Calling wlr_output_manager_v1_set_configuration with an enabled output
and a NULL mode is incorrect if the output doesn't support modes.
When DPMS'ing an output, wlr_output_enable(output, false) is called.
This de-allocates the CRTC and sets wlr_output.current_mode to NULL.
Because we mark DPMS'ed outputs as enabled, we also need to provide a
correct output mode. Add a field to sway_output to hold the current
mode.
Closes: https://github.com/swaywm/wlroots/issues/1867
When applying config, value mode->refresh is mHz; convert it to Hz before
assigning it to the temporary output config. oc->refresh_rate will
be converted back to mHz in set_mode function.
Fix debug log printing GHz instead of Hz.
When changing a surface from managed to unmanaged in handle_map(), the
call to handle_destroy(.., view) causes the sway_xwayland_view pointed
to by the untyped wlr_xwayland_surface.data field to become invalid
garbage, yet the untyped wlr_xwayland_surface.data continues to point
at it. In particular: view_get_*(view_from_wlr_surface(..)), even
with appropriate NULL checking, will crash sway when this codepath is
exercised (reliable test case: drop-down menus in Google Earth).
Popups are positioned relative to local surface coordinates of the
parent surface. There's no need to consider values set with
xdg_surface.set_window_geometry for parent surfaces.
Sometimes when using direct scan-out, some flickering between the
fullscreen app and the regular desktop could be seen.
This happened because we called wlr_output_attach_render and then
wlr_output_attach_buffer for direct scan-out. wlr_output_attach_render
makes the OpenGL context current but also attaches the OpenGL buffer to
the primary plane apparently (all of this happens inside
eglMakeCurrent).
This patch moves the scan-out logic outside of output_render, before
wlr_output_attach_render. This lines it up with rootston's
implementation. This also makes more sense since no rendering is
involved when using direct scan-out.
Sorry about that, I should've tested this with more clients. The new
code has been tested with mpv and a GLFW demo.
Focused layers are not cleared when destroyed, they are cleared on unmap.
Giving focus to an unmapped layer surface is (1) incorrect and (2) triggers a
use-after-free.
Closes: https://github.com/swaywm/sway/issues/4517
The documentation for wayland-server.h says:
> Use of this header file is discouraged. Prefer including
> wayland-server-core.h instead, which does not include the server protocol
> header and as such only defines the library PI, excluding the deprecated API
> below.
Replacing wayland-server.h with wayland-server-core.h allows us to drop the
WL_HIDE_DEPRECATED declaration.
This commit si similar to wlroots' ca45f4490ccc ("Remove all wayland-server.h
includes").
handle_destroy would mark the output es being destroyed and commit the
transaction. Committing the transaction results in the output being
freed, the output manager can not retrieve the server reference
afterwards, resulting in the following use-after-free:
==22746==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000017088 at pc 0x560c1ac17136 bp 0x7ffeab146f20 sp 0x7ffeab146f10
READ of size 8 at 0x614000017088 thread T0
#0 0x560c1ac17135 in handle_destroy ../sway/desktop/output.c:566
#1 0x7f38af69330e in wlr_signal_emit_safe ../subprojects/wlroots/util/signal.c:29
#2 0x7f38af5d3dfc in drm_connector_cleanup ../subprojects/wlroots/backend/drm/drm.c:1448
#3 0x7f38af5d2058 in scan_drm_connectors ../subprojects/wlroots/backend/drm/drm.c:1240
#4 0x7f38af5c6a59 in drm_invalidated ../subprojects/wlroots/backend/drm/backend.c:135
#5 0x7f38af69330e in wlr_signal_emit_safe ../subprojects/wlroots/util/signal.c:29
#6 0x7f38af5e827a in udev_event ../subprojects/wlroots/backend/session/session.c:52
#7 0x7f38aef5d7f1 in wl_event_loop_dispatch (/usr/lib/libwayland-server.so.0+0xa7f1)
#8 0x7f38aef5c39b in wl_display_run (/usr/lib/libwayland-server.so.0+0x939b)
#9 0x560c1ac0afbe in server_run ../sway/server.c:225
#10 0x560c1ac09382 in main ../sway/main.c:397
#11 0x7f38aed35ce2 in __libc_start_main (/usr/lib/libc.so.6+0x23ce2)
#12 0x560c1abea10d in _start (/usr/local/bin/sway+0x3910d)
0x614000017088 is located 72 bytes inside of 432-byte region [0x614000017040,0x6140000171f0)
freed by thread T0 here:
#0 0x7f38af82df89 in __interceptor_free /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:66
#1 0x560c1acbd1ed in output_destroy ../sway/tree/output.c:243
#2 0x560c1ac23ce5 in transaction_destroy ../sway/desktop/transaction.c:66
#3 0x560c1ac26b71 in transaction_progress_queue ../sway/desktop/transaction.c:348
#4 0x560c1ac284ca in transaction_commit_dirty ../sway/desktop/transaction.c:539
