From 8259d19f7155d82197ecc2aa16b316376c2dcb12 Mon Sep 17 00:00:00 2001 From: Daniel Stone Date: Tue, 10 Jun 2008 18:33:57 +0300 Subject: [PATCH 01/34] Xi: event_{x,y} should refer to the extended device (bug #16289) ProcessOtherEvents was unconditionally stomping the root_{x,y} co-ordinates provided by GetPointerEvents with those of the core pointer, meaning that both root_{x,y} and event_{x,y} reported to clients would reflect the sprite's position, not the position reported by the device that generated the DeviceMotionNotify or the DeviceButton{Press,Release} event in the first place. For key events we still take the sprite's co-ords, as we're delivering to the focus, which is the (VCP) sprite. Not cherry-picked from master as MPX fixes this anyway, by taking the co-ords of the sprite the device moves (be it visible or no). --- Xi/exevents.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/Xi/exevents.c b/Xi/exevents.c index fb84bef6f..c03f796b5 100644 --- a/Xi/exevents.c +++ b/Xi/exevents.c @@ -123,9 +123,14 @@ ProcessOtherEvent(xEventPtr xE, DeviceIntPtr other, int count) deviceValuator *xV = (deviceValuator *) xE; if (xE->u.u.type != DeviceValuator) { - GetSpritePosition(&rootX, &rootY); - xE->u.keyButtonPointer.rootX = rootX; - xE->u.keyButtonPointer.rootY = rootY; + /* Other types already have root{X,Y} filled in. */ + if (xE->u.u.type == DeviceKeyPress || + xE->u.u.type == DeviceKeyRelease) { + GetSpritePosition(&rootX, &rootY); + xE->u.keyButtonPointer.rootX = rootX; + xE->u.keyButtonPointer.rootY = rootY; + } + key = xE->u.u.detail; NoticeEventTime(xE); xE->u.keyButtonPointer.state = inputInfo.keyboard->key->state | From f7c40a003d85b8a83d55a33d362f2a364f4ab702 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:21:26 -0600 Subject: [PATCH 02/34] CVE-2008-2360 - RENDER Extension heap buffer overflow An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. --- render/render.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/render/render.c b/render/render.c index f03f54a2b..16b8eb3c3 100644 --- a/render/render.c +++ b/render/render.c @@ -1117,9 +1117,16 @@ ProcRenderAddGlyphs (ClientPtr client) remain -= (sizeof (CARD32) + sizeof (xGlyphInfo)) * nglyphs; for (i = 0; i < nglyphs; i++) { + size_t padded_width; glyph_new = &glyphs[i]; - size = gi[i].height * PixmapBytePad (gi[i].width, - glyphSet->format->depth); + + padded_width = PixmapBytePad (gi[i].width, + glyphSet->format->depth); + + if (gi[i].height && padded_width > (UINT32_MAX - sizeof(GlyphRec))/gi[i].height) + break; + + size = gi[i].height * padded_width; if (remain < size) break; From 5677751a0480426beaefc990303c7ade963eb137 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:22:30 -0600 Subject: [PATCH 03/34] CVE-2008-2361 - RENDER Extension crash An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. --- render/render.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/render/render.c b/render/render.c index 16b8eb3c3..7787e18ae 100644 --- a/render/render.c +++ b/render/render.c @@ -1569,6 +1569,8 @@ ProcRenderCreateCursor (ClientPtr client) pScreen = pSrc->pDrawable->pScreen; width = pSrc->pDrawable->width; height = pSrc->pDrawable->height; + if (height && width > UINT32_MAX/(height*sizeof(CARD32))) + return BadAlloc; if ( stuff->x > width || stuff->y > height ) return (BadMatch); From a1733327aa71bc1131e758fc80566c3d66627343 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:23:03 -0600 Subject: [PATCH 04/34] CVE-2008-2362 - RENDER Extension memory corruption Integer overflows can occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters. --- render/render.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/render/render.c b/render/render.c index 7787e18ae..638aa46a3 100644 --- a/render/render.c +++ b/render/render.c @@ -1996,6 +1996,8 @@ static int ProcRenderCreateLinearGradient (ClientPtr client) LEGAL_NEW_RESOURCE(stuff->pid, client); len = (client->req_len << 2) - sizeof(xRenderCreateLinearGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; @@ -2584,18 +2586,18 @@ SProcRenderCreateSolidFill(ClientPtr client) return (*ProcRenderVector[stuff->renderReqType]) (client); } -static void swapStops(void *stuff, int n) +static void swapStops(void *stuff, int num) { - int i; + int i, n; CARD32 *stops; CARD16 *colors; stops = (CARD32 *)(stuff); - for (i = 0; i < n; ++i) { + for (i = 0; i < num; ++i) { swapl(stops, n); ++stops; } colors = (CARD16 *)(stops); - for (i = 0; i < 4*n; ++i) { + for (i = 0; i < 4*num; ++i) { swaps(stops, n); ++stops; } @@ -2618,6 +2620,8 @@ SProcRenderCreateLinearGradient (ClientPtr client) swapl(&stuff->nStops, n); len = (client->req_len << 2) - sizeof(xRenderCreateLinearGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; @@ -2645,6 +2649,8 @@ SProcRenderCreateRadialGradient (ClientPtr client) swapl(&stuff->nStops, n); len = (client->req_len << 2) - sizeof(xRenderCreateRadialGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; @@ -2669,6 +2675,8 @@ SProcRenderCreateConicalGradient (ClientPtr client) swapl(&stuff->nStops, n); len = (client->req_len << 2) - sizeof(xRenderCreateConicalGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; From ebd916314de1f4570964312e008b17a9c96800ea Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:20:00 -0600 Subject: [PATCH 05/34] CVE-2008-1377 - RECORD and Security extensions memory corruption Lack of validation of the parameters of the SProcSecurityGenerateAuthorization SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. --- Xext/security.c | 10 +++++++--- record/record.c | 16 +++++++++++++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/Xext/security.c b/Xext/security.c index e82b97626..ad30e06b8 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -679,15 +679,19 @@ SProcSecurityGenerateAuthorization( register char n; CARD32 *values; unsigned long nvalues; + int values_offset; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq); swaps(&stuff->nbytesAuthProto, n); swaps(&stuff->nbytesAuthData, n); swapl(&stuff->valueMask, n); - values = (CARD32 *)(&stuff[1]) + - ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + - ((stuff->nbytesAuthData + (unsigned)3) >> 2); + values_offset = ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + + ((stuff->nbytesAuthData + (unsigned)3) >> 2); + if (values_offset > + stuff->length - (sz_xSecurityGenerateAuthorizationReq >> 2)) + return BadLength; + values = (CARD32 *)(&stuff[1]) + values_offset; nvalues = (((CARD32 *)stuff) + stuff->length) - values; SwapLongs(values, nvalues); return ProcSecurityGenerateAuthorization(client); diff --git a/record/record.c b/record/record.c index debe3c472..5fb860c74 100644 --- a/record/record.c +++ b/record/record.c @@ -2657,7 +2657,7 @@ SProcRecordQueryVersion(ClientPtr client) } /* SProcRecordQueryVersion */ -static void +static int SwapCreateRegister(xRecordRegisterClientsReq *stuff) { register char n; @@ -2668,11 +2668,17 @@ SwapCreateRegister(xRecordRegisterClientsReq *stuff) swapl(&stuff->nClients, n); swapl(&stuff->nRanges, n); pClientID = (XID *)&stuff[1]; + if (stuff->nClients > stuff->length - (sz_xRecordRegisterClientsReq >> 2)) + return BadLength; for (i = 0; i < stuff->nClients; i++, pClientID++) { swapl(pClientID, n); } + if (stuff->nRanges > stuff->length - (sz_xRecordRegisterClientsReq >> 2) + - stuff->nClients) + return BadLength; RecordSwapRanges((xRecordRange *)pClientID, stuff->nRanges); + return Success; } /* SwapCreateRegister */ @@ -2680,11 +2686,13 @@ static int SProcRecordCreateContext(ClientPtr client) { REQUEST(xRecordCreateContextReq); + int status; register char n; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq); - SwapCreateRegister((pointer)stuff); + if ((status = SwapCreateRegister((pointer)stuff)) != Success) + return status; return ProcRecordCreateContext(client); } /* SProcRecordCreateContext */ @@ -2693,11 +2701,13 @@ static int SProcRecordRegisterClients(ClientPtr client) { REQUEST(xRecordRegisterClientsReq); + int status; register char n; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq); - SwapCreateRegister((pointer)stuff); + if ((status = SwapCreateRegister((pointer)stuff)) != Success) + return status; return ProcRecordRegisterClients(client); } /* SProcRecordRegisterClients */ From 6de2855b888e19c13d03d5e900248c1428724104 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:20:43 -0600 Subject: [PATCH 06/34] CVE-2008-1379 - MIT-SHM arbitrary memory read An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. --- Xext/shm.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Xext/shm.c b/Xext/shm.c index b2973bff6..8cf59443c 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -894,8 +894,17 @@ ProcShmPutImage(client) return BadValue; } - VERIFY_SHMSIZE(shmdesc, stuff->offset, length * stuff->totalHeight, - client); + /* + * There's a potential integer overflow in this check: + * VERIFY_SHMSIZE(shmdesc, stuff->offset, length * stuff->totalHeight, + * client); + * the version below ought to avoid it + */ + if (stuff->totalHeight != 0 && + length > (shmdesc->size - stuff->offset)/stuff->totalHeight) { + client->errorValue = stuff->totalWidth; + return BadValue; + } if (stuff->srcX > stuff->totalWidth) { client->errorValue = stuff->srcX; From edd2cac9fa05fdd0eceee3dd571f753acb9012ba Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:23:03 -0600 Subject: [PATCH 07/34] CVE-2008-2362 - RENDER Extension memory corruption Integer overflows can occur in the code validating the parameters for the SProcRenderCreateLinearGradient, SProcRenderCreateRadialGradient and SProcRenderCreateConicalGradient functions, leading to memory corruption by swapping bytes outside of the intended request parameters. (cherry picked from commit 9171206db349a0c6fda719746be0b15049d57aaa) --- render/render.