This mode for displays running on evdi/udl as side effect of failed glamor_egl_init
reverse_prime_offload_mode was initialized to FALSE
After Mesa upgrade to 21.0.0 GL_RENDERER is not llvmpipe that results in successful glamor_egl_init
and reverse_prime_offload_mode enabled.
This commit is explicitly disabling reverse_prime_offload_mode for evdi and udl drivers
Signed-off-by: Łukasz Spintzyk <lukasz.spintzyk@synaptics.com>
(cherry picked from commit 7e7c147105)
Trying to change the pointer control settings on a device without
PtrFeedbackPtr would be a bug and a crash in the Xserver.
Guard against that case by returning early with a BadImplementation
error, that might kill the X11 client but the Xserver would survive.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Related: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1137
(cherry picked from commit dee2bb033e)
Trying to change the acceleration/threshold on Xwayland cannot work, and
the corresponding handler xwl_pointer_control() is a no-op.
Yet, an X11 client trying to change those on the touch device may
possibly cause a crash because the touch device in Xwayland doesn't set
that.
Initialize the touch device's PtrFeedback to make sure that just cannot
happen.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1137
(cherry picked from commit ab76272a7d)
glxProbeDriver() concatenates __DRI_DRIVER_GET_EXTENSIONS with driver name
to get symbol name for get_extension function. Unfortunately that doesn't
work for drivers that have hyphen in their name, e.g. sun4i-drm --
get_extensions() for these uses underscore instead.
As result dlsym() doesn't find get_extension() function and AIGLX
initialization fails resulting in following message in Xorg.0.log:
(EE) AIGLX error: sun4i-drm does not export required DRI extension
Replace all non-alpha-numeric characters with underscore to fix the issue.
Signed-off-by: Vasily Khoruzhick <anarsoul@gmail.com>
(cherry picked from commit b56e501092)
CVE-2021-3472 / ZDI-CAN-1259
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
This check is always true on our supported systems.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 5ae47a9d579e8cb0fbe938455faea53ed75d7098)
A change during the 1.20 development cycle resulted in fbconfigs being walked
and deallocated individually during __glXScreenDestroy. This change
now avoids a use-after-free caused by that change.
==50859==ERROR: AddressSanitizer: heap-use-after-free on address 0x00010d3819c8 at pc 0x0001009d4230 bp 0x00016feca7a0 sp 0x00016feca798
READ of size 8 at 0x00010d3819c8 thread T5
#0 0x1009d422c in __glXScreenDestroy glxscreens.c:448
#1 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
#2 0x1009d2734 in glxCloseScreen glxscreens.c:169
#3 0x100740a24 in dix_main main.c:325
#4 0x10023ed50 in server_thread quartzStartup.c:65
#5 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
#6 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)
0x00010d3819c8 is located 200 bytes inside of 12800-byte region [0x00010d381900,0x00010d384b00)
freed by thread T5 here:
#0 0x101477ba8 in wrap_free+0x98 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fba8)
#1 0x1009d4240 in __glXScreenDestroy glxscreens.c:449
#2 0x10091cc98 in __glXAquaScreenDestroy indirect.c:510
#3 0x1009d2734 in glxCloseScreen glxscreens.c:169
#4 0x100740a24 in dix_main main.c:325
#5 0x10023ed50 in server_thread quartzStartup.c:65
#6 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
#7 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)
previously allocated by thread T5 here:
#0 0x101477e38 in wrap_calloc+0x9c (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3fe38)
#1 0x100925a40 in __glXAquaCreateVisualConfigs visualConfigs.c:116
#2 0x10091cb24 in __glXAquaScreenProbe+0x224 (X11.bin:arm64+0x100730b24)
#3 0x1009cd840 in xorgGlxServerInit glxext.c:528
#4 0x10074539c in _CallCallbacks dixutils.c:743
#5 0x100932a70 in CallCallbacks callback.h:83
#6 0x100932478 in GlxExtensionInit vndext.c:244
#7 0x10020a364 in InitExtensions miinitext.c:267
#8 0x10073fe7c in dix_main main.c:197
#9 0x10023ed50 in server_thread quartzStartup.c:65
#10 0x199ae7fd0 in _pthread_start+0x13c (libsystem_pthread.dylib:arm64e+0x6fd0)
#11 0x199ae2d38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1d38)
Regressed-in: 4b0a3cbab1
CC: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 487286d472)
Everything declared in it comes from quartz.c, so match reality.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit f51b97b0de)
It violates @autoreleasepool best practices, and this helps collapse quartzCocoa.m into quartz.c
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit 94e4e17348)
There is a place where this code was called on the main thread.
We're using a rather nasty anti-pattern to just call a block inline rather
than synchonously calling it on the main thread if we're already on the main
thread. This code could use a good overhaul, but I don't have time to rip
it apart right now. This will address the immediate issue.
Fixes: https://github.com/XQuartz/XQuartz/issues/40
Fixes: https://github.com/XQuartz/XQuartz/issues/48
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
(cherry picked from commit c9a3b14c14)
Kernel modesettings support also depends on dri2, see
./hw/xfree86/drivers/modesetting/meson.build
So update meson.build to reflect the changes made in configure.ac by
commit 9c81b8f5b5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 5d73a8b59e)
LogMessage logs only when the XLOG_VERBOSITY is >= 1, but by default
XLOG_VERBOSITY is 0.
Signed-off-by: Mariusz Ceier <mceier+freedesktop@gmail.com>
(cherry picked from commit 95539ab37b)
Calling strlen on char[4] that does not need to contain '\0' is wrong and X
server may end up running into uninitialized memory.
In addition GCC 8 is clever enough that it knows that strlen on char[4] can
return 0, 1, 2, 3 or cause undefined behavior. With this knowledge it can
optimize away the min(..., 4). In reality it can cause the memcpy to be called
with bigger size than 4 and overflow the destination buffer.
Fixes: 83913de25d (xkb: Silence some compiler warnings)
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/288
Signed-off-by: Matt Turner <mattst88@gmail.com>
(cherry picked from commit 74627d13c7)