1 /*
2 * Copyright © 2008 Kristian Høgsberg
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice (including the
13 * next paragraph) shall be included in all copies or substantial
14 * portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
20 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
21 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE.
24 *
25 * Authors:
26 * Kristian Høgsberg <krh@bitplanet.net>
27 * Benjamin Franzke <benjaminfranzke@googlemail.com>
28 *
29 */
30
31 #ifndef _GNU_SOURCE
32 #define _GNU_SOURCE
33 #endif
34
35 #include "config.h"
36
37 #include <stdbool.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <stdint.h>
41 #include <string.h>
42 #include <sys/mman.h>
43 #include <unistd.h>
44 #include <assert.h>
45 #include <signal.h>
46 #include <pthread.h>
47 #include <errno.h>
48 #include <fcntl.h>
49
50 #include "wayland-util.h"
51 #include "wayland-private.h"
52 #include "wayland-server.h"
53
54 /* This once_t is used to synchronize installing the SIGBUS handler
55 * and creating the TLS key. This will be done in the first call
56 * wl_shm_buffer_begin_access which can happen from any thread */
57 static pthread_once_t wl_shm_sigbus_once = PTHREAD_ONCE_INIT;
58 static pthread_key_t wl_shm_sigbus_data_key;
59 static struct sigaction wl_shm_old_sigbus_action;
60
61 struct wl_shm_pool {
62 struct wl_resource *resource;
63 int internal_refcount;
64 int external_refcount;
65 char *data;
66 int32_t size;
67 int32_t new_size;
68 bool sigbus_is_impossible;
69 };
70
71 struct wl_shm_buffer {
72 struct wl_resource *resource;
73 int32_t width, height;
74 int32_t stride;
75 uint32_t format;
76 int offset;
77 struct wl_shm_pool *pool;
78 };
79
80 struct wl_shm_sigbus_data {
81 struct wl_shm_pool *current_pool;
82 int access_count;
83 int fallback_mapping_used;
84 };
85
86 static void
shm_pool_finish_resize(struct wl_shm_pool * pool)87 shm_pool_finish_resize(struct wl_shm_pool *pool)
88 {
89 void *data;
90
91 if (pool->size == pool->new_size)
92 return;
93
94 data = mremap(pool->data, pool->size, pool->new_size, MREMAP_MAYMOVE);
95 if (data == MAP_FAILED) {
96 wl_resource_post_error(pool->resource,
97 WL_SHM_ERROR_INVALID_FD,
98 "failed mremap");
99 return;
100 }
101
102 pool->data = data;
103 pool->size = pool->new_size;
104 }
105
106 static void
shm_pool_unref(struct wl_shm_pool * pool,bool external)107 shm_pool_unref(struct wl_shm_pool *pool, bool external)
108 {
109 if (external) {
110 pool->external_refcount--;
111 if (pool->external_refcount == 0)
112 shm_pool_finish_resize(pool);
113 } else {
114 pool->internal_refcount--;
115 }
116
117 if (pool->internal_refcount + pool->external_refcount)
118 return;
119
120 munmap(pool->data, pool->size);
121 free(pool);
122 }
123
124 static void
destroy_buffer(struct wl_resource * resource)125 destroy_buffer(struct wl_resource *resource)
126 {
127 struct wl_shm_buffer *buffer = wl_resource_get_user_data(resource);
128
129 if (buffer->pool)
130 shm_pool_unref(buffer->pool, false);
131 free(buffer);
132 }
133
134 static void
shm_buffer_destroy(struct wl_client * client,struct wl_resource * resource)135 shm_buffer_destroy(struct wl_client *client, struct wl_resource *resource)
136 {
137 wl_resource_destroy(resource);
138 }
139
140 static const struct wl_buffer_interface shm_buffer_interface = {
141 shm_buffer_destroy
142 };
143
144 static bool
format_is_supported(struct wl_client * client,uint32_t format)145 format_is_supported(struct wl_client *client, uint32_t format)
146 {
147 struct wl_display *display = wl_client_get_display(client);
148 struct wl_array *formats;
149 uint32_t *p;
150
151 switch (format) {
152 case WL_SHM_FORMAT_ARGB8888:
153 case WL_SHM_FORMAT_XRGB8888:
154 return true;
155 default:
156 formats = wl_display_get_additional_shm_formats(display);
157 wl_array_for_each(p, formats)
158 if (*p == format)
159 return true;
160 }
161
162 return false;
163 }
164
165 static void
shm_pool_create_buffer(struct wl_client * client,struct wl_resource * resource,uint32_t id,int32_t offset,int32_t width,int32_t height,int32_t stride,uint32_t format)166 shm_pool_create_buffer(struct wl_client *client, struct wl_resource *resource,
