Signed-off-by: Michael Stapelberg <stapelberg@google.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
There's nothing in configure to enable this, and KdTsPhyScreen isn't
defined anywhere.
[ajax: Rebase, also clean up Xfbdev]
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Jamey Sharp <jamey@minilop.net>
These extensions were accessing internal OS functions and
structures. Expose the necessary functionality to them and remove
their use of osdep.h
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Commit 4b4b9086 "os: support new implicit local user access mode [CVE-2015-3164
2/3]" carefully places the relevant code it adds under !NO_LOCAL_CLIENT_CRED,
but unfortunately doesn't notice that NO_LOCAL_CLIENT_CRED is defined as a
side-effect in the middle of GetLocalClientCreds(), so many of these checks
precede its definition.
Move the check if NO_LOCAL_CLIENT_CRED should be defined to configure.ac, so it
always occurs before it's first use.
v2:
Move check to configure.ac
v3:
Use AC_CACHE_CHECK and name cache varaible appropriately
[ajax: Massaged commit message]
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Ray Strode <rstrode@redhat.com>
ResourceClientBits() might be used by the modules as well, need to
mark the symbol as visible to that the linker can resolve it at
run time.
/usr/bin/X: symbol lookup error:
/usr/lib64/xorg/modules/extensions/libglx.so: undefined symbol:
ResourceClientBits
bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=91763
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Make the maximum number of clients user configurable, either from the command
line or from xorg.conf
This patch works by using the MAXCLIENTS (raised to 512) as the maximum
allowed number of clients, but allowing the actual limit to be set by the
user to a lower value (keeping the default of 256).
There is a limit size of 29 bits to be used to store both the client ID and
the X resources ID, so by reducing the number of clients allowed to connect to
the X server, the user can increase the number of X resources per client or
vice-versa.
Parts of this patch are based on a similar patch from Adam Jackson
<ajax@redhat.com>
This now requires at least xproto 7.0.28
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
This eliminates the duplicate declaration of dixGetGlyphs when
fontutil.h gets included after dixfont.h has defined GetGlyphs as
dixGetGlyphs.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Removes the last cpp conditional on ROOTLESS from dix code.
Reviewed-by: Jasper St. Pierre <jstpierre@mecheye.net>
Signed-off-by: Adam Jackson <ajax@redhat.com>
One of the lacking features with output offloading was
that screen rotation didn't work at all.
This patch makes 0/90/180/270 rotation work with USB output
and GPU outputs.
When it allocates the shared pixmap it allocates it rotated,
and any updates to the shared pixmap are done using a composite
path that does the rotation. The slave GPU then doesn't need
to know about the rotation and just displays the pixmap.
v2:
rewrite the sync dirty helper to use the dst pixmap, and
avoid any strange hobbits and rotations.
This breaks ABI in two places.
Signed-off-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
We need this for doing USB offload scenarios using glamor
and modesetting driver.
unfortunately only gbm in mesa 10.6 has support for the
linear API.
v1.1: fix bad define
v2: update the configure.ac test as per amdgpu. (Michel)
set linear bos to external to avoid cache. (Eric)
Reviewed-by: Eric Anholt <eric@anholt.net>
Signed-off-by: Dave Airlie <airlied@redhat.com>
I doubt anyone builds with this turned off or has done for a long
time.
It helps my eyes bleed slightly less when reading the code, I've left
the define in place as some drivers use it.
Reviewed-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
If the X server is started without a '-auth' argument, then
it gets started wide open to all local users on the system.
This isn't a great default access model, but changing it in
Xorg at this point would break backward compatibility.
Xwayland, on the other hand is new, and much more targeted
in scope. It could, in theory, be changed to allow the much
more secure default of a "user who started X server can connect
clients to that server."
This commit paves the way for that change, by adding a mechanism
for DDXs to opt-in to that behavior. They merely need to call
LocalAccessScopeUser()
in their init functions.
A subsequent commit will add that call for Xwayland.
Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Allows a mask to carry both accelerated and unaccelerated motion at the same
time.
This is required for xf86-input-libinput where the pointer acceleration
happens in libinput already, but parts of the server, specifically raw events
and DGA rely on device-specific unaccelerated data.
To ease integration add this as a second set to the ValuatorMask rather than
extending all APIs to carry a second, possibly NULL set of valuators.
Note that a valuator mask should only be used in either accel/unaccel or
standard mode at any time. Switching requires either a valuator_mask_zero()
call or unsetting all valuators one-by-one. Trying to mix the two will produce
a warning.
The server has a shortcut for changing a mask with the
valuator_mask_drop_unaccelerated() call. This saves us from having to loop
through all valuators on every event, we can just drop the bits we know we
don't want.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Without this, AC_SYS_LARGEFILE doesn't actually have any effect.
Signed-off-by: Michel Dänzer <michel@daenzer.net>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Make sure X_BIG_ENDIAN/X_LITTLE_ENDIAN are defined before actually using
them.
Otherwise, image byte order could be wrong on big endian hardware even
though endianess detection is correct.
Reported-by: Tim Waugh <twaugh@redhat.com>
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Uses reallocarray to perform integer overflow detection when allocating
an array, using NULL as the previous pointer to force a new allocation.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
Wrapper for realloc() that checks for overflow when multiplying
arguments together, so we don't have to add overflow checks to
every single call. For documentation on usage, see:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/calloc.3
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Acked-by: Matt Turner <mattst88@gmail.com>
The xnfcalloc() macro took two arguments but simply multiplied them
together without checking for overflow and defeating any overflow
checking that calloc() might have done. Let's not do that.
