platform/upstream/wayland.git
2 years agoprotocol: clarify wl_data_offer::selection
Jan Grulich [Fri, 16 Jul 2021 11:35:37 +0000 (13:35 +0200)]
protocol: clarify wl_data_offer::selection

Clearly specify that switching focus within the same client
doesn't mean a new selection will be send.

Signed-off-by: Jan Grulich <jgrulich@redhat.com>
2 years agoprotocol: sync wl_shm.format with libdrm 2.4.108
Manuel Stoeckl [Fri, 12 Nov 2021 00:47:14 +0000 (19:47 -0500)]
protocol: sync wl_shm.format with libdrm 2.4.108

The four new formats added (all 16 bpc, RGB colorspace) are very useful
for applications providing high bit depth content and rendering their
buffers on CPU, as computations with 16 bit unsigned integers are often
more efficient than with the (half float, 10 bit) alternative formats.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
3 years agobuild: bump to version 1.19.91 for the alpha release 1.19.91
Simon Ser [Thu, 4 Nov 2021 19:39:22 +0000 (20:39 +0100)]
build: bump to version 1.19.91 for the alpha release

3 years agowayland-shm: Check the size of sealed memory if ignoring SIGBUS handlers
Duncan McIntosh [Sun, 17 Oct 2021 00:28:34 +0000 (20:28 -0400)]
wayland-shm: Check the size of sealed memory if ignoring SIGBUS handlers

In 11623e8f, SIGBUS handlers aren't set if F_SEAL_SHRINK is configured on
the memory. This helps avoid setting up handlers with cooperative clients;
however, if an application gives an incorrect size, the compositor would
access it anyways, figuring SIGBUS is impossible, and crash.

This can be fixed by simply removing the seal-checking logic and always
setting the signal handler. However, it seems that fstat can give the size
of the memfd, so we can check that the size we were told is within the
region. Since it's sealed to shrinking, it must never be shrunk in future,
so we can really (hopefully) ignore SIGBUS.

I was worried that fstat wasn't supported for this, but shm_overview(7) does
mention that it is a possible use.

The best solution would likely be avoiding SIGBUS entirely with
MAP_NOSIGBUS, but that hasn't been merged yet and wouldn't help systems
without it (e.g. with older kernels).

A proof-of-concept of this crash is attached with the merge request. Running
it with this patch gives an invalid-shm error, which is correct.

Signed-off-by: Duncan McIntosh <duncan82013@live.ca>
3 years agoprotocol: wl_shm uses pre-multiplied alpha
Simon Ser [Sun, 31 Oct 2021 11:10:08 +0000 (12:10 +0100)]
protocol: wl_shm uses pre-multiplied alpha

Add a note about pre-multiplied alpha for all wl_shm formats.
Include an escape hatch in the spec to allow other protocol
extensions to override this.

Signed-off-by: Simon Ser <contact@emersion.fr>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/61

3 years agodebug: Fix printing of new ids
Derek Foreman [Tue, 24 Aug 2021 22:08:51 +0000 (17:08 -0500)]
debug: Fix printing of new ids

The client side closure traces have incorrect object ids for new server
generated objects. This is because create_proxies() overwrites the id in
'n' type arguments by storing a pointer to the actual object in the 'o'
field of the union.

Getting back to an id from this pointer requires accessing a structure
that isn't visible outside of wayland-client.c.

Add a function pointer to fish the correct value out of the argument and
pass it to wl_closure_print.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
3 years agoprotocol: add wl_output.{name,description}
Simon Ser [Sun, 24 Jan 2021 11:26:53 +0000 (12:26 +0100)]
protocol: add wl_output.{name,description}

This is inspired from xdg-output-unstable-v1. This allows clients to
get the name and description without having to use xdg_output. This
should eventually allow us to restrict xdg_output to clients like
Xwayland.

The name is a unique non-persistent user-friendly string that can be
used to refer to an output. This can be used by Wayland clients to
refer to a specific wl_output (e.g. across processes or in CLI
arguments).

The description is a non-unique user-friendly string that can be
displayed to the user.

Signed-off-by: Simon Ser <contact@emersion.fr>
References: https://gitlab.freedesktop.org/wayland/wayland-protocols/-/issues/7

3 years agoprotocol: add note about wl_output.done in events
Simon Ser [Tue, 28 Sep 2021 13:36:14 +0000 (15:36 +0200)]
protocol: add note about wl_output.done in events

Mention that geometry, mode and scale wl_output events are followed
by a done event.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agobuild: Include the Wayland minor version in libraries' ABI versions
Simon McVittie [Fri, 10 Sep 2021 17:32:00 +0000 (18:32 +0100)]
build: Include the Wayland minor version in libraries' ABI versions

The ABI of a shared library on Linux is given by a major version, which
is part of the SONAME and is incremented (rarely) on incompatible
changes, and a minor version, which is part of the basename of the
regular file to which the SONAME provides a symlink.

Until now, the ABI minor version was hard-coded, which means we can't
tell which of a pair of Wayland libraries is newer (and therefore
likely to have more symbols and/or fewer bugs).

libwayland-egl already had ABI major version 1, so we can use the
"marketing" version number as the ABI major.minor version number
directly, so Wayland 1.19.90 would produce
libwayland-egl.so.1 -> libwayland-egl.so.1.19.90.

libwayland-cursor and libwayland-server have ABI major version 0,
and OS distributions don't like it when there's a SONAME bump for no
good reason, so use their existing ABI major version together with
the "marketing" minor version:
libwayland-cursor.so.0 -> libwayland-cursor.so.0.19.90.

