1 /*
2 * Copyright © 2008 Kristian Høgsberg
3 * Copyright © 2013 Jason Ekstrand
4 *
5 * Permission is hereby granted, free of charge, to any person obtaining
6 * a copy of this software and associated documentation files (the
7 * "Software"), to deal in the Software without restriction, including
8 * without limitation the rights to use, copy, modify, merge, publish,
9 * distribute, sublicense, and/or sell copies of the Software, and to
10 * permit persons to whom the Software is furnished to do so, subject to
11 * the following conditions:
12 *
13 * The above copyright notice and this permission notice (including the
14 * next paragraph) shall be included in all copies or substantial
15 * portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
21 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
22 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
23 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24 * SOFTWARE.
25 */
26
27 #define _GNU_SOURCE
28
29 #include <math.h>
30 #include <stdlib.h>
31 #include <stdint.h>
32 #include <string.h>
33 #include <stdio.h>
34 #include <errno.h>
35 #include <sys/uio.h>
36 #include <fcntl.h>
37 #include <unistd.h>
38 #include <sys/types.h>
39 #include <sys/socket.h>
40 #include <time.h>
41 #include <ffi.h>
42
43 #include "wayland-util.h"
44 #include "wayland-private.h"
45 #include "wayland-os.h"
46
47 static inline uint32_t
div_roundup(uint32_t n,size_t a)48 div_roundup(uint32_t n, size_t a)
49 {
50 /* The cast to uint64_t is necessary to prevent overflow when rounding
51 * values close to UINT32_MAX. After the division it is again safe to
52 * cast back to uint32_t.
53 */
54 return (uint32_t) (((uint64_t) n + (a - 1)) / a);
55 }
56
57 struct wl_ring_buffer {
58 char data[4096];
59 uint32_t head, tail;
60 };
61
62 #define MASK(i) ((i) & 4095)
63
64 #define MAX_FDS_OUT 28
65 #define CLEN (CMSG_LEN(MAX_FDS_OUT * sizeof(int32_t)))
66
67 struct wl_connection {
68 struct wl_ring_buffer in, out;
69 struct wl_ring_buffer fds_in, fds_out;
70 int fd;
71 int want_flush;
72 };
73
74 static int
ring_buffer_put(struct wl_ring_buffer * b,const void * data,size_t count)75 ring_buffer_put(struct wl_ring_buffer *b, const void *data, size_t count)
76 {
77 uint32_t head, size;
78
79 if (count > sizeof(b->data)) {
80 wl_log("Data too big for buffer (%d > %d).\n",
81 count, sizeof(b->data));
82 errno = E2BIG;
83 return -1;
84 }
85
86 head = MASK(b->head);
87 if (head + count <= sizeof b->data) {
88 memcpy(b->data + head, data, count);
89 } else {
90 size = sizeof b->data - head;
91 memcpy(b->data + head, data, size);
92 memcpy(b->data, (const char *) data + size, count - size);
93 }
94
95 b->head += count;
96
97 return 0;
98 }
99
100 static void
ring_buffer_put_iov(struct wl_ring_buffer * b,struct iovec * iov,int * count)101 ring_buffer_put_iov(struct wl_ring_buffer *b, struct iovec *iov, int *count)
102 {
103 uint32_t head, tail;
104
105 head = MASK(b->head);
106 tail = MASK(b->tail);
107 if (head < tail) {
108 iov[0].iov_base = b->data + head;
109 iov[0].iov_len = tail - head;
110 *count = 1;
111 } else if (tail == 0) {
112 iov[0].iov_base = b->data + head;
113 iov[0].iov_len = sizeof b->data - head;
114 *count = 1;
115 } else {
116 iov[0].iov_base = b->data + head;
117 iov[0].iov_len = sizeof b->data - head;
118 iov[1].iov_base = b->data;
119 iov[1].iov_len = tail;
120 *count = 2;
121 }
122 }
123
124 static void
ring_buffer_get_iov(struct wl_ring_buffer * b,struct iovec * iov,int * count)125 ring_buffer_get_iov(struct wl_ring_buffer *b, struct iovec *iov, int *count)
126 {
127 uint32_t head, tail;
128
129 head = MASK(b->head);
130 tail = MASK(b->tail);
131 if (tail < head) {
132 iov[0].iov_base = b->data + tail;
133 iov[0].iov_len = head - tail;
134 *count = 1;
135 } else if (head == 0) {
136 iov[0].iov_base = b->data + tail;
137 iov[0].iov_len = sizeof b->data - tail;
138 *count = 1;
139 } else {
140 iov[0].iov_base = b->data + tail;
141 iov[0].iov_len = sizeof b->data - tail;
142 iov[1].iov_base = b->data;
143 iov[1].iov_len = head;
144 *count = 2;
145 }
146 }
147
148 static void
ring_buffer_copy(struct wl_ring_buffer * b,void * data,size_t count)149 ring_buffer_copy(struct wl_ring_buffer *b, void *data, size_t count)
150 {
151 uint32_t tail, size;
152
153 tail = MASK(b->tail);
154 if (tail + count <= sizeof b->data) {
155 memcpy(data, b->data + tail, count);
156 } else {
157 size = sizeof b->data - tail;
158 memcpy(data, b->data + tail, size);
159 memcpy((char *) data + size, b->data, count - size);
160 }
161 }
162
163 static uint32_t
