1. 22 Jul, 2020 1 commit
    • Michel Dänzer's avatar
      xwayland: Hold a pixmap reference in struct xwl_present_event · 23c55ec3
      Michel Dänzer authored
      In the log of the commit below, I claimed this wasn't necessary on the
      1.20 branch, but this turned out to be wrong: It meant that
      event->buffer could already be destroyed in xwl_present_free_event,
      resulting in use-after-free and likely a crash.
      Fixes: 22c0808a "xwayland: Free all remaining events in
  2. 21 Jul, 2020 2 commits
  3. 20 Jul, 2020 8 commits
    • Lyude Paul's avatar
      xwayland: Store xwl_tablet_pad in its own private key · ccbcf083
      Lyude Paul authored
      When a slave device causes the master virtual pointer device to change
      device types, the device's private data pointer
      (device->public.devicePrivate) is also changed to match the type of the
      slave device. This can be a problem though, as tablet pad devices will
      set the device's private data pointer to their own xwl_tablet_pad
      struct. This can cause us to dereference the pointer as the wrong type,
      and result in a segfault:
      Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
      wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at src/wayland-client.c:792
      792             va_start(ap, opcode);
      (gdb) bt
      0  wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at
      1  0x00005610b27b6c55 in wl_pointer_set_cursor (hotspot_y=0,
        hotspot_x=0, surface=0x0, serial=<optimized out>, wl_pointer=<optimized
        out>) at /usr/include/wayland-client-protocol.h:4610
      2  xwl_seat_set_cursor (xwl_seat=xwl_seat@entry=0x5610b46d5d10) at
      3  0x00005610b27b6ecd in xwl_set_cursor (device=<optimized out>,
        screen=<optimized out>, cursor=<optimized out>, x=<optimized out>,
        y=<optimized out>) at xwayland-cursor.c:249
      4  0x00005610b2800b46 in miPointerUpdateSprite (pDev=0x5610b4501a30) at
      5  miPointerUpdateSprite (pDev=0x5610b4501a30) at mipointer.c:410
      6  0x00005610b2800e56 in miPointerDisplayCursor (pCursor=0x5610b4b35740,
        pScreen=0x5610b3d54410, pDev=0x5610b4501a30) at mipointer.c:206
      7  miPointerDisplayCursor (pDev=0x5610b4501a30, pScreen=0x5610b3d54410,
        pCursor=0x5610b4b35740) at mipointer.c:194
      8  0x00005610b27ed62b in CursorDisplayCursor (pDev=<optimized out>,
        pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at cursor.c:168
      9  0x00005610b28773ee in AnimCurDisplayCursor (pDev=0x5610b4501a30,
        pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at animcur.c:197
      10 0x00005610b28eb4ca in ChangeToCursor (pDev=0x5610b4501a30,
        cursor=0x5610b4b35740) at events.c:938
      11 0x00005610b28ec99f in WindowHasNewCursor
        (pWin=pWin@entry=0x5610b4b2e0c0) at events.c:3362
      12 0x00005610b291102d in ChangeWindowAttributes (pWin=0x5610b4b2e0c0,
        vmask=<optimized out>, vlist=vlist@entry=0x5610b4c41dcc,
        client=client@entry=0x5610b4b2c900) at window.c:1561
      13 0x00005610b28db8e3 in ProcChangeWindowAttributes (client=0x5610b4b2c900)
        at dispatch.c:746
      14 0x00005610b28e1e5b in Dispatch () at dispatch.c:497
      15 0x00005610b28e5f34 in dix_main (argc=16, argv=0x7ffc7a601b68,
        envp=<optimized out>) at main.c:276
      16 0x00007f8828cde042 in __libc_start_main (main=0x5610b27ae930 <main>,
        argc=16, argv=0x7ffc7a601b68, init=<optimized out>, fini=<optimized
        out>, rtld_fini=<optimized out>, stack_end=0x7ffc7a601b58) at
      17 0x00005610b27ae96e in _start () at cursor.c:1064
      Simple reproducer in gnome-shell: open up an Xwayland window, press some
      tablet buttons, lock and unlock the screen. Repeat if it doesn't crash
      the first time.
