xserver: Branch 'server-1.20-branch' - 25 commits
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Fri Oct 5 18:58:09 UTC 2018
Xext/shm.c | 25 ++++-----
Xi/xipassivegrab.c | 4 -
composite/compalloc.c | 28 ++++------
composite/compinit.c | 4 -
composite/compint.h | 3 -
dix/devices.c | 2
dix/inpututils.c | 2
fb/fboverlay.c | 6 +-
glamor/glamor_gradient.c | 8 +--
glx/createcontext.c | 12 ++++
hw/xfree86/common/xf86Config.c | 10 ++-
hw/xfree86/drivers/modesetting/driver.c | 40 +++++++--------
hw/xfree86/drivers/modesetting/drmmode_display.c | 1
hw/xfree86/drivers/modesetting/modesetting.man | 23 ++++++--
hw/xfree86/os-support/shared/posix_tty.c | 6 +-
hw/xwayland/xwayland-input.c | 61 ++++++++++++++++++-----
hw/xwayland/xwayland-output.c | 5 +
hw/xwayland/xwayland-present.c | 5 +
hw/xwayland/xwayland.h | 13 ++--
mi/mibitblt.c | 2
miext/damage/damage.c | 40 +++++++++++----
os/xdmcp.c | 12 +++-
present/present_wnmd.c | 3 -
randr/rrcrtc.c | 4 -
xkb/xkb.c | 2
25 files changed, 214 insertions(+), 107 deletions(-)
New commits:
commit b58aa8ed9b0a052d615d34b103aa54ce357df12e
Author: Alexander Volkov <a.volkov at rusbitech.ru>
Date: Mon Feb 26 19:41:18 2018 +0300
os/xdmcp: Don't create a new socket in XdmcpReset()
xdmcpSocket survives during the reset, there is no
need to create a new one.
This commit restores logic that was broken by
49c0f2413d32fdfe36e45861fcb32aaeab633094 in Xorg 1.19.
Signed-off-by: Alexander Volkov <a.volkov at rusbitech.ru>
(cherry picked from commit 32677ce03d793a1f2aa8871112eb3d19b3cb762f)
diff --git a/os/xdmcp.c b/os/xdmcp.c
index d8c81fbf8..62adead84 100644
--- a/os/xdmcp.c
+++ b/os/xdmcp.c
@@ -569,10 +569,9 @@ XdmcpRegisterDisplayClass(const char *name, int length)
}
static void
-xdmcp_start(void)
+xdmcp_reset(void)
{
timeOutRtx = 0;
- get_xdmcp_sock();
if (xdmcpSocket >= 0)
SetNotifyFd(xdmcpSocket, XdmcpSocketNotify, X_NOTIFY_READ, NULL);
#if defined(IPv6) && defined(AF_INET6)
@@ -583,6 +582,13 @@ xdmcp_start(void)
send_packet();
}
+static void
+xdmcp_start(void)
+{
+ get_xdmcp_sock();
+ xdmcp_reset();
+}
+
/*
* initialize XDMCP; create the socket, compute the display
* number, set up the state machine
@@ -611,7 +617,7 @@ XdmcpReset(void)
{
state = XDM_INIT_STATE;
if (state != XDM_OFF)
- xdmcp_start();
+ xdmcp_reset();
}
/*
commit b1215fb075b0166d5742c72041f58d512273bb50
Author: Pierre Ossman <ossman at cendio.se>
Date: Wed Oct 3 10:28:52 2018 +0200
Switch automatic composite update to WorkQueue
It is currently (ab)using the screen BlockHandler callback to do
this. But this can cause problems with other extension as their
block handlers might have executed before Composite's. And the
operations Composite does might result in them wanting to change
timeouts.
Practically this caused problems for TigerVNC's VNC extension which
failed to send out updates for Composite's screen updates.
(cherry picked from commit 1bd5d0a53c5ff4169c5a6704c1c4b276f998b938)
diff --git a/composite/compalloc.c b/composite/compalloc.c
index 433dc820a..3e2f14fb0 100644
--- a/composite/compalloc.c
+++ b/composite/compalloc.c
@@ -47,24 +47,18 @@
#include "compint.h"
-static void
-compScreenUpdate(ScreenPtr pScreen)
-{
- compCheckTree(pScreen);
- compPaintChildrenToWindow(pScreen->root);
-}
-
-static void
-compBlockHandler(ScreenPtr pScreen, void *pTimeout)
+static Bool
+compScreenUpdate(ClientPtr pClient, void *closure)
{
+ ScreenPtr pScreen = closure;
CompScreenPtr cs = GetCompScreen(pScreen);
- pScreen->BlockHandler = cs->BlockHandler;
- compScreenUpdate(pScreen);
- (*pScreen->BlockHandler) (pScreen, pTimeout);
+ compCheckTree(pScreen);
+ compPaintChildrenToWindow(pScreen->root);
- /* Next damage will restore the block handler */
- cs->BlockHandler = NULL;
+ /* Next damage will restore the worker */
+ cs->pendingScreenUpdate = FALSE;
+ return TRUE;
}
void
@@ -87,9 +81,9 @@ compReportDamage(DamagePtr pDamage, RegionPtr pRegion, void *closure)
CompScreenPtr cs = GetCompScreen(pScreen);
CompWindowPtr cw = GetCompWindow(pWin);
- if (!cs->BlockHandler) {
- cs->BlockHandler = pScreen->BlockHandler;
- pScreen->BlockHandler = compBlockHandler;
+ if (!cs->pendingScreenUpdate) {
+ QueueWorkProc(compScreenUpdate, serverClient, pScreen);
+ cs->pendingScreenUpdate = TRUE;
}
cw->damaged = TRUE;
diff --git a/composite/compinit.c b/composite/compinit.c
index 2590aa46d..6ea33ea4e 100644
--- a/composite/compinit.c
+++ b/composite/compinit.c
@@ -387,6 +387,8 @@ compScreenInit(ScreenPtr pScreen)
cs->pOverlayWin = NULL;
cs->pOverlayClients = NULL;
+ cs->pendingScreenUpdate = FALSE;
+
cs->numAlternateVisuals = 0;
cs->alternateVisuals = NULL;
cs->numImplicitRedirectExceptions = 0;
@@ -442,8 +444,6 @@ compScreenInit(ScreenPtr pScreen)
cs->ChangeWindowAttributes = pScreen->ChangeWindowAttributes;
pScreen->ChangeWindowAttributes = compChangeWindowAttributes;
- cs->BlockHandler = NULL;
-
cs->CloseScreen = pScreen->CloseScreen;
pScreen->CloseScreen = compCloseScreen;
diff --git a/composite/compint.h b/composite/compint.h
index 89f6507b9..d501bad65 100644
--- a/composite/compint.h
+++ b/composite/compint.h
@@ -156,7 +156,8 @@ typedef struct _CompScreen {
*/
ChangeWindowAttributesProcPtr ChangeWindowAttributes;
- ScreenBlockHandlerProcPtr BlockHandler;
+ Bool pendingScreenUpdate;
+
CloseScreenProcPtr CloseScreen;
int numAlternateVisuals;
VisualID *alternateVisuals;
commit a41b6ef2244f1a0003dada0962a9d785e74d7981
Author: Adam Jackson <ajax at redhat.com>
Date: Mon Oct 1 11:42:37 2018 -0400
modesetting: Don't free(dst) in drmmode_prop_info_copy
The destination is always either on the stack or in the middle of some
struct.