ring_buffer_size(struct wl_ring_buffer * b)164 ring_buffer_size(struct wl_ring_buffer *b)
165 {
166 return b->head - b->tail;
167 }
168
169 struct wl_connection *
wl_connection_create(int fd)170 wl_connection_create(int fd)
171 {
172 struct wl_connection *connection;
173
174 connection = zalloc(sizeof *connection);
175 if (connection == NULL)
176 return NULL;
177
178 connection->fd = fd;
179
180 return connection;
181 }
182
183 static void
close_fds(struct wl_ring_buffer * buffer,int max)184 close_fds(struct wl_ring_buffer *buffer, int max)
185 {
186 int32_t fds[sizeof(buffer->data) / sizeof(int32_t)], i, count;
187 size_t size;
188
189 size = ring_buffer_size(buffer);
190 if (size == 0)
191 return;
192
193 ring_buffer_copy(buffer, fds, size);
194 count = size / sizeof fds[0];
195 if (max > 0 && max < count)
196 count = max;
197 size = count * sizeof fds[0];
198 for (i = 0; i < count; i++)
199 close(fds[i]);
200 buffer->tail += size;
201 }
202
203 void
wl_connection_close_fds_in(struct wl_connection * connection,int max)204 wl_connection_close_fds_in(struct wl_connection *connection, int max)
205 {
206 close_fds(&connection->fds_in, max);
207 }
208
209 int
wl_connection_destroy(struct wl_connection * connection)210 wl_connection_destroy(struct wl_connection *connection)
211 {
212 int fd = connection->fd;
213
214 close_fds(&connection->fds_out, -1);
215 close_fds(&connection->fds_in, -1);
216 free(connection);
217
218 return fd;
219 }
220
221 void
wl_connection_copy(struct wl_connection * connection,void * data,size_t size)222 wl_connection_copy(struct wl_connection *connection, void *data, size_t size)
223 {
224 ring_buffer_copy(&connection->in, data, size);
225 }
226
227 void
wl_connection_consume(struct wl_connection * connection,size_t size)228 wl_connection_consume(struct wl_connection *connection, size_t size)
229 {
230 connection->in.tail += size;
231 }
232
233 static void
build_cmsg(struct wl_ring_buffer * buffer,char * data,size_t * clen)234 build_cmsg(struct wl_ring_buffer *buffer, char *data, size_t *clen)
235 {
236 struct cmsghdr *cmsg;
237 size_t size;
238
239 size = ring_buffer_size(buffer);
240 if (size > MAX_FDS_OUT * sizeof(int32_t))
241 size = MAX_FDS_OUT * sizeof(int32_t);
242
243 if (size > 0) {
244 cmsg = (struct cmsghdr *) data;
245 cmsg->cmsg_level = SOL_SOCKET;
246 cmsg->cmsg_type = SCM_RIGHTS;
247 cmsg->cmsg_len = CMSG_LEN(size);
248 ring_buffer_copy(buffer, CMSG_DATA(cmsg), size);
249 *clen = cmsg->cmsg_len;
250 } else {
251 *clen = 0;
252 }
253 }
254
255 static int
decode_cmsg(struct wl_ring_buffer * buffer,struct msghdr * msg)256 decode_cmsg(struct wl_ring_buffer *buffer, struct msghdr *msg)
257 {
258 struct cmsghdr *cmsg;
259 size_t size, max, i;
260 int overflow = 0;
261
262 for (cmsg = CMSG_FIRSTHDR(msg); cmsg != NULL;
263 cmsg = CMSG_NXTHDR(msg, cmsg)) {
264 if (cmsg->cmsg_level != SOL_SOCKET ||
265 cmsg->cmsg_type != SCM_RIGHTS)
266 continue;
267
268 size = cmsg->cmsg_len - CMSG_LEN(0);
269 max = sizeof(buffer->data) - ring_buffer_size(buffer);
270 if (size > max || overflow) {
271 overflow = 1;
272 size /= sizeof(int32_t);
273 for (i = 0; i < size; i++)
274 close(((int*)CMSG_DATA(cmsg))[i]);
275 } else if (ring_buffer_put(buffer, CMSG_DATA(cmsg), size) < 0) {
276 return -1;
277 }
278 }
279
280 if (overflow) {
281 errno = EOVERFLOW;
282 return -1;
283 }
284
285 return 0;
286 }
287
288 int
wl_connection_flush(struct wl_connection * connection)289 wl_connection_flush(struct wl_connection *connection)
290 {
291 struct iovec iov[2];
292 struct msghdr msg = {0};
293 char cmsg[CLEN];
294 int len = 0, count;
295 size_t clen;
296 uint32_t tail;
297
298 if (!connection->want_flush)
299 return 0;
300
301 tail = connection->out.tail;
302 while (connection->out.head - connection->out.tail > 0) {
303 ring_buffer_get_iov(&connection->out, iov, &count);
304
305 build_cmsg(&connection->fds_out, cmsg, &clen);
306
307 msg.msg_iov = iov;
308 msg.msg_iovlen = count;
309 msg.msg_control = (clen > 0) ? cmsg : NULL;
310 msg.msg_controllen = clen;
311
312 do {
313 len = sendmsg(connection->fd, &msg,
314 MSG_NOSIGNAL | MSG_DONTWAIT);
315 } while (len == -1 && errno == EINTR);
316
317 if (len == -1)
318 return -1;
319
320 close_fds(&connection->fds_out, MAX_FDS_OUT);
321
322 connection->out.tail += len;
323 }
324
325 connection->want_flush = 0;
326
327 return connection->out.head - tail;
328 }
329
330 uint32_t
wl_connection_pending_input(struct wl_connection * connection)331 wl_connection_pending_input(struct wl_connection *connection)
332 {
333 return ring_buffer_size(&connection->in);
