Michel Dänzer authored Jun 15, 2022 and Michel Dänzer committed Jun 21, 2022

Could happen if the buffer release event was already processed before
xwl_present_flips_stop.

Closes: #1351

Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

This bump is causing issues with our CI.  Sorry about that.

This reverts commit 0a27f96d.

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

WARNING: Project specifies a minimum meson_version '>= 0.47.0' but uses features which were added in newer versions:
 * 0.50.0: {'install arg in configure_file'}
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Fixes: https://github.com/XQuartz/XQuartz/issues/130

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

This changes away from hard-coding the /tmp/launch-* path to now
supporting a generic <absolute path to unix socket>[.<screen>]
format for $DISPLAY.

cf-libxcb: d978a4f69b30b630f28d07f1003cf290284d24d8
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
CC: Adam Jackson <ajax@kemper.freedesktop.org>

Fixes: https://github.com/XQuartz/XQuartz/issues/205

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>

If the stack walker finds a signal frame, record the cursor at that point and
then use unw_get_reg() to query the values of the architecture-specific
registers at the frame that triggered the signal.

Example output:

 (EE) Backtrace:
 (EE) 0: hw/xfree86/Xorg (OsSigHandler+0x25) [0x561458bb8195]
 (EE) 1: <signal handler called>
 (EE) 2: hw/xfree86/Xorg (dix_main+0x9c) [0x561458aead6c]
 (EE) 3: /usr/lib/libc.so.6 (__libc_start_main+0xd5) [0x7f2d23170b25]
 (EE) 4: hw/xfree86/Xorg (_start+0x2e) [0x561458aad8be]
 (EE)
 (EE) Registers at frame #2

:
 (EE)   rax: 0x0
 (EE)   rbx: 0x561458c3ae60
 (EE)   rcx: 0x7f2d23328943
 (EE)   rdx: 0x0
 (EE)   rsi: 0x7ffcb6025030
 (EE)   rdi: 0xe
 (EE)   rbp: 0x0
 (EE)   rsp: 0x7ffcb6026430
 (EE)    r8: 0x0
 (EE)    r9: 0x0
 (EE)   r10: 0x8
 (EE)   r11: 0x246
 (EE)   r12: 0x561458aad890
 (EE)   r13: 0x0
 (EE)   r14: 0x0
 (EE)   r15: 0x0
 (EE)
 (EE) Segmentation fault at address 0x0
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>

libunwind has a function to query whether the cursor points to a signal frame.
Use this to print

 1: <signal handler called>

like GDB does, rather than printing something less useful such as

 1: /usr/lib/libpthread.so.0 (funlockfile+0x60) [0x7f679838b870]
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>

Joshua Ashton authored May 12, 2022 and Olivier Fourdan committed May 18, 2022

Adds a -force-xrandr-emulation cmdline switch that always exposes extra
modes when viewporter isn't exposed by the Wayland compositor.

Having the additional modes exposed by the X server is important for
games to function and be configured

Compositors, such as Gamescope (the compositor for Steam Deck),
support only a single window that is rendered in the centre of the
screen that is scaled up to fill the screen by the compositor based
on some user scaling settings.

Exposing viewporter, wouldn't make sense here, and could mislead native
Wayland clients, so exposing dummy modesets in X is preferred here.
Signed-off-by: Joshua Ashton <joshua@froggi.es>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

Adds the following 16:10 modes primarily for scaling up on Steam Deck:
 - 1152x720
 - 960x600
 - 928x580
 - 800x500
 - 768x480
Signed-off-by: Joshua Ashton <joshua@froggi.es>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>

Xwayland does not change the actual XRANDR setup for real, it just
emulates the resolution changes using viewports in Wayland.

With a single output, if an X11 applications tries to change the CRTC
back to the native mode, RRCrtcSet() will simply ignore the request as
no actual change is induced by this.

Set the property "RANDR Emulation" on all Xwayland outputs to make sure
the optimizations in RRCrtcSet() get skipped and Xwayland can receive
and act upon the client request.

Also make sure we do not allow that property to be changed by X11
clients.

v2: Prevent X11 clients from changing the property value
    (Pekka Paalanen <pekka.paalanen@collabora.com>)
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Closes: #1305

When RANDR is emulated as with Xwayland, the actual output configuration
does not change as RANDR is emulated using viewports.

