1. 21 Jun, 2022 2 commits
  2. 20 Jun, 2022 4 commits
  3. 16 Jun, 2022 1 commit
  4. 15 Jun, 2022 4 commits
  5. 14 Jun, 2022 2 commits
  6. 23 May, 2022 2 commits
    • Aaron Plattner's avatar
      os: print registers in the libunwind version of xorg_backtrace() · dc8162d5
      Aaron Plattner authored
      If the stack walker finds a signal frame, record the cursor at that point and
      then use unw_get_reg() to query the values of the architecture-specific
      registers at the frame that triggered the signal.
      
      Example output:
      
       (EE) Backtrace:
       (EE) 0: hw/xfree86/Xorg (OsSigHandler+0x25) [0x561458bb8195]
       (EE) 1: <signal handler called>
       (EE) 2: hw/xfree86/Xorg (dix_main+0x9c) [0x561458aead6c]
       (EE) 3: /usr/lib/libc.so.6 (__libc_start_main+0xd5) [0x7f2d23170b25]
       (EE) 4: hw/xfree86/Xorg (_start+0x2e) [0x561458aad8be]
       (EE)
       (EE) Registers at frame #2
      
      :
       (EE)   rax: 0x0
       (EE)   rbx: 0x561458c3ae60
       (EE)   rcx: 0x7f2d23328943
       (EE)   rdx: 0x0
       (EE)   rsi: 0x7ffcb6025030
       (EE)   rdi: 0xe
       (EE)   rbp: 0x0
       (EE)   rsp: 0x7ffcb6026430
       (EE)    r8: 0x0
       (EE)    r9: 0x0
       (EE)   r10: 0x8
       (EE)   r11: 0x246
       (EE)   r12: 0x561458aad890
       (EE)   r13: 0x0
       (EE)   r14: 0x0
       (EE)   r15: 0x0
       (EE)
       (EE) Segmentation fault at address 0x0
      Signed-off-by: Aaron Plattner's avatarAaron Plattner <aplattner@nvidia.com>
      dc8162d5
    • Aaron Plattner's avatar
      os: print <signal handler called> if unw_is_signal_frame() · a7364193
      Aaron Plattner authored
      
      
      libunwind has a function to query whether the cursor points to a signal frame.
      Use this to print
      
       1: <signal handler called>
      
      like GDB does, rather than printing something less useful such as
      
       1: /usr/lib/libpthread.so.0 (funlockfile+0x60) [0x7f679838b870]
      Signed-off-by: Aaron Plattner's avatarAaron Plattner <aplattner@nvidia.com>
      a7364193
  7. 18 May, 2022 1 commit
    • Joshua Ashton's avatar
      xwayland: Add -force-xrandr-emulation switch · 7cdcdfea
      Joshua Ashton authored and Olivier Fourdan's avatar Olivier Fourdan committed
      
      
      Adds a -force-xrandr-emulation cmdline switch that always exposes extra
      modes when viewporter isn't exposed by the Wayland compositor.
      
      Having the additional modes exposed by the X server is important for
      games to function and be configured
      
      Compositors, such as Gamescope (the compositor for Steam Deck),
      support only a single window that is rendered in the centre of the
      screen that is scaled up to fill the screen by the compositor based
      on some user scaling settings.
      
      Exposing viewporter, wouldn't make sense here, and could mislead native
      Wayland clients, so exposing dummy modesets in X is preferred here.
      Signed-off-by: Joshua Ashton's avatarJoshua Ashton <joshua@froggi.es>
      Reviewed-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      7cdcdfea
  8. 12 May, 2022 1 commit
  9. 20 Apr, 2022 3 commits
    • Olivier Fourdan's avatar
      xwayland/output: Set the "RANDR Emulation" property · 7b7170ec
      Olivier Fourdan authored
      
      
      Xwayland does not change the actual XRANDR setup for real, it just
      emulates the resolution changes using viewports in Wayland.
      
      With a single output, if an X11 applications tries to change the CRTC
      back to the native mode, RRCrtcSet() will simply ignore the request as
      no actual change is induced by this.
      
      Set the property "RANDR Emulation" on all Xwayland outputs to make sure
      the optimizations in RRCrtcSet() get skipped and Xwayland can receive
      and act upon the client request.
      