334 }
335
336 int
wl_connection_read(struct wl_connection * connection)337 wl_connection_read(struct wl_connection *connection)
338 {
339 struct iovec iov[2];
340 struct msghdr msg;
341 char cmsg[CLEN];
342 int len, count, ret;
343
344 if (ring_buffer_size(&connection->in) >= sizeof(connection->in.data)) {
345 errno = EOVERFLOW;
346 return -1;
347 }
348
349 ring_buffer_put_iov(&connection->in, iov, &count);
350
351 msg.msg_name = NULL;
352 msg.msg_namelen = 0;
353 msg.msg_iov = iov;
354 msg.msg_iovlen = count;
355 msg.msg_control = cmsg;
356 msg.msg_controllen = sizeof cmsg;
357 msg.msg_flags = 0;
358
359 do {
360 len = wl_os_recvmsg_cloexec(connection->fd, &msg, MSG_DONTWAIT);
361 } while (len < 0 && errno == EINTR);
362
363 if (len <= 0)
364 return len;
365
366 ret = decode_cmsg(&connection->fds_in, &msg);
367 if (ret)
368 return -1;
369
370 connection->in.head += len;
371
372 return wl_connection_pending_input(connection);
373 }
374
375 int
wl_connection_write(struct wl_connection * connection,const void * data,size_t count)376 wl_connection_write(struct wl_connection *connection,
377 const void *data, size_t count)
378 {
379 if (connection->out.head - connection->out.tail +
380 count > ARRAY_LENGTH(connection->out.data)) {
381 connection->want_flush = 1;
382 if (wl_connection_flush(connection) < 0)
383 return -1;
384 }
385
386 if (ring_buffer_put(&connection->out, data, count) < 0)
387 return -1;
388
389 connection->want_flush = 1;
390
391 return 0;
392 }
393
394 int
wl_connection_queue(struct wl_connection * connection,const void * data,size_t count)395 wl_connection_queue(struct wl_connection *connection,
396 const void *data, size_t count)
397 {
398 if (connection->out.head - connection->out.tail +
399 count > ARRAY_LENGTH(connection->out.data)) {
400 connection->want_flush = 1;
401 if (wl_connection_flush(connection) < 0)
402 return -1;
403 }
404
405 return ring_buffer_put(&connection->out, data, count);
406 }
407
408 int
wl_message_count_arrays(const struct wl_message * message)409 wl_message_count_arrays(const struct wl_message *message)
410 {
411 int i, arrays;
412
413 for (i = 0, arrays = 0; message->signature[i]; i++) {
414 if (message->signature[i] == 'a')
415 arrays++;
416 }
417
418 return arrays;
419 }
420
421 int
wl_connection_get_fd(struct wl_connection * connection)422 wl_connection_get_fd(struct wl_connection *connection)
423 {
424 return connection->fd;
425 }
426
427 static int
wl_connection_put_fd(struct wl_connection * connection,int32_t fd)428 wl_connection_put_fd(struct wl_connection *connection, int32_t fd)
429 {
430 if (ring_buffer_size(&connection->fds_out) == MAX_FDS_OUT * sizeof fd) {
431 connection->want_flush = 1;
432 if (wl_connection_flush(connection) < 0)
433 return -1;
434 }
435
436 return ring_buffer_put(&connection->fds_out, &fd, sizeof fd);
437 }
438
439 const char *
get_next_argument(const char * signature,struct argument_details * details)440 get_next_argument(const char *signature, struct argument_details *details)
441 {
442 details->nullable = 0;
443 for(; *signature; ++signature) {
444 switch(*signature) {
445 case 'i':
446 case 'u':
447 case 'f':
448 case 's':
449 case 'o':
450 case 'n':
451 case 'a':
452 case 'h':
453 details->type = *signature;
454 return signature + 1;
455 case '?':
456 details->nullable = 1;
457 }
458 }
459 details->type = '\0';
460 return signature;
461 }
462
463 int
arg_count_for_signature(const char * signature)464 arg_count_for_signature(const char *signature)
465 {
466 int count = 0;
467 for(; *signature; ++signature) {
468 switch(*signature) {
469 case 'i':
470 case 'u':
471 case 'f':
472 case 's':
473 case 'o':
474 case 'n':
475 case 'a':
476 case 'h':
477 ++count;
478 }
479 }
480 return count;
481 }
482
483 int
wl_message_get_since(const struct wl_message * message)484 wl_message_get_since(const struct wl_message *message)
485 {
486 int since;
487
488 since = atoi(message->signature);
489
490 if (since == 0)
491 since = 1;
492
493 return since;
494 }
495
496 void
wl_argument_from_va_list(const char * signature,union wl_argument * args,int count,va_list ap)497 wl_argument_from_va_list(const char *signature, union wl_argument *args,
498 int count, va_list ap)
499 {
500 int i;
501 const char *sig_iter;
502 struct argument_details arg;
503
504 sig_iter = signature;
505 for (i = 0; i < count; i++) {
506 sig_iter = get_next_argument(sig_iter, &arg);
507
508 switch(arg.type) {
509 case 'i':
510 args[i].i = va_arg(ap, int32_t);
511 break;
512 case 'u':
513 args[i].u = va_arg(ap, uint32_t);
514 break;
