Changeset View
Changeset View
Standalone View
Standalone View
src/server/remote_access_interface.cpp
- This file was added.
| 1 | /**************************************************************************** | ||||
|---|---|---|---|---|---|
| 2 | Copyright 2016 Oleg Chernovskiy <kanedias@xaker.ru> | ||||
| 3 | | ||||
| 4 | This library is free software; you can redistribute it and/or | ||||
| 5 | modify it under the terms of the GNU Lesser General Public | ||||
| 6 | License as published by the Free Software Foundation; either | ||||
| 7 | version 2.1 of the License, or (at your option) version 3, or any | ||||
| 8 | later version accepted by the membership of KDE e.V. (or its | ||||
| 9 | successor approved by the membership of KDE e.V.), which shall | ||||
| 10 | act as a proxy defined in Section 6 of version 3 of the license. | ||||
| 11 | | ||||
| 12 | This library is distributed in the hope that it will be useful, | ||||
| 13 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
| 14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||||
| 15 | Lesser General Public License for more details. | ||||
| 16 | | ||||
| 17 | You should have received a copy of the GNU Lesser General Public | ||||
| 18 | License along with this library. If not, see <http://www.gnu.org/licenses/>. | ||||
| 19 | ****************************************************************************/ | ||||
| 20 | #include "remote_access_interface.h" | ||||
| 21 | #include "display.h" | ||||
| 22 | #include "global_p.h" | ||||
| 23 | #include "resource_p.h" | ||||
| 24 | | ||||
| 25 | #include <wayland-remote-access-server-protocol.h> | ||||
| 26 | | ||||
| 27 | #include <QtCore/QDebug> | ||||
| 28 | | ||||
| 29 | namespace KWayland | ||||
graesslin: you can just include "logging_p.h" | |||||
Kanedias: Noted, re-using categories from there. | |||||
| 30 | { | ||||
| 31 | namespace Server | ||||
| 32 | { | ||||
| 33 | | ||||
| 34 | class RemoteAccessManagerInterface::Private : public Global::Private | ||||
| 35 | { | ||||
| 36 | public: | ||||
| 37 | Private(RemoteAccessManagerInterface *q, Display *d); | ||||
| 38 | virtual ~Private(); | ||||
| 39 | | ||||
| 40 | void sendBufferReady(const GbmBuffer *buf); | ||||
| 41 | void releaseAll(); | ||||
| 42 | | ||||
| 43 | bool bound = false; | ||||
| 44 | | ||||
| 45 | private: | ||||
| 46 | // methods | ||||
| 47 | static void unbind(wl_resource *resource); | ||||
| 48 | static Private *cast(wl_resource *r) { | ||||
| 49 | return reinterpret_cast<Private*>(wl_resource_get_user_data(r)); | ||||
| 50 | } | ||||
| 51 | static void getBufferCallback(wl_client *client, wl_resource *resource, uint32_t buffer, uint32_t internalBufId); | ||||
| 52 | void bind(wl_client *client, uint32_t version, uint32_t id) override; | ||||
| 53 | | ||||
| 54 | // fields | ||||
| 55 | static const struct org_kde_kwin_remote_access_manager_interface s_interface; | ||||
| 56 | static const quint32 s_version; | ||||
| 57 | | ||||
| 58 | RemoteAccessManagerInterface *q; | ||||
| 59 | wl_resource *m_resource = nullptr; | ||||
| 60 | | ||||
| 61 | /** | ||||
| 62 | * Buffers that were acked by client | ||||
| 63 | * with RemoteBuffer wrapped around them | ||||
| 64 | **/ | ||||
| 65 | QList<RemoteBufferInterface *> ackedBuffers; | ||||
| 66 | | ||||
| 67 | /** | ||||
| 68 | * Buffers that were sent but still not acked by server | ||||
| 69 | * Keys are fd numbers as they are unique | ||||
| 70 | **/ | ||||
| 71 | QHash<quint32, const GbmBuffer *> sentBuffers; | ||||