#5 0x560c1ac17110 in handle_destroy ../sway/desktop/output.c:564
#6 0x7f38af69330e in wlr_signal_emit_safe ../subprojects/wlroots/util/signal.c:29
#7 0x7f38af5d3dfc in drm_connector_cleanup ../subprojects/wlroots/backend/drm/drm.c:1448
#8 0x7f38af5d2058 in scan_drm_connectors ../subprojects/wlroots/backend/drm/drm.c:1240
#9 0x7f38af5c6a59 in drm_invalidated ../subprojects/wlroots/backend/drm/backend.c:135
#10 0x7f38af69330e in wlr_signal_emit_safe ../subprojects/wlroots/util/signal.c:29
#11 0x7f38af5e827a in udev_event ../subprojects/wlroots/backend/session/session.c:52
#12 0x7f38aef5d7f1 in wl_event_loop_dispatch (/usr/lib/libwayland-server.so.0+0xa7f1)
previously allocated by thread T0 here:
#0 0x7f38af82e5a1 in __interceptor_calloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cc:95
#1 0x560c1acbc228 in output_create ../sway/tree/output.c:91
#2 0x560c1ac17ba2 in handle_new_output ../sway/desktop/output.c:656
#3 0x7f38af69330e in wlr_signal_emit_safe ../subprojects/wlroots/util/signal.c:29
#4 0x7f38af5e4ce8 in new_output_reemit ../subprojects/wlroots/backend/multi/backend.c:143
#5 0x7f38af69330e in wlr_signal_emit_safe ../subprojects/wlroots/util/signal.c:29
#6 0x7f38af5d26d4 in scan_drm_connectors ../subprojects/wlroots/backend/drm/drm.c:1294
#7 0x7f38af5c6a59 in drm_invalidated ../subprojects/wlroots/backend/drm/backend.c:135
#8 0x7f38af69330e in wlr_signal_emit_safe ../subprojects/wlroots/util/signal.c:29
#9 0x7f38af5e827a in udev_event ../subprojects/wlroots/backend/session/session.c:52
#10 0x7f38aef5d7f1 in wl_event_loop_dispatch (/usr/lib/libwayland-server.so.0+0xa7f1)
SUMMARY: AddressSanitizer: heap-use-after-free ../sway/desktop/output.c:566 in handle_destroy
Shadow bytes around the buggy address:
0x0c287fffadc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
0x0c287fffadd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fffade0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fffadf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fffae00: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x0c287fffae10: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fffae20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c287fffae30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa
0x0c287fffae40: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
0x0c287fffae50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c287fffae60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Retrieve the reference before the output is destroyed and update the
output_management state with the saved reference.
When setting fullscreen on a hidden scratchpad container, there was a
check to see if there was an existing fullscreen container on the
workspace so it could be fullscreen disabled first. Since the workspace
is NULL, it would cause a SIGSEGV. This adds a NULL check to avoid the
crash.
This also changes the behavior of how fullscreen is handled when adding
a container to the scratchpad or changing visibility of a scratchpad
container to match i3's. The behavior is as follows:
- When adding a container to the scratchpad or hiding a container back
into the scratchpad, there is an implicit fullscreen disable
- When setting fullscreen on a container that is hidden in the
scratchpad, it will be fullscreen when shown (and fullscreen disabled
when hidden as stated above)
- When setting fullscreen global on a container that is hidden in the
scratchpad, it will be shown immediately as fullscreen global. The
container is not moved to a workspace and remains in the
scratchpad. The container will be visible until fullscreen disabled
or killed. Since the container is in the scratchpad, running
`scratchpad show` or `move container to scratchpad` will have no
effect
This also changes `container_replace` to transfer fullscreen and
scratchpad status.
This honors the fullscreen output request for
`xdg_toplevel_set_fullscreen` and `zxdg_toplevel_v6_set_fullscreen`.
If the request was sent before mapping, the fullscreen output request
will be retrieved from the client_pending state for the toplevel. The
output will be passed to `view_map` and if there is a workspace on the
output, the view will be placed on that workspace.
If the request comes in after being mapped, the view will be moved to
the workspace on the output (if there is one) before becoming
fullscreen.
This makes it so there will only be one swaybg instance running
instead of one per output. swaybg's cli has been changed to a xrandr
like interface, where you select an output and then change properties
for that output and then select another output and repeat. This also
makes it so swaybg is only killed and respawned when a background
changes or when reloading.