515 case 'f':
516 args[i].f = va_arg(ap, wl_fixed_t);
517 break;
518 case 's':
519 args[i].s = va_arg(ap, const char *);
520 break;
521 case 'o':
522 args[i].o = va_arg(ap, struct wl_object *);
523 break;
524 case 'n':
525 args[i].o = va_arg(ap, struct wl_object *);
526 break;
527 case 'a':
528 args[i].a = va_arg(ap, struct wl_array *);
529 break;
530 case 'h':
531 args[i].h = va_arg(ap, int32_t);
532 break;
533 case '\0':
534 return;
535 }
536 }
537 }
538
539 static void
wl_closure_clear_fds(struct wl_closure * closure)540 wl_closure_clear_fds(struct wl_closure *closure)
541 {
542 const char *signature = closure->message->signature;
543 struct argument_details arg;
544 int i;
545
546 for (i = 0; i < closure->count; i++) {
547 signature = get_next_argument(signature, &arg);
548 if (arg.type == 'h')
549 closure->args[i].h = -1;
550 }
551 }
552
553 static struct wl_closure *
wl_closure_init(const struct wl_message * message,uint32_t size,int * num_arrays,union wl_argument * args)554 wl_closure_init(const struct wl_message *message, uint32_t size,
555 int *num_arrays, union wl_argument *args)
556 {
557 struct wl_closure *closure;
558 int count;
559
560 count = arg_count_for_signature(message->signature);
561 if (count > WL_CLOSURE_MAX_ARGS) {
562 wl_log("too many args (%d)\n", count);
563 errno = EINVAL;
564 return NULL;
565 }
566
567 if (size) {
568 *num_arrays = wl_message_count_arrays(message);
569 closure = zalloc(sizeof *closure + size +
570 *num_arrays * sizeof(struct wl_array));
571 } else {
572 closure = zalloc(sizeof *closure);
573 }
574
575 if (!closure) {
576 errno = ENOMEM;
577 return NULL;
578 }
579
580 if (args)
581 memcpy(closure->args, args, count * sizeof *args);
582
583 closure->message = message;
584 closure->count = count;
585
586 /* Set these all to -1 so we can close any that have been
587 * set to a real value during wl_closure_destroy().
588 * We may have copied a bunch of fds into the closure with
589 * memcpy previously, but those are undup()d client fds
590 * that we would have replaced anyway.
591 */
592 wl_closure_clear_fds(closure);
593
594 return closure;
595 }
596
597 struct wl_closure *
wl_closure_marshal(struct wl_object * sender,uint32_t opcode,union wl_argument * args,const struct wl_message * message)598 wl_closure_marshal(struct wl_object *sender, uint32_t opcode,
599 union wl_argument *args,
600 const struct wl_message *message)
601 {
602 struct wl_closure *closure;
603 struct wl_object *object;
604 int i, count, fd, dup_fd;
605 const char *signature;
606 struct argument_details arg;
607
608 closure = wl_closure_init(message, 0, NULL, args);
609 if (closure == NULL)
610 return NULL;
611
612 count = closure->count;
613
614 signature = message->signature;
615 for (i = 0; i < count; i++) {
616 signature = get_next_argument(signature, &arg);
617
618 switch (arg.type) {
619 case 'f':
620 case 'u':
621 case 'i':
622 break;
623 case 's':
624 if (!arg.nullable && args[i].s == NULL)
625 goto err_null;
626 break;
627 case 'o':
628 if (!arg.nullable && args[i].o == NULL)
629 goto err_null;
630 break;
631 case 'n':
632 object = args[i].o;
633 if (object == NULL)
634 goto err_null;
635
636 closure->args[i].n = object ? object->id : 0;
637 break;
638 case 'a':
639 if (args[i].a == NULL)
640 goto err_null;
641 break;
642 case 'h':
643 fd = args[i].h;
644 dup_fd = wl_os_dupfd_cloexec(fd, 0);
645 if (dup_fd < 0) {
646 wl_closure_destroy(closure);
647 wl_log("error marshalling arguments for %s: dup failed: %s\n",
648 message->name, strerror(errno));
649 return NULL;
650 }
651 closure->args[i].h = dup_fd;
652 break;
653 default:
654 wl_abort("unhandled format code: '%c'\n", arg.type);
655 break;
656 }
657 }
658
659 closure->sender_id = sender->id;
660 closure->opcode = opcode;
661
662 return closure;
663
664 err_null:
665 wl_closure_destroy(closure);
666 wl_log("error marshalling arguments for %s (signature %s): "
667 "null value passed for arg %i\n", message->name,
668 message->signature, i);
669 errno = EINVAL;
670 return NULL;
671 }
672
673 struct wl_closure *
wl_closure_vmarshal(struct wl_object * sender,uint32_t opcode,va_list ap,const struct wl_message * message)674 wl_closure_vmarshal(struct wl_object *sender, uint32_t opcode, va_list ap,
675 const struct wl_message *message)
676 {
677 union wl_argument args[WL_CLOSURE_MAX_ARGS];
678
679 wl_argument_from_va_list(message->signature, args,
680 WL_CLOSURE_MAX_ARGS, ap);
681
682 return wl_closure_marshal(sender, opcode, args, message);
683 }
684
685 struct wl_closure *