167 uint32_t id, int32_t offset,
168 int32_t width, int32_t height,
169 int32_t stride, uint32_t format)
170 {
171 struct wl_shm_pool *pool = wl_resource_get_user_data(resource);
172 struct wl_shm_buffer *buffer;
173
174 if (!format_is_supported(client, format)) {
175 wl_resource_post_error(resource,
176 WL_SHM_ERROR_INVALID_FORMAT,
177 "invalid format 0x%x", format);
178 return;
179 }
180
181 if (offset < 0 || width <= 0 || height <= 0 || stride < width ||
182 INT32_MAX / stride <= height ||
183 offset > pool->size - stride * height) {
184 wl_resource_post_error(resource,
185 WL_SHM_ERROR_INVALID_STRIDE,
186 "invalid width, height or stride (%dx%d, %u)",
187 width, height, stride);
188 return;
189 }
190
191 buffer = malloc(sizeof *buffer);
192 if (buffer == NULL) {
193 wl_client_post_no_memory(client);
194 return;
195 }
196
197 buffer->width = width;
198 buffer->height = height;
199 buffer->format = format;
200 buffer->stride = stride;
201 buffer->offset = offset;
202 buffer->pool = pool;
203 pool->internal_refcount++;
204
205 buffer->resource =
206 wl_resource_create(client, &wl_buffer_interface, 1, id);
207 if (buffer->resource == NULL) {
208 wl_client_post_no_memory(client);
209 shm_pool_unref(pool, false);
210 free(buffer);
211 return;
212 }
213
214 wl_resource_set_implementation(buffer->resource,
215 &shm_buffer_interface,
216 buffer, destroy_buffer);
217 }
218
219 static void
destroy_pool(struct wl_resource * resource)220 destroy_pool(struct wl_resource *resource)
221 {
222 struct wl_shm_pool *pool = wl_resource_get_user_data(resource);
223
224 shm_pool_unref(pool, false);
225 }
226
227 static void
shm_pool_destroy(struct wl_client * client,struct wl_resource * resource)228 shm_pool_destroy(struct wl_client *client, struct wl_resource *resource)
229 {
230 wl_resource_destroy(resource);
231 }
232
233 static void
shm_pool_resize(struct wl_client * client,struct wl_resource * resource,int32_t size)234 shm_pool_resize(struct wl_client *client, struct wl_resource *resource,
235 int32_t size)
236 {
237 struct wl_shm_pool *pool = wl_resource_get_user_data(resource);
238
239 if (size < pool->size) {
240 wl_resource_post_error(resource,
241 WL_SHM_ERROR_INVALID_FD,
242 "shrinking pool invalid");
243 return;
244 }
245
246 pool->new_size = size;
247
248 /* If the compositor has taken references on this pool it
249 * may be caching pointers into it. In that case we
250 * defer the resize (which may move the entire mapping)
251 * until the compositor finishes dereferencing the pool.
252 */
253 if (pool->external_refcount == 0)
254 shm_pool_finish_resize(pool);
255 }
256
257 static const struct wl_shm_pool_interface shm_pool_interface = {
258 shm_pool_create_buffer,
259 shm_pool_destroy,
260 shm_pool_resize
261 };
262
263 static void
shm_create_pool(struct wl_client * client,struct wl_resource * resource,uint32_t id,int fd,int32_t size)264 shm_create_pool(struct wl_client *client, struct wl_resource *resource,
265 uint32_t id, int fd, int32_t size)
266 {
267 struct wl_shm_pool *pool;
268 int seals;
269
270 if (size <= 0) {
271 wl_resource_post_error(resource,
272 WL_SHM_ERROR_INVALID_STRIDE,
273 "invalid size (%d)", size);
274 goto err_close;
275 }
276
277 pool = malloc(sizeof *pool);
278 if (pool == NULL) {
279 wl_client_post_no_memory(client);
280 goto err_close;
281 }
282
283 #ifdef HAVE_MEMFD_CREATE
284 seals = fcntl(fd, F_GET_SEALS);
285 if (seals == -1)
286 seals = 0;
287 pool->sigbus_is_impossible = (seals & F_SEAL_SHRINK) ? true : false;
288 #else
289 pool->sigbus_is_impossible = false;
290 #endif
291
292 pool->internal_refcount = 1;
293 pool->external_refcount = 0;
294 pool->size = size;
295 pool->new_size = size;
296 pool->data = mmap(NULL, size,
297 PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
298 if (pool->data == MAP_FAILED) {
299 wl_resource_post_error(resource,
300 WL_SHM_ERROR_INVALID_FD,
301 "failed mmap fd %d: %s", fd,
302 strerror(errno));
303 goto err_free;
