Calling OsReleaseSignal() inside the signal handler releases SIGIO, causing
the signal handler to be called again from within the handler.
Practical use-case: when synaptics calls TimerSet in the signal handler,
this causes the signals to be released, eventually hanging the server.
Regression introduced in 08962951de.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Fix Win32TempDir() in the case where we fell back to checking the TMP
environment variable. It looks like this has been wrong since forever.
Signed-off-by: Colin Harrison <colin.harrison@virgin.net>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Popen and Pclose are never used on Windows, so don't bother to even
try to define them.
System(s) was defined as system(s), but the two users of that
function are in xkb, which carefully redefines that as
Win32System. Move Win32System and Win32TempDir to os/utils.c, renaming
Win32System to be just System, which simplifies the xkb code
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
No-one ever did anything with this variable except assign its default
value to it.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
If failing to disable a protocol specified by -nolisten failed, we'd
throw a FatalError and bomb startup entirely. From poking at xtrans, it
looks like the only way we can get a failure here is because we've
specified a protocol name which doesn't exist, which probably doesn't
constitute a security risk.
And it makes it possible to start gdm even though you've built with
--disable-tcp-transport.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Adds new function padding_for_int32() and uses existing pad_to_int32()
depending on required results.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Tested-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
Clear them out when needed instead of leaving whatever values were
present in previously sent messages.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
Tested-by: Daniel Stone <daniel@fooishbar.org>
Each DDX currently calls OsReleaseSIGIO in case it was suspended when
the server regen started. This causes a BUG to occur if SIGIO was
*not* blocked at that time. Instead of relying on each DDX, make the
OS layer reliably reset all signal state at server init time, ensuring
that signals are suitably unblocked and that the various signal state
counting variables are set back to zero.
Signed-off-by: Keith Packard <keithp@keithp.com>
Let the dix be in charge of changing the sigprocmask so we only have one
entity that changes it.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Keith Packard <keithp@keithp.com>
This merge includes a minor fixup for '%p' arguments; must cast to
uintptr_t instead of uint64_t as we use -Werror=pointer-to-int-cast
which complains when doing a cast (even explicitly) from a pointer
to an integer of different size.
While we probably don't need to be signal safe here since we will never
return to the normal context, the logging signal context check will
cause unsafe logging to be unhandled. Using signal safe logging here
resolves the issue.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Also, print out the offending message format. This will hopefully help
developers track down unsafe logging.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Backtraces are often printed in signal context, such as when a segfault
occurs.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
os: print offset as unsigned int, not long unsigned int
pnprintf() takes unsigned int for %u
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
ErrorF() is not signal safe. Use ErrorSigSafe() whenever an error
message may be logged in signal context.
[whot: edited to "ErrorFSigSafe"]
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
[whot: edited to use varargs, squashed commit below]
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
os: fix vararg length calculation
Make %u and %x sizeof(unsigned int), %p sizeof(void*). This is printf
behaviour and we can't guarantee that void* is uint64_t anyway.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Much easier for scripts that try to read the display value off the file
descriptor. Plus, this restores the behaviour we had for this patch in
Fedora since server 1.6 (April 2009).
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Dave Airlie <airlied@redhat.com>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
None of the FILE based functions are signal safe, including fileno(), so
we need to save the file descriptor for when we are in signal context.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
This will be used for checking for proper logging when in signal
context.
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Both Cygwin and MinGW can use Windows' native CryptoAPI for SHA1,
saving a dependency on libgcrypt or OpenSSL. The necessary functions
are in ADVAPI32.DLL, which is among the default lib flags and is
already used in hw/xwin for accessing the registry.
Signed-off-by: Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
Reviewed-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Colin Harrison <colin.harrison@virgin.net>
Tested-by: Colin Harrison <colin.harrison@virgin.net>
It is not safe to ever use an arbitrary (possibly user supplied) string as
part of the format for a *sprintf() call.
For example:
1. Name a Bluetooth keyboard "%n%n%n%n%n%n%n%n"
2. Pair it with a computer running X and try to use it
3. X is not happy when trying to do the following in xf86-input-evdev:
xf86IDrvMsg(pInfo, X_CONFIG, "Device: \"%s\"\n", device);
because LogVHdrMessageVerb() has put the %n from the device name
into a format string of the form:
"evdev: %n%n%n%n%n%n%n%n: Device: \"%s\"\n"
Instead, build up a log message in place by appending successive formatted
strings by sncprintf'ing to the end of the previous.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
The current code will write a timestamps into the logFile whenever
the last message ended with a '\n' - even if the verb for that timestamp
is at too high a level. This timestamp will sit there with no matching
message until the next call to LogVWrite with a valid verb.