If the Wayland major version number is incremented to 2, we'll have to
rethink this, so add some error() to break the build if/when that
happens. Assuming that Wayland 2.0 would involve breaking changes,
the best way would probably to bump all the SONAMEs to
libwayland-foo.so.2.

Resolves: https://gitlab.freedesktop.org/wayland/wayland/-/issues/175
Signed-off-by: Simon McVittie <smcv@collabora.com>
3 years agoprotocol: Add wl_surface.offset
Jonas Ådahl [Mon, 22 Mar 2021 07:56:30 +0000 (08:56 +0100)]
protocol: Add wl_surface.offset

This is meant to address the issue where the call to 'wl_surface.attach'
is done by e.g. Vulkan, meaning applications cannot affect the values of
the offset passed as the x and y arguments.

The lack of ability to pass these is problematic when using the Vulkan
for e.g. drawing DND surfaces, as the buffer offset is used to implement
the drag icon hotspots.

Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/148
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
3 years agoclient: handle fcntl error on bad fd in wl_display_connect
Manuel Stoeckl [Sun, 1 Aug 2021 05:38:45 +0000 (01:38 -0400)]
client: handle fcntl error on bad fd in wl_display_connect

This makes wl_display_connect fail immediately instead of
succeeding when the integer provided by WAYLAND_SOCKET does
not refer to a valid file descriptor.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
3 years agoserver: stop wl_display event loop from any context
Damian Hobson-Garcia [Tue, 31 Aug 2021 09:59:33 +0000 (18:59 +0900)]
server: stop wl_display event loop from any context

Calling wl_display_terminate() will exit the wl_display event loop
at the start of the next loop iteration.  This works fine when
wl_display_terminate() is called after the event loop wakes up
from polling on the added event sources.  If, however, it is
called before polling starts, the event loop will not exit until
one or more event sources trigger.  Depending on the types of event
sources, they may never trigger (or may not trigger for a long time),
so the event loop may never exit.

Add an extra event source to the wl_display event loop that will trigger
whenever wl_display_terminate() is called, so that the event loop will
always exit.

Fixes #201

Signed-off-by: Damian Hobson-Garcia <dhobsong@igel.co.jp>
3 years agoprotocol: mention that buffers with alpha are assumed premultiplied
Matt Hoosier [Wed, 29 Sep 2021 14:41:34 +0000 (09:41 -0500)]
protocol: mention that buffers with alpha are assumed premultiplied

This turns out to be the default assumption by compositors, OpenGL, and the DRM
framework. Let's say it explicitly to avoid misinterpretation.

See https://lists.freedesktop.org/archives/wayland-devel/2021-September/041990.html.

Signed-off-by: Matt Hoosier <matt.hoosier@garmin.com>
3 years agoshm: Relax shm_pool_create_buffer() validity check
Olivier Fourdan [Thu, 16 Sep 2021 09:11:05 +0000 (11:11 +0200)]
shm: Relax shm_pool_create_buffer() validity check

shm_pool_create_buffer() can raise a false WL_SHM_ERROR_INVALID_STRIDE
error under some circumstances because of integer division.

Fix this by using a strict comparison operator instead of lower or
equal.

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/235

3 years agoprotocol: mention that keymap mapping must be read-only
Simon Ser [Sat, 4 Sep 2021 14:18:43 +0000 (16:18 +0200)]
protocol: mention that keymap mapping must be read-only

It may be obvious that the mapping must be established in read-only
mode, but it wasn't specified in the specification text.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agogitlab-ci: add a FreeBSD test job
Alex Richardson [Tue, 27 Jul 2021 13:05:06 +0000 (14:05 +0100)]
gitlab-ci: add a FreeBSD test job

This uses the new FreeBSD supported added in
https://gitlab.freedesktop.org/freedesktop/ci-templates/-/merge_requests/114
After the latest series of commits, we should be able to compile and
successfully run all tests, so adding this CI job will prevent any future
FreeBSD regressions.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agoAllow event-loop signal tests to pass on FreeBSD
Alex Richardson [Thu, 5 Aug 2021 08:08:04 +0000 (09:08 +0100)]
Allow event-loop signal tests to pass on FreeBSD

On Linux the signal will be immediately visible in the epoll_wait() call.
However, on FreeBSD we may need a small delay between kill() call and the
signal being visible to the kevent() call. This sometimes happens when the
signal processing and kevent processing runs on different CPUs in the
kernel, so becomes more likely when the system is under load (e.g. running
all tests in parallel).

See https://github.com/jiixyj/epoll-shim/pull/32

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agoDetect FreeBSD versions with broken MSG_CMSG_CLOEXEC
Alex Richardson [Fri, 19 Mar 2021 10:02:41 +0000 (10:02 +0000)]
Detect FreeBSD versions with broken MSG_CMSG_CLOEXEC

If we are compiling against a version of FreeBSD where MSG_CMSG_CLOEXEC
does not work, use the fallback directly. This was only fixed recently
(in https://cgit.freebsd.org/src/commit/?id=6ceacebdf52211).

