Instead of directly accessing the global screenInfo.screens[] array,
let everybody go through a little inline helper. This one also checks
for array bounds - if the screen doesn't exist, return NULL.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
these symbols aren't used by any external drivers (not even proprietary
Nvidia), so no need to keep them exported any longer:
* present_check_flips
* present_register_complete_notify
* present_can_window_flip
* uint32_t FakeScreenFps
Since it's not any *effective* ABI change, can go into current ABI-25 line.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Move functions/macros dealing with request parsing or reply assembly/write
out of the big dix_priv.h into their own headers. This new header will also
get more of those function/macros soon (yet still in the pipeline).
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Retrieves the ClientPtr for the owner of given resource.
This way reducing the sites directly accessing clients[] array.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Make it type-safe and a bit more obvious what it really does,
also adding some inline documentation. Since it's just some
bit shifting magic, it's qualified for inlining.
The CLIENT_ID() macro isn't used by any external modules, so the
new function doesn't need to be in a public header.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
| ../glx/glxcmds.c: In function ‘xorgGlxMakeCurrent’:
| ../glx/glxcmds.c:621:24: warning: use of uninitialized value ‘status’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
| 621 | return status;
| | ^~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
If this ever happens, we clearly have a bug, so print out proper warning,
instead of silently crashing the Xserver.
| ../glx/glxcmds.c: In function ‘validGlxFBConfigForWindow’:
| ../glx/glxcmds.c:127:16: warning: dereference of NULL ‘pVisual’ [CWE-476] [-Wanalyzer-null-dereference]
| 127 | if (pVisual->class != glxConvertToXVisualType(config->visualType) ||
| | ~~~~~~~^~~~~~~
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
The reply length (in units as well as bytes) can safely be determined
at compile time, by using sizeof() operator. No need for unnecessarily
complicated shifting bits back and forth.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1665>
The spec defines the reply as array of "CARD32", not "int". The latter
just accidentially has the same type (for now :o), but it's *semantically*
incorrect. Using CARD32 instead.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1665>
Our array here really is fixed, but it's size is determined by a variable
(that's assigned a fix values), unncessarily making it a VLA (even making
it const doesn't change that), so giving false alarms when compiling w/
-Wvla or -Werror=vla.
Replacing the variable by #define trivially fixes this.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1665>
The reply struct's size can safely be determined by the sizeof()
operator, so no need for using an extra define here. Making the code
easier to read and also open the door for future convenience macros
that might determine the buffer size on their own.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1665>
The symbol controls whether to include dix-config.h, and it's always set,
thus we don't need it (and dozens of ifdef's) anymore.
This commit only removes them from our own source files, where we can
guarantee that dix-config.h is present - leaving the (potentially exported)
headers untouched.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Since we already had to rename some of them, in order to fix name clashes
on win32, it's now time to rename all the remaining ones.
The old ones are still present as define's to the new ones, just for
backwards compatibility.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1355>
Windows' native headers using some our RT_* define's names for other things.
Since the naming isn't very nice anyways, introducing some new ones
(X11_RESTYPE_NONE, X11_RESTYPE_FONT, X11_RESTYPE_CURSOR) and define the old
ones as an alias to them, in case some out-of-tree code still uses them.
With thins change, we don't need to be so extremely careful about include
ordering and have explicit #undef's in order to prevent name clashes on
Win32 targets.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Part-of: <https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1355>
The XSELINUX code will label resources at creation by checking the
access mode. When the access mode is DixCreateAccess, it will call the
function to label the new resource SELinuxLabelResource().
However, GLX buffers do not go through the XACE hooks when created,
hence leaving the resource actually unlabeled.
When, later, the client tries to create another resource using that
drawable (like a GC for example), the XSELINUX code would try to use
the security ID of that object which has never been labeled, get a NULL
pointer and crash when checking whether the requested permissions are
granted for subject security ID.
To avoid the issue, make sure to call the XACE hooks when creating the
GLX buffers.
Credit goes to Donn Seeley <donn@xmission.com> for providing the patch.
CVE-2024-0408
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Acked-by: Peter Hutterer <peter.hutterer@who-t.net>
The fix from commit c468d34c7 - "glx: Set ContextTag for all contexts"
is actually incomplete, it correctly sets the context tag for direct
contexts as well, but would fail to mark the context's currentClient.
As a result, when the context is destroyed, it would be freed
immediately rather than being just scheduled for deletion, even though
it is still current for some client. leading to a use-after-free.
Make sure to also set the context's currentClient for direct contexts as
well, not just indirect ones.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Fixes: c468d34c7 - "glx: Set ContextTag for all contexts"
Closes: https://gitlab.freedesktop.org/xorg/xserver/-/issues/1186
Reviewed-by: Adam Jackson <ajax@redhat.com>
Currently, xorgGlxMakeCurrent() would set the context tag only for
indirect GLX contexts.
However, several other places expect to find a context for the tag or
they would raise a GLXBadContextTag error, such as WaitGL() or WaitX().
Set the context tag for direct contexts as well, to avoid raising an
error and possibly killing the client.
Thanks to Erik Kurzinger <ekurzinger@nvidia.com> for spotting the issue.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
If a GLXMakeCurrent request specifies an X window as its drawable,
__glXGetDrawable will implicitly create a GLXWindow for it. However,
the client may have already explicitly created a GLXWindow for that X
window. If that happens, two __glXDrawableRes resources will be added
to the window.
