Some filesystems do not support fallocate and return EOPNOTSUPP.
On musl-based distros libwayland-cursor exits abruptly which causes the
application to crash. Unlike glibc, musl does not provide a fallback
mechanism for handling unsupported fallocate. Instead, musl developers
argue that application should handle the case of unsupported system
call.
This commit allows falback to ftruncate in case when EOPNOTSUPP
was recieved.
Signed-off-by: Ihor Antonov <ihor@antonovs.family>
The new test verifies that, for a set of timers and a short sequence
of timer update calls, when the event loop is run the timer callbacks
are run in the expected order.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
libwayland now uses only one file descriptor to keep track of all
the timer event sources associated with an event loop. An array-based
binary heap is used to determine which event source has the earliest
deadline.
(Previously, each timer event source had its own timerfd, making it easy
for the a process using many timer event sources to run out of file
descriptors.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
This change expands the `event_loop_timer` test to use two different
timers with different timeouts; it now implicitly checks that e.g.
both timers do not expire at the same time, and that the first timer
expiring does not prevent the second from doing so. (While such failure
modes are unlikely with timer event sources based on individual
timerfds, they are possible when multiple timers share a common timerfd.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The implementation of timer event sources based on timerfds ensured
specific edge-case behavior with regards to removing and updating timers:
Calls to `wl_event_loop_dispatch` will dispatch all timer event sources
that have expired up to that point, with one exception. When multiple
timer event sources are due to be dispatched in a single call of
`wl_event_loop_dispatch`, calling wl_event_source_remove` from within a
timer event source callback will prevent the removed event source's
callback from being called. Note that disarming or updating one of the
later timers that is due to be dispatched, from within a timer callback,
will NOT prevent that timer's callback from being invoked by
`wl_event_loop_dispatch`.
This commit adds a test that verifies the above behavior. (Because
epoll_wait is not documented to return timerfds in chronological order,
(although it does, in practice), the test code does not depend on the
order in which timers are dispatched.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
While the default Unix socket buffer size on Linux is relatively
small, on some computers the default size may be configured to
be huge, making the overflow test never actually overflow the
Wayland display socket.
The changed code now explicitly sets the display socket send buffer
size to be small enough to guarantee an overflow.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
This change ensures that the compositor process is not able to respond
to any of the noop requests sent by the client process, by using the
test compositor's `stop_display` mechanism to coordinate when the
compositor should stop processing messages.
(Before this change, it was possible that one of the calls of
wl_event_loop_dispatch in the compositor process could respond to all
the client's noop requests before returning.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
At higher warning levels, GCC complains about unused variables.
Remove two completely unused, and one set-but-not-used, variables from
display-test to make it happy.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Meson is a next generation build system, simpler than Autotools and also faster
and more portable. Most importantly, it will make integrating ASan easier in
CI.
The goal is to maintain feature parity of the Meson build with the
Autotools build, until such time when we can drop the latter.
Add a script which generates the desired Doxygen configuration for our various
output formats and executes it using that configuration. This is not something
Meson can or should do.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/80
[daniels: Changed to bump version, use GitLab issues URL, remove header
checks not used in any code, remove pre-pkg-config Expat
support, added missing include paths to wayland-egl and
cpp-compile-test, added GitLab CI.
Bumped version, removed unnecessary pkg-config paths.]
[daniels: Properly install into mandir/man3 via some gross
paramaterisation, generate real stamp files.]
Pekka:
- squashed patches
- removed MAKEFLAGS from meson CI
- remove unused PACKAGE* defines
- fix up scanner dependency handling
- instead of host_scanner option, build wayland-scanner twice when cross-compiling
- changed .pc files to match more closely the autotools versions
- reorder doxygen man sources to reduce diff to autotools
- fix pkgconfig.generate syntax warnings (new in Meson)
- bump meson version to 0.47 for configure_file(copy) and run_command(check)
- move doc tool checks into doc/meson.build, needed in more places
- make all doc tools mandatory if building docs
- check dot and doxygen versions
- add build files under doc/publican
- reindent to match Weston Meson style
Simon:
- Remove install arg from configure_file
- Don't build wayland-scanner twice during cross-build
- Fix naming of the threads dependency
- Store tests in dict
- Add missing HAVE_* decls for functions
- Remove unused cc_native variable
- Make doxygen targets a dict
- Make dot_gv a dict
- Use dicts in man_pages
- Make decls use dicts
- Make generated_headers use dicts
- Align Meson version number with autotool's
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Signed-off-by: Simon Ser <contact@emersion.fr>
Meson will need to build wayland-scanner twice with different config.h files,
once for build and another for host machine. It will be easier to include the
right config.h from compiler command line than playing with files.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
The tests that run exec-fd-leak-checker expect the binary to be located
in the current directory. This is not always the case; for instance, the
binaries could be built under `tests`, but be invoked under the
top-level build directory.