      So, let's fix this by registering our own device-specific private key
      for storing a backpointer to xwl_tablet_pad, so that all input devices
      have their private data pointers set to their respective xwl_seat.
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      Signed-off-by: Lyude Paul's avatarLyude Paul <lyude@redhat.com>
      (cherry picked from commit ba0e789b)
    • SimonPilkington's avatar
      xwayland: Initialise values in xwlVidModeGetGamma() · cc361355
      SimonPilkington authored
      ProcVidModeGetGamma() relies on GetGamma() to initialise values if it
      returns TRUE. Without this, we're sending uninitialised values to
      Fixes: #1040
      (cherry picked from commit 6748a409)
    • Sjoerd Simons's avatar
      xwayland: Fix crashes when there is no pointer · 533cc6ca
      Sjoerd Simons authored
      When running with a weston session without a pointer device (thus with
      the wl_seat not having a pointer) xwayland pointer warping and pointer
      confining should simply be ignored to avoid crashes.
      Signed-off-by: default avatarSjoerd Simons <sjoerd@collabora.com>
      (cherry picked from commit d35f6833)
    • Olivier Fourdan's avatar
      xwayland: Clear private on device removal · 3aa31823
      Olivier Fourdan authored
      Xwayland uses the device private to point to the `xwl_seat`.
      Device may be removed at any time, including on suspend.
      On resume, if the DIX code ends up calling a function that requires the
      `xwl_seat` such as `xwl_set_cursor()` we may end up pointing at random
      Make sure the clear the device private data on removal so that we don't
      try to use it and crash later.
      Signed-off-by: default avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      (cherry picked from commit 4195e803)
    • Michel Dänzer's avatar
      xwayland: Free all remaining events in xwl_present_cleanup · 22c0808a
      Michel Dänzer authored
      At the end of xwl_present_cleanup, these events aren't reachable
      anymore, so if we don't free them first, they're leaked.
      (cherry picked from commit 64565ea344fef0171497952ef75f019cb420fe3b)
      * Simpler backport, no need to keep a reference to the pixmap on the
        1.20 branch.
    • Michel Dänzer's avatar
      xwayland: Always use xwl_present_free_event for freeing Present events · 37779d7f
      Michel Dänzer authored
      Minor cleanup, and will make the next change simpler. No functional
      change intended.
      Reviewed-by: default avatarDave Airlie <airlied@redhat.com>
      (cherry picked from commit 1beffba6)
    • Michel Dänzer's avatar
      present/wnmd: Free flip_queue entries in present_wnmd_clear_window_flip · ba52e5eb
      Michel Dänzer authored
      When present_wnmd_clear_window_flip is done, present_destroy_window
      frees struct present_window_priv, and the events in the flip queue
      become unreachable. So if we don't free them first, they're leaked.
      Also drop the call to present_wnmd_set_abort_flip, which just sets a
      flag in struct present_window_priv and thus can't have any observable
      effect after present_destroy_window.
      Closes: #1042
      Reviewed-by: default avatarDave Airlie <airlied@redhat.com>
      (cherry picked from commit 1bdedc8d)
    • Michel Dänzer's avatar
      present/wnmd: Keep pixmap pointer in present_wnmd_clear_window_flip · b3310ed5
      Michel Dänzer authored
      The comment was incorrect: Any reference held by the window (see
      present_wnmd_execute) is in addition to the one in struct present_vblank
      (see present_vblank_create). So if we don't drop the latter, the pixmap
      will be leaked.
      Reviewed-by: default avatarDave Airlie <airlied@redhat.com>
      (cherry picked from commit bc9dd1c7)
  4. 03 Jul, 2020 1 commit
  5. 29 May, 2020 1 commit
    • Olivier Fourdan's avatar
      xwayland: Fix infinite loop at startup · 0430d13c
      Olivier Fourdan authored
      Mutter recently added headless tests, and when running those tests the
      Wayland compositor runs for a very short time.
      Xwayland is spawned by the Wayland compositor and upon startup will
      query the various Wayland protocol supported by the compositor.
      To do so, it will do a roundtrip to the Wayland server waiting for
      events it expects.