| 72 | }; | ||||
| 73 | | ||||
| 74 | const quint32 RemoteAccessManagerInterface::Private::s_version = 1; | ||||
| 75 | | ||||
| 76 | #ifndef DOXYGEN_SHOULD_SKIP_THIS | ||||
| 77 | const struct org_kde_kwin_remote_access_manager_interface RemoteAccessManagerInterface::Private::s_interface = { | ||||
| 78 | getBufferCallback | ||||
| 79 | }; | ||||
| 80 | #endif | ||||
| 81 | | ||||
| 82 | void RemoteAccessManagerInterface::Private::getBufferCallback(wl_client *client, wl_resource *resource, uint32_t buffer, uint32_t internalBufId) | ||||
| 83 | { | ||||
| 84 | Private *p = cast(resource); | ||||
| 85 | | ||||
| 86 | // client asks for buffer we earlier announced, we must have it | ||||
| 87 | const GbmBuffer *buf = p->sentBuffers[internalBufId]; | ||||
| 88 | if(Q_UNLIKELY(!buf)) { // no such buffer (?) | ||||
| 89 | wl_resource_post_no_memory(resource); | ||||
| 90 | return; | ||||
| 91 | } | ||||
| 92 | | ||||
| 93 | auto rbuf = new RemoteBufferInterface(p->q, resource, buf); | ||||
| 94 | rbuf->create(p->display->getConnection(client), wl_resource_get_version(resource), buffer); | ||||
| 95 | if (!rbuf->resource()) { | ||||
| 96 | wl_resource_post_no_memory(resource); | ||||
| 97 | delete rbuf; | ||||
| 98 | return; | ||||
| 99 | } | ||||
| 100 | | ||||
| 101 | // move buffer to acked buffers from sent | ||||
| 102 | p->sentBuffers.remove(internalBufId); | ||||
| 103 | p->ackedBuffers << rbuf; | ||||
| 104 | | ||||
| 105 | QObject::connect(rbuf, &QObject::destroyed, [p, rbuf, buffer, internalBufId] { | ||||
| 106 | p->ackedBuffers.removeOne(rbuf); | ||||
| 107 | qDebug() << "Server buffer released: id" << buffer << ", fd" << internalBufId; | ||||
| 108 | }); | ||||
| 109 | | ||||
| 110 | // send buffer params | ||||
| 111 | rbuf->passFd(); | ||||
| 112 | } | ||||
| 113 | | ||||
| 114 | RemoteAccessManagerInterface::Private::Private(RemoteAccessManagerInterface *q, Display *d) | ||||
| 115 | : Global::Private(d, &org_kde_kwin_remote_access_manager_interface, s_version) | ||||
| 116 | , q(q) | ||||
| 117 | { | ||||
| 118 | } | ||||
| 119 | | ||||
romangg: rm whitespace | |||||
| 120 | void RemoteAccessManagerInterface::Private::sendBufferReady(const GbmBuffer *buf) | ||||
| 121 | { | ||||
| 122 | // store buffer locally, client will ask it later | ||||
| 123 | sentBuffers[buf->fd] = buf; | ||||
| 124 | // notify client | ||||
| 125 | qDebug() << "Server buffer sent: fd" << buf->fd; | ||||
| 126 | org_kde_kwin_remote_access_manager_send_buffer_ready(m_resource, buf->fd); | ||||
| 127 | } | ||||
| 128 | | ||||
| 129 | void RemoteAccessManagerInterface::Private::releaseAll() | ||||
| 130 | { | ||||
| 131 | // remote buffers are in our responsibility, delete them | ||||
| 132 | // wrapped gbm buffers will be released anyway | ||||
| 133 | for (RemoteBufferInterface *acked : ackedBuffers) { | ||||
| 134 | acked->deleteLater(); | ||||
| 135 | } | ||||
| 136 | | ||||
| 137 | // non-acked buffers should be released manually | ||||
| 138 | for (const GbmBuffer *buf : sentBuffers) { | ||||
| 139 | emit q->bufferReleased(buf); | ||||
| 140 | } | ||||
| 141 | } | ||||
| 142 | | ||||
| 143 | void RemoteAccessManagerInterface::Private::bind(wl_client *client, uint32_t version, uint32_t id) | ||||
| 144 | { | ||||
| 145 | // only 1 client permitted | ||||
| 146 | if (bound) { | ||||
| 147 | wl_client_post_no_memory(client); | ||||
| 148 | return; | ||||
| 149 | } | ||||