wl_connection_demarshal(struct wl_connection * connection,uint32_t size,struct wl_map * objects,const struct wl_message * message)686 wl_connection_demarshal(struct wl_connection *connection,
687 uint32_t size,
688 struct wl_map *objects,
689 const struct wl_message *message)
690 {
691 uint32_t *p, *next, *end, length, length_in_u32, id;
692 int fd;
693 char *s;
694 int i, count, num_arrays;
695 const char *signature;
696 struct argument_details arg;
697 struct wl_closure *closure;
698 struct wl_array *array_extra;
699
700 /* Space for sender_id and opcode */
701 if (size < 2 * sizeof *p) {
702 wl_log("message too short, invalid header\n");
703 wl_connection_consume(connection, size);
704 errno = EINVAL;
705 return NULL;
706 }
707
708 closure = wl_closure_init(message, size, &num_arrays, NULL);
709 if (closure == NULL) {
710 wl_connection_consume(connection, size);
711 return NULL;
712 }
713
714 count = closure->count;
715
716 array_extra = closure->extra;
717 p = (uint32_t *)(closure->extra + num_arrays);
718 end = p + size / sizeof *p;
719
720 wl_connection_copy(connection, p, size);
721 closure->sender_id = *p++;
722 closure->opcode = *p++ & 0x0000ffff;
723
724 signature = message->signature;
725 for (i = 0; i < count; i++) {
726 signature = get_next_argument(signature, &arg);
727
728 if (arg.type != 'h' && p + 1 > end) {
729 wl_log("message too short, "
730 "object (%d), message %s(%s)\n",
731 closure->sender_id, message->name,
732 message->signature);
733 errno = EINVAL;
734 goto err;
735 }
736
737 switch (arg.type) {
738 case 'u':
739 closure->args[i].u = *p++;
740 break;
741 case 'i':
742 closure->args[i].i = *p++;
743 break;
744 case 'f':
745 closure->args[i].f = *p++;
746 break;
747 case 's':
748 length = *p++;
749
750 if (length == 0 && !arg.nullable) {
751 wl_log("NULL string received on non-nullable "
752 "type, message %s(%s)\n", message->name,
753 message->signature);
754 errno = EINVAL;
755 goto err;
756 }
757 if (length == 0) {
758 closure->args[i].s = NULL;
759 break;
760 }
761
762 length_in_u32 = div_roundup(length, sizeof *p);
763 if ((uint32_t) (end - p) < length_in_u32) {
764 wl_log("message too short, "
765 "object (%d), message %s(%s)\n",
766 closure->sender_id, message->name,
767 message->signature);
768 errno = EINVAL;
769 goto err;
770 }
771 next = p + length_in_u32;
772
773 s = (char *) p;
774
775 if (length > 0 && s[length - 1] != '\0') {
776 wl_log("string not nul-terminated, "
777 "message %s(%s)\n",
778 message->name, message->signature);
779 errno = EINVAL;
780 goto err;
781 }
782
783 closure->args[i].s = s;
784 p = next;
785 break;
786 case 'o':
787 id = *p++;
788 closure->args[i].n = id;
789
790 if (id == 0 && !arg.nullable) {
791 wl_log("NULL object received on non-nullable "
792 "type, message %s(%s)\n", message->name,
793 message->signature);
794 errno = EINVAL;
795 goto err;
796 }
797 break;
798 case 'n':
799 id = *p++;
800 closure->args[i].n = id;
801
802 if (id == 0) {
803 wl_log("NULL new ID received on non-nullable "
804 "type, message %s(%s)\n", message->name,
805 message->signature);
806 errno = EINVAL;
807 goto err;
808 }
809
810 if (wl_map_reserve_new(objects, id) < 0) {
811 if (errno == EINVAL) {
812 wl_log("not a valid new object id (%u), "
813 "message %s(%s)\n", id,
814 message->name,
815 message->signature);
816 }
817 goto err;
818 }
819
820 break;
821 case 'a':
822 length = *p++;
823
824 length_in_u32 = div_roundup(length, sizeof *p);
825 if ((uint32_t) (end - p) < length_in_u32) {
826 wl_log("message too short, "
827 "object (%d), message %s(%s)\n",
828 closure->sender_id, message->name,
829 message->signature);
830 errno = EINVAL;
831 goto err;
832 }
833 next = p + length_in_u32;
834
835 array_extra->size = length;
836 array_extra->alloc = 0;
837 array_extra->data = p;
838
839 closure->args[i].a = array_extra++;
840 p = next;
841 break;
842 case 'h':
843 if (connection->fds_in.tail == connection->fds_in.head) {
844 wl_log("file descriptor expected, "
845 "object (%d), message %s(%s)\n",
846 closure->sender_id, message->name,
847 message->signature);
848 errno = EINVAL;
849 goto err;
850 }
851
852 ring_buffer_copy(&connection->fds_in, &fd, sizeof fd);
853 connection->fds_in.tail += sizeof fd;
854 closure->args[i].h = fd;
855 break;
856 default:
857 wl_abort("unknown type\n");
858 break;
859 }
860 }
861
862 wl_connection_consume(connection, size);
863
864 return closure;
865
866 err:
867 wl_closure_destroy(closure);
868 wl_connection_consume(connection, size);
869
870 return NULL;
871 }
872
873 bool
wl_object_is_zombie(struct wl_map * map,uint32_t id)874 wl_object_is_zombie(struct wl_map *map, uint32_t id)