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agotest-helpers: use sysctl() to count open fds on FreeBSD
Alex Richardson [Mon, 7 Jun 2021 10:53:46 +0000 (11:53 +0100)]
test-helpers: use sysctl() to count open fds on FreeBSD

This allows running the tests on FreeBSD without mounting fdescfs.
Previously you had to run `mount -t fdescfs -o linrdlnk null /dev/fd` to
get file descriptors >=3 listed in /dev/fd.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agotest-runner: Implement is_debugger_attached() for FreeBSD
Alex Richardson [Mon, 15 Mar 2021 22:37:49 +0000 (22:37 +0000)]
test-runner: Implement is_debugger_attached() for FreeBSD

FreeBSD provides a PROC_TRACE_STATUS procctl(2) to detect this directly.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agoUse /dev/fd instead of /proc/self/fd
Alex Richardson [Thu, 18 Mar 2021 09:25:58 +0000 (09:25 +0000)]
Use /dev/fd instead of /proc/self/fd

/dev/fd exists on all operating systems I can test (Linux, FreeBSD, macOS),
whereas /proc/self/fd only appears to exist on Linux.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agoshm: Add mmap+memmove fallback if mremap() does not exist
Alex Richardson [Mon, 15 Mar 2021 22:25:52 +0000 (22:25 +0000)]
shm: Add mmap+memmove fallback if mremap() does not exist

Some operating systems (e.g. FreeBSD) do not implement mremap.
In that case we can grow the mapping by trying to map adjacent memory.
If that fails we can fall back to creating a new larger mapping and
moving the old memory contents there.

Co-authored-by: Koop Mast <kwm@rainbow-runner.nl>
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agoSupport reading ucred from the socket on FreeBSD
Alex Richardson [Mon, 15 Mar 2021 22:21:12 +0000 (22:21 +0000)]
Support reading ucred from the socket on FreeBSD

On FreeBSD we have to use getsockopt(fd, SOL_LOCAL, LOCAL_PEERCRED)
instead. This change is based on a downstream patch in FreeBSD ports.

Co-authored-by: Greg V <greg@unrelenting.technology>
Co-authored-by: Koop Mast <kwm@rainbow-runner.nl>
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agogitlab-ci: add junit reports to the debian builder
Alex Richardson [Tue, 27 Jul 2021 13:01:03 +0000 (14:01 +0100)]
gitlab-ci: add junit reports to the debian builder

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agogitlab-ci: Fix copy-paste error in a comment
Alex Richardson [Thu, 5 Aug 2021 16:37:26 +0000 (17:37 +0100)]
gitlab-ci: Fix copy-paste error in a comment

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agogitlab-ci: remove duplicated lines in ci-templates include
Alex Richardson [Fri, 27 Aug 2021 09:03:56 +0000 (10:03 +0100)]
gitlab-ci: remove duplicated lines in ci-templates include

The file key can have multiple values, so we don't need another "project".

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agogitlab-ci: update ci-templates to the latest commit
Alex Richardson [Tue, 27 Jul 2021 13:00:38 +0000 (14:00 +0100)]
gitlab-ci: update ci-templates to the latest commit

This is in preparation for adding FreeBSD CI support.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agoUse epoll-shim to emulate epoll(7) on FreeBSD
Alex Richardson [Mon, 15 Mar 2021 22:18:14 +0000 (22:18 +0000)]
Use epoll-shim to emulate epoll(7) on FreeBSD

FreeBSD does not provide epoll(7) and instead requires an external library,
epoll-shim, that implements epoll() using kqueue(2)

Co-authored-by: Jan Beich <jbeich@FreeBSD.org>
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agoos-wrappers-test: Handle fcntl() being declared as a macro
Alex Richardson [Mon, 7 Jun 2021 10:12:18 +0000 (11:12 +0100)]
os-wrappers-test: Handle fcntl() being declared as a macro

On some systems (e.g. FreeBSD with the latest epoll-shim), fcntl is
declared as a macro instead of a function. Wrap the definition here in
parantheses to avoid function-macro expansion.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
3 years agotests: Destroy custom global object
Derek Foreman [Thu, 26 Aug 2021 19:50:59 +0000 (14:50 -0500)]
tests: Destroy custom global object

Destroy our custom global object at end of run so we no longer "leak"
it.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
3 years agoconnection: Rename wl_buffer
Derek Foreman [Fri, 6 Aug 2021 18:16:55 +0000 (13:16 -0500)]
connection: Rename wl_buffer

struct wl_buffer has other meaning in wayland, thus making this a pretty
confusing structure name. Function names like wl_buffer_put() just
compound the confusion.

Rename the struct and the associated functions (none of which are called
from outside this file anyway). The struct retains a wl_ prefix, as is
the custom for wayland internal data structures. The function names
have not retained this prefix, as we have many static function that
aren't prefixed.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
3 years agoscanner: Use the new atomic marshal/destroy function
Derek Foreman [Wed, 21 Jul 2021 21:32:36 +0000 (16:32 -0500)]
scanner: Use the new atomic marshal/destroy function

Use the new flagged marshal+destroy function in generated code.

It's intended as a replacement for all existing wl_proxy_marshal_*
functions, so I've used it to replace them all. This results in a large
update to the scanner test files as well.

We now pass the new WL_MARSHAL_FLAG_DESTROY flag when appropriate, so
the race condition in #86 caused by releasing the display mutex between
marshalling the proxy and destroying the proxy is now gone.

Fixes #86

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
3 years agoclient: Add new proxy marshalling functions with flags
Derek Foreman [Wed, 21 Jul 2021 21:26:00 +0000 (16:26 -0500)]
client: Add new proxy marshalling functions with flags

There's a race when destroying wayland objects in a multi-threaded client.
This occurs because we call:
wl_proxy_marshal(foo);
wl_proxy_destroy(foo);

And each of these functions takes, and releases, the display mutex.
Between the two calls, the display is not locked.