Signed-off-by: Adam Jackson <ajax at redhat.com>
(cherry picked from commit 43a0f9a5dbb469f4f403a8530f33be67618933b8)
diff --git a/hw/xfree86/drivers/modesetting/drmmode_display.c b/hw/xfree86/drivers/modesetting/drmmode_display.c
index f6f2e9fd1..9717d9d39 100644
--- a/hw/xfree86/drivers/modesetting/drmmode_display.c
+++ b/hw/xfree86/drivers/modesetting/drmmode_display.c
@@ -398,7 +398,6 @@ drmmode_prop_info_copy(drmmode_prop_info_ptr dst,
err:
while (i--)
free(dst[i].enum_values);
- free(dst);
return FALSE;
}
commit 9403335910f4e6b862af5c5ef835074be2c52edb
Author: Cedric Roux <sed at free.fr>
Date: Wed Sep 12 19:14:18 2018 +0200
miext/damage: take care of the coordinate mode in damagePolyPoint
The mode (CoordModeOrigin or CoordModePrevious) was not taken into
account when computing the box. The result was a bad drawing of
points in some situations (on my hardware/software configuration,
calling XDrawString followed by XDrawPoints in the mode
CoordModePrevious).
Signed-off-by: Cedric Roux <sed at free.fr>
Signed-off-by: Eric Anholt <eric at anholt.net>
(cherry picked from commit bc36594e0eb8bfa5a673bcfd8c8168f70994a1df)
diff --git a/miext/damage/damage.c b/miext/damage/damage.c
index de14d5cc8..f3ae4ebbc 100644
--- a/miext/damage/damage.c
+++ b/miext/damage/damage.c
@@ -829,16 +829,36 @@ damagePolyPoint(DrawablePtr pDrawable,
/* this could be slow if the points were spread out */
- while (--nptTmp) {
- pptTmp++;
- if (box.x1 > pptTmp->x)
- box.x1 = pptTmp->x;
- else if (box.x2 < pptTmp->x)
- box.x2 = pptTmp->x;
- if (box.y1 > pptTmp->y)
- box.y1 = pptTmp->y;
- else if (box.y2 < pptTmp->y)
- box.y2 = pptTmp->y;
+ if (mode == CoordModePrevious) {
+ int x = box.x1;
+ int y = box.y1;
+
+ while (--nptTmp) {
+ pptTmp++;
+ x += pptTmp->x;
+ y += pptTmp->y;
+ if (box.x1 > x)
+ box.x1 = x;
+ else if (box.x2 < x)
+ box.x2 = x;
+ if (box.y1 > y)
+ box.y1 = y;
+ else if (box.y2 < y)
+ box.y2 = y;
+ }
+ }
+ else {
+ while (--nptTmp) {
+ pptTmp++;
+ if (box.x1 > pptTmp->x)
+ box.x1 = pptTmp->x;
+ else if (box.x2 < pptTmp->x)
+ box.x2 = pptTmp->x;
+ if (box.y1 > pptTmp->y)
+ box.y1 = pptTmp->y;
+ else if (box.y2 < pptTmp->y)
+ box.y2 = pptTmp->y;
+ }
}
box.x2++;
commit c26a47b4f2e170e283ca1683d5b6ca2d04823e80
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Thu Sep 20 16:32:29 2018 +0200
xwayland: Use `double` for `xwl_tablet_tool`
So we do not lose subpixel precision in Xwayland.
Suggested-by: Peter Hutterer <peter.hutterer at who-t.net>
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
Closes: https://gitlab.freedesktop.org/libinput/libinput/issues/138
(cherry picked from commit 734b2d6907f730571a2805cbc53fe7056190f19e)
diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c
index c220ca2aa..fbbcb39cc 100644
--- a/hw/xwayland/xwayland-input.c
+++ b/hw/xwayland/xwayland-input.c
@@ -1604,8 +1604,8 @@ tablet_tool_motion(void *data, struct zwp_tablet_tool_v2 *tool,
struct xwl_tablet_tool *xwl_tablet_tool = data;
struct xwl_seat *xwl_seat = xwl_tablet_tool->seat;
int32_t dx, dy;
- int sx = wl_fixed_to_int(x);
- int sy = wl_fixed_to_int(y);
+ double sx = wl_fixed_to_double(x);
+ double sy = wl_fixed_to_double(y);
if (!xwl_seat->tablet_focus_window)
return;
@@ -1613,8 +1613,8 @@ tablet_tool_motion(void *data, struct zwp_tablet_tool_v2 *tool,
dx = xwl_seat->tablet_focus_window->window->drawable.x;
dy = xwl_seat->tablet_focus_window->window->drawable.y;
- xwl_tablet_tool->x = dx + sx;
- xwl_tablet_tool->y = dy + sy;
+ xwl_tablet_tool->x = (double) dx + sx;
+ xwl_tablet_tool->y = (double) dy + sy;
}
static void
@@ -1772,15 +1772,15 @@ tablet_tool_frame(void *data, struct zwp_tablet_tool_v2 *tool, uint32_t time)
int button;
valuator_mask_zero(&mask);
- valuator_mask_set(&mask, 0, xwl_tablet_tool->x);
- valuator_mask_set(&mask, 1, xwl_tablet_tool->y);
+ valuator_mask_set_double(&mask, 0, xwl_tablet_tool->x);
+ valuator_mask_set_double(&mask, 1, xwl_tablet_tool->y);
valuator_mask_set(&mask, 2, xwl_tablet_tool->pressure);
- valuator_mask_set(&mask, 3, xwl_tablet_tool->tilt_x);
- valuator_mask_set(&mask, 4, xwl_tablet_tool->tilt_y);
- valuator_mask_set(&mask, 5, xwl_tablet_tool->rotation + xwl_tablet_tool->slider);
+ valuator_mask_set_double(&mask, 3, xwl_tablet_tool->tilt_x);
+ valuator_mask_set_double(&mask, 4, xwl_tablet_tool->tilt_y);
+ valuator_mask_set_double(&mask, 5, xwl_tablet_tool->rotation + xwl_tablet_tool->slider);
QueuePointerEvents(xwl_tablet_tool->xdevice, MotionNotify, 0,
- POINTER_ABSOLUTE | POINTER_SCREEN, &mask);
+ POINTER_ABSOLUTE | POINTER_DESKTOP, &mask);
valuator_mask_zero(&mask);
diff --git a/hw/xwayland/xwayland.h b/hw/xwayland/xwayland.h
index 1a6e2f380..67819e178 100644
--- a/hw/xwayland/xwayland.h
+++ b/hw/xwayland/xwayland.h
@@ -311,13 +311,13 @@ struct xwl_tablet_tool {
DeviceIntPtr xdevice;
uint32_t proximity_in_serial;
- uint32_t x;
- uint32_t y;
+ double x;
+ double y;
uint32_t pressure;
- float tilt_x;
- float tilt_y;
- float rotation;
- float slider;
+ double tilt_x;
+ double tilt_y;
+ double rotation;
+ double slider;
uint32_t buttons_now,
buttons_prev;
commit fb01b238c610e1955457dd9878d75b2c34c9a0c6
Author: Adam Jackson <ajax at redhat.com>
Date: Wed Aug 29 15:42:20 2018 -0400
xfree86: Fix Option "MaxClients" validation
The old code would not in fact validate the option value, though it
might complain about it in the log. It also didn't let you set some
legal values that the -maxclients command line option would.