304 }
305 close(fd);
306
307 pool->resource =
308 wl_resource_create(client, &wl_shm_pool_interface, 1, id);
309 if (!pool->resource) {
310 wl_client_post_no_memory(client);
311 munmap(pool->data, pool->size);
312 free(pool);
313 return;
314 }
315
316 wl_resource_set_implementation(pool->resource,
317 &shm_pool_interface,
318 pool, destroy_pool);
319
320 return;
321
322 err_free:
323 free(pool);
324 err_close:
325 close(fd);
326 }
327
328 static const struct wl_shm_interface shm_interface = {
329 shm_create_pool
330 };
331
332 static void
bind_shm(struct wl_client * client,void * data,uint32_t version,uint32_t id)333 bind_shm(struct wl_client *client,
334 void *data, uint32_t version, uint32_t id)
335 {
336 struct wl_resource *resource;
337 struct wl_display *display = wl_client_get_display(client);
338 struct wl_array *additional_formats;
339 uint32_t *p;
340
341 resource = wl_resource_create(client, &wl_shm_interface, 1, id);
342 if (!resource) {
343 wl_client_post_no_memory(client);
344 return;
345 }
346
347 wl_resource_set_implementation(resource, &shm_interface, data, NULL);
348
349 wl_shm_send_format(resource, WL_SHM_FORMAT_ARGB8888);
350 wl_shm_send_format(resource, WL_SHM_FORMAT_XRGB8888);
351
352 additional_formats = wl_display_get_additional_shm_formats(display);
353 wl_array_for_each(p, additional_formats)
354 wl_shm_send_format(resource, *p);
355 }
356
357 WL_EXPORT int
wl_display_init_shm(struct wl_display * display)358 wl_display_init_shm(struct wl_display *display)
359 {
360 if (!wl_global_create(display, &wl_shm_interface, 1, NULL, bind_shm))
361 return -1;
362
363 return 0;
364 }
365
366 WL_EXPORT struct wl_shm_buffer *
wl_shm_buffer_get(struct wl_resource * resource)367 wl_shm_buffer_get(struct wl_resource *resource)
368 {
369 if (resource == NULL)
370 return NULL;
371
372 if (wl_resource_instance_of(resource, &wl_buffer_interface,
373 &shm_buffer_interface))
374 return wl_resource_get_user_data(resource);
375 else
376 return NULL;
377 }
378
379 WL_EXPORT int32_t
wl_shm_buffer_get_stride(struct wl_shm_buffer * buffer)380 wl_shm_buffer_get_stride(struct wl_shm_buffer *buffer)
381 {
382 return buffer->stride;
383 }
384
385
386 /** Get a pointer to the memory for the SHM buffer
387 *
388 * \param buffer The buffer object
389 *
390 * Returns a pointer which can be used to read the data contained in
391 * the given SHM buffer.
392 *
393 * As this buffer is memory-mapped, reading from it may generate
394 * SIGBUS signals. This can happen if the client claims that the
395 * buffer is larger than it is or if something truncates the
396 * underlying file. To prevent this signal from causing the compositor
397 * to crash you should call wl_shm_buffer_begin_access and
398 * wl_shm_buffer_end_access around code that reads from the memory.
399 *
400 * \memberof wl_shm_buffer
401 */
402 WL_EXPORT void *
wl_shm_buffer_get_data(struct wl_shm_buffer * buffer)403 wl_shm_buffer_get_data(struct wl_shm_buffer *buffer)
404 {
405 assert(buffer->pool);
406
407 if (!buffer->pool)
408 return NULL;
409
410 if (buffer->pool->external_refcount &&
411 (buffer->pool->size != buffer->pool->new_size))
412 wl_log("Buffer address requested when its parent pool "
413 "has an external reference and a deferred resize "
414 "pending.\n");
415 return buffer->pool->data + buffer->offset;
416 }
417
418 WL_EXPORT uint32_t
wl_shm_buffer_get_format(struct wl_shm_buffer * buffer)419 wl_shm_buffer_get_format(struct wl_shm_buffer *buffer)
420 {
421 return buffer->format;
422 }
423
424 WL_EXPORT int32_t
wl_shm_buffer_get_width(struct wl_shm_buffer * buffer)425 wl_shm_buffer_get_width(struct wl_shm_buffer *buffer)
426 {
427 return buffer->width;
428 }
429
430 WL_EXPORT int32_t
wl_shm_buffer_get_height(struct wl_shm_buffer * buffer)431 wl_shm_buffer_get_height(struct wl_shm_buffer *buffer)
432 {
433 return buffer->height;
434 }
435
436 /** Get a reference to a shm_buffer's shm_pool
437 *
438 * \param buffer The buffer object
439 *
440 * Returns a pointer to a buffer's shm_pool and increases the
441 * shm_pool refcount.