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/render/render.c b/render/render.c index f03f54a2b..c6d55daa8 100644 --- a/render/render.c +++ b/render/render.c @@ -1987,6 +1987,8 @@ static int ProcRenderCreateLinearGradient (ClientPtr client) LEGAL_NEW_RESOURCE(stuff->pid, client); len = (client->req_len << 2) - sizeof(xRenderCreateLinearGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; @@ -2575,18 +2577,18 @@ SProcRenderCreateSolidFill(ClientPtr client) return (*ProcRenderVector[stuff->renderReqType]) (client); } -static void swapStops(void *stuff, int n) +static void swapStops(void *stuff, int num) { - int i; + int i, n; CARD32 *stops; CARD16 *colors; stops = (CARD32 *)(stuff); - for (i = 0; i < n; ++i) { + for (i = 0; i < num; ++i) { swapl(stops, n); ++stops; } colors = (CARD16 *)(stops); - for (i = 0; i < 4*n; ++i) { + for (i = 0; i < 4*num; ++i) { swaps(stops, n); ++stops; } @@ -2609,6 +2611,8 @@ SProcRenderCreateLinearGradient (ClientPtr client) swapl(&stuff->nStops, n); len = (client->req_len << 2) - sizeof(xRenderCreateLinearGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; @@ -2636,6 +2640,8 @@ SProcRenderCreateRadialGradient (ClientPtr client) swapl(&stuff->nStops, n); len = (client->req_len << 2) - sizeof(xRenderCreateRadialGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; @@ -2660,6 +2666,8 @@ SProcRenderCreateConicalGradient (ClientPtr client) swapl(&stuff->nStops, n); len = (client->req_len << 2) - sizeof(xRenderCreateConicalGradientReq); + if (stuff->nStops > UINT32_MAX/(sizeof(xFixed) + sizeof(xRenderColor))) + return BadLength; if (len != stuff->nStops*(sizeof(xFixed) + sizeof(xRenderColor))) return BadLength; From b251fdd9d90532871b2a2b2f44a64b0e769fe3fc Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:22:30 -0600 Subject: [PATCH 08/34] CVE-2008-2361 - RENDER Extension crash An integer overflow may occur in the computation of the size of the glyph to be allocated by the ProcRenderCreateCursor() function which will cause less memory to be allocated than expected, leading later to dereferencing un-mapped memory, causing a crash of the X server. (cherry picked from commit 5257a0f83d5f3d80d0cd44dd76d047bac3869592) --- render/render.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/render/render.c b/render/render.c index c6d55daa8..40b8439c6 100644 --- a/render/render.c +++ b/render/render.c @@ -1562,6 +1562,8 @@ ProcRenderCreateCursor (ClientPtr client) pScreen = pSrc->pDrawable->pScreen; width = pSrc->pDrawable->width; height = pSrc->pDrawable->height; + if (height && width > UINT32_MAX/(height*sizeof(CARD32))) + return BadAlloc; if ( stuff->x > width || stuff->y > height ) return (BadMatch); From 69b173c6997954277dbd23eecc2cbf74e74ab228 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:21:26 -0600 Subject: [PATCH 09/34] CVE-2008-2360 - RENDER Extension heap buffer overflow An integer overflow may occur in the computation of the size of the glyph to be allocated by the AllocateGlyph() function which will cause less memory to be allocated than expected, leading to later heap overflow. (cherry picked from commit c5f69b297b1227cb802394fa90efdbe1de607f3c) --- render/render.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/render/render.c b/render/render.c index 40b8439c6..638aa46a3 100644 --- a/render/render.c +++ b/render/render.c @@ -1117,9 +1117,16 @@ ProcRenderAddGlyphs (ClientPtr client) remain -= (sizeof (CARD32) + sizeof (xGlyphInfo)) * nglyphs; for (i = 0; i < nglyphs; i++) { + size_t padded_width; glyph_new = &glyphs[i]; - size = gi[i].height * PixmapBytePad (gi[i].width, - glyphSet->format->depth); + + padded_width = PixmapBytePad (gi[i].width, + glyphSet->format->depth); + + if (gi[i].height && padded_width > (UINT32_MAX - sizeof(GlyphRec))/gi[i].height) + break; + + size = gi[i].height * padded_width; if (remain < size) break; From e83c79701f0abc081f1b127785d5502e2e48f905 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:20:43 -0600 Subject: [PATCH 10/34] CVE-2008-1379 - MIT-SHM arbitrary memory read An integer overflow in the validation of the parameters of the ShmPutImage() request makes it possible to trigger the copy of arbitrary server memory to a pixmap that can subsequently be read by the client, to read arbitrary parts of the X server memory space. (cherry picked from commit 063f18ef6d7bf834225ddfd3527e58c078628f5f) --- Xext/shm.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/Xext/shm.c b/Xext/shm.c index b2973bff6..8cf59443c 100644 --- a/Xext/shm.c +++ b/Xext/shm.c @@ -894,8 +894,17 @@ ProcShmPutImage(client) return BadValue; } - VERIFY_SHMSIZE(shmdesc, stuff->offset, length * stuff->totalHeight, - client); + /* + * There's a potential integer overflow in this check: + * VERIFY_SHMSIZE(shmdesc, stuff->offset, length * stuff->totalHeight, + * client); + * the version below ought to avoid it + */ + if (stuff->totalHeight != 0 && + length > (shmdesc->size - stuff->offset)/stuff->totalHeight) { + client->errorValue = stuff->totalWidth; + return BadValue; + } if (stuff->srcX > stuff->totalWidth) { client->errorValue = stuff->srcX; From 626ea1b02dabc218f7f73adead8ee9b287d0648e Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Tue, 10 Jun 2008 12:20:00 -0600 Subject: [PATCH 11/34] CVE-2008-1377 - RECORD and Security extensions memory corruption Lack of validation of the parameters of the SProcSecurityGenerateAuthorization SProcRecordCreateContext functions makes it possible for a specially crafted request to trigger the swapping of bytes outside the parameter of these requests, causing memory corruption. (cherry picked from commit 95d162c4389857d960da9b0158345c1714e91f31) --- Xext/security.c | 10 +++++++--- record/record.c | 16 +++++++++++++--- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/Xext/security.c b/Xext/security.c index e82b97626..ad30e06b8 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -679,15 +679,19 @@ SProcSecurityGenerateAuthorization( register char n; CARD32 *values; unsigned long nvalues; + int values_offset; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xSecurityGenerateAuthorizationReq); swaps(&stuff->nbytesAuthProto, n); swaps(&stuff->nbytesAuthData, n); swapl(&stuff->valueMask, n); - values = (CARD32 *)(&stuff[1]) + - ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + - ((stuff->nbytesAuthData + (unsigned)3) >> 2); + values_offset = ((stuff->nbytesAuthProto + (unsigned)3) >> 2) + + ((stuff->nbytesAuthData + (unsigned)3) >> 2); + if (values_offset > + stuff->length - (sz_xSecurityGenerateAuthorizationReq >> 2)) + return BadLength; + values = (CARD32 *)(&stuff[1]) + values_offset; nvalues = (((CARD32 *)stuff) + stuff->length) - values; SwapLongs(values, nvalues); return ProcSecurityGenerateAuthorization(client); diff --git a/record/record.c b/record/record.c index debe3c472..5fb860c74 100644 --- a/record/record.c +++ b/record/record.c @@ -2657,7 +2657,7 @@ SProcRecordQueryVersion(ClientPtr client) } /* SProcRecordQueryVersion */ -static void +static int SwapCreateRegister(xRecordRegisterClientsReq *stuff) { register char n; @@ -2668,11 +2668,17 @@ SwapCreateRegister(xRecordRegisterClientsReq *stuff) swapl(&stuff->nClients, n); swapl(&stuff->nRanges, n); pClientID = (XID *)&stuff[1]; + if (stuff->nClients > stuff->length - (sz_xRecordRegisterClientsReq >> 2)) + return BadLength; for (i = 0; i < stuff->nClients; i++, pClientID++) { swapl(pClientID, n); } + if (stuff->nRanges > stuff->length - (sz_xRecordRegisterClientsReq >> 2) + - stuff->nClients) + return BadLength; RecordSwapRanges((xRecordRange *)pClientID, stuff->nRanges); + return Success; } /* SwapCreateRegister */ @@ -2680,11 +2686,13 @@ static int SProcRecordCreateContext(ClientPtr client) { REQUEST(xRecordCreateContextReq); + int status; register char n; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xRecordCreateContextReq); - SwapCreateRegister((pointer)stuff); + if ((status = SwapCreateRegister((pointer)stuff)) != Success) + return status; return ProcRecordCreateContext(client); } /* SProcRecordCreateContext */ @@ -2693,11 +2701,13 @@ static int SProcRecordRegisterClients(ClientPtr client) { REQUEST(xRecordRegisterClientsReq); + int status; register char n; swaps(&stuff->length, n); REQUEST_AT_LEAST_SIZE(xRecordRegisterClientsReq); - SwapCreateRegister((pointer)stuff); + if ((status = SwapCreateRegister((pointer)stuff)) != Success) + return status; return ProcRecordRegisterClients(client); } /* SProcRecordRegisterClients */ From b4c5832c75164ad08bc43c37a214b90353653a38 Mon Sep 17 00:00:00 2001 From: Sascha Hlusiak Date: Tue, 25 Mar 2008 17:37:25 +0100 Subject: [PATCH 12/34] Support to pass arbitrary options via HAL hotplugging Parse "input.x11_options" and pass every key/name pair to the driver. Remove check for input.capabilities, because that's part of the fdi files. Thanks to Dustin Spicuzza for the patch. (cherry picked from commit 47eb658e802775021e3efec109f95431cca188ca) --- config/hal.c | 194 +++++++++++++++++++++++++------------------ config/x11-input.fdi | 62 ++++++++++++-- configure.ac | 2 + 3 files changed, 173 insertions(+), 85 deletions(-) diff --git a/config/hal.c b/config/hal.c index 6534408fa..f9cffdb4e 100644 --- a/config/hal.c +++ b/config/hal.c @@ -38,9 +38,10 @@ #include "config-backends.h" #include "os.h" -#define TYPE_NONE 0 -#define TYPE_KEYS 1 -#define TYPE_POINTER 2 + +#define LIBHAL_PROP_KEY "input.x11_options." +#define LIBHAL_XKB_PROP_KEY "input.xkb." + struct config_hal_info { DBusConnection *system_bus; @@ -50,7 +51,8 @@ struct config_hal_info { static void remove_device(DeviceIntPtr dev) { - DebugF("[config/hal] removing device %s\n", dev->name); + /* this only gets called for devices that have already been added */ + LogMessage(X_INFO, "config/hal: removing device %s\n", dev->name); /* Call PIE here so we don't try to dereference a device that's * already been removed. */ @@ -107,7 +109,7 @@ get_prop_string(LibHalContext *hal_ctx, const char *udi, const char *name) char *prop, *ret; prop = libhal_device_get_property_string(hal_ctx, udi, name, NULL); - DebugF("[config/hal] getting %s on %s returned %s\n", name, udi, prop); + LogMessageVerb(X_INFO, 10, "config/hal: getting %s on %s returned %s\n", name, udi, prop); if (prop) { ret = xstrdup(prop); libhal_free_string(prop); @@ -119,6 +121,9 @@ get_prop_string(LibHalContext *hal_ctx, const char *udi, const char *name) return ret; } +/* this function is no longer used... keep it here in case its needed in + * the future. */ +#if 0 static char * get_prop_string_array(LibHalContext *hal_ctx, const char *udi, const char *prop) { @@ -152,117 +157,146 @@ get_prop_string_array(LibHalContext *hal_ctx, const char *udi, const char *prop) return ret; } +#endif static void device_added(LibHalContext *hal_ctx, const char *udi) { - char **props; - char *path = NULL, *driver = NULL, *name = NULL, *xkb_rules = NULL; - char *xkb_model = NULL, *xkb_layout = NULL, *xkb_variant = NULL; - char *xkb_options = NULL, *config_info = NULL; + char *path = NULL, *driver = NULL, *name = NULL, *config_info = NULL; InputOption *options = NULL, *tmpo = NULL; DeviceIntPtr dev; DBusError error; - int type = TYPE_NONE; - int i; - + + LibHalPropertySet *set = NULL; + LibHalPropertySetIterator set_iter; + char *psi_key = NULL, *tmp_val, *tmp_key; + + dbus_error_init(&error); - props = libhal_device_get_property_strlist(hal_ctx, udi, - "info.capabilities", &error); - if (!props) { - DebugF("[config/hal] couldn't get capabilities for %s: %s (%s)\n", - udi, error.name, error.message); - goto out_error; - } - for (i = 0; props[i]; i++) { - /* input.keys is the new, of which input.keyboard is a subset, but - * input.keyboard is the old 'we have keys', so we have to keep it - * around. */ - if (strcmp(props[i], "input.keys") == 0 || - strcmp(props[i], "input.keyboard") == 0) - type |= TYPE_KEYS; - if (strcmp(props[i], "input.mouse") == 0 || - strcmp(props[i], "input.touchpad") == 0) - type |= TYPE_POINTER; - } - libhal_free_string_array(props); - - if (type == TYPE_NONE) - goto out_error; - driver = get_prop_string(hal_ctx, udi, "input.x11_driver"); - path = get_prop_string(hal_ctx, udi, "input.device"); - if (!driver || !path) { - DebugF("[config/hal] no driver or path specified for %s\n", udi); + if (!driver){ + /* verbose, don't tell the user unless they _want_ to see it */ + LogMessageVerb(X_INFO,7,"config/hal: no driver specified for device %s\n", udi); goto unwind; } + + path = get_prop_string(hal_ctx, udi, "input.device"); + if (!path) { + LogMessage(X_WARNING,"config/hal: no driver or path specified for %s\n", udi); + goto unwind; + } + name = get_prop_string(hal_ctx, udi, "info.product"); if (!name) name = xstrdup("(unnamed)"); - if (type & TYPE_KEYS) { - xkb_rules = get_prop_string(hal_ctx, udi, "input.xkb.rules"); - xkb_model = get_prop_string(hal_ctx, udi, "input.xkb.model"); - xkb_layout = get_prop_string(hal_ctx, udi, "input.xkb.layout"); - xkb_variant = get_prop_string(hal_ctx, udi, "input.xkb.variant"); - xkb_options = get_prop_string_array(hal_ctx, udi, "input.xkb.options"); - } - options = xcalloc(sizeof(*options), 1); + if (!options){ + LogMessage(X_ERROR, "config/hal: couldn't allocate space for input options!