If the explicitly-created GLXWindow is later destroyed by the client,
DrawableGone will call FreeResourceByType on the X window, but this
will actually free the resource for the implicitly-created GLXWindow,
since that one would be at the head of the list.
Then if the X window is destroyed after that, the resource for the
explicitly-created GLXWindow will be freed. But that GLXWindow was
already destroyed above. This crashes the server when it tries to call
the destroyed GLXWindow's destructor. It also means the
implicitly-created GLXWindow would have been leaked since the
FreeResourceByType call mentioned above skips calling the destructor.
To fix this, if __glXGetDrawable is given an X window, it should check
if there is already a GLXWindow associated with it, and only create an
implicit one if there is not.
Signed-off-by: Erik Kurzinger <ekurzinger@nvidia.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Querying the GLX_RENDER_TYPE of a GLX context via glXQueryContext will
currently return the render type of the context's FB config, which is
a bitmask of GLX_RGBA_BIT / GLX_COLOR_INDEX_BIT / ... values. However,
this query should really return the render type that was specified
when creating the context, which is one of GLX_RGBA_TYPE /
GLX_COLOR_INDEX_TYPE / .... To enable this, save the render type when
creating a new context (defaulting to GLX_RGBA_TYPE if unspecified),
and then include this value in the context attributes sent to clients.
Trivial extension to let the client query whether this is a window
pixmap or pbuffer. Mostly for Mesa's convenience when setting up
drawable state, but plausibly useful for apps and middleware as well.
Upstream OpenGL Registry merge request:
https://github.com/KhronosGroup/OpenGL-Registry/pull/425
Most (but not all) of these were found by using
codespell --builtin clear,rare,usage,informal,code,names
but not everything reported by that was fixed.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
The GLX_ARB_create_context path (with which this should all get unified,
someday, sigh) already enforces this, but the classic path does not.
It's effectively assumed by the implementation anyway, so let's enforce
it rather than do crashy things.
Reviewed-by: Michel Dänzer <mdaenzer@redhat.com>
Signed-off-by: Adam Jackson <ajax@redhat.com>
vnd has already verified that the context tag is valid before this gets
called, and we only set the context tag private data to non-null for
indirect clients. Mesa happens to be buggy and doesn't send MakeCurrent
requests nearly as much as it should for direct contexts, but if you fix
that, then unbinding a direct context would fail here with
GLXBadContextTag.
Sadly Mesa will still need to carry a workaround here for broken
servers, but we should still fix the server.
glxc->drawPriv will be NULL if the context is direct, or if it is
current but without a bound drawable. Mesa's libGL won't normally emit
protocol for direct contexts for these calls, but a malign client could
still crash the server.
There's no reason a multithreaded client shouldn't be allowed to
interleave other requests (for other contexts) with a RenderLarge. Move
the check into __glXForceCurrent, and store the state in the context not
the client.
Signed-off-by: Adam Jackson <ajax@redhat.com>
The big change here is MakeCurrent and context tag tracking. We now
delegate context tags entirely to the vnd layer, and simply store a
pointer to the context state as the tag data. If a context is deleted
while it's current, we allocate a fake ID for the context and move the
context state there, so the tag data still points to a real context. As
a result we can stop trying so hard to detach the client from contexts
at disconnect time and just let resource destruction handle it.
Since vnd handles all the MakeCurrent protocol now, our request handlers
for it can just be return BadImplementation. We also remove a bunch of
LEGAL_NEW_RESOURCE, because now by the time we're called vnd has already
allocated its tracking resource on that XID.
v2: Update to match v2 of the vnd import, and remove more redundant work
like request length checks.
v3: Add/remove the XID map from the vendor private thunk, not the
backend. (Kyle Brenneman)
v4: Fix deletion of ghost contexts (Kyle Brenneman)
Signed-off-by: Adam Jackson <ajax@redhat.com>
This really just wants to be the list of disable booleans and
initialization functions, and nothing else. Stop including the protocol
headers from extinit.h, remove a stray mention of xgl, and move an
XInput declaration to a better place.
v2: A bunch of drivers assume they'll get the DPMS tokens implicitly,
so add it to globals.h.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Only enabled for the DRI backends at the moment. In principle WGL/CGL
could support this - it's sort of implied by GL 3.0 support - but in
practice their implementations back GLX drawables with native drawables
(and not anonymous FBOs), so they would need either a corresponding
window system binding extension or significant implementation work.
v2: Require that the two screen numbers match, per v4 of spec.
Khronos: https://github.com/KhronosGroup/OpenGL-Registry/pull/102
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Any proper (GLX 1.3) drawable will already have a bound config, but if
we're doing the GLX 1.2 thing of making a Window current, we need to
infer the config from the window's Visual.
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Just never filled in, oops. Seems to have gone unnoticed because
normally glXQueryContext simply returns the values filled in by the
client library when the context was created. The only path by which you
normally get to a GLXQueryContext request is glXImportContext, and then
only if the context is already indirect.
However, that's a statement about Mesa's libGL (and anything else that
inherited that bit of the SGI SI more or less intact). Nothing prevents
a mischeivous client from issuing that request of a direct context, and
if they did we'd be in trouble because we never bothered to preserve the
associated fbconfig in the context state, so we'd crash looking up
GLX_VISUAL_ID_EXT. So let's fix that too.
v2: Fixed missing preservation of the config in DRI2 (Eric Anholt)
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
If the context is direct none of the GL commands were issued by this
process, the server couldn't flush them even if it wanted to.
v2: Fix embarassingly obvious boolean inversion (Michel Dänzer)
Signed-off-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