      If the Wayland compositor terminates before Xwayland has got the replies
      it expects, it will loop indefinitely calling `wl_display_roundtrip()`
      To avoid that issue, add a new `xwl_screen_roundtrip()` that checks for
      the returned value from `wl_display_roundtrip()` and fails if it is
      Signed-off-by: default avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: Roman Gilg's avatarRoman Gilg <subdiff@gmail.com>
      Reviewed-by: Jonas Ådahl's avatarJonas Ådahl <jadahl@gmail.com>
      (cherry picked from commit 785e5906)
  6. 22 May, 2020 1 commit
  7. 15 Apr, 2020 1 commit
    • Samuel Thibault's avatar
      dix: do not send focus event when grab actually does not change · 271934db
      Samuel Thibault authored
       ("dix: always send focus event on grab change") made dix
      always sent events when it's a NotifyGrab or NotifyUngrab, even if
      from == to, because 'from' can just come from a previous XSetInputFocus
      However, when an application calls XGrabKeyboard several times on
      the same window, we are now sending spurious FocusOut+FocusIn with
      NotifyGrab, even if the grab does not actually change. This makes screen
      readers for blind people spuriously emit activity events which disturb
      screen reading workflow when e.g. switching between menus.
      This commit avoids calling DoFocusEvents in that precise case, i.e. when
      oldWin is a previous grab and the new grab is the same window.
      Signed-off-by: Samuel Thibault's avatarSamuel Thibault <samuel.thibault@ens-lyon.org>
      Reviewed-by: Adam Jackson's avatarAdam Jackson <ajax@redhat.com>
      (cherry picked from commit 364d6498)
  8. 29 Mar, 2020 1 commit
  9. 22 Mar, 2020 2 commits
  10. 18 Mar, 2020 1 commit
  11. 12 Mar, 2020 1 commit
  12. 07 Mar, 2020 2 commits
  13. 02 Mar, 2020 3 commits
  14. 21 Feb, 2020 3 commits
    • Dor Askayo's avatar
      xwayland: clear pixmaps after creation in rootless mode · 94dad4f0
      Dor Askayo authored
      When a pixmap is created with a backing FBO, the FBO should be cleared
      to avoid rendering uninitialized memory. This could happen when the
      pixmap is rendered without being filled in its entirety.
      One example is when a top-level window without a background is
      resized. The pixmap would be reallocated to prepare for more pixels,
      but uninitialized memory would be rendered in the resize offset until
      the client sends a frame that fills these additional pixels.
      Another example is when a new top-level window is created without a
      background. Uninitialized memory would be rendered after the pixmap is
      allocated and before the client sends its first frame.
      This issue is only apparent in OpenGL implementations that don't zero
      the VRAM of allocated buffers by default, such as RadeonSI.
      Signed-off-by: Dor Askayo's avatarDor Askayo <dor.askayo@gmail.com>
      Closes: #636
      Reviewed-by: Michel Dänzer's avatarMichel Dänzer <mdaenzer@redhat.com>
      (cherry picked from commit 0e9a0c20)
      [ Michel Dänzer:
      * Squashed in commit ebf549db
      * Dropped code related to glamor_format, which only exists on master ]
    • Michel Dänzer's avatar
      xwayland: Call glamor_block_handler from xwl_screen_post_damage · 0238359b
      Michel Dänzer authored
      In between the two phases introduced by the previous change. This makes
      sure all pending drawing to the new buffers is flushed before they're
      committed to the Wayland server.
      (cherry picked from commit a542224e)
    • Michel Dänzer's avatar
      xwayland: Split up xwl_screen_post_damage into two phases · a93bce6b
      Michel Dänzer authored
      The first phase sets the new surface properties for all damaged
      windows, then the second phase commits all surface updates.
      This is preparatory for the next change, there should be no observable
      change in behaviour (other than the order of Wayland protocol
      Reviewed-by: Adam Jackson's avatarAdam Jackson <ajax@redhat.com>
      (cherry picked from commit f88d9b1f)
  15. 19 Feb, 2020 1 commit
  16. 10 Feb, 2020 5 commits
  17. 06 Feb, 2020 5 commits
  18. 14 Jan, 2020 1 commit