Differential D1231 Diff 16359 src/server/remote_access_interface.cpp

Changeset View

Standalone View

src/server/remote_access_interface.cpp

This file was added.

1		/****************************************************************************
2		Copyright 2016 Oleg Chernovskiy <kanedias@xaker.ru>
3
4		This library is free software; you can redistribute it and/or
5		modify it under the terms of the GNU Lesser General Public
6		License as published by the Free Software Foundation; either
7		version 2.1 of the License, or (at your option) version 3, or any
8		later version accepted by the membership of KDE e.V. (or its
9		successor approved by the membership of KDE e.V.), which shall
10		act as a proxy defined in Section 6 of version 3 of the license.
11
12		This library is distributed in the hope that it will be useful,
13		but WITHOUT ANY WARRANTY; without even the implied warranty of
14		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15		Lesser General Public License for more details.
16
17		You should have received a copy of the GNU Lesser General Public
18		License along with this library. If not, see <http://www.gnu.org/licenses/>.
19		****************************************************************************/
20		#include "output_interface.h"
21		#include "remote_access_interface.h"
22		#include "remote_access_interface_p.h"
23		#include "display.h"
24		#include "global_p.h"
25		#include "resource_p.h"
26		#include "logging_p.h"
27
28		#include <wayland-remote-access-server-protocol.h>
29
	graesslinUnsubmitted Done you can just include "logging_p.h" graesslin: you can just include "logging_p.h"
	KanediasAuthorUnsubmitted Not Done Noted, re-using categories from there. Kanedias: Noted, re-using categories from there.
30		#include <QHash>
31		#include <QMutableHashIterator>
32
33		#include <functional>
34
35		namespace KWayland
36		{
37		namespace Server
38		{
39
40		class BufferHandle::Private // @see gbm_import_fd_data
41		{
42		public:
43		// Note that on client side received fd number will be different
44		// and meaningful only for client process!
45		// Thus we can use server-side fd as an implicit unique id
46		qint32 fd = 0; ///< also internal buffer id for client
47		quint32 width = 0;
48		quint32 height = 0;
49		quint32 stride = 0;
50		quint32 format = 0;
51		};
52
53		BufferHandle::BufferHandle()
54		: d(new Private)
55		{
56		}
57
58		BufferHandle::~BufferHandle()
59		{
60		}
61
62		void BufferHandle::setFd(qint32 fd)
63		{
64		d->fd = fd;
65		}
66
67		qint32 BufferHandle::fd() const
68		{
69		return d->fd;
70		}
71
72		void BufferHandle::setSize(quint32 width, quint32 height)
73		{
74		d->width = width;
75		d->height = height;
76		}
77
78		quint32 BufferHandle::width() const
79		{
80		return d->width;
81		}
82
83		quint32 BufferHandle::height() const
84		{
85		return d->height;
86		}
87
88		void BufferHandle::setStride(quint32 stride)
89		{
90		d->stride = stride;
91		}
92
93
94		quint32 BufferHandle::stride() const
95		{
96		return d->stride;
97		}
98
99		void BufferHandle::setFormat(quint32 format)
100		{
101		d->format = format;
102		}
103
104		quint32 BufferHandle::format() const
105		{
106		return d->format;
107		}
108
109		/**
110		* @brief helper struct for manual reference counting.
111		* automatic counting via QSharedPointer is no-go here as we hold strong reference in sentBuffers.
112		*/
113		struct BufferHolder
114		{
115		const BufferHandle *buf;
116		quint64 counter;
117		};
118
119		class RemoteAccessManagerInterface::Private : public Global::Private
	romanggUnsubmitted Not Done rm whitespace romangg: rm whitespace
120		{
121		public:
122		Private(RemoteAccessManagerInterface q, Display d);
123		virtual ~Private();
124
125		/**
126		* @brief Send buffer ready notification to all connected clients
127		* @param output wl_output interface to determine which screen sent this buf
128		* @param buf buffer containing GBM-related params
129		*/
130		void sendBufferReady(const OutputInterface output, const BufferHandle buf);
131		/**
132		* @brief Release all bound buffers associated with this resource
133		* @param resource one of bound clients
134		*/
135		void release(wl_resource *resource);
136
137		/**
138		* Clients of this interface.