In other words, in some cases, timestamps in the X.org.log are for some
completely unrelated message that was previously ignored due to
insufficient verbosity, and not for the message that appears next to it
in the log file.
We keep the current policy which appears to be to only apply timestamps if
a message is actually written to a log file. That is, no timestamps on
stderr, or in the mem buffer. Therefore, the timestamp stringification
is moved to the conditional where it is used.
Since logging uses a fixed length buffer, this patch also forces a '\n'
whenever a buffer is terminated due to a too-long write request. This
allows the newline detection to work even on overflow, and also cleans up
the log a bit in the overflow case.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Normal snprintf() usually returns the number of bytes that would have been
written into a buffer had the buffer been long enough.
The scnprintf() variants return the actual number of bytes written,
excluding the trailing '\0'.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
* space->tab
* remove comment that doesn't make any sense
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
If TimerSet() is called from a signal handler (synaptics tap handling code)
may result in list corruption if we're currently inside TimerSet().
See backtrace in
https://bugzilla.redhat.com/show_bug.cgi?id=814869
Block signals for all list manipulations in the timers.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Chase Douglas <chase.douglas@canonical.com>
This option specifies a file descriptor in the launching process. X
will scan for an available display number and write that number back to
the launching process, at the same time as SIGUSR1 generation. This
means display managers don't need to guess at available display numbers.
As a consequence, if X fails to start when using -displayfd, it's not
because the display was in use, so there's no point in retrying the X
launch on a higher display number.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Chase Douglas <chase.douglas@canonical.com>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Tested-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Preparation work for per-device idle counters.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: James Jones <jajones@nvidia.com>
This is strictly the application of the script 'x-indent-all.sh'
from util/modular. Compared to the patch that Daniel posted in
January, I've added a few indent flags:
-bap
-psl
-T PrivatePtr
-T pmWait
-T _XFUNCPROTOBEGIN
-T _XFUNCPROTOEND
-T _X_EXPORT
The typedefs were needed to make the output of sdksyms.sh match the
previous output, otherwise, the code is formatted badly enough that
sdksyms.sh generates incorrect output.
The generated code was compared with the previous version and found to
be essentially identical -- "assert" line numbers and BUILD_TIME were
the only differences found.
The comparison was done with this script:
dir1=$1
dir2=$2
for dir in $dir1 $dir2; do
(cd $dir && find . -name '*.o' | while read file; do
dir=`dirname $file`
base=`basename $file .o`
dump=$dir/$base.dump
objdump -d $file > $dump
done)
done
find $dir1 -name '*.dump' | while read dump; do
otherdump=`echo $dump | sed "s;$dir1;$dir2;"`
diff -u $dump $otherdump
done
Signed-off-by: Keith Packard <keithp@keithp.com>
Acked-by: Daniel Stone <daniel@fooishbar.org>
Acked-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Changes to output:
* "Backtrace:" now appears on a separate line _with_ a timestamp
* A blank line is inserted after the last backtrace line
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Uses kvm_getargv() from libkvm.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
Move some constants near their only users, and remove some
getdtablesize() logic that's second-guessing configure.
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
Forwarding proxies like sshd will appear to be local, even though they
aren't really. This leads to weird behaviour for extensions that truly
require running under the same OS services as the client, like MIT-SHM
and DRI2.
Add two new legal values for the initial connection's byteOrder field,
'r' and 'R'. These act like 'l' and 'B' respectively, but have the side
effect of forcing the client to be treated as non-local. Forwarding
proxies should attempt to munge the first packet of the connection
accordingly; older servers will reject connections thusly munged, so the
proxy should fall back to passthrough if the munged connection attempt
fails.
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
If dladdr returns 0, don't go and use the returned Dl_info, it may
contain garbage.
X.Org bug#44315 <https://bugs.freedesktop.org/show_bug.cgi?id=44315>
Reported-and-tested-by: Cyril Brulebois <kibi@debian.org>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Cyril Brulebois <kibi@debian.org>
Signed-off-by: Julien Cristau <jcristau@debian.org>
Uses /proc/pid/psinfo to read command & partial arguments.
Moves cmdsize & argsize variables into non-Solaris #else clause
to avoid unused variable warnings.