Signed-off-by: Adam Jackson <ajax at redhat.com>
(cherry picked from commit 7d689f049c3cc16b8e0cb0103a384a2ceb84ea33)
diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
index 2c1d335dc..e31030d63 100644
--- a/hw/xfree86/common/xf86Config.c
+++ b/hw/xfree86/common/xf86Config.c
@@ -939,10 +939,12 @@ configServerFlags(XF86ConfFlagsPtr flagsconf, XF86OptionPtr layoutopts)
from = X_CMDLINE;
i = -1;
if (xf86GetOptValInteger(FlagOptions, FLAG_MAX_CLIENTS, &i)) {
- if (i != 64 && i != 128 && i != 256 && i != 512)
- ErrorF("MaxClients must be one of 64, 128, 256 or 512\n");
- from = X_CONFIG;
- LimitClients = i;
+ if (Ones(i) != 1 || i < 64 || i > 2048) {
+ ErrorF("MaxClients must be one of 64, 128, 256, 512, 1024, or 2048\n");
+ } else {
+ from = X_CONFIG;
+ LimitClients = i;
+ }
}
xf86Msg(from, "Max clients allowed: %i, resource mask: 0x%x\n",
LimitClients, RESOURCE_ID_MASK);
commit cc4051ad6a3712c4407ffb608c8d23f2b66952d6
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 11:39:32 2018 +1000
devices: break after finding and removing device from lists
Coverity complains about a use after free in here after the
freeing, I can't follow the linked list so well, but whot
says the device can only be on one list once, so break should
fix it.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit ba0f5d854f4db52974ab5cd09191303b01b075ff)
diff --git a/dix/devices.c b/dix/devices.c
index 4a628afb0..1b18b168e 100644
--- a/dix/devices.c
+++ b/dix/devices.c
@@ -1177,6 +1177,7 @@ RemoveDevice(DeviceIntPtr dev, BOOL sendevent)
flags[tmp->id] = IsMaster(tmp) ? XIMasterRemoved : XISlaveRemoved;
CloseDevice(tmp);
ret = Success;
+ break;
}
}
@@ -1193,6 +1194,7 @@ RemoveDevice(DeviceIntPtr dev, BOOL sendevent)
prev->next = next;
ret = Success;
+ break;
}
}
commit 64a7aac257ddbb000759d37386454866d8810545
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 11:12:51 2018 +1000
mibltblt: free prgnSrcClip on error path.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit c4591ea17110b5c318a5ef4b0f17a4eea306ea71)
diff --git a/mi/mibitblt.c b/mi/mibitblt.c
index 2de5bf8fd..43d9bd917 100644
--- a/mi/mibitblt.c
+++ b/mi/mibitblt.c
@@ -141,6 +141,8 @@ miCopyArea(DrawablePtr pSrcDrawable,
free(ordering);
free(pwidthFirst);
free(pptFirst);
+ if (realSrcClip)
+ RegionDestroy(prgnSrcClip);
return NULL;
}
commit fcbdb7c8b0d7bcc6a85e0beb2ce1dba76803486b
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 11:09:40 2018 +1000
xkb: fix what looks to be a copy-paste error with first vs firstMM
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit 758393951233d1b2520cf4cefd33ec4288a3880a)
diff --git a/xkb/xkb.c b/xkb/xkb.c
index 0fe6ebf4a..764079506 100644
--- a/xkb/xkb.c
+++ b/xkb/xkb.c
@@ -2570,7 +2570,7 @@ _XkbSetMap(ClientPtr client, DeviceIntPtr dev, xkbSetMapReq * req, char *values)
first = last = 0;
if (change.map.num_modmap_keys > 0) {
firstMM = change.map.first_modmap_key;
- lastMM = first + change.map.num_modmap_keys - 1;
+ lastMM = firstMM + change.map.num_modmap_keys - 1;
}
else
firstMM = lastMM = 0;
commit 83ef02839ce8982c2e841bc400abddbeb620481d
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 11:05:45 2018 +1000
posix_tty: free leak of xf86SetStrOption return value.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit cad3a1a82da3c8421b5cc98af27a779a38b5c709)
diff --git a/hw/xfree86/os-support/shared/posix_tty.c b/hw/xfree86/os-support/shared/posix_tty.c
index 6768d290b..0cb9788cc 100644
--- a/hw/xfree86/os-support/shared/posix_tty.c
+++ b/hw/xfree86/os-support/shared/posix_tty.c
@@ -188,7 +188,7 @@ xf86SetSerial(int fd, XF86OptionPtr options)
{
struct termios t;
int val;
- const char *s;
+ char *s;
int baud, r;
if (fd < 0)
@@ -264,8 +264,10 @@ xf86SetSerial(int fd, XF86OptionPtr options)
}
else {
xf86Msg(X_ERROR, "Invalid Option Parity value: %s\n", s);
+ free(s);
return -1;
}
+ free(s);
}
if ((val = xf86SetIntOption(options, "Vmin", -1)) != -1) {
@@ -291,8 +293,10 @@ xf86SetSerial(int fd, XF86OptionPtr options)
}
else {
xf86Msg(X_ERROR, "Invalid Option FlowControl value: %s\n", s);
+ free(s);
return -1;
}
+ free(s);
}
if ((xf86SetBoolOption(options, "ClearDTR", FALSE))) {
commit 66d36010a324480ac656e702e53f9c1f6fb60d5c
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 10:56:40 2018 +1000
modesetting: get pEnt after error checks
This saves us having to make sure we clean it up.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit b6c29a881eb49300fddfd0187cb10891f5257d3b)
diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c
index 792dfb655..8d29b130f 100644
--- a/hw/xfree86/drivers/modesetting/driver.c
+++ b/hw/xfree86/drivers/modesetting/driver.c
@@ -900,8 +900,6 @@ PreInit(ScrnInfoPtr pScrn, int flags)
if (pScrn->numEntities != 1)
return FALSE;
- pEnt = xf86GetEntityInfo(pScrn->entityList[0]);
-
if (flags & PROBE_DETECT) {
return FALSE;
}
@@ -910,6 +908,8 @@ PreInit(ScrnInfoPtr pScrn, int flags)
if (!GetRec(pScrn))
return FALSE;
+ pEnt = xf86GetEntityInfo(pScrn->entityList[0]);
+
ms = modesettingPTR(pScrn);
ms->SaveGeneration = -1;
ms->pEnt = pEnt;
commit 795c58a1febb3deb9066d981b178d9cf14fdad03
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 10:52:25 2018 +1000
glamor: fix leak of fs_getcolor_source.