139		* This may be screenshot app, video capture app,
140		* remote control app etc.
141		*/
142		QList<wl_resource *> clientResources;
143		private:
144		// methods
145		static void unbind(wl_resource *resource);
146		static Private cast(wl_resource r) {
147		return reinterpret_cast<Private*>(wl_resource_get_user_data(r));
148		}
149		static void getBufferCallback(wl_client client, wl_resource resource, uint32_t buffer, int32_t internalBufId);
150		static void releaseCallback(wl_client client, wl_resource resource);
	graesslinUnsubmitted Done if really only one client should be allowed (why?) it would be better to send a dedicated error state to inform it instead of "abusing" no memory. graesslin: if really only one client should be allowed (why?) it would be better to send a dedicated error…
	KanediasAuthorUnsubmitted Not Done Added ability to have multiple clients in the same time Kanedias: Added ability to have multiple clients in the same time
151		void bind(wl_client *client, uint32_t version, uint32_t id) override;
152
153		/**
154		* @brief Unreferences counter and frees buffer when it reaches zero
155		* @param buf holder to decrease reference counter on
156		* @return true if buffer was released, false otherwise
157		*/
158		bool unref(BufferHolder &buf);
159
	graesslinUnsubmitted Not Done this allows to have only one client bind it. As soon as a second client binds the protocol it will get overwritten and breaks the existing one. I think you need a QVector<wl_resource> here. graesslin:* this allows to have only one client bind it. As soon as a second client binds the protocol it…
	KanediasAuthorUnsubmitted Not Done Reimplemented Kanedias: Reimplemented
160		// fields
161		static const struct org_kde_kwin_remote_access_manager_interface s_interface;
162		static const quint32 s_version;
163
164		RemoteAccessManagerInterface *q;
165
166		/**
167		* Buffers that were sent but still not acked by server
168		* Keys are fd numbers as they are unique
169		**/
170		QHash<quint32, BufferHolder> sentBuffers;
171		};
172
173		const quint32 RemoteAccessManagerInterface::Private::s_version = 1;
174
175		RemoteAccessManagerInterface::Private::Private(RemoteAccessManagerInterface q, Display d)
176		: Global::Private(d, &org_kde_kwin_remote_access_manager_interface, s_version)
177		, q(q)
178		{
179		}
180
181		void RemoteAccessManagerInterface::Private::bind(wl_client *client, uint32_t version, uint32_t id)
182		{
183		// create new client resource
184		auto c = display->getConnection(client);
185		wl_resource *resource = c->createResource(&org_kde_kwin_remote_access_manager_interface, qMin(version, s_version), id);
186		if (!resource) {
187		wl_client_post_no_memory(client);
188		return;
189		}
190		wl_resource_set_implementation(resource, &s_interface, this, unbind);
191
192		// add newly created client resource to the list
193		clientResources << resource;
194		}
195
196		void RemoteAccessManagerInterface::Private::sendBufferReady(const OutputInterface output, const BufferHandle buf)
197		{
198		BufferHolder holder {buf, 0};
199		// notify clients
200		qCDebug(KWAYLAND_SERVER) << "Server buffer sent: fd" << buf->fd();
201		for (auto res : clientResources) {
202		auto client = wl_resource_get_client(res);
203		auto boundScreens = output->clientResources(display->getConnection(client));
204
205		// no reason for client to bind wl_output multiple times
206		Q_ASSERT(boundScreens.size() == 1);
	romanggUnsubmitted Done Can a rogue client do it though? This would crash the server then? romangg: Can a rogue client do it though? This would crash the server then?