\n"); + goto unwind; + } + options->key = xstrdup("_source"); options->value = xstrdup("server/hal"); if (!options->key || !options->value) { - ErrorF("[config] couldn't allocate first key/value pair\n"); + LogMessage(X_ERROR, "config/hal: couldn't allocate first key/value pair\n"); goto unwind; } + /* most drivers use device.. not path. evdev uses both however, but the + * path version isn't documented apparently. support both for now. */ add_option(&options, "path", path); + add_option(&options, "device", path); + add_option(&options, "driver", driver); add_option(&options, "name", name); + config_info = xalloc(strlen(udi) + 5); /* "hal:" and NULL */ - if (!config_info) + if (!config_info) { + LogMessage(X_ERROR, "config/hal: couldn't allocate name\n"); goto unwind; + } sprintf(config_info, "hal:%s", udi); - if (xkb_rules) - add_option(&options, "xkb_rules", xkb_rules); - if (xkb_model) - add_option(&options, "xkb_model", xkb_model); - if (xkb_layout) - add_option(&options, "xkb_layout", xkb_layout); - if (xkb_variant) - add_option(&options, "xkb_variant", xkb_variant); - if (xkb_options) - add_option(&options, "xkb_options", xkb_options); + /* ok, grab options from hal.. iterate through all properties + * and lets see if any of them are options that we can add */ + set = libhal_device_get_all_properties(hal_ctx, udi, &error); + + if (!set) { + LogMessage(X_ERROR, "config/hal: couldn't get property list for %s: %s (%s)\n", + udi, error.name, error.message); + goto unwind; + } + + libhal_psi_init(&set_iter,set); + while (libhal_psi_has_more(&set_iter)) { + /* we are looking for supported keys.. extract and add to options */ + psi_key = libhal_psi_get_key(&set_iter); + + if (psi_key){ - DebugF("[config/hal] Adding device %s\n", name); + /* normal options first (input.x11_options.) */ + if (!strncasecmp(psi_key, LIBHAL_PROP_KEY, sizeof(LIBHAL_PROP_KEY)-1)){ + + /* only support strings for all values */ + tmp_val = get_prop_string(hal_ctx, udi, psi_key); + + if (tmp_val){ + add_option(&options, psi_key + sizeof(LIBHAL_PROP_KEY)-1, tmp_val); + xfree(tmp_val); + } + + /* evdev's XKB options... we should probably depreciate this usage */ + } else if (!strncasecmp(psi_key, LIBHAL_XKB_PROP_KEY, sizeof(LIBHAL_XKB_PROP_KEY)-1)){ + + /* only support strings for all values */ + tmp_val = get_prop_string(hal_ctx, udi, psi_key); + + if (tmp_val){ + /* add "xkb_" + NULL */ + tmp_key = xalloc(strlen(psi_key) - ( sizeof(LIBHAL_XKB_PROP_KEY) - 1) + 5); + + if (!tmp_key){ + LogMessage(X_ERROR, "config/hal: couldn't allocate memory for option %s\n", psi_key); + } else { + sprintf(tmp_key, "xkb_%s", psi_key + sizeof(LIBHAL_XKB_PROP_KEY)-1); + add_option(&options, tmp_key, tmp_val); + + xfree(tmp_key); + } + xfree(tmp_val); + } + } + } + + /* psi_key doesn't need to be freed */ + libhal_psi_next(&set_iter); + } + + /* this isn't an error, but how else do you output something that the user can see? */ + LogMessage(X_INFO, "config/hal: Adding input device %s\n", name); if (NewInputDeviceRequest(options, &dev) != Success) { - ErrorF("[config/hal] NewInputDeviceRequest failed\n"); + LogMessage(X_ERROR, "config/hal: NewInputDeviceRequest failed\n"); dev = NULL; goto unwind; } - for (; dev; dev = dev->next) + for (; dev; dev = dev->next){ + if (dev->config_info) + xfree(dev->config_info); dev->config_info = xstrdup(config_info); + } unwind: + if (set) + libhal_free_property_set(set); if (path) xfree(path); if (driver) xfree(driver); if (name) xfree(name); - if (xkb_rules) - xfree(xkb_rules); - if (xkb_model) - xfree(xkb_model); - if (xkb_layout) - xfree(xkb_layout); - if (xkb_variant) - xfree(xkb_variant); - if (xkb_options) - xfree(xkb_options); if (config_info) xfree(config_info); while (!dev && (tmpo = options)) { @@ -272,7 +306,6 @@ unwind: xfree(tmpo); } -out_error: dbus_error_free(&error); return; @@ -288,7 +321,7 @@ disconnect_hook(void *data) if (dbus_connection_get_is_connected(info->system_bus)) { dbus_error_init(&error); if (!libhal_ctx_shutdown(info->hal_ctx, &error)) - DebugF("[config/hal] couldn't shut down context: %s (%s)\n", + LogMessage(X_WARNING, "config/hal: disconnect_hook couldn't shut down context: %s (%s)\n", error.name, error.message); dbus_error_free(&error); } @@ -314,21 +347,21 @@ connect_hook(DBusConnection *connection, void *data) if (!info->hal_ctx) info->hal_ctx = libhal_ctx_new(); if (!info->hal_ctx) { - ErrorF("[config/hal] couldn't create HAL context\n"); + LogMessage(X_ERROR, "config/hal: couldn't create HAL context\n"); goto out_err; } if (!libhal_ctx_set_dbus_connection(info->hal_ctx, info->system_bus)) { - ErrorF("[config/hal] couldn't associate HAL context with bus\n"); + LogMessage(X_ERROR, "config/hal: couldn't associate HAL context with bus\n"); goto out_ctx; } if (!libhal_ctx_init(info->hal_ctx, &error)) { - ErrorF("[config/hal] couldn't initialise context: %s (%s)\n", + LogMessage(X_ERROR, "config/hal: couldn't initialise context: %s (%s)\n", error.name, error.message); goto out_ctx; } if (!libhal_device_property_watch_all(info->hal_ctx, &error)) { - ErrorF("[config/hal] couldn't watch all properties: %s (%s)\n", + LogMessage(X_ERROR, "config/hal: couldn't watch all properties: %s (%s)\n", error.name, error.message); goto out_ctx2; } @@ -348,7 +381,7 @@ connect_hook(DBusConnection *connection, void *data) out_ctx2: if (!libhal_ctx_shutdown(info->hal_ctx, &error)) - DebugF("[config/hal] couldn't shut down context: %s (%s)\n", + LogMessage(X_WARNING, "config/hal: couldn't shut down context: %s (%s)\n", error.name, error.message); out_ctx: libhal_ctx_free(info->hal_ctx); @@ -376,10 +409,13 @@ config_hal_init(void) hal_info.hal_ctx = NULL; if (!config_dbus_core_add_hook(&hook)) { - ErrorF("[config/hal] failed to add D-Bus hook\n"); + LogMessage(X_ERROR, "config/hal: failed to add D-Bus hook\n"); return 0; } + /* verbose message */ + LogMessageVerb(X_INFO,7,"config/hal: initialized"); + return 1; } diff --git a/config/x11-input.fdi b/config/x11-input.fdi index c390706fb..f2e2d50ab 100644 --- a/config/x11-input.fdi +++ b/config/x11-input.fdi @@ -1,7 +1,57 @@ - + + + mouse - base + base keyboard - pc105 + pc105 evdev - evdev + evdev - us + us - + diff --git a/configure.ac b/configure.ac index 3b2e7618c..b251dce7f 100644 --- a/configure.ac +++ b/configure.ac @@ -1025,6 +1025,8 @@ XKB_STUB_LIB='$(top_builddir)/xkb/libxkbstubs.la' AC_CHECK_FUNC(strcasecmp, [], AC_DEFINE([NEED_STRCASECMP], 1, [Do not have 'strcasecmp'.])) +AC_CHECK_FUNC(strncasecmp, [], AC_DEFINE([NEED_STRNCASECMP], 1, + [Do not have 'strncasecmp'.])) if test "x$NULL_ROOT_CURSOR" = xyes; then AC_DEFINE(NULL_ROOT_CURSOR, 1, [Use an empty root cursor]) From 82e7cf12453a4f91324c07581b59887dcc27014e Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 8 May 2008 14:05:56 +0930 Subject: [PATCH 13/34] config: remove trailing whitespaces. It makes my vim look ugly. Put "let c_space_errors=1" into your .vimrc. (cherry picked from commit 1f54c05cf8a6b82e5fc6362f7f8e8fdc2444b9e8) (cherry picked from commit 901978ebe0f446532255701cd536e246e805a55b) --- config/hal.c | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/config/hal.c b/config/hal.c index f9cffdb4e..07430489c 100644 --- a/config/hal.c +++ b/config/hal.c @@ -121,7 +121,7 @@ get_prop_string(LibHalContext *hal_ctx, const char *udi, const char *name) return ret; } -/* this function is no longer used... keep it here in case its needed in +/* this function is no longer used... keep it here in case its needed in * the future. */ #if 0 static char * @@ -157,7 +157,7 @@ get_prop_string_array(LibHalContext *hal_ctx, const char *udi, const char *prop) return ret; } -#endif +#endif static void device_added(LibHalContext *hal_ctx, const char *udi) @@ -166,12 +166,12 @@ device_added(LibHalContext *hal_ctx, const char *udi) InputOption *options = NULL, *tmpo = NULL; DeviceIntPtr dev; DBusError error; - + LibHalPropertySet *set = NULL; LibHalPropertySetIterator set_iter; char *psi_key = NULL, *tmp_val, *tmp_key; - - + + dbus_error_init(&error); driver = get_prop_string(hal_ctx, udi, "input.x11_driver"); @@ -180,13 +180,13 @@ device_added(LibHalContext *hal_ctx, const char *udi) LogMessageVerb(X_INFO,7,"config/hal: no driver specified for device %s\n", udi); goto unwind; } - + path = get_prop_string(hal_ctx, udi, "input.device"); if (!path) { LogMessage(X_WARNING,"config/hal: no driver or path specified for %s\n", udi); goto unwind; } - + name = get_prop_string(hal_ctx, udi, "info.product"); if (!name) name = xstrdup("(unnamed)"); @@ -196,7 +196,7 @@ device_added(LibHalContext *hal_ctx, const char *udi) LogMessage(X_ERROR, "config/hal: couldn't allocate space for input options!