As a result, changes to the CRTC may be skipped, resulting in the
configuration being (wrongly) assumed to be unchanged.

Add a new output property "RANDR Emulation" that the DDX can set to
force RRCrtcSet() to reconfigure the CRTC regardless of the change.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>

Olivier Fourdan authored Apr 15, 2022 and Olivier Fourdan committed Apr 20, 2022

The function rrGetPixmapSharingSyncProp() will check for the PRIME sync
property "PRIME Synchronization" on each output and return false if
any of the output has this property set to false.

To do so, it will call RRGetOutputProperty() twice for each output, once
with pending true and once with pending false to cover both
possibilities.

However, reading the implementation of RRGetOutputProperty(), it appears
that if the property is not pending, the code will return the current
value even if invoked with pending true.

So the second call to RRGetOutputProperty() with pending false seems
superfluous.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Fixes: df8e8693

 - randr: Add ability to turn PRIME sync off
Reviewed-by: Alex Goins <agoins@nvidia.com>
Tested-by: Alex Goins <agoins@nvidia.com>

drm_lease_device_handle_released uses the wrong pointer type in the
callback. This will cause crash when compositor removes drm lease device
object.

Fixes: 089e7f98

 - Xwayland: implement drm-lease-v1
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
Signed-off-by: Weng Xuetian <wengxt@gmail.com>

Finishes the work started in commit cd0d4c1b
to remove checks for the variable that never varied from 0 after the code
to change it was removed by commit 511c60bc


in 2006 (xorg-server-1.2.0).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Fixes LGTM warnings:
    * Import of 'cProfile' is not used.
    * Import of 'pdb' is not used.
    * Import of 'string' is not used.
    * Import of 'time' is not used.
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Fixes LGTM warning "The value assigned to local variable 'children' is
never used."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Fixes LGTM warning "Testing for None should use the 'is' operator."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Fixes LGTM warning "This parameter of type drmModeModeInfo is 68 bytes -
consider passing a const pointer/reference instead."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Fixes "Pointless comparison of unsigned value to zero."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

As can be seen in diff, nOut is always 0 here. The code was likely
copy-pasted from comparisons further below.

Fixes LGTM warning "Comparison is always false because nOut <= 0."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Correctness is ensured be checking md5sum result before and after the
commit (it's the same).

Fixes LGTM warning: "Comparison is always true because firstValuator <= 1."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Correctness is ensured be checking md5sum result before and after the
commit (it's the same).

Fixes LGTM warning "Comparison is always false because numTimings <= 0."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Konstantin Kharlamov authored Mar 24, 2019 and Alan Coopersmith committed Apr 02, 2022

Both functions has a check at the beginning to return when h > 32767.

Fixes LGTM 2 warnings "Comparison is always false because h <= 32767."
Signed-off-by: Konstantin Kharlamov <Hi-Angel@yandex.ru>

Brian Ruthven authored Mar 28, 2022 and Alan Coopersmith committed Mar 31, 2022

Makes the 4-byte cases match those for 1- & 2-byte handling,
moving the break from being unconditionally hit the first time
through the to loop to after the loop is done.

Fixes Solaris Studio compiler warnings:
"prim_ops.c", line 2626: warning: end-of-loop code not reached
"prim_ops.c", line 2692: warning: end-of-loop code not reached
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Martin Roukala <martin.roukala@mupuf.org>

Claes Nästén authored Mar 14, 2022 and Alan Coopersmith committed Mar 31, 2022

switch_to() is only used from #ifdef HAS_USL_VTS code, place it inside
ifdefs to to avoid unused static warning and compile error on systems
without VT_ACTIVATE and VT_WAITACTIVE defines.

Michel Dänzer authored Mar 15, 2022 and Michel Dänzer committed Mar 17, 2022

Even if there's no pending frame callback yet.

Without this, if there was no pending frame callback yet in
xwl_present_queue_vblank, xwl_present_msc_bump would only get called
from xwl_present_timer_callback, resulting in the MSC ticking at ~58
Hertz.

Doing this requires some adjustments elsewhere:

1. xwl_present_reset_timer needs to check for a pending frame callback
   as well.
2. xwl_window_create_frame_callback needs to call
   xwl_present_reset_timer for all child windows hooked up to
   frame_callback_list, to make sure the timer length takes the pending
   frame callback into account.
3. xwl_present_flip needs to hook up the window to frame_callback_list
   before calling xwl_window_create_frame_callback, for 2. to work.