875 {
876 uint32_t flags;
877
878 /* Zombie objects only exist on the client side. */
879 if (map->side == WL_MAP_SERVER_SIDE)
880 return false;
881
882 /* Zombie objects can only have been created by the client. */
883 if (id >= WL_SERVER_ID_START)
884 return false;
885
886 flags = wl_map_lookup_flags(map, id);
887 return !!(flags & WL_MAP_ENTRY_ZOMBIE);
888 }
889
890 int
wl_closure_lookup_objects(struct wl_closure * closure,struct wl_map * objects)891 wl_closure_lookup_objects(struct wl_closure *closure, struct wl_map *objects)
892 {
893 struct wl_object *object;
894 const struct wl_message *message;
895 const char *signature;
896 struct argument_details arg;
897 int i, count;
898 uint32_t id;
899
900 message = closure->message;
901 signature = message->signature;
902 count = arg_count_for_signature(signature);
903 for (i = 0; i < count; i++) {
904 signature = get_next_argument(signature, &arg);
905 switch (arg.type) {
906 case 'o':
907 id = closure->args[i].n;
908 closure->args[i].o = NULL;
909
910 object = wl_map_lookup(objects, id);
911 if (wl_object_is_zombie(objects, id)) {
912 /* references object we've already
913 * destroyed client side */
914 object = NULL;
915 } else if (object == NULL && id != 0) {
916 wl_log("unknown object (%u), message %s(%s)\n",
917 id, message->name, message->signature);
918 errno = EINVAL;
919 return -1;
920 }
921
922 if (object != NULL && message->types[i] != NULL &&
923 !wl_interface_equal((object)->interface,
924 message->types[i])) {
925 wl_log("invalid object (%u), type (%s), "
926 "message %s(%s)\n",
927 id, (object)->interface->name,
928 message->name, message->signature);
929 errno = EINVAL;
930 return -1;
931 }
932 closure->args[i].o = object;
933 }
934 }
935
936 return 0;
937 }
938
939 static void
convert_arguments_to_ffi(const char * signature,uint32_t flags,union wl_argument * args,int count,ffi_type ** ffi_types,void ** ffi_args)940 convert_arguments_to_ffi(const char *signature, uint32_t flags,
941 union wl_argument *args,
942 int count, ffi_type **ffi_types, void** ffi_args)
943 {
944 int i;
945 const char *sig_iter;
946 struct argument_details arg;
947
948 sig_iter = signature;
949 for (i = 0; i < count; i++) {
950 sig_iter = get_next_argument(sig_iter, &arg);
951
952 switch(arg.type) {
953 case 'i':
954 ffi_types[i] = &ffi_type_sint32;
955 ffi_args[i] = &args[i].i;
956 break;
957 case 'u':
958 ffi_types[i] = &ffi_type_uint32;
959 ffi_args[i] = &args[i].u;
960 break;
961 case 'f':
962 ffi_types[i] = &ffi_type_sint32;
963 ffi_args[i] = &args[i].f;
964 break;
965 case 's':
966 ffi_types[i] = &ffi_type_pointer;
967 ffi_args[i] = &args[i].s;
968 break;
969 case 'o':
970 ffi_types[i] = &ffi_type_pointer;
971 ffi_args[i] = &args[i].o;
972 break;
973 case 'n':
974 if (flags & WL_CLOSURE_INVOKE_CLIENT) {
975 ffi_types[i] = &ffi_type_pointer;
976 ffi_args[i] = &args[i].o;
977 } else {
978 ffi_types[i] = &ffi_type_uint32;
979 ffi_args[i] = &args[i].n;
980 }
981 break;
982 case 'a':
983 ffi_types[i] = &ffi_type_pointer;
984 ffi_args[i] = &args[i].a;
985 break;
986 case 'h':
987 ffi_types[i] = &ffi_type_sint32;
988 ffi_args[i] = &args[i].h;
989 break;
990 default:
991 wl_abort("unknown type\n");
992 break;
993 }
994 }
995 }
996
997 void
wl_closure_invoke(struct wl_closure * closure,uint32_t flags,struct wl_object * target,uint32_t opcode,void * data)998 wl_closure_invoke(struct wl_closure *closure, uint32_t flags,
999 struct wl_object *target, uint32_t opcode, void *data)
1000 {
1001 int count;
1002 ffi_cif cif;
1003 ffi_type *ffi_types[WL_CLOSURE_MAX_ARGS + 2];
1004 void * ffi_args[WL_CLOSURE_MAX_ARGS + 2];
1005 void (* const *implementation)(void);
1006
1007 count = arg_count_for_signature(closure->message->signature);
1008
1009 ffi_types[0] = &ffi_type_pointer;
1010 ffi_args[0] = &data;
1011 ffi_types[1] = &ffi_type_pointer;
1012 ffi_args[1] = ⌖
1013
1014 convert_arguments_to_ffi(closure->message->signature, flags, closure->args,
1015 count, ffi_types + 2, ffi_args + 2);
1016
1017 ffi_prep_cif(&cif, FFI_DEFAULT_ABI,
1018 count + 2, &ffi_type_void, ffi_types);
1019
1020 implementation = target->implementation;
1021 if (!implementation[opcode]) {
1022 wl_abort("listener function for opcode %u of %s is NULL\n",
1023 opcode, target->interface->name);
1024 }
1025 ffi_call(&cif, implementation[opcode], NULL, ffi_args);
1026
1027 wl_closure_clear_fds(closure);
1028 }
1029
1030 void
wl_closure_dispatch(struct wl_closure * closure,wl_dispatcher_func_t dispatcher,struct wl_object * target,uint32_t opcode)1031 wl_closure_dispatch(struct wl_closure *closure, wl_dispatcher_func_t dispatcher,