The original XNFcalloc() function is left for now to preserve driver
ABI, but is marked as deprecated so it can be removed in a future round
of ABI break/cleanup.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Matt Turner <mattst88@gmail.com>
Store the user-defined monitors in the RandR screen private.
Generate a list of monitors from both the user-defined ones and from
any outputs not mentioned in one of the user-defined monitors. This list
covers both the outputs in the main screen as well as any slaves.
v1.1: airlied: fix up primary skipping bug,
fix wrong height initialiser
add get_active flag from updated protocol.
Reviewed-by: Dave Airlie <airlied@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
No longer used with the removal of the GL dispatch (glapi) from libglx a
few releases ago.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Make PseudoramiXExtensionInit() prototype available to hw/xwin
Rather than avoiding a reference to it being pulled in to Xorg by sdksyms by
hiding this prototype behind the INXQUARTZ define, which is only defined when
building Xquartz, introduce nonsdk_extinit.h and move it there.
(The only remaining use of INXQUARTZ is in mi/miiniext.c, in order
to do PseudoramiXExtensionInit() at the point apparently needed by Xquartz)
Also remove duplicate declaration of noPseudoramiXExtension from pseudoramiX.h
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
Add _X_EXPORT to GetMaster function. It is required by tigervnc's VNC module.
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Nothing was using it and if anyone had they would've gotten a warning and
noticed that it doesn't actually work. Drop this, it has been unused for years.
Input ABI 22
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Use typedefs to work around dtrace dropping const qualifiers from probe
arguments when generating Xserver-dtrace.h. Add new probes.h header to
avoid having to replicate these typedefs in every file with dtrace probes.
Gets rid of these warnings from gcc 4.8:
getevents.c:1096:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' discards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1096:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1651:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1651:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1791:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1791:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1921:9:
warning: passing argument 6 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
getevents.c:1921:9:
warning: passing argument 7 of '__dtrace_Xserver___input__event' disards
'const' qualifier from pointer target type [enabled by default]
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
The CVE fix in:
commit 97015a07b9
Author: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Wed Jan 22 22:37:15 2014 -0800
dix: integer overflow in RegionSizeof() [CVE-2014-8092 3/4]
offended the C++ demons:
../../include/regionstr.h:147:45: error: invalid conversion from 'void*' to
'pixman_region16_data_t* {aka pixman_region16_data*}' [-fpermissive]
Normally this isn't a problem, because around here we have the sense and
common decency to not use C++, but this does make tigervnc fail to build,
which is a little rude of us.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
The 'n' parameter must be surrounded by parens in both places to
prevent precedence from mis-computing things.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Multiple functions in the Xinput extension handling of requests from
clients failed to check that the length of the request sent by the
client was large enough to perform all the required operations and
thus could read or write to memory outside the bounds of the request
buffer.
This commit includes the creation of a new REQUEST_AT_LEAST_EXTRA_SIZE
macro in include/dix.h for the common case of needing to ensure a
request is large enough to include both the request itself and a
minimum amount of extra data following the request header.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Force use of 64-bit integers when evaluating data provided by clients
in 32-bit fields which can overflow when added or multiplied during
checks.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
RegionSizeof contains several integer overflows if a large length
value is passed in. Once we fix it to return 0 on overflow, we
also have to fix the callers to handle this error condition
v2: Fixed limit calculation in RegionSizeof as pointed out by jcristau.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
/usr/include/xorg/regionstr.h:130:36: warning: implicit conversion changes
signedness: 'int' to 'unsigned long' [-Wsign-conversion]
return (sizeof(RegDataRec) + ((n) * sizeof(BoxRec)));
^ ~
Really only just pushes the problem to the caller, but maybe that motivates
someone to fix it.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
/usr/include/xorg/misc.h:141:30: warning: implicit conversion loses integer
precision: 'int' to 'uint16_t' (aka 'unsigned short') [-Wconversion]
return ((x & 0xff) << 8) | ((x >> 8) & 0xff);
~~~~~~ ~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~
Function sig is a uint16_t, so just force the cast.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Again, this changes FixesCreateRegionFromGC to throw BadMatch when fed a
GC with no client clip.
v2: Fix Xnest and some variable names (Keith)
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
make -j 8 check was sporadically failing in different xi2 tests.
After adding the asserts in the previous commit to catch xkb failure
it became easier to catch the failures and see that multiple tests
were running at once trying to write to /tmp/server-(null).xkm and
then delete it, and interfering with each other.
Putting a unique string into the display variable let them each write
to their own file and not interfere with others.
v2: Fix Linux bits:
Add #include <errno.h> to get a declaration of
program_invocation_name on Linux.
Use only the last portion of the pathname so that the resulting
display name doesn't contain any slashes.
v3: use program_invocation_short_name on Linux
This is the same as program_invocation_name, except is has
stripped off any path prefix.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
No DDX is overriding this and it's fairly absurd to expose it as a
screen operation anyway.
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
A careful read shows that it was always NULL. It hasn't always been; as
the DDX spec indicates, it was the "occluded region that has backing
store", but since that backing store code is long gone, we can nuke it.
mi{,Overlay}WindowExposures get slightly simpler here, and will get even
simpler in just a moment.
Reviewed-by: Julien Cristau <jcristau@debian.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
This disables the tcp listen socket by default. Then, it
uses a new xtrans interface, TRANS(Listen), to provide a command line
option to re-enable those if desired.
v2: Leave unix socket enabled by default. Add configure options.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>