This is created using XNFstrdup, so it needs to be freed.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit f0a5c0d1fdaeee3cd701215f4f57b7eacaf783c2)
diff --git a/glamor/glamor_gradient.c b/glamor/glamor_gradient.c
index 4e864cd79..eef078860 100644
--- a/glamor/glamor_gradient.c
+++ b/glamor/glamor_gradient.c
@@ -38,7 +38,7 @@
#define RADIAL_SMALL_STOPS (6 + 2)
#define RADIAL_LARGE_STOPS (16 + 2)
-static const char *
+static char *
_glamor_create_getcolor_fs_source(ScreenPtr screen, int stops_count,
int use_array)
{
@@ -310,7 +310,7 @@ _glamor_create_radial_gradient_program(ScreenPtr screen, int stops_count,
"}\n"\
"\n"\
"%s\n" /* fs_getcolor_source */
- const char *fs_getcolor_source;
+ char *fs_getcolor_source;
glamor_priv = glamor_get_screen_private(screen);
@@ -343,6 +343,7 @@ _glamor_create_radial_gradient_program(ScreenPtr screen, int stops_count,
fs_prog = glamor_compile_glsl_prog(GL_FRAGMENT_SHADER, gradient_fs);
free(gradient_fs);
+ free(fs_getcolor_source);
glAttachShader(gradient_prog, vs_prog);
glAttachShader(gradient_prog, fs_prog);
@@ -493,7 +494,7 @@ _glamor_create_linear_gradient_program(ScreenPtr screen, int stops_count,
"}\n"\
"\n"\
"%s" /* fs_getcolor_source */
- const char *fs_getcolor_source;
+ char *fs_getcolor_source;
glamor_priv = glamor_get_screen_private(screen);
@@ -522,6 +523,7 @@ _glamor_create_linear_gradient_program(ScreenPtr screen, int stops_count,
fs_prog = glamor_compile_glsl_prog(GL_FRAGMENT_SHADER, gradient_fs);
free(gradient_fs);
+ free(fs_getcolor_source);
glAttachShader(gradient_prog, vs_prog);
glAttachShader(gradient_prog, fs_prog);
commit bb384d0b110a99f2d935ed73d6589af46f818823
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 10:50:21 2018 +1000
fboverlay: move bpp checks above malloc
Avoids having to free the malloced object.
Pointed out by coverity.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit c7fa6a0a0d4ad28ee21b8dd9ad4fbe33f462bc71)
diff --git a/fb/fboverlay.c b/fb/fboverlay.c
index a028a8de1..d47a7c67b 100644
--- a/fb/fboverlay.c
+++ b/fb/fboverlay.c
@@ -279,11 +279,11 @@ fbOverlayFinishScreenInit(ScreenPtr pScreen,
(&fbOverlayScreenPrivateKeyRec, PRIVATE_SCREEN, 0))
return FALSE;
- pScrPriv = malloc(sizeof(FbOverlayScrPrivRec));
- if (!pScrPriv)
+ if (bpp1 == 24 || bpp2 == 24)
return FALSE;
- if (bpp1 == 24 || bpp2 == 24)
+ pScrPriv = malloc(sizeof(FbOverlayScrPrivRec));
+ if (!pScrPriv)
return FALSE;
if (!fbInitVisuals(&visuals, &depths, &nvisuals, &ndepths, &depth1,
commit 26a83f9833054f5cf7c7d73b0f5aa080d400c26b
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 10:33:04 2018 +1000
xi: free modifiers_failed on error path. (v2)
Pointed out by coverity.
v2: set modifies_failed to NULL at start (whot)
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit 51ae6126dcf3e234d0f678f02934bc9515abb8ae)
diff --git a/Xi/xipassivegrab.c b/Xi/xipassivegrab.c
index aa965e46f..65d5870f6 100644
--- a/Xi/xipassivegrab.c
+++ b/Xi/xipassivegrab.c
@@ -88,7 +88,7 @@ ProcXIPassiveGrabDevice(ClientPtr client)
};
int i, ret = Success;
uint32_t *modifiers;
- xXIGrabModifierInfo *modifiers_failed;
+ xXIGrabModifierInfo *modifiers_failed = NULL;
GrabMask mask = { 0 };
GrabParameters param;
void *tmp;
@@ -232,8 +232,8 @@ ProcXIPassiveGrabDevice(ClientPtr client)
if (rep.num_modifiers)
WriteToClient(client, rep.length * 4, modifiers_failed);
- free(modifiers_failed);
out:
+ free(modifiers_failed);
xi2mask_free(&mask.xi2mask);
return ret;
}
commit bdeab7863eb7abe2d9d05eed259542695935559c
Author: Dave Airlie <airlied at redhat.com>
Date: Wed Sep 12 10:30:13 2018 +1000
shm: move shmsize verify before allocating the drawable.
Otherwise if the VERIFY_SHMSIZE macro fails we leak the drawables
we allocated earlier.
Noticed by coverity scan.
Signed-off-by: Dave Airlie <airlied at redhat.com>
(cherry picked from commit 3439929c510501929c6ef1d90477c33bf8838632)
diff --git a/Xext/shm.c b/Xext/shm.c
index 896a966e3..589ed0b4d 100644
--- a/Xext/shm.c
+++ b/Xext/shm.c
@@ -834,6 +834,19 @@ ProcPanoramiXShmGetImage(ClientPtr client)
return BadMatch;
}
+ if (format == ZPixmap) {
+ widthBytesLine = PixmapBytePad(w, pDraw->depth);
+ length = widthBytesLine * h;
+ }
+ else {
+ widthBytesLine = PixmapBytePad(w, 1);
+ lenPer = widthBytesLine * h;
+ plane = ((Mask) 1) << (pDraw->depth - 1);
+ length = lenPer * Ones(planemask & (plane | (plane - 1)));
+ }
+
+ VERIFY_SHMSIZE(shmdesc, stuff->offset, length, client);
+
drawables = calloc(PanoramiXNumScreens, sizeof(DrawablePtr));
if (!drawables)
return BadAlloc;
@@ -856,18 +869,6 @@ ProcPanoramiXShmGetImage(ClientPtr client)
.depth = pDraw->depth
};
- if (format == ZPixmap) {
- widthBytesLine = PixmapBytePad(w, pDraw->depth);
- length = widthBytesLine * h;
- }
- else {
- widthBytesLine = PixmapBytePad(w, 1);
- lenPer = widthBytesLine * h;
- plane = ((Mask) 1) << (pDraw->depth - 1);
- length = lenPer * Ones(planemask & (plane | (plane - 1)));
- }
-
- VERIFY_SHMSIZE(shmdesc, stuff->offset, length, client);
xgi.size = length;
if (length == 0) { /* nothing to do */
commit 8e646ca9850c071994354b503b5d2b62f99ef2a8
Author: Adam Jackson <ajax at redhat.com>
Date: Wed Aug 29 16:07:59 2018 -0400
modesetting: Document Option "DoubleShadow" in the man page
Signed-off-by: Adam Jackson <ajax at redhat.com>
(cherry picked from commit c4f3e42fe316c90a73908a838ce64abbb28fe0a2)
diff --git a/hw/xfree86/drivers/modesetting/modesetting.man b/hw/xfree86/drivers/modesetting/modesetting.man
index 2ee2bcf6a..d530d7c4c 100644
--- a/hw/xfree86/drivers/modesetting/modesetting.man
+++ b/hw/xfree86/drivers/modesetting/modesetting.man
@@ -54,6 +54,16 @@ The framebuffer device to use. Default: /dev/dri/card0.
.BI "Option \*qShadowFB\*q \*q" boolean \*q
Enable or disable use of the shadow framebuffer layer. Default: on.
.TP
+.BI "Option \*qDoubleShadow\*q \*q" boolean \*q
+Double-buffer shadow updates. When enabled, the driver will keep two copies of
+the shadow framebuffer. When the shadow framebuffer is flushed, the old and new
+versions of the shadow are compared, and only tiles that have actually changed
+are uploaded to the device. This is an optimization for server-class GPUs with
+a remote display function (typically VNC), where remote updates are triggered
+by any framebuffer write, so minimizing the amount of data uploaded is crucial.
+This defaults to enabled for ASPEED and Matrox G200 devices, and disabled
+otherwise.
+.TP
.BI "Option \*qAccelMethod\*q \*q" string \*q
One of \*qglamor\*q or \*qnone\*q. Default: glamor.
.TP
commit fdb80a327cfe213a206bc76d3cb43cbb33855547
Author: Adam Jackson <ajax at redhat.com>
Date: Wed Aug 29 15:57:46 2018 -0400
modesetting: Lie less in the man page
We don't support 8bpp, and we do have acceleration.