In order to allow atomically marshalling the proxy and destroying the
proxy without releasing the lock, add yet more wl_proxy_marshal_*
functions.  This time add flags and jam in all existing warts with the
hope that we can make it future proof this time.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
3 years agoclient: Refactor wl_proxy_destroy critical section
Derek Foreman [Wed, 21 Jul 2021 21:03:12 +0000 (16:03 -0500)]
client: Refactor wl_proxy_destroy critical section

Split wl_proxy_destroy into two pieces, wl_proxy_destroy_unlocked which
performs the critical section code with no locking, and wl_proxy_destroy
which locks before calling that.

We'll use the new unlocked variant later in code that already holds the
lock.

There is a slight functional change - an aborting check is now called
with the lock held. This should be harmless as wl_abort() performs
no locking.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
3 years agocursor: remove unused wl_cursor_theme.name
Simon Ser [Thu, 5 Aug 2021 16:09:53 +0000 (18:09 +0200)]
cursor: remove unused wl_cursor_theme.name

Let's just delete this field since it's not used anywhere and not
exposed in our public API.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agocursor: rename load_default_theme to load_fallback_theme
Simon Ser [Thu, 5 Aug 2021 15:24:02 +0000 (17:24 +0200)]
cursor: rename load_default_theme to load_fallback_theme

The theme getting loaded by this function is not to be confused
with the theme named "default" located on the filesystem. Instead,
it's a minimal theme directly bundled into libwayland-cursor.

Make this clearer by naming this theme "fallback".

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agocursor: Try to fall back to a default xcursor theme first
Olivier Tilloy [Wed, 5 May 2021 15:15:33 +0000 (17:15 +0200)]
cursor: Try to fall back to a default xcursor theme first

The use case is systems where for some reason the current xcursor theme
cannot be accessed (an application packaged as a strictly confined snap,
for example).

Before falling back to wayland's default cursor theme, it is worth
trying the xcursor theme called "default", which hopefully looks better
than the former.

Fixes: https://gitlab.gnome.org/Community/Ubuntu/gnome-sdk/-/issues/6

Signed-off-by: Olivier Tilloy <olivier.tilloy@canonical.com>
3 years agoci: Sanitise build and install paths
Daniel Stone [Tue, 3 Aug 2021 20:53:12 +0000 (21:53 +0100)]
ci: Sanitise build and install paths

No sense in generating enormously long paths. This also happens to fix
artifacts not actually recording anything because we had a mismatch in
artifact paths vs. actual paths.

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Use Werror
Daniel Stone [Tue, 3 Aug 2021 20:32:02 +0000 (21:32 +0100)]
ci: Use Werror

No point warning on stuff if we don't make it fail.

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Use appropriate concurrency level
Daniel Stone [Tue, 3 Aug 2021 20:33:03 +0000 (21:33 +0100)]
ci: Use appropriate concurrency level

The appropriate concurrency level is not necessarily the number of
available CPUs; limit it to what the runners tell us we should be using.

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Add release builds
Daniel Stone [Tue, 3 Aug 2021 20:31:36 +0000 (21:31 +0100)]
ci: Add release builds

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Use consistent YAML indendation
Daniel Stone [Tue, 3 Aug 2021 20:14:04 +0000 (21:14 +0100)]
ci: Use consistent YAML indendation

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Only run ci-fairy on MRs
Daniel Stone [Tue, 3 Aug 2021 20:13:25 +0000 (21:13 +0100)]
ci: Only run ci-fairy on MRs

This requires adding rules to all the jobs, as it's all or nothing.

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Add ARMv7 build
Daniel Stone [Tue, 3 Aug 2021 20:09:50 +0000 (21:09 +0100)]
ci: Add ARMv7 build

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Add AArch64 build
Daniel Stone [Tue, 3 Aug 2021 20:08:01 +0000 (21:08 +0100)]
ci: Add AArch64 build

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Parameterise and template build
Daniel Stone [Tue, 3 Aug 2021 20:06:11 +0000 (21:06 +0100)]
ci: Parameterise and template build

This will make it a lot easier to add other variants later.

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoci: Add comments, rename build stages
Daniel Stone [Tue, 3 Aug 2021 19:56:51 +0000 (20:56 +0100)]
ci: Add comments, rename build stages

No non-cosmetic changes, just making things more accessible.

Signed-off-by: Daniel Stone <daniels@collabora.com>
3 years agoconnection: print array size
Simon Ser [Thu, 28 May 2020 21:47:29 +0000 (23:47 +0200)]
connection: print array size

This makes it easier to understand how an xdg_toplevel is configured for
instance.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agoconnection, client: Avoid locale-dependent float printing
Manuel Stoeckl [Sun, 17 Jan 2021 23:02:50 +0000 (18:02 -0500)]
connection, client: Avoid locale-dependent float printing

Specifically, in the log formed when WAYLAND_DEBUG is set, this commit
ensures that floating point numbers are formatted using '.' instead of
the locale-specific decimal separator. As the debug logs are not
otherwise localized for end-users, and may be parsed by scripts, it is
better to have consistent output here.

The 24.8 fixed point numbers are now represented with 8 digits after
the decimal, since this is both exact and simpler to compute.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
3 years agoos-wrappers-test: Make syscall intercepts work with sanitizers
Fergus Dall [Fri, 9 Jul 2021 14:13:35 +0000 (00:13 +1000)]
os-wrappers-test: Make syscall intercepts work with sanitizers

Sanitizers need to intercept syscalls in the compiler run-time library, as
do these tests. We try to make this work by using dlsym(RTLD_NEXT) to find
the next definition in the chain, but here this approach won't work because
the compiler run-time library is linked into the same elf object as the test
interceptors are.