\n"); goto unwind; } - + options->key = xstrdup("_source"); options->value = xstrdup("server/hal"); if (!options->key || !options->value) { @@ -204,14 +204,14 @@ device_added(LibHalContext *hal_ctx, const char *udi) goto unwind; } - /* most drivers use device.. not path. evdev uses both however, but the + /* most drivers use device.. not path. evdev uses both however, but the * path version isn't documented apparently. support both for now. */ add_option(&options, "path", path); add_option(&options, "device", path); - + add_option(&options, "driver", driver); add_option(&options, "name", name); - + config_info = xalloc(strlen(udi) + 5); /* "hal:" and NULL */ if (!config_info) { LogMessage(X_ERROR, "config/hal: couldn't allocate name\n"); @@ -222,58 +222,58 @@ device_added(LibHalContext *hal_ctx, const char *udi) /* ok, grab options from hal.. iterate through all properties * and lets see if any of them are options that we can add */ set = libhal_device_get_all_properties(hal_ctx, udi, &error); - + if (!set) { LogMessage(X_ERROR, "config/hal: couldn't get property list for %s: %s (%s)\n", udi, error.name, error.message); goto unwind; } - + libhal_psi_init(&set_iter,set); while (libhal_psi_has_more(&set_iter)) { /* we are looking for supported keys.. extract and add to options */ - psi_key = libhal_psi_get_key(&set_iter); - + psi_key = libhal_psi_get_key(&set_iter); + if (psi_key){ /* normal options first (input.x11_options.) */ if (!strncasecmp(psi_key, LIBHAL_PROP_KEY, sizeof(LIBHAL_PROP_KEY)-1)){ - + /* only support strings for all values */ tmp_val = get_prop_string(hal_ctx, udi, psi_key); - + if (tmp_val){ add_option(&options, psi_key + sizeof(LIBHAL_PROP_KEY)-1, tmp_val); xfree(tmp_val); } - + /* evdev's XKB options... we should probably depreciate this usage */ } else if (!strncasecmp(psi_key, LIBHAL_XKB_PROP_KEY, sizeof(LIBHAL_XKB_PROP_KEY)-1)){ - + /* only support strings for all values */ tmp_val = get_prop_string(hal_ctx, udi, psi_key); - + if (tmp_val){ /* add "xkb_" + NULL */ tmp_key = xalloc(strlen(psi_key) - ( sizeof(LIBHAL_XKB_PROP_KEY) - 1) + 5); - + if (!tmp_key){ LogMessage(X_ERROR, "config/hal: couldn't allocate memory for option %s\n", psi_key); } else { sprintf(tmp_key, "xkb_%s", psi_key + sizeof(LIBHAL_XKB_PROP_KEY)-1); add_option(&options, tmp_key, tmp_val); - + xfree(tmp_key); } xfree(tmp_val); - } + } } } - + /* psi_key doesn't need to be freed */ libhal_psi_next(&set_iter); } - + /* this isn't an error, but how else do you output something that the user can see? */ LogMessage(X_INFO, "config/hal: Adding input device %s\n", name); if (NewInputDeviceRequest(options, &dev) != Success) { @@ -415,7 +415,7 @@ config_hal_init(void) /* verbose message */ LogMessageVerb(X_INFO,7,"config/hal: initialized"); - + return 1; } From 59a52d8151aeb607f39394ceb36ed69b9c2a15d5 Mon Sep 17 00:00:00 2001 From: Peter Hutterer Date: Thu, 8 May 2008 16:58:31 +0930 Subject: [PATCH 14/34] config: override xkb_{r,m,l,v} with Xkb{r,m,l,v} if the latter is set. The HAL spec says that input.xkb.{rmlv}* can be sent, but if the user specifies a X-specific {rmlv}, then this is overridden through the use of input.x11_options.Xkb{RMLV}. However, the way how the server parses options--by ignoring capitalisation, underscores and spaces--the HAL and the x11_options would override each other. So we simply filter the options, letting Xkb{RMLV} override xkb_{rmlv} and only actually add them to the device after parsing _all_ options. * rmlv ... rules, model, layout, variant See Bug 13037 (cherry picked from commit fc35d1e3be201e3821413bb2eeb8d43e1e56ba17) (cherry picked from commit ff013b0da4e6d33b2b69ce1212e9bd62050574e1) --- config/hal.c | 100 ++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 87 insertions(+), 13 deletions(-) diff --git a/config/hal.c b/config/hal.c index 07430489c..ac9e3d22a 100644 --- a/config/hal.c +++ b/config/hal.c @@ -48,6 +48,15 @@ struct config_hal_info { LibHalContext *hal_ctx; }; +/* Used for special handling of xkb options. */ +struct xkb_options { + char* layout; + char* model; + char* rules; + char* variant; +}; + + static void remove_device(DeviceIntPtr dev) { @@ -166,10 +175,11 @@ device_added(LibHalContext *hal_ctx, const char *udi) InputOption *options = NULL, *tmpo = NULL; DeviceIntPtr dev; DBusError error; + struct xkb_options xkb_opts = {0}; LibHalPropertySet *set = NULL; LibHalPropertySetIterator set_iter; - char *psi_key = NULL, *tmp_val, *tmp_key; + char *psi_key = NULL, *tmp_val; dbus_error_init(&error); @@ -243,27 +253,71 @@ device_added(LibHalContext *hal_ctx, const char *udi) tmp_val = get_prop_string(hal_ctx, udi, psi_key); if (tmp_val){ - add_option(&options, psi_key + sizeof(LIBHAL_PROP_KEY)-1, tmp_val); - xfree(tmp_val); - } + char* tmp; - /* evdev's XKB options... we should probably depreciate this usage */ + /* xkb needs special handling. HAL specs include + * input.xkb.xyz options, but the x11-input.fdi specifies + * input.x11_options.Xkbxyz options. By default, we use + * the former, unless the specific X11 ones are specified. + * Since we can't predict the order in which the keys + * arrive, we need to store them. + */ + if ((tmp = strcasestr(psi_key, "xkb"))) + { + if (!strcasecmp(&tmp[3], "layout")) + { + if (xkb_opts.layout) + xfree(xkb_opts.layout); + xkb_opts.layout = strdup(tmp_val); + } else if (!strcasecmp(&tmp[3], "model")) + { + if (xkb_opts.model) + xfree(xkb_opts.model); + xkb_opts.model = strdup(tmp_val); + } else if (!strcasecmp(&tmp[3], "rules")) + { + if (xkb_opts.rules) + xfree(xkb_opts.rules); + xkb_opts.rules = strdup(tmp_val); + } else if (!strcasecmp(&tmp[3], "variant")) + { + if (xkb_opts.variant) + xfree(xkb_opts.variant); + xkb_opts.variant = strdup(tmp_val); + } + } else + { + /* all others */ + add_option(&options, psi_key + sizeof(LIBHAL_PROP_KEY)-1, tmp_val); + xfree(tmp_val); + } + } } else if (!strncasecmp(psi_key, LIBHAL_XKB_PROP_KEY, sizeof(LIBHAL_XKB_PROP_KEY)-1)){ /* only support strings for all values */ tmp_val = get_prop_string(hal_ctx, udi, psi_key); if (tmp_val){ - /* add "xkb_" + NULL */ - tmp_key = xalloc(strlen(psi_key) - ( sizeof(LIBHAL_XKB_PROP_KEY) - 1) + 5); + char* tmp; - if (!tmp_key){ - LogMessage(X_ERROR, "config/hal: couldn't allocate memory for option %s\n", psi_key); - } else { - sprintf(tmp_key, "xkb_%s", psi_key + sizeof(LIBHAL_XKB_PROP_KEY)-1); - add_option(&options, tmp_key, tmp_val); + tmp = &psi_key[sizeof(LIBHAL_XKB_PROP_KEY) - 1]; - xfree(tmp_key); + if (!strcasecmp(tmp, "layout")) + { + if (!xkb_opts.layout) + xkb_opts.layout = strdup(tmp_val); + } else if (!strcasecmp(tmp, "rules")) + { + if (!xkb_opts.rules) + xkb_opts.rules = strdup(tmp_val); + } else if (!strcasecmp(tmp, "variant")) + { + if (!xkb_opts.variant) + xkb_opts.variant = strdup(tmp_val); + } else if (!strcasecmp(tmp, "model")) + { + if (!xkb_opts.model) + xkb_opts.model = strdup(tmp_val); } xfree(tmp_val); } @@ -274,6 +328,17 @@ device_added(LibHalContext *hal_ctx, const char *udi) libhal_psi_next(&set_iter); } + + /* Now add xkb options */ + if (xkb_opts.layout) + add_option(&options, "xkb_layout", xkb_opts.layout); + if (xkb_opts.rules) + add_option(&options, "xkb_rules", xkb_opts.rules); + if (xkb_opts.variant) + add_option(&options, "xkb_variant", xkb_opts.variant); + if (xkb_opts.model) + add_option(&options, "xkb_model", xkb_opts.model); + /* this isn't an error, but how else do you output something that the user can see? */ LogMessage(X_INFO, "config/hal: Adding input device %s\n", name); if (NewInputDeviceRequest(options, &dev) != Success) { @@ -306,6 +371,15 @@ unwind: xfree(tmpo); } + if (xkb_opts.layout) + xfree(xkb_opts.layout); + if (xkb_opts.rules) + xfree(xkb_opts.rules); + if (xkb_opts.model) + xfree(xkb_opts.model); + if (xkb_opts.variant) + xfree(xkb_opts.variant); + dbus_error_free(&error); return; From 38f573566e3218bd385a4940a6f9be700bc4f937 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Thu, 12 Jun 2008 09:04:24 +1000 Subject: [PATCH 15/34] dbe: fix DoS reported by iDefense. This isn't a security problem just a user could DoS themselves for fun or profit. (cherry picked from commit 23e71ef71a178505494d4b410f9314acfff81524) --- dbe/dbe.c | 53 +++++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/dbe/dbe.c b/dbe/dbe.c index 8175a352f..d34708d38 100644 --- a/dbe/dbe.c +++ b/dbe/dbe.c @@ -229,6 +229,7 @@ ProcDbeAllocateBackBufferName(ClientPtr client) xDbeSwapAction swapAction; VisualID visual; int status; + int add_index; REQUEST_SIZE_MATCH(xDbeAllocateBackBufferNameReq); @@ -299,14 +300,6 @@ ProcDbeAllocateBackBufferName(ClientPtr client) return(BadAlloc); bzero(pDbeWindowPriv, sizeof(DbeWindowPrivRec)); - /* Make the window priv a DBE window priv resource. */ - if (!AddResource(stuff->buffer, dbeWindowPrivResType, - (pointer)pDbeWindowPriv)) - { - xfree(pDbeWindowPriv); - return(BadAlloc); - } - /* Fill out window priv information. */ pDbeWindowPriv->pWindow = pWin; pDbeWindowPriv->width = pWin->drawable.width; @@ -321,14 +314,15 @@ ProcDbeAllocateBackBufferName(ClientPtr client) /* Initialize the buffer ID list. */ pDbeWindowPriv->maxAvailableIDs = DBE_INIT_MAX_IDS; pDbeWindowPriv->IDs[0] = stuff->buffer; - for (i = 1; i < DBE_INIT_MAX_IDS; i++) + + add_index = 0; + for (i = 0; i < DBE_INIT_MAX_IDS; i++) { pDbeWindowPriv->IDs[i] = DBE_FREE_ID_ELEMENT; } - /* Actually connect the window priv to the window. */ - dixSetPrivate(&pWin->devPrivates, dbeWindowPrivKey, pDbeWindowPriv); + dixSetPrivate(&pWin->devPrivates, dbeWindowPrivKey, pDbeWindowPriv); } /* if -- There is no buffer associated with the window. */ @@ -354,7 +348,6 @@ ProcDbeAllocateBackBufferName(ClientPtr client) /* No more room in the ID array -- reallocate another array. */ XID *pIDs; - /* Setup an array pointer for the realloc operation below. */ if (pDbeWindowPriv->maxAvailableIDs == DBE_INIT_MAX_IDS) { @@ -391,16 +384,7 @@ ProcDbeAllocateBackBufferName(ClientPtr client) pDbeWindowPriv->maxAvailableIDs += DBE_INCR_MAX_IDS; } - /* Finally, record the buffer ID in the array. */ - pDbeWindowPriv->IDs[i] = stuff->buffer; - - /* Associate the new ID with an existing window priv. */ - if (!AddResource(stuff->buffer, dbeWindowPrivResType, - (pointer)pDbeWindowPriv)) - { - pDbeWindowPriv->IDs[i] = DBE_FREE_ID_ELEMENT; - return(BadAlloc); - } + add_index = i; } /* else -- A buffer is already associated with the window. */ @@ -409,13 +393,26 @@ ProcDbeAllocateBackBufferName(ClientPtr client) status = (*pDbeScreenPriv->AllocBackBufferName)(pWin, stuff->buffer, stuff->swapAction); - if ((status != Success) && (pDbeWindowPriv->nBufferIDs == 0)) + if (status == Success) { + pDbeWindowPriv->IDs[add_index] = stuff->buffer; + if (!AddResource(stuff->buffer, dbeWindowPrivResType, + (pointer)pDbeWindowPriv)) + { + pDbeWindowPriv->IDs[add_index] = DBE_FREE_ID_ELEMENT; + + if (pDbeWindowPriv->nBufferIDs == 0) { + status = BadAlloc; + goto out_free; + } + } + } else { /* The DDX buffer allocation routine failed for the first buffer of * this window. */ - xfree(pDbeWindowPriv); - return(status); + if (pDbeWindowPriv->nBufferIDs == 0) { + goto out_free; + } } /* Increment the number of buffers (XIDs) associated with this window. */ @@ -424,9 +421,13 @@ ProcDbeAllocateBackBufferName(ClientPtr client) /* Set swap action on all calls. */ pDbeWindowPriv->swapAction = stuff->swapAction; - return(status); +out_free: + dixSetPrivate(&pWin->devPrivates, dbeWindowPrivKey, NULL); + xfree(pDbeWindowPriv); + return (status); + } /* ProcDbeAllocateBackBufferName() */ From 336a46c51932b9af7732e575f7ff43e41e47649e Mon Sep 17 00:00:00 2001 From: George Sapountzis Date: Fri, 23 May 2008 22:39:35 +0300 Subject: [PATCH 16/34] glx: fix memory corruption with r5g6b5 should cherry-pick to xserver-1.5 (cherry picked from commit 6c72961d8fa1ab1543f1b3e2cc7d34ff6d254bf8) --- GL/glx/glxscreens.