      Also make sure we do not allow that property to be changed by X11
      clients.
      
      v2: Prevent X11 clients from changing the property value
          (Pekka Paalanen <pekka.paalanen@collabora.com>)
      Signed-off-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      Closes: #1305
      7b7170ec
    • Olivier Fourdan's avatar
      randr: Add "RANDR Emulation" property · 0904421f
      Olivier Fourdan authored
      
      
      When RANDR is emulated as with Xwayland, the actual output configuration
      does not change as RANDR is emulated using viewports.
      
      As a result, changes to the CRTC may be skipped, resulting in the
      configuration being (wrongly) assumed to be unchanged.
      
      Add a new output property "RANDR Emulation" that the DDX can set to
      force RRCrtcSet() to reconfigure the CRTC regardless of the change.
      Signed-off-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: default avatarHans de Goede <hdegoede@redhat.com>
      0904421f
    • Olivier Fourdan's avatar
      randr: No need to check RRGetOutputProperty() twice · 97260384
      Olivier Fourdan authored and Olivier Fourdan's avatar Olivier Fourdan committed
      
      
      The function rrGetPixmapSharingSyncProp() will check for the PRIME sync
      property "PRIME Synchronization" on each output and return false if
      any of the output has this property set to false.
      
      To do so, it will call RRGetOutputProperty() twice for each output, once
      with pending true and once with pending false to cover both
      possibilities.
      
      However, reading the implementation of RRGetOutputProperty(), it appears
      that if the property is not pending, the code will return the current
      value even if invoked with pending true.
      
      So the second call to RRGetOutputProperty() with pending false seems
      superfluous.
      Signed-off-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      Fixes: df8e8693
      
       - randr: Add ability to turn PRIME sync off
      Reviewed-by: Alex Goins's avatarAlex Goins <agoins@nvidia.com>
      Tested-by: Alex Goins's avatarAlex Goins <agoins@nvidia.com>
      97260384
  10. 19 Apr, 2022 1 commit
  11. 05 Apr, 2022 1 commit
  12. 02 Apr, 2022 9 commits
  13. 31 Mar, 2022 3 commits
  14. 17 Mar, 2022 1 commit
    • Michel Dänzer's avatar
      xwayland: Always hook up frame_callback_list in xwl_present_queue_vblank · 9e5a3796
      Michel Dänzer authored and Michel Dänzer's avatar Michel Dänzer committed
      Even if there's no pending frame callback yet.
      
      Without this, if there was no pending frame callback yet in
      xwl_present_queue_vblank, xwl_present_msc_bump would only get called
      from xwl_present_timer_callback, resulting in the MSC ticking at ~58
      Hertz.
      
      Doing this requires some adjustments elsewhere:
      
      1. xwl_present_reset_timer needs to check for a pending frame callback
         as well.
      2. xwl_window_create_frame_callback needs to call
         xwl_present_reset_timer for all child windows hooked up to
         frame_callback_list, to make sure the timer length takes the pending
         frame callback into account.
      3. xwl_present_flip needs to hook up the window to frame_callback_list
         before calling xwl_window_create_frame_callback, for 2. to work.
      
      Closes: #1309
      Fixes: 9b31358c
      
       ("xwayland: Use frame callbacks for Present vblank events")
      Reviewed-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      9e5a3796
  15. 15 Mar, 2022 2 commits
    • Michel Dänzer's avatar
      xwayland: Clear timer_armed in xwl_present_unrealize_window · 102764b6
      Michel Dänzer authored and Olivier Fourdan's avatar Olivier Fourdan committed
      Without this, xwl_present_reset_timer would call
      xwl_present_timer_callback if the timer was originally armed over a
      second ago. xwl_present_timer_callback would call xwl_present_msc_bump,
      which could end up hooking up the window to
      xwl_window->frame_callback_list again. This would lead to use-after-free
      in xwl_present_cleanup:
      
