Changeset View
Standalone View
src/server/remote_access_interface.cpp
- This file was added.
1 | /**************************************************************************** | ||||
---|---|---|---|---|---|
2 | Copyright 2016 Oleg Chernovskiy <kanedias@xaker.ru> | ||||
3 | | ||||
4 | This library is free software; you can redistribute it and/or | ||||
5 | modify it under the terms of the GNU Lesser General Public | ||||
6 | License as published by the Free Software Foundation; either | ||||
7 | version 2.1 of the License, or (at your option) version 3, or any | ||||
8 | later version accepted by the membership of KDE e.V. (or its | ||||
9 | successor approved by the membership of KDE e.V.), which shall | ||||
10 | act as a proxy defined in Section 6 of version 3 of the license. | ||||
11 | | ||||
12 | This library is distributed in the hope that it will be useful, | ||||
13 | but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
14 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||||
15 | Lesser General Public License for more details. | ||||
16 | | ||||
17 | You should have received a copy of the GNU Lesser General Public | ||||
18 | License along with this library. If not, see <http://www.gnu.org/licenses/>. | ||||
19 | ****************************************************************************/ | ||||
20 | #include "remote_access_interface.h" | ||||
21 | #include "display.h" | ||||
22 | #include "global_p.h" | ||||
23 | #include "resource_p.h" | ||||
24 | | ||||
25 | #include <wayland-remote-access-server-protocol.h> | ||||
26 | | ||||
27 | #include <QtCore/QDebug> | ||||
28 | | ||||
29 | namespace KWayland | ||||
graesslin: you can just include "logging_p.h" | |||||
Kanedias: Noted, re-using categories from there. | |||||
30 | { | ||||
31 | namespace Server | ||||
32 | { | ||||
33 | | ||||
34 | class RemoteAccessManagerInterface::Private : public Global::Private | ||||
35 | { | ||||
36 | public: | ||||
37 | Private(RemoteAccessManagerInterface *q, Display *d); | ||||
38 | virtual ~Private(); | ||||
39 | | ||||
40 | void sendBufferReady(const GbmBuffer *buf); | ||||
41 | void releaseAll(); | ||||
42 | | ||||
43 | bool bound = false; | ||||
44 | | ||||
45 | private: | ||||
46 | // methods | ||||
47 | static void unbind(wl_resource *resource); | ||||
48 | static Private *cast(wl_resource *r) { | ||||
49 | return reinterpret_cast<Private*>(wl_resource_get_user_data(r)); | ||||
50 | } | ||||
51 | static void getBufferCallback(wl_client *client, wl_resource *resource, uint32_t buffer, uint32_t internalBufId); | ||||
52 | void bind(wl_client *client, uint32_t version, uint32_t id) override; | ||||
53 | | ||||
54 | // fields | ||||
55 | static const struct org_kde_kwin_remote_access_manager_interface s_interface; | ||||
56 | static const quint32 s_version; | ||||
57 | | ||||
58 | RemoteAccessManagerInterface *q; | ||||
59 | wl_resource *m_resource = nullptr; | ||||
60 | | ||||
61 | /** | ||||
62 | * Buffers that were acked by client | ||||
63 | * with RemoteBuffer wrapped around them | ||||
64 | **/ | ||||
65 | QList<RemoteBufferInterface *> ackedBuffers; | ||||
66 | | ||||
67 | /** | ||||
68 | * Buffers that were sent but still not acked by server | ||||
69 | * Keys are fd numbers as they are unique | ||||
70 | **/ | ||||
71 | QHash<quint32, const GbmBuffer *> sentBuffers; | ||||
72 | }; | ||||
73 | | ||||
