Kernel modesettings support also depends on dri2, see
./hw/xfree86/drivers/modesetting/meson.build
So update meson.build to reflect the changes made in configure.ac by
commit 9c81b8f5b5
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 5d73a8b59e)
LogMessage logs only when the XLOG_VERBOSITY is >= 1, but by default
XLOG_VERBOSITY is 0.
Signed-off-by: Mariusz Ceier <mceier+freedesktop@gmail.com>
(cherry picked from commit 95539ab37b)
Calling strlen on char[4] that does not need to contain '\0' is wrong and X
server may end up running into uninitialized memory.
In addition GCC 8 is clever enough that it knows that strlen on char[4] can
return 0, 1, 2, 3 or cause undefined behavior. With this knowledge it can
optimize away the min(..., 4). In reality it can cause the memcpy to be called
with bigger size than 4 and overflow the destination buffer.
Fixes: 83913de25d (xkb: Silence some compiler warnings)
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/288
Signed-off-by: Matt Turner <mattst88@gmail.com>
(cherry picked from commit 74627d13c7)
Avoid out of bounds memory accesses on too short request.
ZDI-CAN 11572 / CVE-2020-14360
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 446ff2d317)
ZDI-CAN 11389 / CVE-2020-25712
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 87c64fc5b0)
The region as passed in is in the source pixmap's coordinate space, so
intersecting it with the clipList (which is in screen space) resulted in
disappointment.
Fixes Firefox popups such as the hamburger menu when using the EGL
backend.
v2:
* Drop vblank->x/y_off from RegionTranslate call, since they're always
0 here (present_wnmd_check_flip rejects flips for x/y_off != 0).
Reported-by: Robert Mader <robert.mader@posteo.de>
Tested-by: Robert Mader <robert.mader@posteo.de>
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
Tested-by: Joakim Tjernlund <joakim.tjernlund@infinera.com> # v1
(cherry picked from commit 466b8b43fb355c6040cee45406860b8b8c04e948)
There was a time when setting a mode on a CRTC would not depend on the
associated connector's state. If a mode had been set successfully once,
it would mean it would work later on.
This changed with the introduction of new connectors type that now
require a link training sequence (DP, HDMI 2.0), and that means that
some events may have happened while the X server was not master that
would then prevent the mode from successfully be restored to its
previous state.
This patch relaxes the requirement that all modes should be restored on
EnterVT, or the entire X-Server would go down by allowing modesets to
fail (with some warnings). If a modeset fails, the CRTC will be
disabled, and a RandR event will be sent for the desktop environment to
fix the situation as well as possible.
Additional patches might be needed to make sure that the user would
never be left with all screens black in some scenarios.
v2 (Martin Peres):
- whitespace fixes
- remove the uevent handling (it is done in a previous patch)
- improve the commit message
- reduce the size of the patch by not changing lines needlessly
- return FALSE if one modeset fails in ignore mode
- add comments/todos to explain why we do things
- disable the CRTCs that failed the modeset
Signed-off-by: Kishore Kadiyala <kishore.kadiyala@intel.com>
Signed-off-by: Martin Peres <martin.peres@linux.intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Tested-by: Kishore Kadiyala <kishore.kadiyala@intel.com>
Closes: #1010
(cherry picked from commit efb3abddd4)
Normally, we would receive a uevent coming from Linux's DRM subsystem,
which would trigger the check for disappearing/appearing resources.
However, this event is not received when X is not master (another VT
is selected), and so the userspace / desktop environment would not be
notified about the changes that happened while X wasn't master.
To fix the issue, this patch forces a refresh on EnterVT by splitting
the kms-checking code from the uevent handling into its own (exported)
function called drmmode_update_kms_state. This function is then called
from both the uevent-handling function, and on EnterVT right before
restoring the modes.
Signed-off-by: Martin Peres <martin.peres@linux.intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Acked-by: Kishore Kadiyala <kishore.kadiyala@intel.com>
Tested-by: Kishore Kadiyala <kishore.kadiyala@intel.com>
(cherry picked from commit 293cf660c9)
With autoconf, hashtable support is built along with Xres support.
Yet, glvnd also use it, so when disabling Xres from configure, the
build will fail at link time because hashtable functions are not
available.
Untie the build of hashtable from Xres support, just like meson build
does.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1091
(cherry picked from commit 899cebb76a)
One general assumption in Xwayland is that the xwl_window remains the
same for all the child windows of the toplevel window.
When mapping a new X11 window, ensure_surface_for_window() checks for an
existing xwl_window by using xwl_window_get() which will just check for
the registered xwl_window for the window.
That means that a client mapping a child window of an existing window
with a xwl_window will get another different xwl_window.