Signed-off-by: Adam Jackson <ajax at redhat.com>
(cherry picked from commit 0dc2c419e11cf28b8fa1e607d4cf2d15f2eb2306)
diff --git a/hw/xfree86/drivers/modesetting/modesetting.man b/hw/xfree86/drivers/modesetting/modesetting.man
index d90352380..2ee2bcf6a 100644
--- a/hw/xfree86/drivers/modesetting/modesetting.man
+++ b/hw/xfree86/drivers/modesetting/modesetting.man
@@ -14,10 +14,13 @@ modesetting \- video driver for framebuffer device
.fi
.SH DESCRIPTION
.B modesetting
-is an @xservername@ driver for KMS devices. This is a non-accelerated
-driver, the following framebuffer depths are supported: 8, 15, 16, 24.
-All visual types are supported for depth 8, and TrueColor visual is
-supported for the other depths. RandR 1.2 is supported.
+is an @xservername@ driver for KMS devices. This driver supports
+TrueColor visuals at framebuffer depths of 15, 16, 24, and 30. RandR
+1.2 is supported for multi-head configurations. Acceleration is available
+through glamor for devices supporting at least OpenGL ES 2.0 or OpenGL 2.1.
+If glamor is not enabled, a shadow framebuffer is configured based on the
+KMS drivers' preference (unless the framebuffer is 24 bits per pixel, in
+which case the shadow framebuffer is always used).
.SH SUPPORTED HARDWARE
The
.B modesetting
@@ -52,7 +55,7 @@ The framebuffer device to use. Default: /dev/dri/card0.
Enable or disable use of the shadow framebuffer layer. Default: on.
.TP
.BI "Option \*qAccelMethod\*q \*q" string \*q
-One of \*qglamor\*q or \*qnone\*q. Default: glamor
+One of \*qglamor\*q or \*qnone\*q. Default: glamor.
.TP
.BI "Option \*qPageFlip\*q \*q" boolean \*q
Enable DRI3 page flipping. The default is
commit cffac815b957fd1296d61cc5c20ba3709a77ee4e
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Wed Sep 5 10:49:27 2018 +0200
xwayland: Remove xwl_present_window from privates on cleanup
Xwayland's `xwl_destroy_window()` invokes `xwl_present_cleanup()`
before the common `DestroyWindow()`.
But then `DestroyWindow()` calls `present_destroy_window()` which will
possibly end up in `xwl_present_abort_vblank()` which will try to access
data that was previously freed by `xwl_present_cleanup()`:
Invalid read of size 8
at 0x434184: xwl_present_abort_vblank (xwayland-present.c:378)
by 0x53785B: present_wnmd_abort_vblank (present_wnmd.c:651)
by 0x53695A: present_free_window_vblank (present_screen.c:87)
by 0x53695A: present_destroy_window (present_screen.c:152)
by 0x42A90D: xwl_destroy_window (xwayland.c:653)
by 0x584298: compDestroyWindow (compwindow.c:613)
by 0x53CEE3: damageDestroyWindow (damage.c:1570)
by 0x4F1BB8: DbeDestroyWindow (dbe.c:1326)
by 0x46F7F6: FreeWindowResources (window.c:1031)
by 0x472847: DeleteWindow (window.c:1099)
by 0x46B54C: doFreeResource (resource.c:880)
by 0x46C706: FreeClientResources (resource.c:1146)
by 0x446ADE: CloseDownClient (dispatch.c:3473)
Address 0x182abde0 is 80 bytes inside a block of size 112 free'd
at 0x4C2FDAC: free (vg_replace_malloc.c:530)
by 0x42A937: xwl_destroy_window (xwayland.c:647)
by 0x584298: compDestroyWindow (compwindow.c:613)
by 0x53CEE3: damageDestroyWindow (damage.c:1570)
by 0x4F1BB8: DbeDestroyWindow (dbe.c:1326)
by 0x46F7F6: FreeWindowResources (window.c:1031)
by 0x472847: DeleteWindow (window.c:1099)
by 0x46B54C: doFreeResource (resource.c:880)
by 0x46C706: FreeClientResources (resource.c:1146)
by 0x446ADE: CloseDownClient (dispatch.c:3473)
by 0x446DA5: ProcKillClient (dispatch.c:3279)
by 0x4476AF: Dispatch (dispatch.c:479)
Block was alloc'd at
at 0x4C30B06: calloc (vg_replace_malloc.c:711)
by 0x433F46: xwl_present_window_get_priv (xwayland-present.c:54)
by 0x434228: xwl_present_get_crtc (xwayland-present.c:302)
by 0x539728: proc_present_query_capabilities (present_request.c:227)
by 0x4476AF: Dispatch (dispatch.c:479)
by 0x44B5B5: dix_main (main.c:276)
by 0x75F611A: (below main) (libc-start.c:308)
This is because `xwl_present_cleanup()` frees the memory but does not
remove it from the window's privates, and `xwl_present_abort_vblank()`
will still find it and hence try to access that freed memory...
Remove `xwl_present_window` from window's privates on cleanup so that no
other function can find and reuse that data once it's freed.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1616269
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
(cherry picked from commit 3f31f56929e80001970e3821ed8b10c6075df8e6)
diff --git a/hw/xwayland/xwayland-present.c b/hw/xwayland/xwayland-present.c
index 81e0eb9ce..316e04443 100644
--- a/hw/xwayland/xwayland-present.c
+++ b/hw/xwayland/xwayland-present.c
@@ -147,6 +147,11 @@ xwl_present_cleanup(WindowPtr window)
/* Clear timer */
xwl_present_free_timer(xwl_present_window);
+ /* Remove from privates so we don't try to access it later */
+ dixSetPrivate(&window->devPrivates,
+ &xwl_present_window_private_key,
+ NULL);
+
free(xwl_present_window);
}
commit 8dd7173eeba08f1ecfb414915625c609ad4b3297
Author: Lionel Landwerlin <lionel.g.landwerlin at intel.com>
Date: Tue Aug 28 21:30:05 2018 +0100
xwayland: fix access to invalid pointer
xwl_output->randr_crtc is used in the update_screen_size() function :
==5331== Invalid read of size 4
==5331== at 0x15263D: update_screen_size (xwayland-output.c:190)
==5331== by 0x152C48: xwl_output_remove (xwayland-output.c:413)
==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814)
==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651)
==5331== by 0x2A5322: WaitForSomething (WaitFor.c:208)
==5331== by 0x27574B: Dispatch (dispatch.c:421)
==5331== by 0x279945: dix_main (main.c:276)
==5331== Address 0x1aacb5f4 is 36 bytes inside a block of size 154 free'd
==5331== at 0x48369EB: free (vg_replace_malloc.c:530)
==5331== by 0x1F8AE8: RROutputDestroyResource (rroutput.c:421)
==5331== by 0x29A2AC: doFreeResource (resource.c:880)
==5331== by 0x29AE5B: FreeResource (resource.c:910)
==5331== by 0x152BE0: xwl_output_remove (xwayland-output.c:408)
==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814)
==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651)
==5331== Block was alloc'd at
==5331== at 0x48357BF: malloc (vg_replace_malloc.c:299)
==5331== by 0x1F93E0: RROutputCreate (rroutput.c:83)
==5331== by 0x152A75: xwl_output_create (xwayland-output.c:361)
==5331== by 0x14BE59: registry_global (xwayland.c:764)
==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814)
==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651)
==5331== by 0x2A5322: WaitForSomething (WaitFor.c:208)
Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin at intel.com>
Reviewed-by: Daniel Stone <daniels at collabora.com>
(cherry picked from commit 53ce2ba0a19af9c549f47a4cc678afcebeb6087e)
diff --git a/hw/xwayland/xwayland-output.c b/hw/xwayland/xwayland-output.c
index 0d2ec7890..cc68f0340 100644
--- a/hw/xwayland/xwayland-output.c
+++ b/hw/xwayland/xwayland-output.c
@@ -404,14 +404,15 @@ xwl_output_remove(struct xwl_output *xwl_output)
int width = 0, height = 0;
Bool need_rotate = (xwl_output->xdg_output == NULL);
- RRCrtcDestroy(xwl_output->randr_crtc);
- RROutputDestroy(xwl_output->randr_output);
xorg_list_del(&xwl_output->link);
xorg_list_for_each_entry(it, &xwl_screen->output_list, link)
output_get_new_size(it, need_rotate, &height, &width);
update_screen_size(xwl_output, width, height);
+ RRCrtcDestroy(xwl_output->randr_crtc);
+ RROutputDestroy(xwl_output->randr_output);
+
xwl_output_destroy(xwl_output);
}
commit 1191b23f942cace785234f5d7fac972251c8f1db
Author: Olivier Fourdan <ofourdan at redhat.com>
Date: Wed Sep 5 15:20:17 2018 +0200
glx: check for indirect context in CreateContextAttribsARB()
Commit 99f0365b "Add a command line argument for disabling indirect GLX"
added a test to check if indirect context are enabled in
`DoCreateContext()` but `__glXDisp_CreateContextAttribsARB()` doesn't
use `DoCreateContext()` and doesn't check if indirect context is
enabled.