74 | const quint32 RemoteAccessManagerInterface::Private::s_version = 1; | ||||
75 | | ||||
76 | #ifndef DOXYGEN_SHOULD_SKIP_THIS | ||||
77 | const struct org_kde_kwin_remote_access_manager_interface RemoteAccessManagerInterface::Private::s_interface = { | ||||
78 | getBufferCallback | ||||
79 | }; | ||||
80 | #endif | ||||
81 | | ||||
82 | void RemoteAccessManagerInterface::Private::getBufferCallback(wl_client *client, wl_resource *resource, uint32_t buffer, uint32_t internalBufId) | ||||
83 | { | ||||
84 | Private *p = cast(resource); | ||||
85 | | ||||
86 | // client asks for buffer we earlier announced, we must have it | ||||
87 | const GbmBuffer *buf = p->sentBuffers[internalBufId]; | ||||
88 | if(Q_UNLIKELY(!buf)) { // no such buffer (?) | ||||
89 | wl_resource_post_no_memory(resource); | ||||
90 | return; | ||||
91 | } | ||||
92 | | ||||
93 | auto rbuf = new RemoteBufferInterface(p->q, resource, buf); | ||||
94 | rbuf->create(p->display->getConnection(client), wl_resource_get_version(resource), buffer); | ||||
95 | if (!rbuf->resource()) { | ||||
96 | wl_resource_post_no_memory(resource); | ||||
97 | delete rbuf; | ||||
98 | return; | ||||
99 | } | ||||
100 | | ||||
101 | // move buffer to acked buffers from sent | ||||
102 | p->sentBuffers.remove(internalBufId); | ||||
103 | p->ackedBuffers << rbuf; | ||||
104 | | ||||
105 | QObject::connect(rbuf, &QObject::destroyed, [p, rbuf, buffer, internalBufId] { | ||||
106 | p->ackedBuffers.removeOne(rbuf); | ||||
107 | qDebug() << "Server buffer released: id" << buffer << ", fd" << internalBufId; | ||||
108 | }); | ||||
109 | | ||||
110 | // send buffer params | ||||
111 | rbuf->passFd(); | ||||
112 | } | ||||
113 | | ||||
114 | RemoteAccessManagerInterface::Private::Private(RemoteAccessManagerInterface *q, Display *d) | ||||
115 | : Global::Private(d, &org_kde_kwin_remote_access_manager_interface, s_version) | ||||
116 | , q(q) | ||||
117 | { | ||||
118 | } | ||||
119 | | ||||
romangg: rm whitespace | |||||
120 | void RemoteAccessManagerInterface::Private::sendBufferReady(const GbmBuffer *buf) | ||||
121 | { | ||||
122 | // store buffer locally, client will ask it later | ||||
123 | sentBuffers[buf->fd] = buf; | ||||
124 | // notify client | ||||
125 | qDebug() << "Server buffer sent: fd" << buf->fd; | ||||
126 | org_kde_kwin_remote_access_manager_send_buffer_ready(m_resource, buf->fd); | ||||
127 | } | ||||
128 | | ||||
129 | void RemoteAccessManagerInterface::Private::releaseAll() | ||||
130 | { | ||||
131 | // remote buffers are in our responsibility, delete them | ||||
132 | // wrapped gbm buffers will be released anyway | ||||
133 | for (RemoteBufferInterface *acked : ackedBuffers) { | ||||
134 | acked->deleteLater(); | ||||
135 | } | ||||
136 | | ||||
137 | // non-acked buffers should be released manually | ||||
138 | for (const GbmBuffer *buf : sentBuffers) { | ||||
139 | emit q->bufferReleased(buf); | ||||
140 | } | ||||
141 | } | ||||
142 | | ||||
143 | void RemoteAccessManagerInterface::Private::bind(wl_client *client, uint32_t version, uint32_t id) | ||||
144 | { | ||||
145 | // only 1 client permitted | ||||
146 | if (bound) { | ||||
147 | wl_client_post_no_memory(client); | ||||
148 | return; | ||||
149 | } | ||||
if really only one client should be allowed (why?) it would be better to send a dedicated error state to inform it instead of "abusing" no memory. graesslin: if really only one client should be allowed (why?) it would be better to send a dedicated error… | |||||