Closes: #1309
Fixes: 9b31358c

 ("xwayland: Use frame callbacks for Present vblank events")
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

Michel Dänzer authored Mar 14, 2022 and Olivier Fourdan committed Mar 15, 2022

Without this, xwl_present_reset_timer would call
xwl_present_timer_callback if the timer was originally armed over a
second ago. xwl_present_timer_callback would call xwl_present_msc_bump,
which could end up hooking up the window to
xwl_window->frame_callback_list again. This would lead to use-after-free
in xwl_present_cleanup:

  Invalid write of size 8
    at 0x42B65C: __xorg_list_del (list.h:183)
    by 0x42B693: xorg_list_del (list.h:204)
    by 0x42C041: xwl_present_cleanup (xwayland-present.c:354)
    by 0x423669: xwl_destroy_window (xwayland-window.c:770)
    by 0x4FDDC5: compDestroyWindow (compwindow.c:620)
    by 0x5233FB: damageDestroyWindow (damage.c:1590)
    by 0x501C5F: DbeDestroyWindow (dbe.c:1326)
    by 0x4EF35B: FreeWindowResources (window.c:1018)
    by 0x4EF687: DeleteWindow (window.c:1086)
    by 0x4E24B3: doFreeResource (resource.c:885)
    by 0x4E2ED7: FreeClientResources (resource.c:1151)
    by 0x4ACBA4: CloseDownClient (dispatch.c:3546)
  Address 0x12f44980 is 144 bytes inside a block of size 160 free'd
    at 0x48470E4: free (vg_replace_malloc.c:872)
    by 0x423115: xwl_unrealize_window (xwayland-window.c:621)
    by 0x4FCDD8: compUnrealizeWindow (compwindow.c:292)
    by 0x4F3F5C: UnrealizeTree (window.c:2805)
    by 0x4F424B: UnmapWindow (window.c:2863)
    by 0x4EF58C: DeleteWindow (window.c:1075)
    by 0x4E24B3: doFreeResource (resource.c:885)
    by 0x4E2ED7: FreeClientResources (resource.c:1151)
    by 0x4ACBA4: CloseDownClient (dispatch.c:3546)
    by 0x5E27EE: ClientReady (connection.c:599)
    by 0x5E6CB7: ospoll_wait (ospoll.c:657)
    by 0x5DE6CD: WaitForSomething (WaitFor.c:208)
  Block was alloc'd at
    at 0x4849464: calloc (vg_replace_malloc.c:1328)
    by 0x4229CE: ensure_surface_for_window (xwayland-window.c:439)
    by 0x4231E8: xwl_window_set_window_pixmap (xwayland-window.c:647)
    by 0x5232D6: damageSetWindowPixmap (damage.c:1565)
    by 0x4FC7BC: compSetPixmapVisitWindow (compwindow.c:129)
    by 0x4EDB3F: TraverseTree (window.c:441)
    by 0x4FC851: compSetPixmap (compwindow.c:151)
    by 0x4F8C1A: compAllocPixmap (compalloc.c:616)
    by 0x4FC938: compCheckRedirect (compwindow.c:174)
    by 0x4FCD1D: compRealizeWindow (compwindow.c:274)
    by 0x4F36EC: RealizeTree (window.c:2606)
    by 0x4F39F5: MapWindow (window.c:2683)

Fixes: 288ec0e0

 ("xwayland/present: Run fallback timer callback after more than a second")
Tested-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>

Olivier Fourdan authored Mar 11, 2022 and Olivier Fourdan committed Mar 15, 2022

When a window is unrealized, Xwayland would destroy the Wayland surface
prior to unrealizing the present window.

xwl_present_flip() will then do a wl_surface_commit() of that surface,
hence causing a use-after-free:

 Invalid read of size 8
    at 0x49F7FD4: wl_proxy_marshal_array_flags (wayland-client.c:852)
    by 0x49F823A: wl_proxy_marshal_flags (wayland-client.c:784)
    by 0x42B877: wl_surface_commit (wayland-client-protocol.h:3914)
    by 0x42CAA7: xwl_present_flip (xwayland-present.c:717)
    by 0x42CD0E: xwl_present_execute (xwayland-present.c:783)
    by 0x42C26D: xwl_present_msc_bump (xwayland-present.c:416)
    by 0x42C2D1: xwl_present_timer_callback (xwayland-present.c:433)
    by 0x42BAC4: xwl_present_reset_timer (xwayland-present.c:149)
    by 0x42D1F8: xwl_present_unrealize_window (xwayland-present.c:945)
    by 0x4230E2: xwl_unrealize_window (xwayland-window.c:616)
    by 0x4FCDD8: compUnrealizeWindow (compwindow.c:292)
    by 0x4F3F5C: UnrealizeTree (window.c:2805)
  Address 0x1390b8d8 is 24 bytes inside a block of size 80 free'd
    at 0x48470E4: free (vg_replace_malloc.c:872)
    by 0x49F8029: wl_proxy_destroy_caller_locks (wayland-client.c:523)
    by 0x49F8029: wl_proxy_marshal_array_flags (wayland-client.c:861)
    by 0x49F823A: wl_proxy_marshal_flags (wayland-client.c:784)
    by 0x421984: wl_surface_destroy (wayland-client-protocol.h:3672)
    by 0x423052: xwl_unrealize_window (xwayland-window.c:599)
    by 0x4FCDD8: compUnrealizeWindow (compwindow.c:292)
    by 0x4F3F5C: UnrealizeTree (window.c:2805)
    by 0x4F424B: UnmapWindow (window.c:2863)
    by 0x4EF58C: DeleteWindow (window.c:1075)
    by 0x4E24B3: doFreeResource (resource.c:885)
    by 0x4E2ED7: FreeClientResources (resource.c:1151)
    by 0x4ACBA4: CloseDownClient (dispatch.c:3546)
  Block was alloc'd at
    at 0x4849464: calloc (vg_replace_malloc.c:1328)
    by 0x49F7F29: zalloc (wayland-private.h:233)
    by 0x49F7F29: proxy_create (wayland-client.c:422)
    by 0x49F7F29: create_outgoing_proxy (wayland-client.c:664)
    by 0x49F7F29: wl_proxy_marshal_array_flags (wayland-client.c:831)
    by 0x49F823A: wl_proxy_marshal_flags (wayland-client.c:784)
    by 0x4218CA: wl_compositor_create_surface (wayland-client-protocol.h:1291)
    by 0x422A0D: ensure_surface_for_window (xwayland-window.c:445)
    by 0x4231E8: xwl_window_set_window_pixmap (xwayland-window.c:647)
    by 0x5232D6: damageSetWindowPixmap (damage.c:1565)
    by 0x4FC7BC: compSetPixmapVisitWindow (compwindow.c:129)
    by 0x4EDB3F: TraverseTree (window.c:441)
    by 0x4FC851: compSetPixmap (compwindow.c:151)
    by 0x4F8C1A: compAllocPixmap (compalloc.c:616)
    by 0x4FC938: compCheckRedirect (compwindow.c:174)

To avoid that, call xwl_present_unrealize_window() before destroying the
Wayland surface.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>

The composite overlay window (COW) can be queried from any X11 client,
not just the X11 compositing manager.

If a client tries to get the composite overlay window, the Xserver will
map the window and block all pointer events (the window being mapped and
on top of the stack).

To avoid that issue, unset the "mapped" state of the composite overlay
window once realized when Xwayland is running rootless.

Note: All Xservers are actually affected by this issue, but with most
regular X servers, the compositing manager will take care of dealing
with the composite overlay window, and an X11 client using
GetOverlayWindow() won't break pointer events for all X11 clients.
Wayland compositors however usually run Xwayland rootless and have no
use for the COW.

v2: Avoid registering damage for the COW (Michel)
v3: Remove the "mapped" test to avoid calling register_damage() if the
    COW is not mapped (Michel)

Closes: #1314

Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>

This fixes address sanitizer errors when running unit tests. The
additional copying may reduce performance by a small amount, but we
don't care about that because this driver is used for testing only.
Signed-off-by: Povilas Kanapickas <povilas@radix.lt>

GTK3 menu widget creates a selection for touch and other events and
after receiving touch events creates an async grab that excludes touch
events. Unfortunately it relies on X server not sending the touch end
event in order to function properly. Sending touch end event will cause
it to think that the initiating touch ended and when it actually ends,
the ButtonRelease event will make it think that the menu should be
closed. As a result, the menu will be open only for the duration of the
touch making it useless.

This commit reverts f682e056.

Fixes: #1255

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>