442 *
443 * The compositor must remember to call wl_shm_pool_unref when
444 * it no longer needs the reference to ensure proper destruction
445 * of the pool.
446 *
447 * \memberof wl_shm_buffer
448 * \sa wl_shm_pool_unref
449 */
450 WL_EXPORT struct wl_shm_pool *
wl_shm_buffer_ref_pool(struct wl_shm_buffer * buffer)451 wl_shm_buffer_ref_pool(struct wl_shm_buffer *buffer)
452 {
453 assert(buffer->pool->internal_refcount +
454 buffer->pool->external_refcount);
455
456 buffer->pool->external_refcount++;
457 return buffer->pool;
458 }
459
460 /** Unreference a shm_pool
461 *
462 * \param pool The pool object
463 *
464 * Drops a reference to a wl_shm_pool object.
465 *
466 * This is only necessary if the compositor has explicitly
467 * taken a reference with wl_shm_buffer_ref_pool(), otherwise
468 * the pool will be automatically destroyed when appropriate.
469 *
470 * \memberof wl_shm_pool
471 * \sa wl_shm_buffer_ref_pool
472 */
473 WL_EXPORT void
wl_shm_pool_unref(struct wl_shm_pool * pool)474 wl_shm_pool_unref(struct wl_shm_pool *pool)
475 {
476 shm_pool_unref(pool, true);
477 }
478
479 static void
reraise_sigbus(void)480 reraise_sigbus(void)
481 {
482 /* If SIGBUS is raised for some other reason than accessing
483 * the pool then we'll uninstall the signal handler so we can
484 * reraise it. This would presumably kill the process */
485 sigaction(SIGBUS, &wl_shm_old_sigbus_action, NULL);
486 raise(SIGBUS);
487 }
488
489 static void
sigbus_handler(int signum,siginfo_t * info,void * context)490 sigbus_handler(int signum, siginfo_t *info, void *context)
491 {
492 struct wl_shm_sigbus_data *sigbus_data =
493 pthread_getspecific(wl_shm_sigbus_data_key);
494 struct wl_shm_pool *pool;
495
496 if (sigbus_data == NULL) {
497 reraise_sigbus();
498 return;
499 }
500
501 pool = sigbus_data->current_pool;
502
503 /* If the offending address is outside the mapped space for
504 * the pool then the error is a real problem so we'll reraise
505 * the signal */
506 if (pool == NULL ||
507 (char *) info->si_addr < pool->data ||
508 (char *) info->si_addr >= pool->data + pool->size) {
509 reraise_sigbus();
510 return;
511 }
512
513 sigbus_data->fallback_mapping_used = 1;
514
515 /* This should replace the previous mapping */
516 if (mmap(pool->data, pool->size,
517 PROT_READ | PROT_WRITE,
518 MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS,
519 0, 0) == (void *) -1) {
520 reraise_sigbus();
521 return;
522 }
523 }
524
525 static void
destroy_sigbus_data(void * data)526 destroy_sigbus_data(void *data)
527 {
528 struct wl_shm_sigbus_data *sigbus_data = data;
529
530 free(sigbus_data);
531 }
532
533 static void
init_sigbus_data_key(void)534 init_sigbus_data_key(void)
535 {
536 struct sigaction new_action = {
537 .sa_sigaction = sigbus_handler,
538 .sa_flags = SA_SIGINFO | SA_NODEFER
539 };
540
541 sigemptyset(&new_action.sa_mask);
542
543 sigaction(SIGBUS, &new_action, &wl_shm_old_sigbus_action);
544
545 pthread_key_create(&wl_shm_sigbus_data_key, destroy_sigbus_data);
546 }
547
548 /** Mark that the given SHM buffer is about to be accessed
549 *
550 * \param buffer The SHM buffer
551 *
552 * An SHM buffer is a memory-mapped file given by the client.