Kanedias: Added ability to have multiple clients in the same time | |||||
150 | | ||||
151 | auto c = display->getConnection(client); | ||||
152 | wl_resource *resource = c->createResource(&org_kde_kwin_remote_access_manager_interface, qMin(version, s_version), id); | ||||
153 | if (!resource) { | ||||
154 | wl_client_post_no_memory(client); | ||||
155 | return; | ||||
156 | } | ||||
157 | wl_resource_set_implementation(resource, &s_interface, this, unbind); | ||||
158 | m_resource = resource; | ||||
this allows to have only one client bind it. As soon as a second client binds the protocol it will get overwritten and breaks the existing one. I think you need a QVector<wl_resource*> here. graesslin: this allows to have only one client bind it. As soon as a second client binds the protocol it… | |||||
Kanedias: Reimplemented | |||||
159 | bound = true; | ||||
160 | } | ||||
161 | | ||||
162 | void RemoteAccessManagerInterface::Private::unbind(wl_resource *resource) | ||||
163 | { | ||||
164 | Private *p = cast(resource); | ||||
165 | | ||||
166 | // we're unbinding, hence all acked and sent buffers are now effectively invalid | ||||
167 | // client won't come for them | ||||
168 | p->releaseAll(); | ||||
169 | p->m_resource = nullptr; | ||||
170 | p->bound = false; | ||||
171 | } | ||||
172 | | ||||
173 | RemoteAccessManagerInterface::Private::~Private() | ||||
174 | { | ||||
175 | // server deletes created interfaces, release all held buffers | ||||
176 | releaseAll(); | ||||
177 | } | ||||
178 | | ||||
179 | RemoteAccessManagerInterface::RemoteAccessManagerInterface(Display *display, QObject *parent) | ||||
180 | : Global(new Private(this, display), parent) | ||||
181 | { | ||||
182 | } | ||||
183 | | ||||
184 | void RemoteAccessManagerInterface::sendBufferReady(const GbmBuffer *buf) | ||||
185 | { | ||||
186 | Private *priv = reinterpret_cast<Private *>(d.data()); | ||||
187 | priv->sendBufferReady(buf); | ||||
188 | } | ||||
189 | | ||||
190 | bool RemoteAccessManagerInterface::isBound() const | ||||
191 | { | ||||
192 | Private *priv = reinterpret_cast<Private *>(d.data()); | ||||
193 | return priv->bound; | ||||
194 | } | ||||
195 | | ||||
196 | class RemoteBufferInterface::Private : public Resource::Private | ||||
197 | { | ||||
198 | public: | ||||
199 | Private(RemoteAccessManagerInterface *ram, RemoteBufferInterface *q, wl_resource *pResource, const GbmBuffer *buf); | ||||
200 | ~Private(); | ||||
201 | | ||||
202 | void passFd(); | ||||
203 | | ||||
204 | private: | ||||
205 | static void releaseCallback(wl_client *client, wl_resource *resource); | ||||
206 | | ||||
207 | static const struct org_kde_kwin_remote_buffer_interface s_interface; | ||||
romangg: Can a rogue client do it though? This would crash the server then? | |||||
Yes, I guess so... What would you propose? Should we send it only to first bound? Or last one? P.S. Even more: this interface has no authentication/authorization at all, so any client can connect and steal our video buffers. Kanedias: > Can a rogue client do it though? This would crash the server then?
Yes, I guess so... What… | |||||
Only first bound like you do it now. Just remove the Q_ASSERT (and make sure boundScreens.size() >= 1, otherwise continue).