If an X11 client issues a Present request on the parent window, hence
placed underneath its child window of the same size, the Wayland
compositor may not send the frame callback event for the parent's
Wayland surface which is reckoned to be not visible, obscured behind
the other Wayland surface for the child X11 window.
That bug affects some games running in wine which may get 1 fps because
the repaint occurs only on timeout with a long interval (as with, e.g.
https://bugs.winehq.org/show_bug.cgi?id=47066)
Fix ensure_surface_for_window() by using xwl_window_from_window() which
will walk the window tree, so that a child window won't get another
xwl_window than its parent.
https://gitlab.freedesktop.org/xorg/xserver/-/issues/1099
See-also: https://bugs.winehq.org/show_bug.cgi?id=47066
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
(cherry picked from commit 606ba7fc51)
When running non-rootless, Xwayland requires that the Wayland compositor
supports the wl_shell protocol.
Check for wl_shell protocol support at startup and exit cleanly if
missing rather than segfaulting later in ensure_surface_for_window()
while trying to use wl_shell_get_shell_surface().
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
(cherry picked from commit ffd02d9b26)
When making a pixmap exportable, glamor will currently create a temporary
exported pixmap backed by a GBM bo, with the devKind updated to the stride of
the bo. However, when the backing of the exported pixmap is swapped into the
original, the devKind of the original is not updated.
Some GBM bos may get implicitly padded, in which case the devKind of the pixmap
will not match the stride of the backing bo. For example, an 800x600 pixmap will
have a devKind of 3200, but the bo's stride will be 3328. This can cause
corruption with PRIME, when the sink uses the wrong stride to display the shared
pixmap.
This commit changes glamor_make_pixmap_exportable() to update the devKind of the
original pixmap after it swaps exported pixmap's backing into it, keeping
everything consistent.
Fixes issue #1018.
Signed-off-by: Alex Goins <agoins@nvidia.com>
Signed-off-by: Aaron Plattner <aplattner@nvidia.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
(cherry picked from commit 7a7e55c5c1)
The address retrieved in "pip.start_ip" is not necessarily the same
address as unw_get_proc_name finds as nearest symbol and returns in "off".
Therefore using "pip.start_ip + off" is not reliable, at least
visible in the binaries from the Debian repository.
Bug-Debian: https://bugs.debian.org/971088
Signed-off-by: Bernhard Übelacker <bernhardu@mailbox.org>
(cherry picked from commit c15dd0ba48)
It always takes one update cycle for the copy to become visible on the
host windowing system, so waiting for the target MSC resulted in 1 cycle
delay.
We re-use the idle list for copies which were executed but need their
completion event sent.
Fixes black seams when resizing the "Builder" sub-window of
GDK_BACKEND=x11 gtk4-demo
on Xwayland (see
https://gitlab.gnome.org/GNOME/mutter/-/issues/1290#note_873557).
Unfortunately, this cannot completely fix the seams with apps which
queue up multiple frames in advance, since there's always at least one
queued frame corresponding to the old window size. But it should at
least help a little in that case as well.
v2:
* Bug fix: Don't update exec_msc in present_wnmd_check_flip_window.
(Roman Gilg)
* Use exec_msc = target_msc - 1 instead of exec_msc--, and add a
comment, for clarity.
v3:
* Drop exec_msc = target_msc again in present_wnmd_execute.
* present_execute_copy should never set vblank->queued in
present_wnmd_execute now, so replace that branch with an assertion.
(Roman Gilg)
Reviewed-by: Roman Gilg <subdiff@gmail.com>
Tested-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit 1cccb486d4)
[Since present_wnmd_event_notify hasn't been split up on the 1.20
branch, it needs to check vblank->flip. Doing the same in
present_wnmd_free_idle_vblanks to be safe, though I'm not sure it's
actually possible to hit non-flips there.]
Allowing it to be called from more functions than before. No functional
change.
Reviewed-by: Roman Gilg <subdiff@gmail.com>
Tested-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit d14ea667fe)
For tracking the MSC when the present can be executed separately from
the target MSC.
Allows removing the requeue field instead, plus more later.
v2:
* Rename wait_msc → exec_msc (Roman Gilg)
* Use exec_msc = target_msc instead of exec_msc++, for clarity.
* Bug fix: Set exec_msc = target_msc also if present_flip returned
false in present_execute.
v3:
* Set exec_msc = target_msc also if present_wnmd_flip returned
false in present_wnmd_execute, for consistency.
v4:
* Specifically check for exec_msc == crtc_msc + 1 in
present_execute_wait/copy, to avoid re-introducing
https://bugs.freedesktop.org/show_bug.cgi?id=94596 .