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/GL/glx/glxscreens.c b/GL/glx/glxscreens.c index 5859de0b1..cc7054a64 100644 --- a/GL/glx/glxscreens.c +++ b/GL/glx/glxscreens.c @@ -420,10 +420,13 @@ findFirstSet(unsigned int v) static void initGlxVisual(VisualPtr visual, __GLXconfig *config) { + int maxBits; + maxBits = max(config->redBits, max(config->greenBits, config->blueBits)); + config->visualID = visual->vid; visual->class = glxConvertToXVisualType(config->visualType); - visual->bitsPerRGBValue = config->redBits; - visual->ColormapEntries = 1 << config->redBits; + visual->bitsPerRGBValue = maxBits; + visual->ColormapEntries = 1 << maxBits; visual->nplanes = config->redBits + config->greenBits + config->blueBits; visual->redMask = config->redMask; From 53a84d75c65f75c629c6610a2ec4093507cea3f7 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Fri, 23 May 2008 23:00:40 +0200 Subject: [PATCH 17/34] xfree86: fix build on GNU/kFreeBSD GNU/kFreeBSD defines __FreeBSD_kernel__, but not __FreeBSD__. Unify preprocessor conditionals between variable declaration and use. Debian bug #482550. (cherry picked from commit e6cbb1e11e5da1a8b9001853c25f4e5a052e7110) --- hw/xfree86/os-support/bsd/bsd_init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/xfree86/os-support/bsd/bsd_init.c b/hw/xfree86/os-support/bsd/bsd_init.c index 2c6a0256b..83583d5b9 100644 --- a/hw/xfree86/os-support/bsd/bsd_init.c +++ b/hw/xfree86/os-support/bsd/bsd_init.c @@ -159,7 +159,7 @@ xf86OpenConsole() xf86ConsOpen_t *driver; #if defined (SYSCONS_SUPPORT) || defined (PCVT_SUPPORT) int result; -#ifdef __FreeBSD__ +#if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) struct utsname uts; #endif vtmode_t vtmode; From 21248705bbd9876ea6d2d78a85bedc4904c63899 Mon Sep 17 00:00:00 2001 From: Dave Airlie Date: Thu, 12 Jun 2008 14:54:56 +1000 Subject: [PATCH 18/34] modes: make aspect choosing work on single output case. In the single output enabled case we never enter the loop and test never gets set and so we fail to match a good mode. This was causing my 2560x1600 to end up at 2048x1536. --- hw/xfree86/modes/xf86Crtc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c index 855d646da..02c447d3a 100644 --- a/hw/xfree86/modes/xf86Crtc.c +++ b/hw/xfree86/modes/xf86Crtc.c @@ -1854,6 +1854,7 @@ bestModeForAspect(xf86CrtcConfigPtr config, Bool *enabled, float aspect) nextEnabledOutput(config, enabled, &o); while ((mode = nextAspectMode(config->output[o], mode, aspect))) { + test = mode; for (p = o; nextEnabledOutput(config, enabled, &p); ) { test = xf86OutputFindClosestMode(config->output[p], mode); if (!test) From 255202666411e15ebe2f9cde35b48a333dc9e38c Mon Sep 17 00:00:00 2001 From: Eamon Walsh Date: Fri, 13 Jun 2008 16:39:40 -0400 Subject: [PATCH 19/34] Make devPrivates lookup functions ABI instead of static inlines. This is required to preserve compatibility across changes to the internal representation of the privates list. (cherry picked from commit 2d7ba09dc4b5eff5dba8d7867f285111574b1737) --- dix/privates.c | 65 ++++++++++++++++++++++++++++++++++++++ hw/xfree86/loader/dixsym.c | 3 ++ include/privates.h | 61 +++++------------------------------ 3 files changed, 76 insertions(+), 53 deletions(-) diff --git a/dix/privates.c b/dix/privates.c index 47a0e1a29..efb320463 100644 --- a/dix/privates.c +++ b/dix/privates.c @@ -39,6 +39,12 @@ from The Open Group. #include "colormapst.h" #include "inputstr.h" +struct _Private { + DevPrivateKey key; + pointer value; + struct _Private *next; +}; + typedef struct _PrivateDesc { DevPrivateKey key; unsigned size; @@ -116,6 +122,65 @@ dixAllocatePrivate(PrivateRec **privates, const DevPrivateKey key) return &ptr->value; } +/* + * Look up a private pointer. + */ +_X_EXPORT pointer +dixLookupPrivate(PrivateRec **privates, const DevPrivateKey key) +{ + PrivateRec *rec = *privates; + pointer *ptr; + + while (rec) { + if (rec->key == key) + return rec->value; + rec = rec->next; + } + + ptr = dixAllocatePrivate(privates, key); + return ptr ? *ptr : NULL; +} + +/* + * Look up the address of a private pointer. + */ +_X_EXPORT pointer * +dixLookupPrivateAddr(PrivateRec **privates, const DevPrivateKey key) +{ + PrivateRec *rec = *privates; + + while (rec) { + if (rec->key == key) + return &rec->value; + rec = rec->next; + } + + return dixAllocatePrivate(privates, key); +} + +/* + * Set a private pointer. + */ +_X_EXPORT int +dixSetPrivate(PrivateRec **privates, const DevPrivateKey key, pointer val) +{ + PrivateRec *rec; + + top: + rec = *privates; + while (rec) { + if (rec->key == key) { + rec->value = val; + return TRUE; + } + rec = rec->next; + } + + if (!dixAllocatePrivate(privates, key)) + return FALSE; + goto top; +} + /* * Called to free privates at object deletion time. */ diff --git a/hw/xfree86/loader/dixsym.c b/hw/xfree86/loader/dixsym.c index d6d22c4b9..a8bde756b 100644 --- a/hw/xfree86/loader/dixsym.c +++ b/hw/xfree86/loader/dixsym.c @@ -265,6 +265,9 @@ _X_HIDDEN void *dixLookupTab[] = { SYMFUNC(dixRegisterPrivateInitFunc) SYMFUNC(dixRegisterPrivateDeleteFunc) SYMFUNC(dixAllocatePrivate) + SYMFUNC(dixLookupPrivate) + SYMFUNC(dixLookupPrivateAddr) + SYMFUNC(dixSetPrivate) SYMFUNC(dixFreePrivates) SYMFUNC(dixRegisterPrivateOffset) SYMFUNC(dixLookupPrivateOffset) diff --git a/include/privates.h b/include/privates.h index 8d59b728f..98d893c77 100644 --- a/include/privates.h +++ b/include/privates.h @@ -20,12 +20,8 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. *****************************************************************/ typedef void *DevPrivateKey; - -typedef struct _Private { - DevPrivateKey key; - pointer value; - struct _Private *next; -} PrivateRec; +struct _Private; +typedef struct _Private PrivateRec; /* * Request pre-allocated private space for your driver/module. @@ -43,61 +39,20 @@ dixAllocatePrivate(PrivateRec **privates, const DevPrivateKey key); /* * Look up a private pointer. */ -static _X_INLINE pointer -dixLookupPrivate(PrivateRec **privates, const DevPrivateKey key) -{ - PrivateRec *rec = *privates; - pointer *ptr; - - while (rec) { - if (rec->key == key) - return rec->value; - rec = rec->next; - } - - ptr = dixAllocatePrivate(privates, key); - return ptr ? *ptr : NULL; -} +pointer +dixLookupPrivate(PrivateRec **privates, const DevPrivateKey key); /* * Look up the address of a private pointer. */ -static _X_INLINE pointer * -dixLookupPrivateAddr(PrivateRec **privates, const DevPrivateKey key) -{ - PrivateRec *rec = *privates; - - while (rec) { - if (rec->key == key) - return &rec->value; - rec = rec->next; - } - - return dixAllocatePrivate(privates, key); -} +pointer * +dixLookupPrivateAddr(PrivateRec **privates, const DevPrivateKey key); /* * Set a private pointer. */ -static _X_INLINE int -dixSetPrivate(PrivateRec **privates, const DevPrivateKey key, pointer val) -{ - PrivateRec *rec; - - top: - rec = *privates; - while (rec) { - if (rec->key == key) { - rec->value = val; - return TRUE; - } - rec = rec->next; - } - - if (!dixAllocatePrivate(privates, key)) - return FALSE; - goto top; -} +int +dixSetPrivate(PrivateRec **privates, const DevPrivateKey key, pointer val); /* * Register callbacks to be called on private allocation/freeing. From d2549034133a92d1f5755edd9c34ee84e601d753 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Sat, 14 Jun 2008 14:40:32 -0600 Subject: [PATCH 20/34] configure.ac: fix the help string for --with-freetype. Default value was changed to 'no' in e5b1d38e142807b59ce4ec89764c949f707ec541 but the help string wasn't updated. --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index b251dce7f..97e46b046 100644 --- a/configure.ac +++ b/configure.ac @@ -584,7 +584,7 @@ AC_ARG_ENABLE(xfake, AS_HELP_STRING([--enable-xfake], [Build the kdrive AC_ARG_ENABLE(xfbdev, AS_HELP_STRING([--enable-xfbdev], [Build the kdrive framebuffer device server (default: auto)]), [XFBDEV=$enableval], [XFBDEV=auto]) AC_ARG_ENABLE(kdrive-vesa, AS_HELP_STRING([--enable-kdrive-vesa], [Build the kdrive VESA-based servers (default: auto)]), [KDRIVEVESA=$enableval], [KDRIVEVESA=auto]) dnl xprint -AC_ARG_ENABLE(freetype, AS_HELP_STRING([ --enable-freetype], [Build Xprint FreeType backend (default: yes)]), [XP_USE_FREETYPE=$enableval],[XP_USE_FREETYPE=no]) +AC_ARG_ENABLE(freetype, AS_HELP_STRING([ --enable-freetype], [Build Xprint FreeType backend (default: no)]), [XP_USE_FREETYPE=$enableval],[XP_USE_FREETYPE=no]) AC_ARG_WITH(freetype-config, AS_HELP_STRING([ --with-freetype-config=PROG], [Use FreeType configuration program PROG (default: auto)]), freetype_config=$withval, freetype_config=auto) From fba700f1f6a89761c99fe0b3dce60e1b2bb474f4 Mon Sep 17 00:00:00 2001 From: Ian Romanick Date: Tue, 17 Jun 2008 10:35:24 -0400 Subject: [PATCH 21/34] Bug #15169: Make the server build again on Alpha. Still won't work until the kernel makes the resource files actually exist. (cherry picked from commit f3490d3eba94c7d9e760d6d21991ab6677196c2b) --- configure.ac | 2 - hw/xfree86/os-support/bus/Makefile.am | 4 - hw/xfree86/os-support/bus/Pci.h | 71 +---- hw/xfree86/os-support/bus/axpPci.c | 415 -------------------------- 4 files changed, 14 insertions(+), 478 deletions(-) delete mode 100644 hw/xfree86/os-support/bus/axpPci.c diff --git a/configure.ac b/configure.ac index b251dce7f..14c6fe88b 100644 --- a/configure.ac +++ b/configure.ac @@ -1355,8 +1355,6 @@ if test "x$XORG" = xyes -o "x$XGL" = xyes; then ;; alpha*) linux_alpha=yes - XORG_OS_PCI="axp" - xorg_bus_linuxpci="no" ;; i*86|amd64*|x86_64*) linux_acpi="yes" diff --git a/hw/xfree86/os-support/bus/Makefile.am b/hw/xfree86/os-support/bus/Makefile.am index 5a15430c1..d48fcb67d 100644 --- a/hw/xfree86/os-support/bus/Makefile.am +++ b/hw/xfree86/os-support/bus/Makefile.am @@ -23,10 +23,6 @@ if XORG_BUS_SPARCPCI PCI_SOURCES += sparcPci.c endif -if LINUX_ALPHA -PCI_SOURCES += axpPci.c -endif - if XORG_BUS_SPARC PLATFORM_SOURCES = Sbus.c sdk_HEADERS += xf86Sbus.h diff --git a/hw/xfree86/os-support/bus/Pci.h b/hw/xfree86/os-support/bus/Pci.h index b78d30720..557483b9b 100644 --- a/hw/xfree86/os-support/bus/Pci.h +++ b/hw/xfree86/os-support/bus/Pci.h @@ -189,69 +189,26 @@ #define ARCH_PCI_INIT bsdPciInit #endif +#if defined(linux) +# define ARCH_PCI_INIT linuxPciInit +# if defined(__m32r__) +# define INCLUDE_XF86_MAP_PCI_MEM +# define INCLUDE_XF86_NO_DOMAIN +# endif +#endif /* defined(linux) */ + + #if !defined(ARCH_PCI_INIT) /* * Select architecture specific PCI init function */ -#if defined(__alpha__) -# if defined(linux) -# define ARCH_PCI_INIT axpPciInit -# endif -#elif defined(__arm__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# endif -#elif defined(__hppa__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# endif -#elif defined(__ia64__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# endif -#elif defined(__i386__) || defined(__i386) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# else -# define ARCH_PCI_INIT ix86PciInit -# endif -#elif defined(__mc68000__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# endif -#elif defined(__mips__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# endif +#if defined(__i386__) || defined(__i386) || defined(__amd64__) || defined(__amd64) || defined(__x86_64__) +# define ARCH_PCI_INIT ix86PciInit #elif defined(__powerpc__) || defined(__powerpc64__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# else -# define ARCH_PCI_INIT ppcPciInit -# endif -#elif defined(__s390__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# endif -#elif defined(__sh__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# endif +# define ARCH_PCI_INIT ppcPciInit #elif defined(__sparc__) || defined(sparc) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# elif defined(sun) -# define ARCH_PCI_INIT sparcPciInit -# endif -# if !defined(__FreeBSD__) && !defined(linux) -# define ARCH_PCI_PCI_BRIDGE sparcPciPciBridge -# endif -#elif defined(__amd64__) || defined(__amd64) || defined(__x86_64__) -# if defined(linux) -# define ARCH_PCI_INIT linuxPciInit -# else -# define ARCH_PCI_INIT ix86PciInit -# endif +# define ARCH_PCI_INIT sparcPciInit +# define ARCH_PCI_PCI_BRIDGE sparcPciPciBridge #endif #endif /* !defined(ARCH_PCI_INIT) */ diff --git a/hw/xfree86/os-support/bus/axpPci.c b/hw/xfree86/os-support/bus/axpPci.c deleted file mode 100644 index c59c06804..000000000 --- a/hw/xfree86/os-support/bus/axpPci.c +++ /dev/null @@ -1,415 +0,0 @@ -/* - * Copyright 1998 by Concurrent Computer Corporation - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appear in all copies and that - * both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of Concurrent Computer - * Corporation not be used in advertising or publicity pertaining to - * distribution of the software without specific, written prior - * permission. Concurrent Computer Corporation makes no representations - * about the suitability of this software for any purpose. It is - * provided "as is" without express or implied warranty. - * - * CONCURRENT COMPUTER CORPORATION DISCLAIMS ALL WARRANTIES WITH REGARD - * TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CONCURRENT COMPUTER CORPORATION BE - * LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY - * DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, - * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, - * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - * Copyright 1998 by Metro Link Incorporated - * - * Permission to use, copy, modify, distribute, and sell this software - * and its documentation for any purpose is hereby granted without fee, - * provided that the above copyright notice appear in all copies and that - * both that copyright notice and this permission notice appear in - * supporting documentation, and that the name of Metro Link - * Incorporated not be used in advertising or publicity pertaining to - * distribution of the software without specific, written prior - * permission. Metro Link Incorporated makes no representations - * about the suitability of this software for any purpose. It is - * provided "as is" without express or implied warranty. - * - * METRO LINK INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD - * TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL METRO LINK INCORPORATED BE - * LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY - * DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, - * WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, - * ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#ifdef HAVE_XORG_CONFIG_H -#include -#endif - -#include -#include "compiler.h" -#include "xf86.h" -#include "xf86Priv.h" -#include "xf86_OSlib.h" -#include "Pci.h" - -#include -#include "../linux/lnx.h" /* for _iobase */ - -/* - * Alpha/Linux platform specific PCI access functions - */ -static CARD32 axpPciCfgRead(PCITAG tag, int off); -static void axpPciCfgWrite(PCITAG, int off, CARD32 val); -static void axpPciCfgSetBits(PCITAG tag, int off, CARD32 mask, CARD32 bits); - -static pciBusFuncs_t axpFuncs0 = { -/* pciReadLong */ axpPciCfgRead, -/* pciWriteLong */ axpPciCfgWrite, -/* pciSetBitsLong */ axpPciCfgSetBits, -/* pciAddrHostToBus */ pciAddrNOOP, -/* pciAddrBusToHost */ pciAddrNOOP -}; - -typedef struct _axpDomainRec { - int domain, hose; - int root_bus; - unsigned long dense_io, sparse_io; - unsigned long dense_mem, sparse_mem; - IOADDRESS mapped_io; -} axpDomainRec, *axpDomainPtr; - -#define MAX_DOMAINS (MAX_PCI_BUSES / 256) -static axpDomainPtr xf86DomainInfo[MAX_DOMAINS] = { NULL, }; -static int pciNumDomains = 0; - -/* - * For debug, domain assignment can start downward from a fixed base - * (instead of up from 0) by defining FORCE_HIGH_DOMAINS. This allows - * debug of large domain numbers and sparse domain numbering on systems - * which don't have as many hoses. - */ -#if 0 -# define FORCE_HIGH_DOMAINS MAX_DOMAINS /* assign domains downward from here */ -#endif - -/* - * If FORCE_HIGH_DOMAINS is set, make sure it's not larger than the - * max domain - */ -#if defined(FORCE_HIGH_DOMAINS) && (FORCE_HIGH_DOMAINS > MAX_DOMAINS) -# undef FORCE_HIGH_DOMAINS -# define FORCE_HIGH_DOMAINS MAX_DOMAINS -#endif - -static int -axpSetupDomains(void) -{ - axpDomainRec axpDomain; - int numDomains = 0; - int hose; - -#ifndef INCLUDE_XF86_NO_DOMAIN - -#ifdef FORCE_HIGH_DOMAINS - xf86Msg(X_WARNING, - "DEBUG OPTION FORCE_HIGH_DOMAINS in use - DRI will *NOT* work\n"); - numDomains = FORCE_HIGH_DOMAINS; -#endif - - /* - * Since each hose has a different address space, hoses are a perfect - * overlay for domains, so set up one domain for each hose present - * in the system. We have to loop through all possible hoses because - * some systems allow sparse I/O controllers. - */ - for(hose = 0; hose < MAX_DOMAINS; hose++) { - axpDomain.root_bus = _iobase(IOBASE_ROOT_BUS, hose, -1, -1); - if (axpDomain.root_bus < 0) continue; - - axpDomain.hose = hose; - -#ifndef FORCE_HIGH_DOMAINS - - axpDomain.domain = axpDomain.hose = hose; - numDomains = axpDomain.domain + 1; - -#else /* FORCE_HIGH_DOMAINS */ - - axpDomain.domain = numDomains - hose - 1; - - xf86Msg(X_WARNING, - "FORCE_HIGH_DOMAINS - assigned hose %d to domain %d\n", - axpDomain.hose, axpDomain.domain); - -#endif /* FORCE_HIGH_DOMAINS */ - - axpDomain.dense_io = _iobase(IOBASE_DENSE_IO, hose, -1, -1); - axpDomain.sparse_io = _iobase(IOBASE_SPARSE_IO, hose, -1, -1); - axpDomain.mapped_io = 0; - axpDomain.dense_mem = _iobase(IOBASE_DENSE_MEM, hose, -1, -1); - axpDomain.sparse_mem = _iobase(IOBASE_SPARSE_MEM, hose, -1, -1); - - xf86DomainInfo[axpDomain.domain] = xnfalloc(sizeof(axpDomainRec)); - *(xf86DomainInfo[axpDomain.domain]) = axpDomain; - - /* - * For now, only allow a single domain (hose) on sparse i/o systems. - * - * Allowing multiple domains on sparse systems would require: - * 1) either - * a) revamping the sparse video mapping code to allow - * for multiple unrelated address regions - * -- OR -- - * b) implementing sparse mapping directly in - * xf86MapDomainMemory - * 2) revaming read/write sparse routines to correctly handle - * the solution to 1) - * 3) implementing a sparse I/O system (mapping, inX/outX) - * independent of glibc, since the glibc version only - * supports hose 0 - */ - if (axpDomain.sparse_io) { - if (_iobase(IOBASE_ROOT_BUS, hose + 1, -1, -1) >= 0) { - /* - * It's a sparse i/o system with (at least) one more hose, - * show a message indicating that video is constrained to - * hose 0 - */ - xf86Msg(X_INFO, - "Sparse I/O system - constraining video to hose 0\n"); - } - break; - } - } - -#else /* INCLUDE_XF86_NO_DOMAIN */ - - /* - * domain support is not included, so just set up a single domain (0) - * to represent the first hose so that axpPciInit will still have - * be able to set up the root bus - */ - xf86DomainInfo[0] = xnfalloc(sizeof(axpDomainRec)); - *(xf86DomainInfo[0]) = axpDomain; - numDomains = 1; - -#endif /* INCLUDE_XF86_NO_DOMAIN */ - - return numDomains; -} - -void -axpPciInit() -{ - axpDomainPtr pDomain; - int domain, bus; - - pciNumDomains = axpSetupDomains(); - - for(domain = 0; domain < pciNumDomains; domain++) { - if (!(pDomain = xf86DomainInfo[domain])) continue; - - /* - * Since any bridged buses will be behind a probed pci-pci bridge, - * only set up the root bus for each domain (hose) and the bridged - * buses will be set up as they are found. - */ - /* make a bus with both the domain and the root bus in it */ - bus = PCI_MAKE_BUS(domain, pDomain->root_bus); - pciBusInfo[bus] = xnfalloc(sizeof(pciBusInfo_t)); - (void)memset(pciBusInfo[bus], 0, sizeof(pciBusInfo_t)); - - pciBusInfo[bus]->configMech = PCI_CFG_MECH_OTHER; - pciBusInfo[bus]->numDevices = 32; - pciBusInfo[bus]->funcs = &axpFuncs0; - pciBusInfo[bus]->pciBusPriv = pDomain; - - pciNumBuses = bus + 1; - } -} - -/* - * Alpha/Linux PCI configuration space access routines - */ -static int -axpPciBusFromTag(PCITAG tag) -{ - pciBusInfo_t *pBusInfo; - axpDomainPtr pDomain; - int bus, dfn; - - bus = PCI_BUS_FROM_TAG(tag); - if ((bus >= pciNumBuses) - || !(pBusInfo = pciBusInfo[bus]) - || !(pDomain = pBusInfo->pciBusPriv) - || (pDomain->domain != PCI_DOM_FROM_TAG(tag))) return -1; - - bus = PCI_BUS_NO_DOMAIN(bus); /* should just be root_bus */ - dfn = PCI_DFN_FROM_TAG(tag); - if (_iobase(IOBASE_HOSE, -1, bus, dfn) != pDomain->hose) return -1; - - return bus; -} - -static CARD32 -axpPciCfgRead(PCITAG tag, int off) -{ - int bus, dfn; - CARD32 val = 0xffffffff; - - if ((bus = axpPciBusFromTag(tag)) >= 0) { - dfn = PCI_DFN_FROM_TAG(tag); - - syscall(__NR_pciconfig_read, bus, dfn, off, 4, &val); - } - return(val); -} - -static void -axpPciCfgWrite(PCITAG tag, int off, CARD32 val) -{ - int bus, dfn; - - if ((bus = axpPciBusFromTag(tag)) >= 0) { - dfn = PCI_DFN_FROM_TAG(tag); - syscall(__NR_pciconfig_write, bus, dfn, off, 4, &val); - } -} - -static void -axpPciCfgSetBits(PCITAG tag, int off, CARD32 mask, CARD32 bits) -{ - int bus, dfn; - CARD32 val = 0xffffffff; - - if ((bus = axpPciBusFromTag(tag)) >= 0) { - dfn = PCI_DFN_FROM_TAG(tag); - - syscall(__NR_pciconfig_read, bus, dfn, off, 4, &val); - val = (val & ~mask) | (bits & mask); - syscall(__NR_pciconfig_write, bus, dfn, off, 4, &val); - } -} - -#ifndef INCLUDE_XF86_NO_DOMAIN - -/* - * Alpha/Linux addressing domain support - */ - -_X_EXPORT int -xf86GetPciDomain(PCITAG Tag) -{ - return PCI_DOM_FROM_TAG(Tag); -} - -_X_EXPORT pointer -xf86MapDomainMemory(int ScreenNum, int Flags, PCITAG Tag, - ADDRESS Base, unsigned long Size) -{ - axpDomainPtr pDomain; - int domain = PCI_DOM_FROM_TAG(Tag); - - if ((domain < 0) || (domain >= pciNumDomains) || - !