The sanitizer library supports this by giving the intercept functions a
prefix and making them only weakly alias the real names, so our interceptors
can call the sanitizers interceptors explicitly, which will then use dlsym
to call the real function.

By making our declarations of the sanitizer interceptor function weak we can
handle any combination of intercepts (including none, if there is no
sanitizer). If our declaration is resolves to a NULL pointer, we just use
dlsym.

Signed-off-by: Fergus Dall <sidereal@google.com>
3 years agoconnection-test: Pad out strings with null bytes
Fergus Dall [Fri, 9 Jul 2021 14:09:59 +0000 (00:09 +1000)]
connection-test: Pad out strings with null bytes

The connection_demarshal test writes a 10 byte string into a wayland message,
but doesn't pad it out to a four byte boundary. This leads to the last 32-bit
word of the message being partially uninitialized, which triggers an msan
violation when the message is written to the socket.

Signed-off-by: Fergus Dall <sidereal@google.com>
3 years agoserver: Fix undefined behavior in wl_socket_init_for_display_name
Fergus Dall [Fri, 9 Jul 2021 08:04:27 +0000 (18:04 +1000)]
server: Fix undefined behavior in wl_socket_init_for_display_name

This function constructs a socket path in sun_path using snprintf, which
returns the amount of space that would have been used if the buffer was
large enough. It then checks if this is larger then the actual buffer size
and, if so, returns ENAMETOOLONG. This is correct.

However, after calling snprintf and before checking that the length isn't too
long, it tries to compute a pointer to the part of the path that matches the
input name. It does this by adding the computed path length to the pointer to
the start of the path buffer, which will take it to one-past the null
terminator, and then walking backwards. If the path fits in the buffer, this
will take it at most one-past-the-end of the allocation, which is allowed, but
if the path is longer then the buffer then the pointer addition is undefined behavior.

Fix this by moving the display name computation past the check that the path
length is not too long.

This is detected by the test socket_path_overflow_server_create under ubsan.

Signed-off-by: Fergus Dall <sidereal@google.com>
3 years agoutil: Avoid undefined behaviour in for_each_helper
Fergus Dall [Fri, 9 Jul 2021 07:52:01 +0000 (17:52 +1000)]
util: Avoid undefined behaviour in for_each_helper

for_each_helper tries to calculate a one-past-the-end pointer for its
wl_array input. This is fine when the array has one or more entries, but we
initialize arrays by setting wl_array.data to NULL. Pointer arithmetic is
only defined when both the pointer operand and the result point to the same
allocation, or one-past-the-end of that allocation. As NULL points to no
allocation, no pointer arithmetic can be performed on it, not even adding 0,
even if the result is never dereferenced.

This is caught by clang's ubsan from version 10.

Many tests already hit this case, but I added an explicit test for iterating
over an empty wl_map.

Signed-off-by: Fergus Dall <sidereal@google.com>
3 years agoclient: print discarded events in debug log
Manuel Stoeckl [Sun, 27 Sep 2020 01:14:16 +0000 (21:14 -0400)]
client: print discarded events in debug log

Before this patch, setting WAYLAND_DEBUG=1 or WAYLAND_DEBUG=client made
a program log all requests sent and events that it processes. However,
some events received are not processed. This can happen when a Wayland
server sends an event to an object that does not exist, or was recently
destroyed by the client program (either before the event was decoded,
or after being decoded but before being dispatched.)

This commit prints all discarded messages in the debug log, producing
lines like:

[1234567.890] discarded [unknown]@42.[event 0](0 fd, 12 byte)
[1234567.890] discarded wl_callback@3.done(34567)
[1234567.890] discarded [zombie]@13.[event 1](3 fd, 8 byte)

The first indicates an event to an object that does not exist; the
second, an event to an object that was deleted after decoding, but
before dispatch; the third, an event to an object that left a
'zombie' marker behind to indicate which events have associated
file descriptors.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
3 years agowayland-util: avoid memcpy(NULL) in wl_array_copy()
Pekka Paalanen [Tue, 13 Jul 2021 10:19:48 +0000 (13:19 +0300)]
wayland-util: avoid memcpy(NULL) in wl_array_copy()

The problem was found running Weston, with both Weston and Wayland built
with ASan:

../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 1, which is declared to never be null
../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 2, which is declared to never be null

This turns out to be caused by copying an empty array into an empty
array.

That seems to be completely valid thing to do, and wl_array_init()
initializes the pointers to NULL and size to zero. Copying initialized
arrays must always be valid.

The error are caused by calling memcpy() with NULL pointers. It doesn't
explode, because also the size is zero.

Fix the problem by calling memcpy() only if size is not zero. This
should keep things like copying an empty array into a non-empty array
work.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
3 years agoshm: document wl_shm_buffer
Simon Ser [Tue, 13 Jul 2021 13:52:31 +0000 (15:52 +0200)]
shm: document wl_shm_buffer

The main motivation is to make it clear when a wl_shm_buffer is
destroyed.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agotests: Test wayland-scanner with a description in an entry
James Legg [Wed, 2 Jun 2021 23:10:22 +0000 (00:10 +0100)]
tests: Test wayland-scanner with a description in an entry

This previously would have caused a memory leak and incorrect
comments.