	KanediasAuthorUnsubmitted Not Done Can a rogue client do it though? This would crash the server then? Yes, I guess so... What would you propose? Should we send it only to first bound? Or last one? P.S. Even more: this interface has no authentication/authorization at all, so any client can connect and steal our video buffers. Martin said that first version of protocol can go without it and we can readd it later (as with fakeinput protocol). Kanedias: > Can a rogue client do it though? This would crash the server then? Yes, I guess so... What…
	romanggUnsubmitted Not Done Only first bound like you do it now. Just remove the Q_ASSERT (and make sure `boundScreens.size() >= 1`, otherwise continue). no authentication/authorization at all That's a generic problem yet to be solved on Wayland / the Linux desktop. This also correlates with the push to containerized apps. I would just want something like the permission system in Android, but there might be better solutions. It's a bigger project for sure. Also see here for some early thoughts on it, which to my knowledge until now did not lead to anything more: http://www.mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/ romangg: Only first bound like you do it now. Just remove the Q_ASSERT (and make sure `boundScreens.size…
207		org_kde_kwin_remote_access_manager_send_buffer_ready(res, buf->fd(), boundScreens[0]);
	romanggUnsubmitted Done Use braces: https://techbase.kde.org/Policies/Frameworks_Coding_Style#Braces romangg: Use braces: https://techbase.kde.org/Policies/Frameworks_Coding_Style#Braces
208		holder.counter++;
209		}
210		// store buffer locally, clients will ask it later
211		sentBuffers[buf->fd()] = holder;
212		}
213
214		#ifndef DOXYGEN_SHOULD_SKIP_THIS
215		const struct org_kde_kwin_remote_access_manager_interface RemoteAccessManagerInterface::Private::s_interface = {
216		getBufferCallback,
217		releaseCallback
218		};
219		#endif
220
221		void RemoteAccessManagerInterface::Private::getBufferCallback(wl_client client, wl_resource resource, uint32_t buffer, int32_t internalBufId)
222		{
223		Private *p = cast(resource);
224
225		// client asks for buffer we earlier announced, we must have it
226		if (Q_UNLIKELY(!p->sentBuffers.contains(internalBufId))) { // no such buffer (?)
227		wl_resource_post_no_memory(resource);
228		return;
229		}
230
231		BufferHolder &bh = p->sentBuffers[internalBufId];
232		auto rbuf = new RemoteBufferInterface(p->q, resource, bh.buf);
233		rbuf->create(p->display->getConnection(client), wl_resource_get_version(resource), buffer);
234		if (!rbuf->resource()) {
235		wl_resource_post_no_memory(resource);
236		delete rbuf;
237		return;
238		}
239
240		QObject::connect(rbuf, &QObject::destroyed, [p, rbuf, resource, &bh] {
241		if (!p->clientResources.contains(resource)) {
	graesslinUnsubmitted Done qCDebug graesslin: qCDebug
	KanediasAuthorUnsubmitted Not Done Done Kanedias: Done
242		// remote buffer destroy confirmed after client is already gone
243		// all relevant buffers are already unreferenced
244		return;
245		}
246
247		qCDebug(KWAYLAND_SERVER) << "Remote buffer returned, client" << wl_resource_get_id(resource)
248		<< ", id" << rbuf->id()
249		<< ", fd" << bh.buf->fd();
250		if (p->unref(bh)) {
251		p->sentBuffers.remove(bh.buf->fd());
252		}
253		});
254
255		// send buffer params
256		rbuf->passFd();
257		}
258
259		void RemoteAccessManagerInterface::Private::releaseCallback(wl_client client, wl_resource resource)
260		{
261		Q_UNUSED(client);
262		unbind(resource);
263		}
264
	graesslinUnsubmitted Done qCDebug graesslin: qCDebug
	KanediasAuthorUnsubmitted Not Done Done Kanedias: Done
265		bool RemoteAccessManagerInterface::Private::unref(BufferHolder &bh)
266		{
267		bh.counter--;
268		if (!bh.counter) {
269		// no more clients using this buffer
270		qCDebug(KWAYLAND_SERVER) << "Buffer released, fd" << bh.buf->fd();
271		emit q->bufferReleased(bh.buf);
272		return true;
273		}
274
275		return false;
276		}
277