As a result, clients can still manage to create indirect contexts using
`glXCreateContextAttribsARB()` even if indirect contexts are disabled,
which can possibly crash Xservers such as Xwayland or Xephyr when the
context is destroyed.
To avoid the issue, check for `enableIndirectGLX` in
`__glXDisp_CreateContextAttribsARB()` as well.
Fixes: 99f0365b "Add a command line argument for disabling indirect GLX"
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107508
Signed-off-by: Olivier Fourdan <ofourdan at redhat.com>
(cherry picked from commit 75448671abe2c6ae3745eb5d2ed2e76df2de9c41)
diff --git a/glx/createcontext.c b/glx/createcontext.c
index 7d09c3a1c..24b02ddfb 100644
--- a/glx/createcontext.c
+++ b/glx/createcontext.c
@@ -28,6 +28,7 @@
#include "glxserver.h"
#include "glxext.h"
#include "indirect_dispatch.h"
+#include "opaque.h"
#define ALL_VALID_FLAGS \
(GLX_CONTEXT_DEBUG_BIT_ARB | GLX_CONTEXT_FORWARD_COMPATIBLE_BIT_ARB \
@@ -320,6 +321,17 @@ __glXDisp_CreateContextAttribsARB(__GLXclientState * cl, GLbyte * pc)
err = BadAlloc;
}
else {
+ /* Only allow creating indirect GLX contexts if allowed by
+ * server command line. Indirect GLX is of limited use (since
+ * it's only GL 1.4), it's slower than direct contexts, and
+ * it's a massive attack surface for buffer overflow type
+ * errors.
+ */
+ if (!enableIndirectGLX) {
+ client->errorValue = req->isDirect;
+ return BadValue;
+ }
+
ctx = glxScreen->createContext(glxScreen, config, shareCtx,
req->numAttribs, (uint32_t *) attribs,
&err);
commit 1b0db2c74258d20e3f99bd69c2914fd445abe920
Author: Lionel Landwerlin <lionel.g.landwerlin at intel.com>
Date: Mon Aug 27 01:04:45 2018 +0100
present: fix freed pointer access
When a vblank has been marked as aborted, it's going to be free in the
flip_notify function when stopped. We can't notify it after it's
stopped because the pointer is invalid.
Valgrind backtrace:
==5331== Invalid read of size 8
==5331== at 0x212B4D: present_vblank_notify (present_vblank.c:34)
==5331== by 0x21439B: present_wnmd_flip_notify (present_wnmd.c:194)
==5331== by 0x21439B: present_wnmd_event_notify (present_wnmd.c:228)
==5331== by 0x156216: xwl_present_sync_callback (xwayland-present.c:282)
==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814)
==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651)
==5331== by 0x2A5322: WaitForSomething (WaitFor.c:208)
==5331== by 0x27574B: Dispatch (dispatch.c:421)
==5331== Address 0x1b44dc98 is 40 bytes inside a block of size 184 free'd
==5331== at 0x48369EB: free (vg_replace_malloc.c:530)
==5331== by 0x213B0A: present_wnmd_free_idle_vblanks (present_wnmd.c:118)
==5331== by 0x213B0A: present_wnmd_flips_stop (present_wnmd.c:161)
==5331== by 0x2143EF: present_wnmd_flip_notify (present_wnmd.c:192)
==5331== by 0x2143EF: present_wnmd_event_notify (present_wnmd.c:228)
==5331== by 0x156216: xwl_present_sync_callback (xwayland-present.c:282)
==5331== by 0x6570FCD: ffi_call_unix64 (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x657093E: ffi_call (in /usr/lib/x86_64-linux-gnu/libffi.so.6.0.4)
==5331== by 0x4DDB183: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD79D8: ??? (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x4DD8EA3: wl_display_dispatch_queue_pending (in /usr/lib/x86_64-linux-gnu/libwayland-client.so.0.3.0)
==5331== by 0x14BCCA: xwl_read_events (xwayland.c:814)
==5331== by 0x2AC0D0: ospoll_wait (ospoll.c:651)
==5331== by 0x2A5322: WaitForSomething (WaitFor.c:208)
==5331== Block was alloc'd at
==5331== at 0x48377D5: calloc (vg_replace_malloc.c:711)
==5331== by 0x212D9F: present_vblank_create (present_vblank.c:69)
==5331== by 0x214014: present_wnmd_pixmap (present_wnmd.c:610)
==5331== by 0x21576C: proc_present_pixmap (present_request.c:150)
==5331== by 0x27599D: Dispatch (dispatch.c:479)
==5331== by 0x279945: dix_main (main.c:276)
==5331== by 0x633AB16: (below main) (libc-start.c:310)
v2: Still notify aborted flips (Roman)
Signed-off-by: Lionel Landwerlin <lionel.g.landwerlin at intel.com>
Reviewed-by: Daniel Stone <daniels at collabora.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=107314
Reviewed-by: Roman Gilg <subdiff at gmail.com>
Tested-by: Roman Gilg <subdiff at gmail.com>
(cherry picked from commit ce271535adb6974e0a43bb64c8ed7a5dcaff67a2)
diff --git a/present/present_wnmd.c b/present/present_wnmd.c
index 035ae8ffe..8f3836440 100644
--- a/present/present_wnmd.c
+++ b/present/present_wnmd.c
@@ -188,10 +188,11 @@ present_wnmd_flip_notify(present_vblank_ptr vblank, uint64_t ust, uint64_t crtc_
window_priv->flip_active = vblank;
window_priv->flip_pending = NULL;
+ present_vblank_notify(vblank, PresentCompleteKindPixmap, PresentCompleteModeFlip, ust, crtc_msc);
+
if (vblank->abort_flip)
present_wnmd_flips_stop(window);
- present_vblank_notify(vblank, PresentCompleteKindPixmap, PresentCompleteModeFlip, ust, crtc_msc);
present_wnmd_flip_try_ready(window);
}
commit 48300a7775b4ff3200de200e8c5502d99bd99104
Author: Scott Anderson <scott at anderso.nz>
Date: Mon Aug 6 18:09:26 2018 +1200
xwayland: use wayland axis_discrete event
This prevents multiple scroll events happening for wayland compositors
which send axis values other than 10. For example, libinput will
typically return 15 for each scroll wheel step, and if a wayland
compositor sends those to xwayland without normalising them, 2 scroll
wheel steps will end up as 3 xorg scroll events. By listening for the
discrete_axis event, this will now correctly send only 2 xorg scroll
events.