1032 struct wl_object *target, uint32_t opcode)
1033 {
1034 dispatcher(target->implementation, target, opcode, closure->message,
1035 closure->args);
1036
1037 wl_closure_clear_fds(closure);
1038 }
1039
1040 static int
copy_fds_to_connection(struct wl_closure * closure,struct wl_connection * connection)1041 copy_fds_to_connection(struct wl_closure *closure,
1042 struct wl_connection *connection)
1043 {
1044 const struct wl_message *message = closure->message;
1045 uint32_t i, count;
1046 struct argument_details arg;
1047 const char *signature = message->signature;
1048 int fd;
1049
1050 count = arg_count_for_signature(signature);
1051 for (i = 0; i < count; i++) {
1052 signature = get_next_argument(signature, &arg);
1053 if (arg.type != 'h')
1054 continue;
1055
1056 fd = closure->args[i].h;
1057 if (wl_connection_put_fd(connection, fd)) {
1058 wl_log("request could not be marshaled: "
1059 "can't send file descriptor\n");
1060 return -1;
1061 }
1062 closure->args[i].h = -1;
1063 }
1064
1065 return 0;
1066 }
1067
1068
1069 static uint32_t
buffer_size_for_closure(struct wl_closure * closure)1070 buffer_size_for_closure(struct wl_closure *closure)
1071 {
1072 const struct wl_message *message = closure->message;
1073 int i, count;
1074 struct argument_details arg;
1075 const char *signature;
1076 uint32_t size, buffer_size = 0;
1077
1078 signature = message->signature;
1079 count = arg_count_for_signature(signature);
1080 for (i = 0; i < count; i++) {
1081 signature = get_next_argument(signature, &arg);
1082
1083 switch (arg.type) {
1084 case 'h':
1085 break;
1086 case 'u':
1087 case 'i':
1088 case 'f':
1089 case 'o':
1090 case 'n':
1091 buffer_size++;
1092 break;
1093 case 's':
1094 if (closure->args[i].s == NULL) {
1095 buffer_size++;
1096 break;
1097 }
1098
1099 size = strlen(closure->args[i].s) + 1;
1100 buffer_size += 1 + div_roundup(size, sizeof(uint32_t));
1101 break;
1102 case 'a':
1103 if (closure->args[i].a == NULL) {
1104 buffer_size++;
1105 break;
1106 }
1107
1108 size = closure->args[i].a->size;
1109 buffer_size += (1 + div_roundup(size, sizeof(uint32_t)));
1110 break;
1111 default:
1112 break;
1113 }
1114 }
1115
1116 return buffer_size + 2;
1117 }
1118
1119 static int
serialize_closure(struct wl_closure * closure,uint32_t * buffer,size_t buffer_count)1120 serialize_closure(struct wl_closure *closure, uint32_t *buffer,
1121 size_t buffer_count)
1122 {
1123 const struct wl_message *message = closure->message;
1124 unsigned int i, count, size;
1125 uint32_t *p, *end;
1126 struct argument_details arg;
1127 const char *signature;
1128
1129 if (buffer_count < 2)
1130 goto overflow;
1131
1132 p = buffer + 2;
1133 end = buffer + buffer_count;
1134
1135 signature = message->signature;
1136 count = arg_count_for_signature(signature);
1137 for (i = 0; i < count; i++) {
1138 signature = get_next_argument(signature, &arg);
1139
1140 if (arg.type == 'h')
1141 continue;
1142
1143 if (p + 1 > end)
1144 goto overflow;
1145
1146 switch (arg.type) {
1147 case 'u':
1148 *p++ = closure->args[i].u;
1149 break;
1150 case 'i':
1151 *p++ = closure->args[i].i;
1152 break;
1153 case 'f':
1154 *p++ = closure->args[i].f;
1155 break;
1156 case 'o':
1157 *p++ = closure->args[i].o ? closure->args[i].o->id : 0;
1158 break;
1159 case 'n':
1160 *p++ = closure->args[i].n;
1161 break;
1162 case 's':
1163 if (closure->args[i].s == NULL) {
1164 *p++ = 0;
1165 break;
1166 }
1167
1168 size = strlen(closure->args[i].s) + 1;
1169 *p++ = size;
1170
1171 if (p + div_roundup(size, sizeof *p) > end)
1172 goto overflow;
1173
1174 memcpy(p, closure->args[i].s, size);
1175 p += div_roundup(size, sizeof *p);
1176 break;
1177 case 'a':
1178 if (closure->args[i].a == NULL) {
1179 *p++ = 0;
1180 break;
1181 }
1182
1183 size = closure->args[i].a->size;
1184 *p++ = size;
1185
1186 if (p + div_roundup(size, sizeof *p) > end)
1187 goto overflow;
1188
1189 memcpy(p, closure->args[i].a->data, size);
1190 p += div_roundup(size, sizeof *p);
1191 break;
1192 default:
1193 break;
1194 }
1195 }
1196
1197 size = (p - buffer) * sizeof *p;
1198
1199 buffer[0] = closure->sender_id;
1200 buffer[1] = size << 16 | (closure->opcode & 0x0000ffff);
1201
1202 return size;
1203
1204 overflow:
1205 errno = ERANGE;
1206 return -1;
1207 }
1208
1209 int
wl_closure_send(struct wl_closure * closure,struct wl_connection * connection)1210 wl_closure_send(struct wl_closure *closure, struct wl_connection *connection)
1211 {
1212 int size;
1213 uint32_t buffer_size;