Fixes format mismatch errors when building with DEBUG defined on
a 64-bit platform (where Mask is defined as CARD32).
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Keith Packard <keithp@keithp.com>
xdmcp.c:63:36: warning: initialization discards qualifiers from pointer target type
xdmcp.c: In function 'XdmcpRegisterConnection':
xdmcp.c:482:8: warning: cast discards qualifiers from pointer target type
xdmcp.c:482:8: warning: cast discards qualifiers from pointer target type
xdmcp.c:482:8: warning: cast discards qualifiers from pointer target type
xdmcp.c: In function 'get_mcast_options':
xdmcp.c:1596:21: warning: initialization discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
And instead of initializing to NULL, then resetting to LOCKDIR almost
immediately (before ever using the NULL value), skip directly to setting
it to LOCKDIR.
tmppath variable is only used as input for generating the path name
via calls to strlen, sprintf, etc.
Fixes gcc warning of:
utils.c: In function 'LockServer':
utils.c:259:11: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Fixes gcc warning:
io.c: In function 'WriteToClient':
io.c:826:6: warning: cast discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
It's only passed as the input side of a strcpy and as the filename to
fopen, so doesn't need to be non-const. Fixes gcc warning:
osinit.c: In function 'OsInit':
osinit.c:154:28: warning: initialization discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Almost all of the places the string is assigned point to a literal
string constant, so use const char * for those, and const char **
for function calls that return it via an argument. Fortunately
the top level function, ClientAuthorized, which returns the string
as its return value is called from only one place, ProcEstablishConnection.
ProcEstablishConnection stores either that return value or a string literal
in char *reason. It only uses reason as an argument to SendConnSetup.
SendConnSetup passes the reason argument to strlen & WriteToClient,
both of which already have const qualifiers on their args.
Thus added const to the reason variable in ProcEstablishConnection
and the reason argument to SendConnSetup.
Fixes gcc warnings:
dispatch.c: In function 'ProcEstablishConnection':
dispatch.c:3711:9: warning: assignment discards qualifiers from pointer target type
auth.c: In function 'CheckAuthorization':
auth.c:218:14: warning: assignment discards qualifiers from pointer target type
auth.c:220:20: warning: assignment discards qualifiers from pointer target type
connection.c: In function 'ClientAuthorized':
connection.c:683:3: warning: return discards qualifiers from pointer target type
mitauth.c: In function 'MitCheckCookie':
mitauth.c:88:13: warning: assignment discards qualifiers from pointer target type
xdmauth.c:259:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:270:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:277:11: warning: assignment discards qualifiers from pointer target type
xdmauth.c:293:15: warning: assignment discards qualifiers from pointer target type
xdmauth.c:313:14: warning: assignment discards qualifiers from pointer target type
xdmauth.c:322:11: warning: assignment discards qualifiers from pointer target type
rpcauth.c: In function 'SecureRPCCheck':
rpcauth.c:136:10: warning: assignment discards qualifiers from pointer target type
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
gcc was warning from storing string constants in a char *name field:
auth.c:64:1: warning: initialization discards qualifiers from pointer target type
auth.c:72:1: warning: initialization discards qualifiers from pointer target type
auth.c:81:1: warning: initialization discards qualifiers from pointer target type
Making the field const requires changing AuthorizationFromID to take
a const char ** pointer for the name argument which it sets to point
to the matching name entry.
Changing that argument requires changing its sole caller in the security
extension to pass the address of a const char * variable to it, which it
can do, since the only thing it does with the returned name is to pass
it back to the RemoveAuthorization function that already expects a const
char *name.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
No need to cast to char * now that all supported platforms use C89-standard
void * argument types, so just drop the casts from acmp & acopy macros,
which clears the gcc warnings for places const pointers were cast non-const:
access.c: In function 'DefineSelf':
access.c:786:3: warning: cast discards qualifiers from pointer target type
access.c:795:6: warning: cast discards qualifiers from pointer target type
access.c: In function 'NewHost':
access.c:1293:9: warning: cast discards qualifiers from pointer target type
access.c:1298:6: warning: cast discards qualifiers from pointer target type
access.c:1309:5: warning: cast discards qualifiers from pointer target type
Without the casts, acmp & acopy are just a funny way to write memcmp
& memmove, so drop the macros and inline the calls, taking care to
swap the first two arguments to memmove since it had swapped them.