We can use an environment variable to control what's the location of the
test binaries, and fall back to the current directory if the variable is
unset.
Reviewed-by: Daniel Stone <daniels@collabora.com>
Make considers a variable called VPATH when trying to satisfy
dependencies, e.g. for a target 'foo', it will consider the target
extant if VPATH is '../../bar' and '../../bar/foo' exists.
Part of the doc build, the '$(alldirs)' target, exists to create the
target directories if they do not exist. For example, before generating
xml/wayland-architecture.png, it will ensure the 'xml' target is
considered up-to-date thanks to the target dependency.
Creating $(srcdir)/doc/doxygen/xml thus means that the 'xml' dependency
will be satisfied, so we'll never create the output directory, and the
doc build will fail.
Change the alldirs target list to be absolute paths, so VPATH will not
be consulted and defeat the entire point of what we're trying to do.
This fixes the Meson build, where we later create
doc/doxygen/xml/meson.build.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Out of the context it is reasonably clear that "hw" is indeed an abbreviation
for "hardware".
The use of "hw" in this place doesn't seem to be a stylistic choice, but rather
an oversight.
Signed-off-by: Paul Scharnofske <asynts@gmail.com>
Including wayland-server-core.h in wayland-private.h is problematic
because wayland-private.h is included by wayland-scanner which should be
able to build against non-POSIX platforms (e.g. MinGW). The only reason
that wayland-server-core.h was included in wayland-private.h was for the
wl_private_signal definitions, so move those to a
wayland-server-private.h file that can be included by both
wayland-server.c and the tests.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Some platforms may not have strndup() (e.g. MinGW), so provide a
equivalent implementation if it's not found.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
This test makes sure that after wl_global_remove:
* The global_remove event is sent to existing clients
* Binding to the removed global still works
* A new client will not see the removed global advertised
Signed-off-by: Simon Ser <contact@emersion.fr>
This commit adds a new wl_global_remove function that just sends a global
remove event without destroying it. See [1] for details.
Removing a global is racy, because clients have no way to acknowledge they
received the removal event.
It's possible to mitigate the issue by sending the removal event, waiting a
little and then destructing the global for real. The "wait a little" part is
compositor policy.
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10
Signed-off-by: Simon Ser <contact@emersion.fr>
If a client set the F_SEAL_SHRINK seal on the fd before passing it to
the compositor, the kernel will ensure this fd won’t be able to shrink,
ever. This allows us to avoid setting up the SIGBUS handlers on such
file descriptors.
Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
When implementing a workaround for [1], one needs to accept a global to be
bound even though it has become stale.
Often, a global's user data is free'd when the global needs to be destroyed.
Being able to set the global's user data (e.g. to NULL) can help preventing a
use-after-free.
(The alternative is to make the compositor responsible for keeping track of
stale user data objects via e.g. refcounting.)
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10
Signed-off-by: Simon Ser <contact@emersion.fr>
When doing unity builds via meson (example project:
https://github.com/swaywm/sway) multiple source files are glued together
via #include directives. Having every wayland-scanner generated source
file have an identifier named '*types[]' will lead to errors in these
unity builds if two or more of these are joined.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
The new display test runs a client that makes a very large number of
trivial requests. After responding to initial setup requests, the server
is paused, letting the trivial requests fill up the Unix socket buffer,
making further writes to the socket fail. The test then checks that the
client sets an appropriate error code, and does not abort or crash.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Instead, set a fatal display error which will let an application
using libwayland-client shutdown cleanly.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Once there has been a fatal display error, any new object requests
potentially rely on invalid state. (For example, a failure to read
from the compositor could hide a important event.) The safest way to
handle the new requests is not to make them.
Proxies produced by the request are still created, to ensure that
any code using the library does not crash from an unexpected NULL
pointer.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Currently libwayland sends a wl_display.invalid_method when arguments provided
with a request are invalid (e.g. too short, see wl_client_connection_data).
Clarify the protocol by adding that invalid_method can be sent on malformed
request.
Signed-off-by: Simon Ser <contact@emersion.fr>
The interface name provided by the client isn't used at all.
Check it matches the global's interface name to prevent object interface
mismatches between the client and the server. These are especially easy to get
when mixing up global names and other IDs in the client.
Signed-off-by: Simon Ser <simon.ser@intel.com>
Closes: https://gitlab.freedesktop.org/wayland/wayland/issues/113
Add a comment to wl_shm.format to advise contributors to use the automated
script (generate-shm-formats.py) instead of updating the list manually.
Signed-off-by: Simon Ser <contact@emersion.fr>
This prevents mismatches and missing formats between wl_shm.formats and
drm_fourcc.h.