if really only one client should be allowed (why?) it would be better to send a dedicated error state to inform it instead of "abusing" no memory. graesslin: if really only one client should be allowed (why?) it would be better to send a dedicated error… | |||||
Kanedias: Added ability to have multiple clients in the same time | |||||
| 150 | | ||||
| 151 | auto c = display->getConnection(client); | ||||
| 152 | wl_resource *resource = c->createResource(&org_kde_kwin_remote_access_manager_interface, qMin(version, s_version), id); | ||||
| 153 | if (!resource) { | ||||
| 154 | wl_client_post_no_memory(client); | ||||
| 155 | return; | ||||
| 156 | } | ||||
| 157 | wl_resource_set_implementation(resource, &s_interface, this, unbind); | ||||
| 158 | m_resource = resource; | ||||
this allows to have only one client bind it. As soon as a second client binds the protocol it will get overwritten and breaks the existing one. I think you need a QVector<wl_resource*> here. graesslin: this allows to have only one client bind it. As soon as a second client binds the protocol it… | |||||
Kanedias: Reimplemented | |||||
| 159 | bound = true; | ||||
| 160 | } | ||||
| 161 | | ||||
| 162 | void RemoteAccessManagerInterface::Private::unbind(wl_resource *resource) | ||||
| 163 | { | ||||
| 164 | Private *p = cast(resource); | ||||
| 165 | | ||||
| 166 | // we're unbinding, hence all acked and sent buffers are now effectively invalid | ||||
| 167 | // client won't come for them | ||||
| 168 | p->releaseAll(); | ||||
| 169 | p->m_resource = nullptr; | ||||
| 170 | p->bound = false; | ||||
| 171 | } | ||||
| 172 | | ||||
| 173 | RemoteAccessManagerInterface::Private::~Private() | ||||
| 174 | { | ||||
| 175 | // server deletes created interfaces, release all held buffers | ||||
| 176 | releaseAll(); | ||||
| 177 | } | ||||
| 178 | | ||||
| 179 | RemoteAccessManagerInterface::RemoteAccessManagerInterface(Display *display, QObject *parent) | ||||
| 180 | : Global(new Private(this, display), parent) | ||||
| 181 | { | ||||
| 182 | } | ||||
| 183 | | ||||
| 184 | void RemoteAccessManagerInterface::sendBufferReady(const GbmBuffer *buf) | ||||
| 185 | { | ||||
| 186 | Private *priv = reinterpret_cast<Private *>(d.data()); | ||||
| 187 | priv->sendBufferReady(buf); | ||||
| 188 | } | ||||
| 189 | | ||||
| 190 | bool RemoteAccessManagerInterface::isBound() const | ||||
| 191 | { | ||||
| 192 | Private *priv = reinterpret_cast<Private *>(d.data()); | ||||
| 193 | return priv->bound; | ||||
| 194 | } | ||||
| 195 | | ||||
| 196 | class RemoteBufferInterface::Private : public Resource::Private | ||||
| 197 | { | ||||
| 198 | public: | ||||
| 199 | Private(RemoteAccessManagerInterface *ram, RemoteBufferInterface *q, wl_resource *pResource, const GbmBuffer *buf); | ||||
| 200 | ~Private(); | ||||
| 201 | | ||||
| 202 | void passFd(); | ||||
| 203 | | ||||
| 204 | private: | ||||
| 205 | static void releaseCallback(wl_client *client, wl_resource *resource); | ||||
| 206 | | ||||
| 207 | static const struct org_kde_kwin_remote_buffer_interface s_interface; | ||||
romangg: Can a rogue client do it though? This would crash the server then? | |||||
Yes, I guess so... What would you propose? Should we send it only to first bound? Or last one? P.S. Even more: this interface has no authentication/authorization at all, so any client can connect and steal our video buffers. Kanedias: > Can a rogue client do it though? This would crash the server then?
Yes, I guess so... What… | |||||
Only first bound like you do it now. Just remove the Q_ASSERT (and make sure boundScreens.size() >= 1, otherwise continue).