This fixes a crash for application set idle inhibitors when their
associated view is being destroyed. There is a call to
`view_is_visible` to determine is the view is visible and it assumes
that the view has an container, but it is possible for the container
to already have been destroyed at this point. There is a NULL check for
the view in `check_active` and this re-adds the NULL check for the
container that I accidentally dropped when refactoring during the
inhibit_idle command PR
This fixes a crash in `container_init_floating` when a xwayland view
sends a configure request while in the scratchpad.
`container_init_floating` gets called so the configured minimum and
maximum sizes gets respected when resizing to the requested size. Since
the workspace was NULL, it would SIGSEGV when attempting to get the
workspace's output for the output box retrieval.
This extracts the resizing portion of `container_init_floating` into a
separate function. If the container is in the scratchpad, it will just
be resized and skip the centering.
Additionally, `container_init_floating` has been renamed to
`container_floating_resize_and_center` to more accurately describe what
it does.
This implements the following command to set/unset a user idle
inhibitor for a view:
`inhibit_idle focus|fullscreen|open|none|visible`
The modes are as follows:
- focus: inhibited when the view is focused by any seat
- fullscreen: inhibited when the view is fullscreen (or a descendant of
a fullscreen container) and is visible on any output
- open: inhibited until the view is closed or the inhibitor is unset or
changed
- none: unsets any user set idle inhibitors for the view
- visible: inhibited when the view is visible on any output
This should have no effect on idle inhibitors set by the applications
themselves and those should still work as intended.
Since this operates on the view in the handler context, it is possible
to set it on the currently focused view, on any existing view with
criteria, or for any future view with for_window.
This introduces a `default` seat operation which is used when no mouse
buttons are being held. This means there is now always a seat operation
in progress. It allows us to separate `default` code from the standard
cursor management code.
The sway_seatop_impl struct has gained callbacks `axis`, `rebase` and
`end`, and lost callbacks `finish` and `abort`. `axis` and `rebase` are
only used by the default seatop. `end` is called when a seatop is being
replaced by another one and allows the seatop to free any resources,
though no seatop currently needs to do this. `finish` is no longer
required, as each seatop can gracefully finish in their `button`
callback. And `abort` is not needed, as calling `end` would achieve the
same thing. The struct has also gained a bool named allow_set_cursor
which allows the client to set a new cursor during `default` and `down`
seatops.
Seatops would previously store which button they were started with and
stop when that button was released. This behaviour is changed so that it
only ends once all buttons are released. So you can start a drag with
$mod+left, then click and hold right, release left and it'll continue
dragging while the right button is held.
The motion callback now accepts dx and dy. Most seatops don't use this
as they store the cursor position when the seatop is started and compare
it with the current cursor position. This approach doesn't make sense
for the default seatop though, hence why dx and dy are needed.
The pressed_buttons array has been moved from the sway_cursor struct to
the default seatop's data. This is only used for the default seatop to
check bindings. The total pressed button count remains in the
sway_cursor struct though, because all the other seatops check it to
know if they should end.
The `down` seatop no longer has a `moved` property. This was used to
track if the cursor moved and to recheck focus_follows_mouse, but seems
to work without it.
The logic for focus_follows_mouse has been refactored. As part of this
I've removed the call to wlr_seat_keyboard_has_grab as we don't appear
to use keyboard grabs.
The functions for handling relative motion, absolute motion and tool
axis have been changed. Previously the handler functions were
handle_cursor_motion, handle_cursor_motion_absolute and
handle_tool_axis. The latter two both called cursor_motion_absolute.
Both handle_cursor_motion and cursor_motion_absolute did very similar
things. These are now simplified into three handlers and a single common
function called cursor_motion. All three handlers call cursor_motion. As
cursor_motion works with relative distances, the absolute and tool axis
handlers convert them to relative first.
This removes `output_find_config`, which would take the first matching
output config it found. This is fine if only a name output config,
identifier output config, or even just wildcard exist, but if there is
a name output config and identifier output config, they are not merged.
Instead, this introduces find_output_config, which is just a wrapper
for `get_output_config`. This ensures that both the name and identifier
output configs are respected.
This fixes the following case:
- For simplicity in this example, remove all output configs from config
- Run `swaymsg output <name> bg #ff0000 solid_color`
- Run `swaymsg output <identifier> scale 2`
- Disconnect and reconnect output
Without this, the output will have the background, but not the scale.
With this, the output will have both the background and scale
This makes it so the container gets resized by a configure request for
xwayland floating views. The minimum and maximum sizes are also
respected. Previously, the configure request was resizing the surface
to the size requested, but never changing the container size. This
caused the surface to be rendered outside of the container or to be
smaller than the container. The former is never ideal and the latter
makes no sense for floating views since the container itself can just
be shrunk.