Signed-off-by: James Legg <lankyleggy@gmail.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
3 years agoscanner: Use descriptions in entries
James Legg [Wed, 2 Jun 2021 23:10:21 +0000 (00:10 +0100)]
scanner: Use descriptions in entries

entry may have a description according to the DTD. This is used in
some protocols including xdg-shell.

Fixes the code comment on an enum declaration using the description of
the last enum that had one, adds the descriptions to the comments on
enumerators, and avoids leaking the previously missing descriptions.

Fixes #208

Signed-off-by: James Legg <lankyleggy@gmail.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
3 years agoprotocol: clarify wl_seat.name description
Simon Ser [Tue, 29 Jun 2021 10:47:04 +0000 (12:47 +0200)]
protocol: clarify wl_seat.name description

Define the expected properties of the seat name.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agoCI: turn on ASan and UBSan
Pekka Paalanen [Fri, 14 May 2021 13:25:07 +0000 (16:25 +0300)]
CI: turn on ASan and UBSan

I just noticed that libwayland test suite is ASan and UBSan clean, so
let's turn that on in CI to avoid regressing.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
3 years agoshm: add safety assertions
Simon Ser [Wed, 2 Jun 2021 14:35:30 +0000 (16:35 +0200)]
shm: add safety assertions

Catch any API mis-use with an assert. This should abort when the
user calls unreferences the pool more times than it's referenced.

Also change the refcount check to explicitly check for positive
counts. That makes the condition more readable.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agoconnection: Handle non-nullable strings in wl_connection_demarshal
Fergus Dall [Tue, 22 Jun 2021 09:31:26 +0000 (19:31 +1000)]
connection: Handle non-nullable strings in wl_connection_demarshal

Currently a null string passed into a non-nullable argument of a message
will decode succesfully, probably resulting in the handler function
crashing. Instead treat it the same way we do non-nullable objects and ids.

Signed-off-by: Fergus Dall <sidereal@google.com>
3 years agoconnection-test: Encode size in message headers correctly
Fergus Dall [Tue, 22 Jun 2021 10:05:47 +0000 (20:05 +1000)]
connection-test: Encode size in message headers correctly

In these tests, message sizes are inconsistently encoded in either the upper
or lower 16 bits of the second word of the message. Resolve this in favour
of using the upper 16 bits, as this is how messages are supposed to be
encoded, even though that aspect of message decoding isn't being tested
here.

Signed-off-by: Fergus Dall <sidereal@google.com>
3 years agoprotocol: allow immediate wl_buffer.destroy if not re-used
Simon Ser [Wed, 26 May 2021 10:07:17 +0000 (12:07 +0200)]
protocol: allow immediate wl_buffer.destroy if not re-used

Allow wl_buffer objects to be destroyed without having to wait for
wl_buffer.release if the underlying storage isn't going to be
re-used.

The main motivation for this is to avoid glitches when a client is
torn down. When a client disconnects, all of its objects are destroyed
in arbitrary order. However some compositors will still need to
access the destroyed buffer's underlying storage afterwards, e.g. for
visual effects (fade-out) or for atomic layout updates (wait for other
clients to commit a new buffer before hiding the buffer).

It's still incorrect for clients to destroy a wl_buffer and mutate
the underlying storage without waiting for wl_buffer.release.

Signed-off-by: Simon Ser <contact@emersion.fr>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/185

3 years agoshm: remove wl_shm_buffer.pool NULL checks
Simon Ser [Wed, 2 Jun 2021 14:22:54 +0000 (16:22 +0200)]
shm: remove wl_shm_buffer.pool NULL checks

wl_shm_buffer.pool is never set to NULL. The only time it's set is
in shm_pool_create_buffer, and the pool is guaranteed to be non-NULL
there.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agocursor: fix crash with weird input files
Tobias Stoeckmann [Fri, 14 May 2021 11:06:15 +0000 (13:06 +0200)]
cursor: fix crash with weird input files

If a cursor file contains multiple images for the same size, this
typically indicates an animation. The compositor weston uses
wl_cursor_frame_and_duration to figure out at which time a specific image
should be shown.

The total delay is the sum of all image delays. But if all images have a
delay of 0, the total delay is 0 as well. The code does not check for this
special condition and triggers a floating point exception by eventually
performing a modulo operation with 0.

This, of course, could also happen if the sum of all image delays
triggers an unsigned int overflow. But since a comment in the code
already indicates that it does not try to "fix" handling of weird files,
I would argue that it's "okay" if that happens. At least the program
won't crash.

Proof of Concept:

install -D ~/.icons/poc/cursors
base64 -d > ~/.icons/poc/cursors/left_ptr << EOF
WGN1chAAAAAAAAEAAgAAAAIA/f8BAAAAKAAAAAIA/f8BAAAAKAAAACQAAAACAP3/AQAAAAEAAAAB
AAAAAQAAAAEAAAABAAAAAAAAAAAAAAA=
EOF
cat > /tmp/weston.ini << EOF
[shell]
cursor-theme=poc
EOF
weston -c /tmp/weston.ini

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 years agoprotocol: drop reference to wl_drm
Simon Ser [Wed, 26 May 2021 10:00:17 +0000 (12:00 +0200)]
protocol: drop reference to wl_drm

Change the wl_drm reference to linux-dmabuf. wl_drm is a legacy,
private Mesa protocol that shouldn't be used by regular clients.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agobuild: replace assembly embedding with Python script
Simon Ser [Tue, 15 Dec 2020 19:35:25 +0000 (20:35 +0100)]
build: replace assembly embedding with Python script

This allows Meson to properly track dependencies and re-build the scanner when
editing the dtd. We also stop depending on GNU as' .incbin and make the
embedding less obscure.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agosrc: Add missing new lines to log messages
Marius Vlad [Fri, 7 May 2021 08:00:43 +0000 (11:00 +0300)]
src: Add missing new lines to log messages

Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
3 years agoDocument serial param usage in wl_pointer.set_cursor
Nick Diego Yamane [Wed, 28 Apr 2021 15:34:05 +0000 (11:34 -0400)]
Document serial param usage in wl_pointer.set_cursor

Serial is supposed to contain the latest wl_pointer.enter value received
by clients but it was not even mentioned in the docs, so add it to avoid
misinterpretations.