        Invalid write of size 8
          at 0x42B65C: __xorg_list_del (list.h:183)
          by 0x42B693: xorg_list_del (list.h:204)
          by 0x42C041: xwl_present_cleanup (xwayland-present.c:354)
          by 0x423669: xwl_destroy_window (xwayland-window.c:770)
          by 0x4FDDC5: compDestroyWindow (compwindow.c:620)
          by 0x5233FB: damageDestroyWindow (damage.c:1590)
          by 0x501C5F: DbeDestroyWindow (dbe.c:1326)
          by 0x4EF35B: FreeWindowResources (window.c:1018)
          by 0x4EF687: DeleteWindow (window.c:1086)
          by 0x4E24B3: doFreeResource (resource.c:885)
          by 0x4E2ED7: FreeClientResources (resource.c:1151)
          by 0x4ACBA4: CloseDownClient (dispatch.c:3546)
        Address 0x12f44980 is 144 bytes inside a block of size 160 free'd
          at 0x48470E4: free (vg_replace_malloc.c:872)
          by 0x423115: xwl_unrealize_window (xwayland-window.c:621)
          by 0x4FCDD8: compUnrealizeWindow (compwindow.c:292)
          by 0x4F3F5C: UnrealizeTree (window.c:2805)
          by 0x4F424B: UnmapWindow (window.c:2863)
          by 0x4EF58C: DeleteWindow (window.c:1075)
          by 0x4E24B3: doFreeResource (resource.c:885)
          by 0x4E2ED7: FreeClientResources (resource.c:1151)
          by 0x4ACBA4: CloseDownClient (dispatch.c:3546)
          by 0x5E27EE: ClientReady (connection.c:599)
          by 0x5E6CB7: ospoll_wait (ospoll.c:657)
          by 0x5DE6CD: WaitForSomething (WaitFor.c:208)
        Block was alloc'd at
          at 0x4849464: calloc (vg_replace_malloc.c:1328)
          by 0x4229CE: ensure_surface_for_window (xwayland-window.c:439)
          by 0x4231E8: xwl_window_set_window_pixmap (xwayland-window.c:647)
          by 0x5232D6: damageSetWindowPixmap (damage.c:1565)
          by 0x4FC7BC: compSetPixmapVisitWindow (compwindow.c:129)
          by 0x4EDB3F: TraverseTree (window.c:441)
          by 0x4FC851: compSetPixmap (compwindow.c:151)
          by 0x4F8C1A: compAllocPixmap (compalloc.c:616)
          by 0x4FC938: compCheckRedirect (compwindow.c:174)
          by 0x4FCD1D: compRealizeWindow (compwindow.c:274)
          by 0x4F36EC: RealizeTree (window.c:2606)
          by 0x4F39F5: MapWindow (window.c:2683)
      
      Fixes: 288ec0e0
      
       ("xwayland/present: Run fallback timer callback after more than a second")
      Tested-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      102764b6
    • Olivier Fourdan's avatar
      xwayland/present: Fix use-after-free in xwl_unrealize_window() · 42113ab2
      Olivier Fourdan authored and Olivier Fourdan's avatar Olivier Fourdan committed
      
      
      When a window is unrealized, Xwayland would destroy the Wayland surface
      prior to unrealizing the present window.
      
      xwl_present_flip() will then do a wl_surface_commit() of that surface,
      hence causing a use-after-free:
      