This removes `output_damage_view` since it is unnecessary. The logic
has been moved into its only caller `output_damage_from_view`. When
damaging the whole view, `output_damage_whole_container` should be used
instead
This adds an iterative call in `output_damage_whole_container` to
damage the subsurfaces for all visible views that are inside of the
container. This is needed to damage subsurfaces that extend outside the
box of the container. Without this, those subsurfaces will create
artifacts when moving or resizing.
If a floater is fullscreen either on a workspace or globally, it
should not be rendered on any output is is not fullscreened on. When
rendering it on an output it should not be rendered on, there will be
an extraneous border along the adjacent side of the output. This adds
a check in render_floating to skip all fullscreened floaters
Enables i3-compatible behavior regarding hiding the title bar on tabbed and
stacked containers with one child.
Related issues and merge requests: #3031, #3002, #2912, #2987.
If the noop output is focused (all other outputs disabled/disconnected),
do not auto assign a layer surface to it. The noop output is not enabled
and does not have the `output->layers` list initialized. It also does
not make sense to map the layer surfaces to something that is not
visible.
Fixes heap-use-after-free:
==32046==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000064d20 at pc 0x55571ce4d303 bp 0x7fff545c64c0 sp 0x7fff545c64b0
WRITE of size 8 at 0x615000064d20 thread T0
#0 0x55571ce4d302 in xdg_decoration_handle_destroy ../sway/xdg_decoration.c:13
#1 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#2 0x7f64009d3c46 in toplevel_decoration_handle_resource_destroy ../types/wlr_xdg_decoration_v1.c:65
#3 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
#4 0x7f6400a19fed in wl_resource_destroy (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7fed)
#5 0x7f64009d3d1f in toplevel_decoration_handle_surface_destroy ../types/wlr_xdg_decoration_v1.c:82
#6 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#7 0x7f64009b059c in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:453
#8 0x7f64009b0688 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:483
#9 0x7f64009af08c in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#10 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
#11 0x7f6400a1e211 (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0xc211)
#12 0x7f6400a1e6fe (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0xc6fe)
#13 0x7f6400a1a0ec in wl_client_destroy (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x80ec)
#14 0x7f6400a1a1c4 (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x81c4)
#15 0x7f6400a1b941 in wl_event_loop_dispatch (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x9941)
#16 0x7f6400a1a569 in wl_display_run (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x8569)
#17 0x55571ce4c7fd in server_run ../sway/server.c:214
#18 0x55571ce4ad59 in main ../sway/main.c:405
#19 0x7f640071109a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
#20 0x55571ce2cfa9 in _start (/usr/local/bin/sway+0x35fa9)
0x615000064d20 is located 32 bytes inside of 504-byte region [0x615000064d00,0x615000064ef8)
freed by thread T0 here:
#0 0x7f6401531b70 in free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedb70)
#1 0x55571ce6c72b in destroy ../sway/desktop/xdg_shell.c:252
#2 0x55571cee3f7b in view_destroy ../sway/tree/view.c:60
#3 0x55571cee4090 in view_begin_destroy ../sway/tree/view.c:73
#4 0x55571ce6dd95 in handle_destroy ../sway/desktop/xdg_shell.c:464
#5 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#6 0x7f64009b059c in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:453
#7 0x7f64009b0688 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:483
#8 0x7f64009af08c in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#9 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
previously allocated by thread T0 here:
#0 0x7f6401532138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138)
#1 0x55571ce6df39 in handle_xdg_shell_surface ../sway/desktop/xdg_shell.c:485
#2 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f64009b0167 in handle_xdg_surface_commit ../types/xdg_shell/wlr_xdg_surface.c:350
#4 0x7f64009ce2a5 in surface_commit_pending ../types/wlr_surface.c:372
#5 0x7f64009ce523 in surface_commit ../types/wlr_surface.c:444
#6 0x7f63ff63ddad in ffi_call_unix64 (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5dad)
Fixes#3759
This modifies the places where output_get_active_workspace is called to
handle a NULL result. Some places already handled it and did not need a
change, some just have guard off code blocks, others return errors, and
some have sway_asserts since the case should never happen. A lot of this
is probably just safety precautions since they probably will never be
called when `output_get_active_workspace` is not fully configured with a
workspace.
If an output's node was dirty and the transaction was committed before a
workspace was moved to or created for the output, the instruction would
have a bad value for `state->active_workspace` due to a missing
length check in `output_get_active_workspace`. If there was no focus on
the output, the first workspace was being returned. If the workspace
list was currently empty, the value was either garbage, or in the case of
an output being disabled and re-enabled, a workspace that may have been
previously freed. This just adds the length check to avoid returning out
of bounds value.
wlr_xdg_popup_destroy will destroy popups, so we need to walk the tree
carefully. It's enough to just destroy all direct children, since destroying
the parent will also destroy all children.