The wayland protocol gurantees that there will always be an axis event
following an axis_discrete event. However, it does not gurantee that
other events (including other axis_discrete+axis pairs) will not happen
in between them. So we must keep a list of outstanding axis_discrete
events.
Signed-off-by: Scott Anderson <scott at anderso.nz>
Reviewed-by: Peter Hutterer <peter.hutterer at who-t.net>
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
(cherry picked from commit cd285922cdec966825e47220b1182a57abc1ff90)
diff --git a/hw/xwayland/xwayland-input.c b/hw/xwayland/xwayland-input.c
index 0a37f97bd..c220ca2aa 100644
--- a/hw/xwayland/xwayland-input.c
+++ b/hw/xwayland/xwayland-input.c
@@ -37,6 +37,12 @@
#include <misc.h>
#include "tablet-unstable-v2-client-protocol.h"
+struct axis_discrete_pending {
+ struct xorg_list l;
+ uint32_t axis;
+ int32_t discrete;
+};
+
struct sync_pending {
struct xorg_list l;
DeviceIntPtr pending_dev;
@@ -565,6 +571,8 @@ pointer_handle_axis(void *data, struct wl_pointer *pointer,
int index;
const int divisor = 10;
ValuatorMask mask;
+ struct axis_discrete_pending *pending = NULL;
+ struct axis_discrete_pending *iter;
switch (axis) {
case WL_POINTER_AXIS_VERTICAL_SCROLL:
@@ -577,8 +585,22 @@ pointer_handle_axis(void *data, struct wl_pointer *pointer,
return;
}
+ xorg_list_for_each_entry(iter, &xwl_seat->axis_discrete_pending, l) {
+ if (iter->axis == axis) {
+ pending = iter;
+ break;
+ }
+ }
+
valuator_mask_zero(&mask);
- valuator_mask_set_double(&mask, index, wl_fixed_to_double(value) / divisor);
+
+ if (pending) {
+ valuator_mask_set(&mask, index, pending->discrete);
+ xorg_list_del(&pending->l);
+ free(pending);
+ } else {
+ valuator_mask_set_double(&mask, index, wl_fixed_to_double(value) / divisor);
+ }
QueuePointerEvents(xwl_seat->pointer, MotionNotify, 0, POINTER_RELATIVE, &mask);
}
@@ -608,6 +630,16 @@ static void
pointer_handle_axis_discrete(void *data, struct wl_pointer *wl_pointer,
uint32_t axis, int32_t discrete)
{
+ struct xwl_seat *xwl_seat = data;
+
+ struct axis_discrete_pending *pending = malloc(sizeof *pending);
+ if (!pending)
+ return;
+
+ pending->axis = axis;
+ pending->discrete = discrete;
+
+ xorg_list_add(&pending->l, &xwl_seat->axis_discrete_pending);
}
static const struct wl_pointer_listener pointer_listener = {
@@ -1337,6 +1369,7 @@ create_input_device(struct xwl_screen *xwl_screen, uint32_t id, uint32_t version
wl_array_init(&xwl_seat->keys);
xorg_list_init(&xwl_seat->touches);
+ xorg_list_init(&xwl_seat->axis_discrete_pending);
xorg_list_init(&xwl_seat->sync_pending);
}
@@ -1345,6 +1378,7 @@ xwl_seat_destroy(struct xwl_seat *xwl_seat)
{
struct xwl_touch *xwl_touch, *next_xwl_touch;
struct sync_pending *p, *npd;
+ struct axis_discrete_pending *ad, *ad_next;
xorg_list_for_each_entry_safe(xwl_touch, next_xwl_touch,
&xwl_seat->touches, link_touch) {
@@ -1357,6 +1391,11 @@ xwl_seat_destroy(struct xwl_seat *xwl_seat)
free (p);
}
+ xorg_list_for_each_entry_safe(ad, ad_next, &xwl_seat->axis_discrete_pending, l) {
+ xorg_list_del(&ad->l);
+ free(ad);
+ }
+
release_tablet_manager_seat(xwl_seat);
release_grab(xwl_seat);
diff --git a/hw/xwayland/xwayland.h b/hw/xwayland/xwayland.h
index d70ad54bf..1a6e2f380 100644
--- a/hw/xwayland/xwayland.h
+++ b/hw/xwayland/xwayland.h
@@ -272,6 +272,7 @@ struct xwl_seat {
char *keymap;
struct wl_surface *keyboard_focus;
+ struct xorg_list axis_discrete_pending;
struct xorg_list sync_pending;
struct xwl_pointer_warp_emulator *pointer_warp_emulator;
commit cd19a752f8bbc6caae7bf2457c53c850121fe9b7
Author: Jim Qu <Jim.Qu at amd.com>
Date: Mon Aug 27 13:37:38 2018 +0800
modesetting: code refactor for PRIME sync
The X will be crashed on the system with other DDX driver,
such as amdgpu.
show the log like:
randr: falling back to unsynchronized pixmap sharing
(EE)
(EE) Backtrace:
(EE) 0: /usr/lib/xorg/Xorg (xorg_backtrace+0x4e)
(EE) 1: /usr/lib/xorg/Xorg (0x55cb0151a000+0x1b5ce9)
(EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f1587a1d000+0x11390)
(EE)
(EE) Segmentation fault at address 0x0
(EE)
The issue is that modesetting as the master, and amdgpu as the slave.
Thus, when the master attempts to access pSlavePixPriv in ms_dirty_update(),
problems result due to the fact that it's accessing AMD's 'ppriv' using the
modesetting structure definition.
Apart from fixing crash issue, the patch fix other issue in master interface
in which driver should refer to master pixmap.