That's a generic problem yet to be solved on Wayland / the Linux desktop. This also correlates with the push to containerized apps. I would just want something like the permission system in Android, but there might be better solutions. It's a bigger project for sure. Also see here for some early thoughts on it, which to my knowledge until now did not lead to anything more: http://www.mupuf.org/blog/2014/02/19/wayland-compositors-why-and-how-to-handle/ romangg: Only first bound like you do it now. Just remove the Q_ASSERT (and make sure `boundScreens.size… | |||||
romangg: Use braces: https://techbase.kde.org/Policies/Frameworks_Coding_Style#Braces | |||||
208 | | ||||
209 | const GbmBuffer *const wrapped; | ||||
210 | }; | ||||
211 | | ||||
212 | #ifndef DOXYGEN_SHOULD_SKIP_THIS | ||||
213 | const struct org_kde_kwin_remote_buffer_interface RemoteBufferInterface::Private::s_interface = { | ||||
214 | releaseCallback | ||||
215 | }; | ||||
216 | #endif | ||||
217 | | ||||
218 | void RemoteBufferInterface::Private::releaseCallback(wl_client *client, wl_resource *resource) | ||||
219 | { | ||||
220 | Q_UNUSED(client) | ||||
221 | Private *p = cast<RemoteBufferInterface::Private>(resource); | ||||
222 | // client wants to release this buffer, notify manager | ||||
223 | | ||||
224 | p->q->deleteLater(); // also purges it from manager's list | ||||
225 | } | ||||
226 | | ||||
227 | RemoteBufferInterface::Private::Private(RemoteAccessManagerInterface *ram, RemoteBufferInterface *q, wl_resource *pResource, const GbmBuffer *buf) | ||||
228 | : Resource::Private(q, ram, pResource, &org_kde_kwin_remote_buffer_interface, &s_interface), wrapped(buf) | ||||
229 | { | ||||
230 | } | ||||
231 | | ||||
232 | RemoteBufferInterface::Private::~Private() | ||||
233 | { | ||||
234 | if (resource) { | ||||
235 | wl_resource_destroy(resource); | ||||
236 | resource = nullptr; | ||||
237 | } | ||||
238 | | ||||
239 | auto ram = reinterpret_cast<RemoteAccessManagerInterface *>(global); | ||||
240 | emit ram->bufferReleased(wrapped); | ||||
241 | } | ||||
graesslin: qCDebug | |||||
Kanedias: Done | |||||
242 | | ||||
243 | void RemoteBufferInterface::Private::passFd() | ||||
244 | { | ||||
245 | org_kde_kwin_remote_buffer_send_gbm_handle(resource, wrapped->fd, | ||||
246 | wrapped->width, wrapped->height, wrapped->stride, wrapped->format); | ||||
247 | } | ||||
248 | | ||||
249 | RemoteBufferInterface::RemoteBufferInterface(RemoteAccessManagerInterface *ram, wl_resource *pResource, const GbmBuffer *buf) | ||||
250 | : Resource(new Private(ram, this, pResource, buf), ram) | ||||
251 | { | ||||
252 | } | ||||
253 | | ||||
254 | RemoteBufferInterface::Private *RemoteBufferInterface::d_func() const | ||||
255 | { | ||||
256 | return reinterpret_cast<Private*>(d.data()); | ||||
257 | } | ||||
258 | | ||||
259 | | ||||
260 | void RemoteBufferInterface::passFd() | ||||
261 | { | ||||
262 | d_func()->passFd(); | ||||
263 | } | ||||
264 | | ||||
graesslin: qCDebug | |||||
Kanedias: Done | |||||
265 | } | ||||
266 | } | ||||
267 | | ||||
you can use the new resourceDestroyedCallback in resource_p.h. It handles the destroy correctly and that will trigger the unbind and deleteLater automatically. graesslin: you can use the new resourceDestroyedCallback in resource_p.h. It handles the destroy correctly… | |||||
Kanedias: Reused, thanks | |||||
graesslin: that would trigger a double delete as I had to learn very painfully lately. | |||||
Kanedias: Removed that code completely, thanks to `resourceDestroyedCallback` | |||||
graesslin: you don't need that, it's already in Resource | |||||
Kanedias: Removed |
you can just include "logging_p.h"