(pDomain = xf86DomainInfo[domain])) - FatalError("%s called with invalid parameters\n", __FUNCTION__); - - /* - * xf86MapVidMem already does what we need, but remember to subtract - * _bus_base() (the physical dense memory root of hose 0) since - * xf86MapVidMem is expecting an offset relative to _bus_base() rather - * than an actual physical address. - */ - return xf86MapVidMem(ScreenNum, Flags, - pDomain->dense_mem + Base - _bus_base(), Size); -} - -IOADDRESS -xf86MapLegacyIO(struct pci_device *dev) -{ - axpDomainPtr pDomain; - const int domain = dev->domain; - - if ((domain < 0) || (domain >= pciNumDomains) || - !(pDomain = xf86DomainInfo[domain])) - FatalError("%s called with invalid parameters\n", __FUNCTION__); - - /* - * Use glibc inx/outx routines for sparse I/O, so just return the - * base [this is ok since we also constrain sparse I/O systems to - * a single domain in axpSetupDomains()] - */ - if (pDomain->sparse_io) return 0; - - /* - * I/O addresses on Alpha are really just different physical memory - * addresses that the system corelogic turns into I/O commands on the - * bus, so just use xf86MapVidMem to map I/O as well, but remember - * to subtract _bus_base() (the physical dense memory root of hose 0) - * since xf86MapVidMem is expecting an offset relative to _bus_base() - * rather than an actual physical address. - * - * Map the entire I/O space (64kB) at once and only once. - */ - if (!pDomain->mapped_io) - pDomain->mapped_io = (IOADDRESS)xf86MapVidMem(-1, VIDMEM_MMIO, - pDomain->dense_io - _bus_base(), - 0x10000); - - return pDomain->mapped_io; -} - -resPtr -xf86AccResFromOS(resPtr pRes) -{ - resRange range; - int domain; - - for(domain = 0; domain < pciNumDomains; domain++) { - if (!xf86DomainInfo[domain]) continue; - - /* - * Fallback is to claim the following areas: - * - * 0x000c0000 - 0x000effff location of VGA and other extensions ROMS - */ - - RANGE(range, 0x000c0000, 0x000effff, - RANGE_TYPE(ResExcMemBlock, domain)); - pRes = xf86AddResToList(pRes, &range, -1); - - /* - * Fallback would be to claim well known ports in the 0x0 - 0x3ff - * range along with their sparse I/O aliases, but that's too - * imprecise. Instead claim a bare minimum here. - */ - RANGE(range, 0x00000000, 0x000000ff, - RANGE_TYPE(ResExcIoBlock, domain)); /* For mainboard */ - pRes = xf86AddResToList(pRes, &range, -1); - - /* - * At minimum, the top and bottom resources must be claimed, so that - * resources that are (or appear to be) unallocated can be relocated. - */ - RANGE(range, 0x00000000, 0x00000000, - RANGE_TYPE(ResExcMemBlock, domain)); - pRes = xf86AddResToList(pRes, &range, -1); - RANGE(range, 0xffffffff, 0xffffffff, - RANGE_TYPE(ResExcMemBlock, domain)); - pRes = xf86AddResToList(pRes, &range, -1); -/* RANGE(range, 0x00000000, 0x00000000, - RANGE_TYPE(ResExcIoBlock, domain)); - pRes = xf86AddResToList(pRes, &range, -1); */ - RANGE(range, 0xffffffff, 0xffffffff, - RANGE_TYPE(ResExcIoBlock, domain)); - pRes = xf86AddResToList(pRes, &range, -1); - } - - return pRes; -} - -#endif /* !INCLUDE_XF86_NO_DOMAIN */ - From d900de5a8f61e1ee000c1a96fa6c6121ac2a92ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michel=20D=C3=A4nzer?= Date: Tue, 17 Jun 2008 13:13:23 -0400 Subject: [PATCH 22/34] AIGLX/DRI1: Switch to server context for calling pScreen->GetImage. Fixes http://bugs.freedesktop.org/show_bug.cgi?id=16292 . (cherry picked from commit 23b55a61f89f69454a3b0e3413b1f07d5fdf43aa) --- GL/glx/glxdri.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/GL/glx/glxdri.c b/GL/glx/glxdri.c index 9cd0738a0..cfa338ac8 100644 --- a/GL/glx/glxdri.c +++ b/GL/glx/glxdri.c @@ -490,9 +490,11 @@ nooverride: data = xalloc(pitch * pixmap->drawable.height); + __glXenterServer(GL_FALSE); pScreen->GetImage(&pixmap->drawable, 0 /*pixmap->drawable.x*/, 0 /*pixmap->drawable.y*/, pixmap->drawable.width, pixmap->drawable.height, ZPixmap, ~0, data); + __glXleaveServer(GL_FALSE); if (pixmap->drawable.depth == 24) glxFillAlphaChannel(data, @@ -534,9 +536,11 @@ nooverride: pixmap->drawable.depth); void *data = xalloc(pitch * (p[i].y2 - p[i].y1)); + __glXenterServer(GL_FALSE); pScreen->GetImage(&pixmap->drawable, /*pixmap->drawable.x +*/ p[i].x1, /*pixmap->drawable.y*/ + p[i].y1, p[i].x2 - p[i].x1, p[i].y2 - p[i].y1, ZPixmap, ~0, data); + __glXleaveServer(GL_FALSE); if (pixmap->drawable.depth == 24) glxFillAlphaChannel(data, From 7822a3d05f935cca3bfa47d15d961596652ecfca Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 17 Jun 2008 16:10:51 -0400 Subject: [PATCH 23/34] XAA: Disable offscreen pixmaps by default. Say Option "XaaOffscreenPixmaps" to turn them back on. Apropos of bugs #13795 and #15098. Not yet applied to master as this wants a proper solution someday, but then, those bugs aren't closed yet either. --- hw/xfree86/xaa/xaaInitAccel.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/hw/xfree86/xaa/xaaInitAccel.c b/hw/xfree86/xaa/xaaInitAccel.c index 53795f067..00483e3ed 100644 --- a/hw/xfree86/xaa/xaaInitAccel.c +++ b/hw/xfree86/xaa/xaaInitAccel.c @@ -43,7 +43,8 @@ typedef enum { XAAOPT_WRITE_BITMAP, XAAOPT_WRITE_PIXMAP, XAAOPT_PIXMAP_CACHE, - XAAOPT_OFFSCREEN_PIXMAPS + XAAOPT_OFFSCREEN_PIXMAPS, + XAAOPT_HAS_DUMB_INVERTED_OPTION_SENSE } XAAOpts; static const OptionInfoRec XAAOptions[] = { @@ -89,6 +90,8 @@ static const OptionInfoRec XAAOptions[] = { OPTV_BOOLEAN, {0}, FALSE }, {XAAOPT_OFFSCREEN_PIXMAPS, "XaaNoOffscreenPixmaps", OPTV_BOOLEAN, {0}, FALSE }, + {XAAOPT_HAS_DUMB_INVERTED_OPTION_SENSE, "XaaOffscreenPixmaps", + OPTV_BOOLEAN, {0}, FALSE }, { -1, NULL, OPTV_NONE, {0}, FALSE } }; @@ -532,8 +535,8 @@ XAAInitAccel(ScreenPtr pScreen, XAAInfoRecPtr infoRec) #define XAAMSG(s) do { if (serverGeneration == 1) xf86ErrorF(s); } while (0) if((infoRec->Flags & OFFSCREEN_PIXMAPS) && HaveScreenToScreenCopy && - !xf86ReturnOptValBool(options, XAAOPT_OFFSCREEN_PIXMAPS, - FALSE)) { + xf86IsOptionSet(options, XAAOPT_HAS_DUMB_INVERTED_OPTION_SENSE)) + { XAAMSG("\tOffscreen Pixmaps\n"); } else { infoRec->Flags &= ~OFFSCREEN_PIXMAPS; From eed6713d3d6b700ce01a70c3a5a37a6f928d79c7 Mon Sep 17 00:00:00 2001 From: Eamon Walsh Date: Tue, 17 Jun 2008 17:55:11 -0400 Subject: [PATCH 24/34] SELinux: Bring server-side name registry up to date. (cherry picked from commit 656d3d7623c6b83024e9cdc60d1257f4d87aa268) --- dix/protocol.txt | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/dix/protocol.txt b/dix/protocol.txt index f4cdf7bbb..0a85ca872 100644 --- a/dix/protocol.txt +++ b/dix/protocol.txt @@ -359,16 +359,28 @@ V000 SECURITY:AuthorizationRevoked E000 SECURITY:BadAuthorization E001 SECURITY:BadAuthorizationProtocol R000 SELinux:SELinuxQueryVersion -R001 SELinux:SELinuxSetSelectionManager -R002 SELinux:SELinuxGetSelectionManager +R001 SELinux:SELinuxSetDeviceCreateContext +R002 SELinux:SELinuxGetDeviceCreateContext R003 SELinux:SELinuxSetDeviceContext R004 SELinux:SELinuxGetDeviceContext -R005 SELinux:SELinuxSetPropertyCreateContext -R006 SELinux:SELinuxGetPropertyCreateContext -R007 SELinux:SELinuxGetPropertyContext -R008 SELinux:SELinuxSetWindowCreateContext -R009 SELinux:SELinuxGetWindowCreateContext -R010 SELinux:SELinuxGetWindowContext +R005 SELinux:SELinuxSetWindowCreateContext +R006 SELinux:SELinuxGetWindowCreateContext +R007 SELinux:SELinuxGetWindowContext +R008 SELinux:SELinuxSetPropertyCreateContext +R009 SELinux:SELinuxGetPropertyCreateContext +R010 SELinux:SELinuxSetPropertyUseContext +R011 SELinux:SELinuxGetPropertyUseContext +R012 SELinux:SELinuxGetPropertyContext +R013 SELinux:SELinuxGetPropertyDataContext +R014 SELinux:SELinuxListProperties +R015 SELinux:SELinuxSetSelectionCreateContext +R016 SELinux:SELinuxGetSelectionCreateContext +R017 SELinux:SELinuxSetSelectionUseContext +R018 SELinux:SELinuxGetSelectionUseContext +R019 SELinux:SELinuxGetSelectionContext +R020 SELinux:SELinuxGetSelectionDataContext +R021 SELinux:SELinuxListSelections +R022 SELinux:SELinuxGetClientContext R000 SHAPE:QueryVersion R001 SHAPE:Rectangles R002 SHAPE:Mask From ad10515b6c19f224fb6897e9549c5ddee373a557 Mon Sep 17 00:00:00 2001 From: Eamon Walsh Date: Tue, 17 Jun 2008 19:09:44 -0400 Subject: [PATCH 25/34] SELinux: Add an extension alias under the OS-agnostic "Flask" name. (cherry picked from commit 79dd600942bbac3c6b531f284b42c7b2c822da90) --- Xext/xselinux.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Xext/xselinux.c b/Xext/xselinux.c index 1e3b4d66c..a47df03c2 100644 --- a/Xext/xselinux.c +++ b/Xext/xselinux.c @@ -2031,6 +2031,8 @@ SELinuxExtensionInit(INITARGS) ProcSELinuxDispatch, SProcSELinuxDispatch, SELinuxResetProc, StandardMinorOpcode); + AddExtensionAlias("Flask", extEntry); + /* Label objects that were created before we could register ourself */ SELinuxLabelInitial(); } From fc37f8fcb20663159d2a8cef6c9bfca039465534 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Fri, 20 Jun 2008 13:27:32 -0400 Subject: [PATCH 26/34] Bug #12414: Create full-fledged pixmaps in fb24_32ReformatTile(). ... instead of creating pixmaps that only fb knows about, which will have no devPrivates for any other subsystem and thus cause havoc if (when) they leak out. (cherry picked from commit b55fbca4f0705aeff1c69d3ef851c5ff5af6ed94) --- fb/fb24_32.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/fb/fb24_32.c b/fb/fb24_32.c index a03726b8d..1ebd598a8 100644 --- a/fb/fb24_32.c +++ b/fb/fb24_32.c @@ -1,5 +1,4 @@ /* - * * Copyright © 2000 SuSE, Inc. * * Permission to use, copy, modify, distribute, and sell this software and its @@ -544,11 +543,10 @@ fb24_32ReformatTile(PixmapPtr pOldTile, int bitsPerPixel) int oldXoff, oldYoff; int newXoff, newYoff; - pNewTile = fbCreatePixmapBpp (pScreen, - pOldTile->drawable.width, - pOldTile->drawable.height, - pOldTile->drawable.depth, - bitsPerPixel, 0); + pNewTile = pScreen->CreatePixmap(pScreen, pOldTile->drawable.width, + pOldTile->drawable.height, + pOldTile->drawable.depth, + pOldTile->usage_hint); if (!pNewTile) return 0; fbGetDrawable (&pOldTile->drawable, From b0df9a6a421de5ed49a898cb01527bc40baf5814 Mon Sep 17 00:00:00 2001 From: Matthieu Herrb Date: Mon, 19 May 2008 02:24:17 +0200 Subject: [PATCH 27/34] preserve errno around the SIGIO handler (cherry picked from commit 19c7e9da55646f1f6e05c28cd71865cd8d84e1ff) --- hw/xfree86/os-support/shared/sigio.