That's a generic problem yet to be solved on Wayland / the Linux desktop. This also correlates with the push to containerized apps. I would just want something like the permission system in Android, but there might be better solutions. It's a bigger project for sure. Also see here for some early thoughts on it, which to my knowledge until now did not lead to anything more: http://www.mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/ romangg: Only first bound like you do it now. Just remove the Q_ASSERT (and make sure `boundScreens.size… | |||||
romangg: Use braces: https://techbase.kde.org/Policies/Frameworks_Coding_Style#Braces | |||||
| 208 | | ||||
| 209 | const GbmBuffer *const wrapped; | ||||
| 210 | }; | ||||
| 211 | | ||||
| 212 | #ifndef DOXYGEN_SHOULD_SKIP_THIS | ||||
| 213 | const struct org_kde_kwin_remote_buffer_interface RemoteBufferInterface::Private::s_interface = { | ||||
| 214 | releaseCallback | ||||
| 215 | }; | ||||
| 216 | #endif | ||||
| 217 | | ||||
| 218 | void RemoteBufferInterface::Private::releaseCallback(wl_client *client, wl_resource *resource) | ||||
| 219 | { | ||||
| 220 | Q_UNUSED(client) | ||||
| 221 | Private *p = cast<RemoteBufferInterface::Private>(resource); | ||||
| 222 | // client wants to release this buffer, notify manager | ||||
| 223 | | ||||
| 224 | p->q->deleteLater(); // also purges it from manager's list | ||||
| 225 | } | ||||
| 226 | | ||||
| 227 | RemoteBufferInterface::Private::Private(RemoteAccessManagerInterface *ram, RemoteBufferInterface *q, wl_resource *pResource, const GbmBuffer *buf) | ||||
| 228 | : Resource::Private(q, ram, pResource, &org_kde_kwin_remote_buffer_interface, &s_interface), wrapped(buf) | ||||
| 229 | { | ||||
| 230 | } | ||||
| 231 | | ||||
| 232 | RemoteBufferInterface::Private::~Private() | ||||
| 233 | { | ||||
| 234 | if (resource) { | ||||
| 235 | wl_resource_destroy(resource); | ||||
| 236 | resource = nullptr; | ||||
| 237 | } | ||||
| 238 | | ||||
| 239 | auto ram = reinterpret_cast<RemoteAccessManagerInterface *>(global); | ||||
| 240 | emit ram->bufferReleased(wrapped); | ||||
| 241 | } | ||||
graesslin: qCDebug | |||||
Kanedias: Done | |||||
| 242 | | ||||
| 243 | void RemoteBufferInterface::Private::passFd() | ||||
| 244 | { | ||||
| 245 | org_kde_kwin_remote_buffer_send_gbm_handle(resource, wrapped->fd, | ||||
| 246 | wrapped->width, wrapped->height, wrapped->stride, wrapped->format); | ||||
| 247 | } | ||||
| 248 | | ||||
| 249 | RemoteBufferInterface::RemoteBufferInterface(RemoteAccessManagerInterface *ram, wl_resource *pResource, const GbmBuffer *buf) | ||||
| 250 | : Resource(new Private(ram, this, pResource, buf), ram) | ||||
| 251 | { | ||||
| 252 | } | ||||
| 253 | | ||||
| 254 | RemoteBufferInterface::Private *RemoteBufferInterface::d_func() const | ||||
| 255 | { | ||||
| 256 | return reinterpret_cast<Private*>(d.data()); | ||||
| 257 | } | ||||
| 258 | | ||||
| 259 | | ||||
| 260 | void RemoteBufferInterface::passFd() | ||||
| 261 | { | ||||
| 262 | d_func()->passFd(); | ||||
| 263 | } | ||||
| 264 | | ||||
graesslin: qCDebug | |||||
Kanedias: Done | |||||
| 265 | } | ||||
| 266 | } | ||||
| 267 | | ||||
you can use the new resourceDestroyedCallback in resource_p.h. It handles the destroy correctly and that will trigger the unbind and deleteLater automatically. graesslin: you can use the new resourceDestroyedCallback in resource_p.h. It handles the destroy correctly… | |||||
Kanedias: Reused, thanks | |||||
graesslin: that would trigger a double delete as I had to learn very painfully lately. | |||||
Kanedias: Removed that code completely, thanks to `resourceDestroyedCallback` | |||||
graesslin: you don't need that, it's already in Resource | |||||
Kanedias: Removed | |||||
you can just include "logging_p.h"