Signed-off-by: Nick Diego Yamane <nickdiego@igalia.com>
3 years agocursor: fix CVE-2013-2003
Tobias Stoeckmann [Sun, 2 May 2021 19:35:23 +0000 (21:35 +0200)]
cursor: fix CVE-2013-2003

The libXcursor fix for CVE-2013-2003 has never been imported into
wayland, leaving it vulnerable to it.

Changing the argument type to an unsigned type is an effective merge of
Ilja Van Sprundel's commit in libXcursor.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
3 years agocursor: add one more directory to XCURSORPATH
Alexander Dunaev [Wed, 17 Feb 2021 08:44:00 +0000 (15:44 +0700)]
cursor: add one more directory to XCURSORPATH

The user may install cursor themes manually, and the desktop environment
may provide a special directory for storing them.  For instance, GTK puts
those themes into ~/.local/share/icons, and many Linux distributions suggest
using that directory for user-specific themes.  However, users of
libwayland-cursor cannot load these themes using the API provided by the
library because the latter does not look into that directory.

This patch adds ~/.local/share/icons to the search path, so user-specific
themes can be loaded through the API provided by libwayland-cursor.

Signed-off-by: Alexander Dunaev <adunaev@igalia.com>
Reviewed-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
Reviewed-by: Simon Ser <contact@emersion.fr>
3 years agobuild: add option to disable tests
James Hilliard [Tue, 3 Mar 2020 22:27:51 +0000 (15:27 -0700)]
build: add option to disable tests

When building for a product, tests are not needed.

Besides, one test requires a C++ compiler, which is not always
available.

So, add an option to configure to disable building tests altogether.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
3 years agomeson: only require cpp for tests
James Hilliard [Fri, 16 Apr 2021 08:32:38 +0000 (02:32 -0600)]
meson: only require cpp for tests

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
3 years agoChange wl_os_dupfd_cloexec minfd to be int
Alex Richardson [Thu, 18 Mar 2021 10:46:55 +0000 (10:46 +0000)]
Change wl_os_dupfd_cloexec minfd to be int

The fcntl() argument is defined to be an int and not a long. This does not
matter on most architectures since the value is passed in registers, but
it causes issues on big-endian architectures that pass variadic arguments
on the stack.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Simon Ser <contact@emersion.fr>
3 years agoos-wrappers-test.c: Correctly forward arguments to fcntl
Alex Richardson [Thu, 18 Mar 2021 10:45:50 +0000 (10:45 +0000)]
os-wrappers-test.c: Correctly forward arguments to fcntl

We can't just unconditionally read the optional arguments (and also read
it as a void* despite actually being an int).
While this happens to work on most architectures because the first few
variadic arguments are passed in registers, this is non-portable and
causes a crash on architectures that set bounds on variadic function
arguments (for example CHERI-enabled architectures). It could also cause
problems on big-endian architectures that pass variadic arguments on the
stack rather than in registers.

For CHERI-MIPS, reading sizeof(void*) causes a read of 16 bytes from the
bounded varargs capability. This always crashes since even calls with the
optional argument only have 4 bytes available.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Simon Ser <contact@emersion.fr>
3 years agomeson: Only require expat when building wayland-scanner
Michael Weiss [Fri, 2 Apr 2021 17:26:57 +0000 (19:26 +0200)]
meson: Only require expat when building wayland-scanner

This code is only required for building wayland-scanner so it should be
scoped accordingly. libxml-2.0 will only be required if both "scanner"
and "dtd_validation" are set to true.

Signed-off-by: Michael Weiss <dev.primeos@gmail.com>
3 years agoci: Use ci-fairy to check for Signed-off-by
Jonas Ådahl [Fri, 26 Mar 2021 16:21:07 +0000 (17:21 +0100)]
ci: Use ci-fairy to check for Signed-off-by

Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
3 years agoUse MAP_FAILED instead of (void *) -1
Alex Richardson [Fri, 19 Mar 2021 11:24:05 +0000 (11:24 +0000)]
Use MAP_FAILED instead of (void *) -1

While MAP_FAILED is generally defined to that value, we should not be
relying on implementation details of system headers.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Simon Ser <contact@emersion.fr>
3 years agobuild: drop autotools
Simon Ser [Mon, 14 Dec 2020 13:46:46 +0000 (14:46 +0100)]
build: drop autotools

Meson now replaces autotools.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agoserver: add wl_display getter for wl_global
Vlad Zahorodnii [Wed, 24 Feb 2021 14:02:54 +0000 (16:02 +0200)]
server: add wl_display getter for wl_global

This can be useful if the compositor wants to call wl_global_destroy() with some
delay but it doesn't have the wl_display object associated with the global,
which is needed to get access to the event loop.