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hw/xfree86/os-support/shared/sigio.c b/hw/xfree86/os-support/shared/sigio.c index c97f50302..f51131c6b 100644 --- a/hw/xfree86/os-support/shared/sigio.c +++ b/hw/xfree86/os-support/shared/sigio.c @@ -101,6 +101,7 @@ xf86SIGIO (int sig) int i; fd_set ready; struct timeval to; + int save_errno = errno; /* do not clobber the global errno */ int r; ready = xf86SigIOMask; @@ -117,6 +118,8 @@ xf86SIGIO (int sig) if (r > 0) { xf86Msg(X_ERROR, "SIGIO %d descriptors not handled\n", r); } + /* restore global errno */ + errno = save_errno; } static int From 89d73d759588da2cb9048c6149a456700ad660e8 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Mon, 23 Jun 2008 13:59:48 -0400 Subject: [PATCH 28/34] Implement bswap in x86emu. Yes, this is a 486+ instruction and thus not strictly legal in vm86 mode, but enough BIOSes use it (looking at you VIA) that we might as well implement it. (cherry picked from commit c8d066a15142678041c1d82ccf530dcdb2ea74ca) --- hw/xfree86/x86emu/ops2.c | 63 +++++++++++++++++++++++++++++++++++----- 1 file changed, 55 insertions(+), 8 deletions(-) diff --git a/hw/xfree86/x86emu/ops2.c b/hw/xfree86/x86emu/ops2.c index 324de8ad8..a1eda76d7 100644 --- a/hw/xfree86/x86emu/ops2.c +++ b/hw/xfree86/x86emu/ops2.c @@ -40,6 +40,12 @@ #include "x86emu/x86emui.h" +#undef bswap_32 +#define bswap_32(x) (((x & 0xff000000) >> 24) | \ + ((x & 0x00ff0000) >> 8) | \ + ((x & 0x0000ff00) << 8) | \ + ((x & 0x000000ff) << 24)) + /*----------------------------- Implementation ----------------------------*/ /**************************************************************************** @@ -2571,6 +2577,47 @@ static void x86emuOp2_movsx_word_R_RM(u8 X86EMU_UNUSED(op2)) END_OF_INSTR(); } +/* Handles opcodes 0xc8-0xcf */ +static void x86emuOp2_bswap(u8 X86EMU_UNUSED(op2)) +{ + START_OF_INSTR(); + DECODE_PRINTF("BSWAP\n"); + TRACE_AND_STEP(); + + switch (op2) { + case 0xc8: + M.x86.R_EAX = bswap_32(M.x86.R_EAX); + break; + case 0xc9: + M.x86.R_ECX = bswap_32(M.x86.R_ECX); + break; + case 0xca: + M.x86.R_EDX = bswap_32(M.x86.R_EDX); + break; + case 0xcb: + M.x86.R_EBX = bswap_32(M.x86.R_EBX); + break; + case 0xcc: + M.x86.R_ESP = bswap_32(M.x86.R_ESP); + break; + case 0xcd: + M.x86.R_EBP = bswap_32(M.x86.R_EBP); + break; + case 0xce: + M.x86.R_ESI = bswap_32(M.x86.R_ESI); + break; + case 0xcf: + M.x86.R_EDI = bswap_32(M.x86.R_EDI); + break; + default: + /* can't happen */ + break; + } + + DECODE_CLEAR_SEGOVR(); + END_OF_INSTR(); +} + /*************************************************************************** * Double byte operation code table: **************************************************************************/ @@ -2788,14 +2835,14 @@ void (*x86emu_optab2[256])(u8) = /* 0xc5 */ x86emuOp2_illegal_op, /* 0xc6 */ x86emuOp2_illegal_op, /* 0xc7 */ x86emuOp2_illegal_op, -/* 0xc8 */ x86emuOp2_illegal_op, /* TODO: bswap */ -/* 0xc9 */ x86emuOp2_illegal_op, /* TODO: bswap */ -/* 0xca */ x86emuOp2_illegal_op, /* TODO: bswap */ -/* 0xcb */ x86emuOp2_illegal_op, /* TODO: bswap */ -/* 0xcc */ x86emuOp2_illegal_op, /* TODO: bswap */ -/* 0xcd */ x86emuOp2_illegal_op, /* TODO: bswap */ -/* 0xce */ x86emuOp2_illegal_op, /* TODO: bswap */ -/* 0xcf */ x86emuOp2_illegal_op, /* TODO: bswap */ +/* 0xc8 */ x86emuOp2_bswap, +/* 0xc9 */ x86emuOp2_bswap, +/* 0xca */ x86emuOp2_bswap, +/* 0xcb */ x86emuOp2_bswap, +/* 0xcc */ x86emuOp2_bswap, +/* 0xcd */ x86emuOp2_bswap, +/* 0xce */ x86emuOp2_bswap, +/* 0xcf */ x86emuOp2_bswap, /* 0xd0 */ x86emuOp2_illegal_op, /* 0xd1 */ x86emuOp2_illegal_op, From 4c8a84acf5b911c7daa2f63ca27cf1f3988c3304 Mon Sep 17 00:00:00 2001 From: Jesse Ruffin Date: Mon, 23 Jun 2008 14:35:20 -0400 Subject: [PATCH 29/34] Bug #16302: Fix GLX drawable refcounting in DMX. (cherry picked from commit 3b587826924c60f6736dc5faf584b964fde1b4da) --- hw/dmx/glxProxy/glxcmds.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/hw/dmx/glxProxy/glxcmds.c b/hw/dmx/glxProxy/glxcmds.c index ab7ee96b9..2365f829f 100644 --- a/hw/dmx/glxProxy/glxcmds.c +++ b/hw/dmx/glxProxy/glxcmds.c @@ -1004,8 +1004,7 @@ static int MakeCurrent(__GLXclientState *cl, prevglxc->pGlxPixmap = 0; } - if (prevglxc->pGlxReadPixmap && - prevglxc->pGlxReadPixmap != prevglxc->pGlxPixmap ) { + if (prevglxc->pGlxReadPixmap) { /* ** The previous drawable was a glx pixmap, release it. */ @@ -1023,8 +1022,7 @@ static int MakeCurrent(__GLXclientState *cl, prevglxc->pGlxWindow = 0; } - if (prevglxc->pGlxReadWindow && - prevglxc->pGlxReadWindow != prevglxc->pGlxWindow) { + if (prevglxc->pGlxReadWindow) { /* ** The previous drawable was a glx window, release it. */ @@ -1042,8 +1040,7 @@ static int MakeCurrent(__GLXclientState *cl, prevglxc->pGlxPbuffer = 0; } - if (prevglxc->pGlxReadPbuffer && - prevglxc->pGlxReadPbuffer != prevglxc->pGlxPbuffer ) { + if (prevglxc->pGlxReadPbuffer) { /* ** The previous drawable was a glx Pbuffer, release it. */ @@ -1071,7 +1068,7 @@ static int MakeCurrent(__GLXclientState *cl, pGlxPixmap->refcnt++; } - if (pReadGlxPixmap && pReadGlxPixmap != pGlxPixmap) { + if (pReadGlxPixmap) { pReadGlxPixmap->refcnt++; } @@ -1079,7 +1076,7 @@ static int MakeCurrent(__GLXclientState *cl, pGlxWindow->refcnt++; } - if (pGlxReadWindow && pGlxReadWindow != pGlxWindow) { + if (pGlxReadWindow) { pGlxReadWindow->refcnt++; } @@ -1087,7 +1084,7 @@ static int MakeCurrent(__GLXclientState *cl, pGlxPbuffer->refcnt++; } - if (pGlxReadPbuffer && pGlxReadPbuffer != pGlxPbuffer) { + if (pGlxReadPbuffer) { pGlxReadPbuffer->refcnt++; } From dfb326790e4131d0c9700cb879dc812b1e8e7529 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Mon, 19 May 2008 18:43:29 -0700 Subject: [PATCH 30/34] Restore return type on xf86SetScrnInfoModes Seems to have been accidentally lost by commit 76943fec860315f3c93539e59a59080b8a7b3e75 (cherry picked from 925e895b869e461a9e7f135891463c56ee633cd6 commit) --- hw/xfree86/modes/xf86Crtc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/xfree86/modes/xf86Crtc.c b/hw/xfree86/modes/xf86Crtc.c index 02c447d3a..17cf74515 100644 --- a/hw/xfree86/modes/xf86Crtc.c +++ b/hw/xfree86/modes/xf86Crtc.c @@ -1683,6 +1683,7 @@ SetCompatOutput(xf86CrtcConfigPtr config) return output; } +_X_EXPORT void xf86SetScrnInfoModes (ScrnInfoPtr scrn) { xf86CrtcConfigPtr config = XF86_CRTC_CONFIG_PTR(scrn); From 2f8ad7f938ee31583b0da0d3dce0980832dd68d3 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Mon, 12 May 2008 18:49:34 -0700 Subject: [PATCH 31/34] Check for strcasestr and workaround it on systems without it (cherry picked from ed65e8b4f02a6da7f1c5d85984a9ccf6a94d0181 commit) --- config/hal.c | 13 +++++++++++++ configure.ac | 2 +- include/dix-config.h.in | 3 +++ 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/config/hal.c b/config/hal.c index ac9e3d22a..1d62a1de1 100644 --- a/config/hal.c +++ b/config/hal.c @@ -262,7 +262,17 @@ device_added(LibHalContext *hal_ctx, const char *udi) * Since we can't predict the order in which the keys * arrive, we need to store them. */ +#ifndef HAVE_STRCASESTR + int psi_key_len = strlen(psi_key); + char *lower_psi_key = xalloc(psi_key_len + 1); + + CopyISOLatin1Lowered((unsigned char *) lower_psi_key, + (unsigned char *) psi_key, + psi_key_len); + if ((tmp = strstr(lower_psi_key, "xkb"))) +#else if ((tmp = strcasestr(psi_key, "xkb"))) +#endif { if (!strcasecmp(&tmp[3], "layout")) { @@ -291,6 +301,9 @@ device_added(LibHalContext *hal_ctx, const char *udi) add_option(&options, psi_key + sizeof(LIBHAL_PROP_KEY)-1, tmp_val); xfree(tmp_val); } +#ifndef HAVE_STRCASESTR + xfree(lower_psi_key); +#endif } } else if (!strncasecmp(psi_key, LIBHAL_XKB_PROP_KEY, sizeof(LIBHAL_XKB_PROP_KEY)-1)){ diff --git a/configure.ac b/configure.ac index 223d4df23..99b2bf256 100644 --- a/configure.ac +++ b/configure.ac @@ -190,7 +190,7 @@ dnl Checks for library functions. AC_FUNC_VPRINTF AC_CHECK_FUNCS([geteuid getuid link memmove memset mkstemp strchr strrchr \ strtol getopt getopt_long vsnprintf walkcontext backtrace \ - getisax getzoneid shmctl64]) + getisax getzoneid shmctl64 strcasestr]) AC_FUNC_ALLOCA dnl Old HAS_* names used in os/*.c. AC_CHECK_FUNC([getdtablesize], diff --git a/include/dix-config.h.in b/include/dix-config.h.in index 38639d684..9468ad0bf 100644 --- a/include/dix-config.h.in +++ b/include/dix-config.h.in @@ -199,6 +199,9 @@ /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H +/* Define to 1 if you have the `strcasestr' function. */ +#undef HAVE_STRCASESTR + /* Define to 1 if you have the `strchr' function. */ #undef HAVE_STRCHR From 85e598cc62a5b87feec43eb9bf46026e2803ee14 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 24 Jun 2008 10:40:36 -0400 Subject: [PATCH 32/34] Remove some default modes that really shouldn't be in the default set. (cherry picked from commit 59510a76436c739fd9421f01cc4210607d9e7f57) --- hw/xfree86/common/extramodes | 6 ------ 1 file changed, 6 deletions(-) diff --git a/hw/xfree86/common/extramodes b/hw/xfree86/common/extramodes index 1d72861e4..450502670 100644 --- a/hw/xfree86/common/extramodes +++ b/hw/xfree86/common/extramodes @@ -7,18 +7,12 @@ # 832x624 @ 75Hz (74.55Hz) (fix if the official/Apple spec is different) hsync: 49.725kHz ModeLine "832x624" 57.284 832 864 928 1152 624 625 628 667 -Hsync -Vsync -# 1152x768 @ 54.8Hz (Titanium PowerBook) hsync: 44.2kHz -ModeLine "1152x768" 64.995 1152 1178 1314 1472 768 771 777 806 +hsync +vsync - # 1400x1050 @ 60Hz (VESA GTF) hsync: 65.5kHz ModeLine "1400x1050" 122.0 1400 1488 1640 1880 1050 1052 1064 1082 +hsync +vsync # 1400x1050 @ 75Hz (VESA GTF) hsync: 82.2kHz ModeLine "1400x1050" 155.8 1400 1464 1784 1912 1050 1052 1064 1090 +hsync +vsync -# 1600x1024 @ 60Hz (SGI 1600SW) hsync: 64.0kHz -Modeline "1600x1024" 106.910 1600 1620 1640 1670 1024 1027 1030 1067 -hsync -vsync - # 1920x1440 @ 85Hz (VESA GTF) hsync: 128.5kHz Modeline "1920x1440" 341.35 1920 2072 2288 2656 1440 1441 1444 1512 -hsync +vsync From 2334ff9bb2690a775eea676469f6677f8d701cb3 Mon Sep 17 00:00:00 2001 From: Paul Bender Date: Tue, 24 Jun 2008 10:44:47 -0400 Subject: [PATCH 33/34] Bug #15665: Fix building without Composite. (cherry picked from commit 4c4e06af7950df509fa02099788be66cf37a4d01) --- hw/xfree86/xaa/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/xfree86/xaa/Makefile.am b/hw/xfree86/xaa/Makefile.am index 58c8e885f..bd8267ad8 100644 --- a/hw/xfree86/xaa/Makefile.am +++ b/hw/xfree86/xaa/Makefile.am @@ -9,7 +9,9 @@ MSB_3_FIXED = mf3-xaaBitmap.c mf3-xaaStipple.c POLYSEG = s-xaaLine.c s-xaaDashLine.c libxaa_la_LDFLAGS = -avoid-version +if COMPOSITE libxaa_la_LIBADD = $(top_builddir)/miext/cw/libcw.la +endif module_LTLIBRARIES = libxaa.la libxaa_la_SOURCES = xaaInit.c xaaGC.c xaaInitAccel.c xaaFallback.c \ From a8a633478301e6d6854a7e75a0d38f63b7746ee6 Mon Sep 17 00:00:00 2001 From: Adam Jackson Date: Tue, 24 Jun 2008 10:52:31 -0400 Subject: [PATCH 34/34] Bug #15586: (Correctly) refuse to redirect the root window. (cherry picked from commit 100afae578e59e31b65a6264c281ba7deea5ac39) --- composite/compalloc.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/composite/compalloc.c b/composite/compalloc.c index 0372b9bfa..19c7db0b3 100644 --- a/composite/compalloc.c +++ b/composite/compalloc.c @@ -82,6 +82,9 @@ compRedirectWindow (ClientPtr pClient, WindowPtr pWin, int update) return Success; } + if (!pWin->parent) + return BadMatch; + /* * Only one Manual update is allowed */