1214 uint32_t *buffer;
1215 int result;
1216
1217 if (copy_fds_to_connection(closure, connection))
1218 return -1;
1219
1220 buffer_size = buffer_size_for_closure(closure);
1221 buffer = zalloc(buffer_size * sizeof buffer[0]);
1222 if (buffer == NULL)
1223 return -1;
1224
1225 size = serialize_closure(closure, buffer, buffer_size);
1226 if (size < 0) {
1227 free(buffer);
1228 return -1;
1229 }
1230
1231 result = wl_connection_write(connection, buffer, size);
1232 free(buffer);
1233
1234 return result;
1235 }
1236
1237 int
wl_closure_queue(struct wl_closure * closure,struct wl_connection * connection)1238 wl_closure_queue(struct wl_closure *closure, struct wl_connection *connection)
1239 {
1240 int size;
1241 uint32_t buffer_size;
1242 uint32_t *buffer;
1243 int result;
1244
1245 if (copy_fds_to_connection(closure, connection))
1246 return -1;
1247
1248 buffer_size = buffer_size_for_closure(closure);
1249 buffer = malloc(buffer_size * sizeof buffer[0]);
1250 if (buffer == NULL)
1251 return -1;
1252
1253 size = serialize_closure(closure, buffer, buffer_size);
1254 if (size < 0) {
1255 free(buffer);
1256 return -1;
1257 }
1258
1259 result = wl_connection_queue(connection, buffer, size);
1260 free(buffer);
1261
1262 return result;
1263 }
1264
1265 void
wl_closure_print(struct wl_closure * closure,struct wl_object * target,bool send,const char * discarded_reason)1266 wl_closure_print(struct wl_closure *closure, struct wl_object *target,
1267 bool send, const char *discarded_reason)
1268 {
1269 int i;
1270 struct argument_details arg;
1271 const char *signature = closure->message->signature;
1272 struct timespec tp;
1273 unsigned int time;
1274 uint32_t nval;
1275 FILE *f;
1276 char *buffer;
1277 size_t buffer_length;
1278
1279 f = open_memstream(&buffer, &buffer_length);
1280 if (f == NULL)
1281 return;
1282
1283 clock_gettime(CLOCK_REALTIME, &tp);
1284 time = (tp.tv_sec * 1000000L) + (tp.tv_nsec / 1000);
1285
1286 fprintf(f, "[%7u.%03u] %s%s%s%s%s@%u.%s(",
1287 time / 1000, time % 1000,
1288 (discarded_reason != NULL) ? "discarded[" : "",
1289 (discarded_reason != NULL) ? discarded_reason : "",
1290 (discarded_reason != NULL) ? "] " : "",
1291 send ? " -> " : "",
1292 target->interface->name, target->id,
1293 closure->message->name);
1294
1295 for (i = 0; i < closure->count; i++) {
1296 signature = get_next_argument(signature, &arg);
1297 if (i > 0)
1298 fprintf(f, ", ");
1299
1300 switch (arg.type) {
1301 case 'u':
1302 fprintf(f, "%u", closure->args[i].u);
1303 break;
1304 case 'i':
1305 fprintf(f, "%d", closure->args[i].i);
1306 break;
1307 case 'f':
1308 /* The magic number 390625 is 1e8 / 256 */
1309 if (closure->args[i].f >= 0) {
1310 fprintf(f, "%d.%08d",
1311 closure->args[i].f / 256,
1312 390625 * (closure->args[i].f % 256));
1313 } else {
1314
1315 fprintf(f, "-%d.%08d",
1316 closure->args[i].f / -256,
1317 -390625 * (closure->args[i].f % 256));
1318 }
1319 break;
1320 case 's':
1321 if (closure->args[i].s)
1322 fprintf(f, "\"%s\"", closure->args[i].s);
1323 else
1324 fprintf(f, "nil");
1325 break;
1326 case 'o':
1327 if (closure->args[i].o)
1328 fprintf(f, "%s@%u",
1329 closure->args[i].o->interface->name,
1330 closure->args[i].o->id);
1331 else
1332 fprintf(f, "nil");
1333 break;
1334 case 'n':
1335 nval = closure->args[i].n;
1336
1337 fprintf(f, "new id %s@",
1338 (closure->message->types[i]) ?
1339 closure->message->types[i]->name :
1340 "[unknown]");
1341 if (nval != 0)
1342 fprintf(f, "%u", nval);
1343 else
1344 fprintf(f, "nil");
1345 break;
1346 case 'a':
1347 fprintf(f, "array[%zu]", closure->args[i].a->size);
1348 break;
1349 case 'h':
1350 fprintf(f, "fd %d", closure->args[i].h);
1351 break;
1352 }
1353 }
1354
1355 fprintf(f, ")\n");
1356
1357 if (fclose(f) == 0) {
1358 fprintf(stderr, "%s", buffer);
1359 free(buffer);
1360 }
1361 }
1362
1363 static int
wl_closure_close_fds(struct wl_closure * closure)1364 wl_closure_close_fds(struct wl_closure *closure)
1365 {
1366 int i;
1367 struct argument_details arg;
1368 const char *signature = closure->message->signature;
1369
1370 for (i = 0; i < closure->count; i++) {
1371 signature = get_next_argument(signature, &arg);
1372 if (arg.type == 'h' && closure->args[i].h != -1)
1373 close(closure->args[i].h);
1374 }
1375
1376 return 0;
1377 }
1378
1379 void
wl_closure_destroy(struct wl_closure * closure)1380 wl_closure_destroy(struct wl_closure *closure)
1381 {
1382 /* wl_closure_destroy has free() semantics */
1383 if (!closure)
1384 return;
1385
1386 wl_closure_close_fds(closure);
1387 free(closure);
1388 }
1389