Signed-off-by: Vlad Zahorodnii <vlad.zahorodnii@kde.org>
3 years agoclient: assert queue display matches proxy
Simon Ser [Thu, 25 Feb 2021 22:49:00 +0000 (23:49 +0100)]
client: assert queue display matches proxy

In wl_proxy_set_queue, passing a wl_event_queue from a completely
unrelated wl_display could lead to object IDs mismatches.

Add an assertion to catch this case. It's always a user bug if this
happens.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agoserver: remove duplicate include
sheepwall [Mon, 22 Feb 2021 17:19:13 +0000 (18:19 +0100)]
server: remove duplicate include

Signed-off-by: August Svensson <a.sve@live.se>
3 years agoprotocol: Specify wl_callback::done to be a destructor event
Tadeo Kondrak [Thu, 11 Jun 2020 19:41:09 +0000 (13:41 -0600)]
protocol: Specify wl_callback::done to be a destructor event

It's the only destructor event in the core protocol, and destructor
events were previously unannotated.

Signed-off-by: Tadeo Kondrak <me@tadeo.ca>
3 years agoprotocol: Add type attribute to events
Tadeo Kondrak [Thu, 11 Jun 2020 19:39:56 +0000 (13:39 -0600)]
protocol: Add type attribute to events

This allows specifying events to be destructors, which is useful for
non-C language bindings. It is unused in wayland-scanner.

Signed-off-by: Tadeo Kondrak <me@tadeo.ca>
3 years agobuild: re-open master for regular development
Simon Ser [Wed, 27 Jan 2021 17:45:57 +0000 (18:45 +0100)]
build: re-open master for regular development

3 years agobuild: bump to version 1.19.0 for the official release 1.19.0
Simon Ser [Wed, 27 Jan 2021 16:48:01 +0000 (17:48 +0100)]
build: bump to version 1.19.0 for the official release

3 years agobuild: bump to 1.18.93 for the RC1 release 1.18.93
Simon Ser [Wed, 20 Jan 2021 21:35:34 +0000 (22:35 +0100)]
build: bump to 1.18.93 for the RC1 release

3 years agoprotocol: sync wl_shm.format with libdrm 2.4.104
Simon Ser [Sun, 17 Jan 2021 10:51:39 +0000 (11:51 +0100)]
protocol: sync wl_shm.format with libdrm 2.4.104

This adds 4 new formats.

Signed-off-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Acked-by: Daniel Stone <daniels@collabora.com>
3 years agoserver: Allow absolute paths in WAYLAND_DISPLAY
Loïc Yhuel [Thu, 14 Nov 2019 13:13:17 +0000 (14:13 +0100)]
server: Allow absolute paths in WAYLAND_DISPLAY

The compositor should handle absolute paths in WAYLAND_DISPLAY like the clients, ie not
adding the XDG_RUNTIME_DIR prefix if it's an absolute path.

This allows to create the wayland socket in a separate directory for system compositors if
desired. Clients could then directly inherit the environment variable.

Signed-off-by: Loïc Yhuel <loic.yhuel@softathome.com>
3 years agobuild: bump to version 1.18.92 for the beta release upstream_bkup_20220121 upstream_bkup_20220124 upstream_bkup_20220208 1.18.92 upstream/1.18.92
Simon Ser [Wed, 6 Jan 2021 19:18:58 +0000 (20:18 +0100)]
build: bump to version 1.18.92 for the beta release

3 years agoRemove TODO
Simon Ser [Mon, 14 Dec 2020 16:27:45 +0000 (17:27 +0100)]
Remove TODO

These TODO items are outdated (either done or not applicable anymore). Let's
migrate items that we want to keep to GitLab issues.

Signed-off-by: Simon Ser <contact@emersion.fr>
3 years agomeson: link with -lrt if needed for clock_gettime
Loïc Yhuel [Thu, 2 Apr 2020 16:25:54 +0000 (18:25 +0200)]
meson: link with -lrt if needed for clock_gettime

This is already done in autotools, and fixes the build with glibc < 2.17.

Signed-off-by: Loïc Yhuel <loic.yhuel@softathome.com>
3 years agobuild: bump to version 1.18.91 for the alpha release 1.18.91
Simon Ser [Mon, 21 Dec 2020 10:16:05 +0000 (11:16 +0100)]
build: bump to version 1.18.91 for the alpha release

3 years agoserver: fix typos
Maxime Roussin-Bélanger [Thu, 17 Dec 2020 20:42:10 +0000 (15:42 -0500)]
server: fix typos

3 years agoegl: fix typo "Backards"
Maxime Roussin-Bélanger [Thu, 17 Dec 2020 20:41:13 +0000 (15:41 -0500)]
egl: fix typo "Backards"

3 years agocursor: fix typo "insufficent"
Maxime Roussin-Bélanger [Thu, 17 Dec 2020 20:40:58 +0000 (15:40 -0500)]
cursor: fix typo "insufficent"

3 years agoCONTRIBUTING: fix typo "excercising"
Maxime Roussin-Bélanger [Thu, 17 Dec 2020 20:40:38 +0000 (15:40 -0500)]
CONTRIBUTING: fix typo "excercising"

3 years agotests: fix typos
Maxime Roussin-Bélanger [Thu, 17 Dec 2020 20:40:04 +0000 (15:40 -0500)]
tests: fix typos

3 years agodoc: fix typos
Maxime Roussin-Bélanger [Thu, 17 Dec 2020 20:39:46 +0000 (15:39 -0500)]
doc: fix typos