Reviewed-by: Roman Gilg <subdiff@gmail.com>
Tested-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit b0b3159abd)
Preparation for different handling between SCMD & WNMD. No functional
change intended.
Reviewed-by: Roman Gilg <subdiff@gmail.com>
Tested-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit 4c92dea952)
The EGLStream backend keeps a queue of pending streams for each Xwayland
window.
However, when this pending queue is freed, the corresponding private
data may not be cleared (typically if the pixmap for this window has
changed before the compositor finished attaching the consumer for the
window's pixmap's original eglstream), leading to a use-after-free and a
crash when trying to use that data as the window pixmap.
Make sure to clear the private data when the pending stream is freed.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1055
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Tested-by: Karol Szuster <karolsz9898@gmail.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
(cherry picked from commit a5f439dcd2)
Major/minor numbers are a.. major (ha) source of pain in FreeBSD porting.
In this case, Xwayland was thinking that /dev/dri/card0 is already a render node,
because the st_rdev on FreeBSD was passing the Linux-style check,
and because of the assumption, acceleration would fail because
various ioctls like AMDGPU_INFO would be denied on the non-render node.
Switch to libdrm's function that already works correctly on all platforms.
Signed-off-by: Greg V <greg@unrelenting.technology>
Reviewed-by: Emmanuel Vadot <manu@FreeBSD.org>
(cherry picked from commit 239ebdc9e4)
Currently, when a X11 client (usually the X11 window manager from a
Wayland compositor) changes the value of the X11 property
`_XWAYLAND_ALLOW_COMMITS` from `false` to `true`, all pending frame
callbacks on the window are discarded so that the commit occurs
immediately.
Weston uses that mechanism to prevent the content of the window from
showing before it's ready when mapping the window initially, but
discarding the pending frame callbacks has no effect on the initial
mapping of the X11 window since at that point there cannot be any frame
callback on a surface which hasn't been committed yet anyway.
However, discarding pending frame callbacks can be problematic if we
were to use the same `_XWAYLAND_ALLOW_COMMITS` mechanism to prevent
damages to be posted before the X11 toplevel is updated completely
(including the window decorations from the X11 window manager).
Remove the portion of code discarding the pending frame callback,
Xwayland should always wait for a pending frame callback if there's one
before posting new damages.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
https://gitlab.freedesktop.org/xorg/xserver/merge_requests/333
(cherry picked from commit 66da95a172)
present_wnmd_toplvl_pixmap_window returns a window with the same window
pixmap, so the check could never fail.
Reviewed-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit b6b1161fd7)
We can only flip if the window pixmap matches that of the toplevel
window. Doing so regardless could cause the toplevel window pixmap to
get destroyed while it was still referenced by the window, resulting in
use-after-free and likely a crash.
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1033
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit 4c25356d6c)
Noticed this was missing while working on the following fix.
v2:
* Dropped present_wnmd_can_window_flip hunk (that function is never
called, will be cleaned up in a follow-up MR).
Reviewed-by: Olivier Fourdan <ofourdan@redhat.com> # v1
Reviewed-by: Roman Gilg <subdiff@gmail.com>
(cherry picked from commit 7ac303c7b1)
(Using GLSL 1.30 or newer)
The width/height members of xRectangle are unsigned, but they were
being interpreted as signed when converting to floating point for the
vertex shader, producing incorrect drawing for values > 32767.
v2:
* Use separate GL_UNSIGNED_SHORT vertex attribute for width/height.
(Eric Anholt)
Reviewed-by: Eric Anholt <eric@anholt.net>
(cherry picked from commit 032af35657)
Extending the decade old f0124ed93, to increase the number of input
devices from 40 to 256. 40 translates at most 9 MD, while 256 will allow
63 MD. It is an arbitrary number, but people are hitting the current
limit under reasonable conditions.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=64793
Signed-off-by: Arthur Williams <taaparthur@gmail.com>
(cherry picked from commit fe439596b9)
CVE-2020-14362 ZDI-CAN-11574
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 24acad216aa0fc2ac451c67b2b86db057a032050)
CVE-2020-14361 ZDI-CAN 11573
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 90304b3c2018a6b8f4a79de86364d2af15cb9ad8)
CVE-2020-14346 / ZDI-CAN-11429
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 1e3392b07923987c6c9d09cf75b24f397b59bd5e)
CVE-2020-14345 / ZDI 11428
This vulnerability was discovered by:
Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
Signed-off-by: Matthieu Herrb <matthieu@herrb.eu>
(cherry picked from commit 11f22a3bf694d7061d552c99898d843bcdaf0cf1)