Since all the calls to memmove end up being to non-overlapping memory
(mostly copying from an existing pointer to a newly allocated one),
replace those with memcpy.
And finally, don't actually call memcpy to copy 0 bytes from one place
to another, since that's just a waste of a perfectly good function call.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Replace multiple methods of checking for functions with AC_CHECK_FUNCS
Replace multiple methods of selecting fallback funcs with AC_REPLACE_FUNCS
Replace HAS_* and NEED_* #defines with autogenerated HAVE_*
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Mikhail Gusarov <dottedmag@dottedmag.net>
Reviewed-by: Gaetan Nadon <memsize@videotron.ca>
Silencing more gcc -Wwrite-strings warnings
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
This batch is the straightforward set - others are more complex and
need more analysis to determine right size to pass.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
"log.c", line 382: warning: assignment type mismatch:
pointer to char "=" pointer to const char
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
The extra "out" pointer to redirect writes to the array isn't needed since
the removal of LBX (commit a9ed5a8790), and eliminating it allows more
logical use of sizeof(addr) in length-checked strlcpy & snprintf calls to
write to it.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
*cmdname is initialized to NULL earlier in the function, so it's
okay to overwrite it with NULL if strdup fails, don't need that
extra check.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
As long as we're carrying around a compatibility copy in os/strl*.c,
might as well use them.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Linux test code fixed by: Keith Packard <keithp@keithp.com>
Two instances found in the SIOCGIFCONF code for listing network interfaces.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Any pad bytes in replies are written to the client from a zeroed
array. However, record extension tries to incorrectly access the pad
bytes from the end of reply data.
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Reviewed-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Use fchmod() to change permissions of the lock file instead
of chmod(), thus avoid the race that can be exploited to set
a symbolic link to any file or directory in the system.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
use O_NOFOLLOW to open the existing lock file, so symbolic links
aren't followed, thus avoid revealing if it point to an existing
file.
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Also, fix whitespace, mainly around
swaps(&rep.sequenceNumber)
Reviewed-by: Peter Harris <pharris@opentext.com>
Signed-off-by: Matt Turner <mattst88@gmail.com>
Add support for multi-seat-aware input device hotplugging. This
implements the multi-seat scheme explained here:
http://www.freedesktop.org/wiki/Software/systemd/multiseat
This introduces a new X server switch "-seat" which allows configuration
of the seat to enumerate hotplugging devices on. If specified the value
of this parameter will also be exported as root window property
Xorg_Seat.
To properly support input hotplugging devices need to be tagged in udev
according to the seat they are on. Untagged devices are assumed to be on
the default seat "seat0". If no "-seat" parameter is passed only devices
on "seat0" are used. This means that the new scheme is perfectly
compatible with existing setups which have no tagged input devices.
Note that the -seat switch takes a completely generic identifier, and
that it has no effect on non-Linux systems. In fact, on other OSes a
completely different identifier scheme for seats could be used but still
be exposed with the Xorg_Seat and -seat.
I tried to follow the coding style of the surrounding code blocks if
there was any one could follow.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
LogVHdrMessageVerb allows a custom header to be inserted in a log message,
between the Log system's MessageType string, and a formatted variable
message body. The custom header can itself be a formatted variable string.
These functions can be used, for example, by driver abstraction layers to
format specific driver messages in a standard format, but do it in a way
that is efficient, obeys the log-layers verbosity settings, and is safe
to use in signal handlers (because they don't call malloc), even for
types besides X_NONE.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Also, optimize how the type and format strings are combined.
Signed-off-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Instead of just closing the log when everything is done, put one more
message in stating that we're actually terminating. Users or scripts that
look at the Xorg.log will then know that a) the server has terminated
properly and b) why the server terminated (to some degree, given that most
real-world errors will be caused by AbortServer()).
Acked-by: Gaetan Nadon <memsize@videotron.ca>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Tested-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
Tested-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
When an empty _SOURCES variable is declared, automake will recognize that
only linking is needed.
