From edb30a68283889aeef4ce357609273652cdbb86c Mon Sep 17 00:00:00 2001 From: Manuel Stoeckl Date: Thu, 27 Jun 2019 15:43:58 -0400 Subject: Implement serial validation for selection requests This change tracks, for each wlr_seat_client, the most recent serial numbers which were sent to the client. When the client makes a selection request, wlroots now verifies that the serial number associated with the selection request was actually provided to that specific client. This ensures that the client that was most recently interacted with always has priority for its copy selection requests, and that no other clients can incorrectly use a larger serial value and "steal" the role of having the copy selection. Also, the code used to determine when a given selection is superseded by a newer request uses < instead of <= to allow clients to make multiple selection requests with the same serial number and have the last one hold. To limit memory use, a ring buffer is used to store runs of sequential serial numbers, and all serial numbers earlier than the start of the ring buffer are assumed to be valid. Faking very old serials is unlikely to be disruptive. Assuming all clients are correctly written, the only additional constraint which this patch should impose is that serial numbers are now bound to seats: clients may not receive a serial number from an input event on one seat and then use that to request copy-selection on another seat. --- include/wlr/types/wlr_data_device.h | 8 +++++-- include/wlr/types/wlr_primary_selection.h | 6 ++++++ include/wlr/types/wlr_seat.h | 35 +++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/wlr/types/wlr_data_device.h b/include/wlr/types/wlr_data_device.h index 256654e5..d8894d6e 100644 --- a/include/wlr/types/wlr_data_device.h +++ b/include/wlr/types/wlr_data_device.h @@ -168,10 +168,14 @@ struct wlr_data_device_manager *wlr_data_device_manager_create( void wlr_data_device_manager_destroy(struct wlr_data_device_manager *manager); /** - * Requests a selection to be set for the seat. + * Requests a selection to be set for the seat. If the request comes from + * a client, then set `client` to be the matching seat client so that this + * function can verify that the serial provided was once sent to the client + * on this seat. */ void wlr_seat_request_set_selection(struct wlr_seat *seat, - struct wlr_data_source *source, uint32_t serial); + struct wlr_seat_client *client, struct wlr_data_source *source, + uint32_t serial); /** * Sets the current selection for the seat. NULL can be provided to clear it. diff --git a/include/wlr/types/wlr_primary_selection.h b/include/wlr/types/wlr_primary_selection.h index b1d45b61..4df47380 100644 --- a/include/wlr/types/wlr_primary_selection.h +++ b/include/wlr/types/wlr_primary_selection.h @@ -48,7 +48,13 @@ void wlr_primary_selection_source_send( struct wlr_primary_selection_source *source, const char *mime_type, int fd); +/** + * Request setting the primary selection. If `client` is not null, then the + * serial will be checked against the set of serials sent to the client on that + * seat. + */ void wlr_seat_request_set_primary_selection(struct wlr_seat *seat, + struct wlr_seat_client *client, struct wlr_primary_selection_source *source, uint32_t serial); /** * Sets the current primary selection for the seat. NULL can be provided to diff --git a/include/wlr/types/wlr_seat.h b/include/wlr/types/wlr_seat.h index bfd3625d..f19d4e35 100644 --- a/include/wlr/types/wlr_seat.h +++ b/include/wlr/types/wlr_seat.h @@ -15,6 +15,31 @@ #include #include +#define WLR_SERIAL_RINGSET_SIZE 128 + +struct wlr_serial_range { + uint32_t min_incl; + uint32_t max_incl; +}; + +struct wlr_serial_ringset { + struct wlr_serial_range data[WLR_SERIAL_RINGSET_SIZE]; + int end; + int count; +}; + +/** + * Add a new serial number to the set. The number must be larger than + * all other values already added + */ +void wlr_serial_add(struct wlr_serial_ringset *set, uint32_t serial); + +/** + * Return false if the serial number is definitely not in the set, true + * otherwise. + */ +bool wlr_serial_maybe_valid(struct wlr_serial_ringset *set, uint32_t serial); + /** * Contains state for a single client's bound wl_seat resource and can be used * to issue input events to that client. The lifetime of these objects is @@ -35,6 +60,9 @@ struct wlr_seat_client { struct { struct wl_signal destroy; } events; + + // set of serials which were sent to the client on this seat + struct wlr_serial_ringset serials; }; struct wlr_touch_point { @@ -621,6 +649,13 @@ bool wlr_seat_validate_touch_grab_serial(struct wlr_seat *seat, struct wlr_surface *origin, uint32_t serial, struct wlr_touch_point **point_ptr); +/** + * Return a new serial (from wl_display_serial_next()) for the client, and + * update the seat client's set of valid serials. Use this for all input + * events. + */ +uint32_t wlr_seat_client_next_serial(struct wlr_seat_client *client); + /** * Get a seat client from a seat resource. Returns NULL if inert. */ -- cgit v1.2.3