Signed-off-by: Jim Qu <Jim.Qu at amd.com>
Reviewed-by: Alex Goins <agoins at nvidia.com>
(cherry picked from commit f79e5368512b72bb463925983d265b070261b7aa)
diff --git a/hw/xfree86/drivers/modesetting/driver.c b/hw/xfree86/drivers/modesetting/driver.c
index 9362370c3..792dfb655 100644
--- a/hw/xfree86/drivers/modesetting/driver.c
+++ b/hw/xfree86/drivers/modesetting/driver.c
@@ -640,19 +640,21 @@ ms_dirty_update(ScreenPtr screen, int *timeout)
xorg_list_for_each_entry(ent, &screen->pixmap_dirty_list, ent) {
region = DamageRegion(ent->damage);
if (RegionNotEmpty(region)) {
- msPixmapPrivPtr ppriv =
- msGetPixmapPriv(&ms->drmmode, ent->slave_dst);
+ if (!screen->isGPU) {
+ msPixmapPrivPtr ppriv =
+ msGetPixmapPriv(&ms->drmmode, ent->slave_dst->master_pixmap);
- if (ppriv->notify_on_damage) {
- ppriv->notify_on_damage = FALSE;
+ if (ppriv->notify_on_damage) {
+ ppriv->notify_on_damage = FALSE;
- ent->slave_dst->drawable.pScreen->
- SharedPixmapNotifyDamage(ent->slave_dst);
- }
+ ent->slave_dst->drawable.pScreen->
+ SharedPixmapNotifyDamage(ent->slave_dst);
+ }
- /* Requested manual updating */
- if (ppriv->defer_dirty_update)
- continue;
+ /* Requested manual updating */
+ if (ppriv->defer_dirty_update)
+ continue;
+ }
redisplay_dirty(screen, ent, timeout);
DamageEmpty(ent->damage);
@@ -1251,8 +1253,8 @@ msStartFlippingPixmapTracking(RRCrtcPtr crtc, DrawablePtr src,
ScreenPtr pScreen = src->pScreen;
modesettingPtr ms = modesettingPTR(xf86ScreenToScrn(pScreen));
- msPixmapPrivPtr ppriv1 = msGetPixmapPriv(&ms->drmmode, slave_dst1),
- ppriv2 = msGetPixmapPriv(&ms->drmmode, slave_dst2);
+ msPixmapPrivPtr ppriv1 = msGetPixmapPriv(&ms->drmmode, slave_dst1->master_pixmap),
+ ppriv2 = msGetPixmapPriv(&ms->drmmode, slave_dst2->master_pixmap);
if (!PixmapStartDirtyTracking(src, slave_dst1, x, y,
dst_x, dst_y, rotation)) {
@@ -1280,10 +1282,10 @@ msStartFlippingPixmapTracking(RRCrtcPtr crtc, DrawablePtr src,
static Bool
msPresentSharedPixmap(PixmapPtr slave_dst)
{
- ScreenPtr pScreen = slave_dst->drawable.pScreen;
+ ScreenPtr pScreen = slave_dst->master_pixmap->drawable.pScreen;
modesettingPtr ms = modesettingPTR(xf86ScreenToScrn(pScreen));
- msPixmapPrivPtr ppriv = msGetPixmapPriv(&ms->drmmode, slave_dst);
+ msPixmapPrivPtr ppriv = msGetPixmapPriv(&ms->drmmode, slave_dst->master_pixmap);
RegionPtr region = DamageRegion(ppriv->dirty->damage);
@@ -1304,8 +1306,8 @@ msStopFlippingPixmapTracking(DrawablePtr src,
ScreenPtr pScreen = src->pScreen;
modesettingPtr ms = modesettingPTR(xf86ScreenToScrn(pScreen));
- msPixmapPrivPtr ppriv1 = msGetPixmapPriv(&ms->drmmode, slave_dst1),
- ppriv2 = msGetPixmapPriv(&ms->drmmode, slave_dst2);
+ msPixmapPrivPtr ppriv1 = msGetPixmapPriv(&ms->drmmode, slave_dst1->master_pixmap),
+ ppriv2 = msGetPixmapPriv(&ms->drmmode, slave_dst2->master_pixmap);
Bool ret = TRUE;
@@ -1471,7 +1473,7 @@ msRequestSharedPixmapNotifyDamage(PixmapPtr ppix)
ScrnInfoPtr scrn = xf86ScreenToScrn(screen);
modesettingPtr ms = modesettingPTR(scrn);
- msPixmapPrivPtr ppriv = msGetPixmapPriv(&ms->drmmode, ppix);
+ msPixmapPrivPtr ppriv = msGetPixmapPriv(&ms->drmmode, ppix->master_pixmap);
ppriv->notify_on_damage = TRUE;
commit 5396a4aa084853805a73a2cfbbce156c47573916
Author: Alex Goins <agoins at nvidia.com>
Date: Tue Aug 14 15:05:46 2018 -0500
randr: rrCheckPixmapBounding should only increase screen size
The purpose of rrCheckPixmapBounding() is to make sure that the fb is large
enough to accommodate the region scanned out by a GPU screen. Currently, however,
it will actually shrink the fb if it's larger than it needs to be.
This is a problem when combining PRIME output slaving with arbitrary transforms
with xrandr.
Although arbitrary transforms are not supposed to constrain the size of the fb
(https://lists.freedesktop.org/archives/xorg-devel/2018-January/055563.html),
xrandr will use RRSetScreenSize to resize the desktop to accommodate scaling
transforms, e.g. scaling a 1920x1080 display to 3840x2160 will result in a
desktop size of 3840x2160.
In the case of PRIME, rrCheckPixmapBounding() will be called after
RRSetScreenSize() and it will resize the fb back down to what it would be
without the scaling transform, e.g. 1920x1080. This represents divergence in
behavior between PRIME and non-PRIME outputs.
I had originally made rrCheckPixmapBounding() account for arbitrary transforms,
but realized that the fb being large enough to accommodate arbitrary transforms
is not a hard requirement enforced in the server. Instead, this change simply
makes it so that rrCheckPixmapBounding() will only resize the fb to be larger
than it already is, preventing it from stepping on prior requests to increase
the size of the fb.
Signed-off-by: Alex Goins <agoins at nvidia.com>
Reviewed-by: Keith Packard <keithp at keithp.com>
Reviewed-by: Michel Dänzer <michel.daenzer at amd.com>
(cherry picked from commit a90f33721eba7f2dbde4a7278f1a213d696c85e9)
diff --git a/randr/rrcrtc.c b/randr/rrcrtc.c
index 5d9026266..a851aebcc 100644
--- a/randr/rrcrtc.c
+++ b/randr/rrcrtc.c
@@ -702,8 +702,8 @@ rrCheckPixmapBounding(ScreenPtr pScreen,
if (new_height < screen_pixmap->drawable.height)
new_height = screen_pixmap->drawable.height;
- if (new_width == screen_pixmap->drawable.width &&
- new_height == screen_pixmap->drawable.height) {
+ if (new_width <= screen_pixmap->drawable.width &&
+ new_height <= screen_pixmap->drawable.height) {
} else {
pScrPriv->rrScreenSetSize(pScreen, new_width, new_height, 0, 0);
}
commit 051a0efc5c28fb4be1199d73d59e0e4d329b1144
Author: Peter Hutterer <peter.hutterer at who-t.net>
Date: Wed Aug 8 15:22:41 2018 +1000
dix: check_modmap_change() returns Success, not true
Not sure what if anything calls XSetDeviceModifierMapping() but this would've
failed all the time. check_modmap_change() returns Success but we were
treating it like a boolean. Fix this.
Reported-by: Adam Jackson <ajax at redhat.com>
Signed-off-by: Peter Hutterer <peter.hutterer at who-t.net>
Reviewed-by: Keith Packard <keithp at keithp.com>
(cherry picked from commit 4fe02b8da3ca58500f7e6e017e388907cf4a8b73)
diff --git a/dix/inpututils.c b/dix/inpututils.c
index 6bff9efab..c51c83547 100644
--- a/dix/inpututils.c
+++ b/dix/inpututils.c
@@ -282,7 +282,7 @@ change_modmap(ClientPtr client, DeviceIntPtr dev, KeyCode *modkeymap,
else if (!IsFloating(dev) &&
GetMaster(dev, MASTER_KEYBOARD)->lastSlave == dev) {
/* If this fails, expect the results to be weird. */
- if (check_modmap_change(client, dev->master, modmap))
+ if (check_modmap_change(client, dev->master, modmap) == Success)
do_modmap_change(client, dev->master, modmap);
}
More information about the xorg-commit
mailing list