it, all under the
display mutex. By introducing a new function, we maintain backwards
compatibility with older code from the generator, and make sure that
the new generated code has an explicit dependency on a new enough
libwayland-client.so.
A virtual Wayland merit badge goes to Kalle Vahlman, who tracked this
down and analyzed the issue.
Reported-by: Kalle Vahlman <kalle.vahlman@movial.com>
It would be possible to make the compositor leak file descriptors by
passing descriptors of open unmmapable files to it, such as /dev/null.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
The generated code only support one new-id per request, since the stubs
return the new proxy. It's still possible to send requests with multiple
new-id arguments, but it must be done with
wl_proxy_marshal_array_constructor().
Linux will let you mmap a region of a file that is larger than the
size of the file. If you then try to read from that region the process
will get a SIGBUS signal. Currently the clients can use this to crash
a compositor because it can create a pool and lie about the size of
the file which will cause the compositor to try and read past the end
of it. The compositor can't simply check the size of the file to
verify that it is big enough because then there is a race condition
where the client may truncate the file after the check is performed.
This patch adds the following two public functions in the server API
which can be used wrap access to an SHM buffer:
void wl_shm_buffer_begin_access(struct wl_shm_buffer *buffer);
void wl_shm_buffer_end_access(struct wl_shm_buffer *buffer);
The first time wl_shm_buffer_begin_access is called a signal handler
for SIGBUS will be installed. If the signal is caught then the buffer
for the current pool is remapped to an anonymous private buffer at the
same address which allows the compositor to continue without crashing.
The end_access function will then post an error to the buffer
resource.
The current pool is stored as part of some thread-local storage so
that multiple threads can safely independently access separate
buffers.
Eventually we may want to add some more API so that compositors can
hook into the signal handler or replace it entirely if they also want
to do some SIGBUS handling.
In wl_display_dispatch_queue, if poll fails then it would previously
return immediately and leak a reference in display->reader_count. Then
if the application ignores the error and tries to read again it will
block forever. This can happen for example if the poll fails with
EINTR which the application might consider to be a recoverable error.
This patch makes it cancel the read so the reader_count will be
decremented when poll fails.
This is needed for doxygen to generate output for macro definitions, such
as wl_container_of, that are contained by this file. Classes like
wl_list would be documented regardless.
If an interface has a destructor but no 'destroy' method we used to
not emit a destroy method. Now with the fix for missing destroy
requests for wl_pointer etc we need to emit the local wl_*_destroy
always.
This commit adds support for language bindings on the client half of the
library. The idea is the same as for server-side dispatchers.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
This commit adds support for server-side languages bindings. This is done
in two ways:
1. Adding a wl_resource_set_dispatcher function that corresponds to
wl_resource_set_interface. The only difference between the two functions
is that the new version takes a dispatcher along with the implementation,
data, and destructor. This allows for runtime calling of native language
functions for callbacks instead of having to generate function pointers.
2. Adding versions of wl_resource_post_event and wl_resource_queue_event
that take an array of wl_argument instead of a variable argument list.
This allows for easier run-time argument conversion and removes the need
for libffi-based calling of variadic functions.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
This is the mirror function to wl_proxy_add_listener and is useful
inside client libraries to differentiate events on listeners for which
multiple proxies have been created.
wayland-scanner without arguments prints out usage. With help or --help it
waits for stdin to supply something which isn't quite as informative as
printing out the help.
This patch also moves the strcmp for args up to have all of them in one
location.