Signed-off-by: Dan Nicholson <dbn.lists@gmail.com>
Tested-by: Jamey Sharp <jamey@minilop.net>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Tested-by: Peter Hutterer <peter.hutterer@who-t.net>
access.c:1492:20: error: equality comparison with extraneous parentheses [-Werror,-Wparentheses]
if ((host->family == FamilyServerInterpreted)) {
~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~
access.c:1492:20: note: use '=' to turn this equality comparison into an assignment
if ((host->family == FamilyServerInterpreted)) {
^~
=
access.c:1492:20: note: remove extraneous parentheses around the comparison to silence this warning
if ((host->family == FamilyServerInterpreted)) {
~ ^ ~
In file included from xstrans.c:8:
In file included from /usr/X11/include/X11/Xtrans/transport.c:62:
/usr/X11/include/X11/Xtrans/Xtranssock.c:262:5: error: implicit declaration of function 'ErrorF' is invalid in C99
[-Werror,-Wimplicit-function-declaration]
PRMSG (3,"SocketSelectFamily(%s)\n", family, 0, 0);
^
log.c:180:29: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
if (asprintf(&logFileName, fname, display) == -1)
^~~~~
log.c:190:26: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
if ((asprintf(&suffix, backup, display) == -1) ||
^~~~~~
log.c:382:25: error: format string is not a string literal [-Werror,-Wformat-nonliteral]
LogVWrite(verb, tmpBuf, args);
^~~~~~
Signed-off-by: Jeremy Huddleston <jeremyhu@apple.com>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
In the case of failure on AllocNewConnection, new_trans_conn cannot be
dereferenced because it's already freed. Swapping the order of this logic fix
the changes introduced in 04956b8043.
Signed-off-by: Tiago Vignatti <tiago.vignatti@nokia.com>
CC: Jeremy Huddleston <jeremyhu@freedesktop.org>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
DetermineClientPid didn't close file descriptor if read on
/proc/pid/cmdline failed. Adjusted the code to disregard the close
return value and perform the return after that, if the read failed or
returned EOF.
Signed-off-by: Mark Kettenis <mark.kettenis@xs4all.nl>
Signed-off-by: Erkki Seppälä <erkki.seppala@vincit.fi>
Reviewed-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Signed-off-by: Keith Packard <keithp@keithp.com>
When XDMCP -from is specified, only register the requested address,
rather than the requested address, and any others we have of different
address families to the requested address.
e.g. if we have 4 interfaces with both IPv4 and IPv6 addresses (which
are not IPv6 mapped IPV4 addresses), using -from with one of those IPv4
addresses currently means only that IPv4 address, and all IPv6 addresses
are used in the connection data in XDMCP REQUEST packet.
(See http://cygwin.com/ml/cygwin-xfree/2011-02/msg00000.html)
Signed-off-by: Jon TURNEY <jon.turney@dronecode.org.uk>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Keith Packard <keithp@keithp.com>
We can return from WaitForSomething with no clients ready for any number
of reasons. There's no reason to set up the scheduler timer when this
happens.
Reviewed-by: Keith Packard <keithp@keithp.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
LocalClient is used for all DRI2 requests that makes it frequently
called function. Querying if connection is local or not takes 10-15us
(on ARM) depending on malloc speed.
Signed-off-by: Pauli Nieminen <ext-pauli.nieminen@nokia.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
Signed-off-by: Pauli Nieminen <ext-pauli.nieminen@nokia.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Daniel Stone <daniel@fooishbar.org>
On some systems, using CLOCK_MONOTONIC forces a readback of HPET or some
similarly expensive timer. CLOCK_MONOTONIC_COARSE can alleviate this,
at the cost of negligibly-reduced resolution, so prefer that where we
can.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
Reviewed-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
An interface is provided for figuring out the PID and process name of
a client. Make some existing functionality from SELinux and IA
extensions available for general use.
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Reviewed-by: Tiago Vignatti <tiago.vignatti@nokia.com>
This reverts commit 579715f830.
The patch is not needed anymore. I haven't encountered backtrace
problems with GCC 4.3.3. Even if the problems still persisted, this
commit should be removed and instead the definition of _X_NORETURN
should be modified to be empty if GCC/ARM is used. However, currently
it seems that ARM backtraces are OK even if _X_NORETURN is used and
-mapcs-frame is not defined in CFLAGS.
Signed-off-by: Rami Ylimäki <rami.ylimaki@vincit.fi>
Reviewed-by: Jamey Sharp <jamey@minilop.net>
This has never been buildable in any modular server release.
Reviewed-by: Julien Cristau <jcristau@debian.org>
Reviewed-by: Mark Kettenis <kettenis@openbsd.org>
Signed-off-by: Adam Jackson <ajax@redhat.com>
I needed this patch in the wrapper around vsnprintf() in os/xprintf.c
(MinGW for Windows build) to correct various crashes.
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>