553 * According to POSIX, reading from a memory-mapped region that
554 * extends off the end of the file will cause a SIGBUS signal to be
555 * generated. Normally this would cause the compositor to terminate.
556 * In order to make the compositor robust against clients that change
557 * the size of the underlying file or lie about its size, you should
558 * protect access to the buffer by calling this function before
559 * reading from the memory and call wl_shm_buffer_end_access
560 * afterwards. This will install a signal handler for SIGBUS which
561 * will prevent the compositor from crashing.
562 *
563 * After calling this function the signal handler will remain
564 * installed for the lifetime of the compositor process. Note that
565 * this function will not work properly if the compositor is also
566 * installing its own handler for SIGBUS.
567 *
568 * If a SIGBUS signal is received for an address within the range of
569 * the SHM pool of the given buffer then the client will be sent an
570 * error event when wl_shm_buffer_end_access is called. If the signal
571 * is for an address outside that range then the signal handler will
572 * reraise the signal which would will likely cause the compositor to
573 * terminate.
574 *
575 * It is safe to nest calls to these functions as long as the nested
576 * calls are all accessing the same buffer. The number of calls to
577 * wl_shm_buffer_end_access must match the number of calls to
578 * wl_shm_buffer_begin_access. These functions are thread-safe and it
579 * is allowed to simultaneously access different buffers or the same
580 * buffer from multiple threads.
581 *
582 * \memberof wl_shm_buffer
583 */
584 WL_EXPORT void
wl_shm_buffer_begin_access(struct wl_shm_buffer * buffer)585 wl_shm_buffer_begin_access(struct wl_shm_buffer *buffer)
586 {
587 struct wl_shm_pool *pool = buffer->pool;
588 struct wl_shm_sigbus_data *sigbus_data;
589
590 if (pool->sigbus_is_impossible)
591 return;
592
593 pthread_once(&wl_shm_sigbus_once, init_sigbus_data_key);
594
595 sigbus_data = pthread_getspecific(wl_shm_sigbus_data_key);
596 if (sigbus_data == NULL) {
597 sigbus_data = zalloc(sizeof *sigbus_data);
598 if (sigbus_data == NULL)
599 return;
600
601 pthread_setspecific(wl_shm_sigbus_data_key, sigbus_data);
602 }
603
604 assert(sigbus_data->current_pool == NULL ||
605 sigbus_data->current_pool == pool);
606
607 sigbus_data->current_pool = pool;
608 sigbus_data->access_count++;
609 }
610
611 /** Ends the access to a buffer started by wl_shm_buffer_begin_access
612 *
613 * \param buffer The SHM buffer
614 *
615 * This should be called after wl_shm_buffer_begin_access once the
616 * buffer is no longer being accessed. If a SIGBUS signal was
617 * generated in-between these two calls then the resource for the
618 * given buffer will be sent an error.
619 *
620 * \memberof wl_shm_buffer
621 */
622 WL_EXPORT void
wl_shm_buffer_end_access(struct wl_shm_buffer * buffer)623 wl_shm_buffer_end_access(struct wl_shm_buffer *buffer)
624 {
625 struct wl_shm_pool *pool = buffer->pool;
626 struct wl_shm_sigbus_data *sigbus_data;
627
628 if (pool->sigbus_is_impossible)
629 return;
630
631 sigbus_data = pthread_getspecific(wl_shm_sigbus_data_key);
632 assert(sigbus_data && sigbus_data->access_count >= 1);
633
634 if (--sigbus_data->access_count == 0) {
635 if (sigbus_data->fallback_mapping_used) {
636 wl_resource_post_error(buffer->resource,
637 WL_SHM_ERROR_INVALID_FD,
638 "error accessing SHM buffer");
639 sigbus_data->fallback_mapping_used = 0;
640 }
641
642 sigbus_data->current_pool = NULL;
643 }
644 }
645
646 /** \cond */ /* Deprecated functions below. */
647
648 WL_EXPORT struct wl_shm_buffer *
wl_shm_buffer_create(struct wl_client * client,uint32_t id,int32_t width,int32_t height,int32_t stride,uint32_t format)649 wl_shm_buffer_create(struct wl_client *client,
650 uint32_t id, int32_t width, int32_t height,
651 int32_t stride, uint32_t format)
652 {
653 return NULL;
654 }
655
656 /** \endcond */
657
658 /* Functions at the end of this file are deprecated. Instead of adding new
659 * code here, add it before the comment above that states:
660 * Deprecated functions below.
661 */
662