278		void RemoteAccessManagerInterface::Private::unbind(wl_resource *resource)
279		{
280		// we're unbinding, all sent buffers for this client are now effectively invalid
281		Private *p = cast(resource);
282		p->release(resource);
283		}
284
285		void RemoteAccessManagerInterface::Private::release(wl_resource *resource)
286		{
287		// all holders should decrement their counter as one client is gone
288		QMutableHashIterator<quint32, BufferHolder> itr(sentBuffers);
289		while (itr.hasNext()) {
290		BufferHolder &bh = itr.next().value();
291		if (unref(bh)) {
292		itr.remove();
293		}
294		}
295
296		clientResources.removeAll(resource);
297		}
298
299		RemoteAccessManagerInterface::Private::~Private()
300		{
301		// server deletes created interfaces, release all held buffers
302		auto c = clientResources; // shadow copy
303		for (auto res : c) {
304		release(res);
305		}
306		}
307
308		RemoteAccessManagerInterface::RemoteAccessManagerInterface(Display display, QObject parent)
309		: Global(new Private(this, display), parent)
310		{
311		}
312
313		void RemoteAccessManagerInterface::sendBufferReady(const OutputInterface output, const BufferHandle buf)
314		{
315		Private priv = reinterpret_cast<Private >(d.data());
316		priv->sendBufferReady(output, buf);
317		}
318
319		bool RemoteAccessManagerInterface::isBound() const
320		{
321		Private priv = reinterpret_cast<Private >(d.data());
322		return !priv->clientResources.isEmpty();
323		}
324
325		class RemoteBufferInterface::Private : public Resource::Private
326		{
327		public:
328		Private(RemoteAccessManagerInterface ram, RemoteBufferInterface q, wl_resource pResource, const BufferHandle buf);
329		~Private();
330
331		void passFd();
332
333		private:
334		static const struct org_kde_kwin_remote_buffer_interface s_interface;
335
336		const BufferHandle *wrapped;
337		};
	graesslinUnsubmitted Done you can use the new resourceDestroyedCallback in resource_p.h. It handles the destroy correctly and that will trigger the unbind and deleteLater automatically. graesslin: you can use the new resourceDestroyedCallback in resource_p.h. It handles the destroy correctly…
	KanediasAuthorUnsubmitted Not Done Reused, thanks Kanedias: Reused, thanks
338
339		#ifndef DOXYGEN_SHOULD_SKIP_THIS
340		const struct org_kde_kwin_remote_buffer_interface RemoteBufferInterface::Private::s_interface = {
341		resourceDestroyedCallback
342		};
343		#endif
344
345		RemoteBufferInterface::Private::Private(RemoteAccessManagerInterface ram, RemoteBufferInterface q, wl_resource pResource, const BufferHandle buf)
346		: Resource::Private(q, ram, pResource, &org_kde_kwin_remote_buffer_interface, &s_interface), wrapped(buf)
347		{
	graesslinUnsubmitted Done that would trigger a double delete as I had to learn very painfully lately. graesslin: that would trigger a double delete as I had to learn very painfully lately.
	KanediasAuthorUnsubmitted Not Done Removed that code completely, thanks to `resourceDestroyedCallback` Kanedias: Removed that code completely, thanks to `resourceDestroyedCallback`
348		}
349
350		RemoteBufferInterface::Private::~Private()
351		{
352		}
353
354		void RemoteBufferInterface::Private::passFd()
355		{
356		org_kde_kwin_remote_buffer_send_gbm_handle(resource, wrapped->fd(),
357		wrapped->width(), wrapped->height(), wrapped->stride(), wrapped->format());
358		}
359
360		RemoteBufferInterface::RemoteBufferInterface(RemoteAccessManagerInterface ram, wl_resource pResource, const BufferHandle *buf)
	graesslinUnsubmitted Done you don't need that, it's already in Resource graesslin: you don't need that, it's already in Resource
	KanediasAuthorUnsubmitted Not Done Removed Kanedias: Removed
361		: Resource(new Private(ram, this, pResource, buf), ram)
362		{
363		}
364
365		RemoteBufferInterface::Private *RemoteBufferInterface::d_func() const
366		{
367		return reinterpret_cast<Private*>(d.data());
368		}
369
370
371		void RemoteBufferInterface::passFd()
372		{
373		d_func()->passFd();
374		}
375
376		}
377		}