       Invalid read of size 8
          at 0x49F7FD4: wl_proxy_marshal_array_flags (wayland-client.c:852)
          by 0x49F823A: wl_proxy_marshal_flags (wayland-client.c:784)
          by 0x42B877: wl_surface_commit (wayland-client-protocol.h:3914)
          by 0x42CAA7: xwl_present_flip (xwayland-present.c:717)
          by 0x42CD0E: xwl_present_execute (xwayland-present.c:783)
          by 0x42C26D: xwl_present_msc_bump (xwayland-present.c:416)
          by 0x42C2D1: xwl_present_timer_callback (xwayland-present.c:433)
          by 0x42BAC4: xwl_present_reset_timer (xwayland-present.c:149)
          by 0x42D1F8: xwl_present_unrealize_window (xwayland-present.c:945)
          by 0x4230E2: xwl_unrealize_window (xwayland-window.c:616)
          by 0x4FCDD8: compUnrealizeWindow (compwindow.c:292)
          by 0x4F3F5C: UnrealizeTree (window.c:2805)
        Address 0x1390b8d8 is 24 bytes inside a block of size 80 free'd
          at 0x48470E4: free (vg_replace_malloc.c:872)
          by 0x49F8029: wl_proxy_destroy_caller_locks (wayland-client.c:523)
          by 0x49F8029: wl_proxy_marshal_array_flags (wayland-client.c:861)
          by 0x49F823A: wl_proxy_marshal_flags (wayland-client.c:784)
          by 0x421984: wl_surface_destroy (wayland-client-protocol.h:3672)
          by 0x423052: xwl_unrealize_window (xwayland-window.c:599)
          by 0x4FCDD8: compUnrealizeWindow (compwindow.c:292)
          by 0x4F3F5C: UnrealizeTree (window.c:2805)
          by 0x4F424B: UnmapWindow (window.c:2863)
          by 0x4EF58C: DeleteWindow (window.c:1075)
          by 0x4E24B3: doFreeResource (resource.c:885)
          by 0x4E2ED7: FreeClientResources (resource.c:1151)
          by 0x4ACBA4: CloseDownClient (dispatch.c:3546)
        Block was alloc'd at
          at 0x4849464: calloc (vg_replace_malloc.c:1328)
          by 0x49F7F29: zalloc (wayland-private.h:233)
          by 0x49F7F29: proxy_create (wayland-client.c:422)
          by 0x49F7F29: create_outgoing_proxy (wayland-client.c:664)
          by 0x49F7F29: wl_proxy_marshal_array_flags (wayland-client.c:831)
          by 0x49F823A: wl_proxy_marshal_flags (wayland-client.c:784)
          by 0x4218CA: wl_compositor_create_surface (wayland-client-protocol.h:1291)
          by 0x422A0D: ensure_surface_for_window (xwayland-window.c:445)
          by 0x4231E8: xwl_window_set_window_pixmap (xwayland-window.c:647)
          by 0x5232D6: damageSetWindowPixmap (damage.c:1565)
          by 0x4FC7BC: compSetPixmapVisitWindow (compwindow.c:129)
          by 0x4EDB3F: TraverseTree (window.c:441)
          by 0x4FC851: compSetPixmap (compwindow.c:151)
          by 0x4F8C1A: compAllocPixmap (compalloc.c:616)
          by 0x4FC938: compCheckRedirect (compwindow.c:174)
      
      To avoid that, call xwl_present_unrealize_window() before destroying the
      Wayland surface.
      Signed-off-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: Michel Dänzer's avatarMichel Dänzer <mdaenzer@redhat.com>
      42113ab2
  16. 08 Mar, 2022 1 commit
    • Olivier Fourdan's avatar
      Xwayland: Do not map the COW by default when rootless · 47d33174
      Olivier Fourdan authored
      The composite overlay window (COW) can be queried from any X11 client,
      not just the X11 compositing manager.
      
      If a client tries to get the composite overlay window, the Xserver will
      map the window and block all pointer events (the window being mapped and
      on top of the stack).
      
      To avoid that issue, unset the "mapped" state of the composite overlay
      window once realized when Xwayland is running rootless.
      
      Note: All Xservers are actually affected by this issue, but with most
      regular X servers, the compositing manager will take care of dealing
      with the composite overlay window, and an X11 client using
      GetOverlayWindow() won't break pointer events for all X11 clients.
      Wayland compositors however usually run Xwayland rootless and have no
      use for the COW.
      
      v2: Avoid registering damage for the COW (Michel)
      v3: Remove the "mapped" test to avoid calling register_damage() if the
          COW is not mapped (Michel)
      
      Closes: #1314
      
      Signed-off-by: Olivier Fourdan's avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: Michel Dänzer's avatarMichel Dänzer <mdaenzer@redhat.com>
      47d33174
  17. 16 Feb, 2022 1 commit
  18. 12 Feb, 2022 1 commit
    • Povilas Kanapickas's avatar
      dix: Don't send touch end to clients that do async grab without touches · 43e934a1
      Povilas Kanapickas authored
      GTK3 menu widget creates a selection for touch and other events and
      after receiving touch events creates an async grab that excludes touch
      events. Unfortunately it relies on X server not sending the touch end
      event in order to function properly. Sending touch end event will cause
      it to think that the initiating touch ended and when it actually ends,
      the ButtonRelease event will make it think that the menu should be
      closed. As a result, the menu will be open only for the duration of the
      touch making it useless.
      
      This commit reverts f682e056.
      
      Fixes: #1255
      
      Signed-off-by: Povilas Kanapickas's avatarPovilas Kanapickas <povilas@radix.lt>
      43e934a1