The script collects DRM_FORMAT_* constants from drm_fourcc.h, compares the list
with the current wayland.xml entries (checking for any mismatch) and then
appends missing entries to wayland.xml.
Enum values are obtained by executing a generated C file which prints the
constants. There is no other reliable way to get these values as they are
defined via various macros.
There is no widespread Python library able to parse an XML file and format it
with all whitespace preserved. For this reason, we don't use an XML library to
create the new XML elements. Instead, we keep track of the line number of the
last wl_shm.format enum entry and add new entries right after. To be able to
read the line number of an element, we use lxml (the standard library doesn't
retain line number information).
Signed-off-by: Simon Ser <contact@emersion.fr>
If the client binds to a global with an interface mismatch, it may receive an
event from the server with an unknown opcode. See [1].
Instead of crashing, print a more useful debug message and close the connection.
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/113
Signed-off-by: Simon Ser <simon.ser@intel.com>
In the current workflow, socket file will be deleted if it already exists.
However, if the socket file is a symbolic link and the file that it refers
to doesn't exist, we will got "Address already in use" because bind()
thinks the socket file exists and won't create it.
Now, use lstat() to determine whether the socket file exists.
Signed-off-by: Liu Wenlong <liuwl.fnst@cn.fujitsu.com>
The original text makes some assumptions about surfaces which may not be
true and fails to capture some details which are important to the
essential traits of a wl_surface.
When wayland-scanner encounters a new_id field with no corresponding
interface name defined, instead of emitting a function whose signature
lines up with the usual case (a uint32_t ID), it adds the interface name
as a string and the version number so that the interface can be
identified from the protcol message.
Without docs, this was previously left for the interprid wire protocol
implementor (e.g. me an hour ago) to discover when Wayland clients send
them apparently bogus messages.
I would have preferred if a different primitive type were used here
(e.g. typed_new_id) to reflect the fact that the wire protocol is
different, but I felt it unwise to add a new primitive to wayland.xml in
$current_year.
When an application and a toolkit share the same Wayland connection,
it will receive events with each others objects. For example if the
toolkit manages a set of surfaces, and the application another set, if
both the toolkit and application listen to pointer focus events,
they'll receive focus events for each others surfaces.
In order for the toolkit and application layers to identify whether a
surface is managed by itself or not, it cannot only rely on retrieving
the proxy user data, without going through all it's own proxy objects
finding whether it's one of them.
By adding the ability to "tag" a proxy object, the toolkit and
application can use the tag to identify what the user data pointer
points to something known.
To create a tag, the recommended way is to define a statically allocated
constant char array containing some descriptive string. The tag will be
the pointer to the non-const pointer to the beginning of the array.
For example, to identify whether a focus event is for a surface managed
by the code in question:
static const char *my_tag = "my tag";
static void
pointer_enter(void *data,
struct wl_pointer *wl_pointer,
uint32_t serial,
struct wl_surface *surface,
wl_fixed_t surface_x,
wl_fixed_t surface_y)
{
struct window *window;
const char * const *tag;
tag = wl_proxy_get_tag((struct wl_proxy *) surface);
if (tag != &my_tag)
return;
window = wl_surface_get_user_data(surface);
...
}
...
static void
init_window_surface(struct window *window)
{
struct wl_surface *surface;
surface = wl_compositor_create_surface(compositor);
wl_surface_set_user_data(surface, window);
wl_proxy_set_tag((struct wl_proxy *) surface,
&my_tag);
}
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
This (so-far) Linux-only API lets users create file descriptors purely
in memory, without any backing file on the filesystem and the race
condition which could ensue when unlink()ing it.
It also allows seals to be placed on the file, ensuring to every other
process that we won’t be allowed to shrink the contents, potentially
causing a SIGBUS when they try reading it.
This patch is best viewed with the -w option of git log -p.
Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
Reviewed-by: Simon Ser <contact@emersion.fr>
Instead, cleanly exit wl_closure_marshal and let the caller handler
the error. For wayland-client, the sole calling function will call
wl_abort() anyway. For wayland-server, the calling function will
cleanly shutdown the client.
This change ensures that compositors run with low file descriptor
limits or internal leaks need not crash suddenly (and sometimes
far from the problem) when space runs out.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Fixes#46
The way wl_buffer is specified makes this situation inherently racy,
meaning there is no way this can be done unambiguously. Current real
compositor implementations already have differing behaviour for this, so
any client relying on it was already broken, if any such client exists.
This specifically only singles out wl_buffer.release as being undefined;
every other aspect of it should still be valid. This is so existing and
correct uses of multiple attaches are still valid, where a
"static"/immutable wl_buffer is being used (i.e. they don't care about
the release event).
Signed-off-by: Scott Anderson <scott.anderson@collabora.com>
