Blob Blame History Raw
From 0d134522d83ee263cdc83ea899af59fd264bafa7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20=C3=85dahl?= <jadahl@gmail.com>
Date: Thu, 29 Jun 2017 12:22:47 +0800
Subject: [PATCH] wayland/keyboard: Create a separate keymap shm file per
 resource

By using the shm file when sending the keymap to all clients, we
effectively allows any client to change the keymap, as any client has
the ability to change the content of the file. Sending a read-only file
descriptor, or making the file itself read-only before unlinking, can
be worked around by the client by using chmod(2) and open(2) on
/proc/<pid>/<fd>.

Using memfd could potentially solve this issue, but as the usage of
mmap with MAP_SHARED is wide spread among clients, such a change can
not be introduced without causing wide spread compatibility issues.

So, to avoid allowing clients to interfere with each other, create a
separate shm file for each wl_keyboard resource when sending the
keymap. We could eventually do this per client, but in most cases,
there will only be one wl_keyboard resource per client anyway.

https://bugzilla.gnome.org/show_bug.cgi?id=784206
---
 src/wayland/meta-wayland-keyboard.c | 136 +++++++++++-----------------
 src/wayland/meta-wayland-keyboard.h |   3 +-
 2 files changed, 56 insertions(+), 83 deletions(-)

diff --git a/src/wayland/meta-wayland-keyboard.c b/src/wayland/meta-wayland-keyboard.c
index 167293ca7..aca1fe411 100644
--- a/src/wayland/meta-wayland-keyboard.c
+++ b/src/wayland/meta-wayland-keyboard.c
@@ -127,34 +127,65 @@ create_anonymous_file (off_t    size,
 }
 
 static void
-inform_clients_of_new_keymap (MetaWaylandKeyboard *keyboard)
+send_keymap (MetaWaylandKeyboard *keyboard,
+             struct wl_resource  *resource)
 {
-  struct wl_resource *keyboard_resource;
+  MetaWaylandXkbInfo *xkb_info = &keyboard->xkb_info;
+  GError *error = NULL;
+  int fd;
+  char *keymap_area;
 
-  wl_resource_for_each (keyboard_resource, &keyboard->resource_list)
+  if (!xkb_info->keymap_string)
+    return;
+
+  fd = create_anonymous_file (xkb_info->keymap_size, &error);
+  if (fd < 0)
     {
-      wl_keyboard_send_keymap (keyboard_resource,
-			       WL_KEYBOARD_KEYMAP_FORMAT_XKB_V1,
-			       keyboard->xkb_info.keymap_fd,
-			       keyboard->xkb_info.keymap_size);
+      g_warning ("Creating a keymap file for %lu bytes failed: %s",
+                 (unsigned long) xkb_info->keymap_size,
+                 error->message);
+      g_clear_error (&error);
+      return;
     }
-  wl_resource_for_each (keyboard_resource, &keyboard->focus_resource_list)
+
+
+  keymap_area = mmap (NULL, xkb_info->keymap_size,
+                      PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
+  if (keymap_area == MAP_FAILED)
     {
-      wl_keyboard_send_keymap (keyboard_resource,
-                               WL_KEYBOARD_KEYMAP_FORMAT_XKB_V1,
-                               keyboard->xkb_info.keymap_fd,
-                               keyboard->xkb_info.keymap_size);
+      g_warning ("Failed to mmap() %lu bytes\n",
+                 (unsigned long) xkb_info->keymap_size);
+      close (fd);
+      return;
     }
+
+  strcpy (keymap_area, xkb_info->keymap_string);
+
+  munmap (keymap_area, xkb_info->keymap_size);
+
+  wl_keyboard_send_keymap (resource,
+                           WL_KEYBOARD_KEYMAP_FORMAT_XKB_V1,
+                           fd,
+                           keyboard->xkb_info.keymap_size);
+  close (fd);
+}
+
+static void
+inform_clients_of_new_keymap (MetaWaylandKeyboard *keyboard)
+{
+  struct wl_resource *keyboard_resource;
+
+  wl_resource_for_each (keyboard_resource, &keyboard->resource_list)
+    send_keymap (keyboard, keyboard_resource);
+  wl_resource_for_each (keyboard_resource, &keyboard->focus_resource_list)
+    send_keymap (keyboard, keyboard_resource);
 }
 
 static void
 meta_wayland_keyboard_take_keymap (MetaWaylandKeyboard *keyboard,
 				   struct xkb_keymap   *keymap)
 {
-  MetaWaylandXkbInfo  *xkb_info = &keyboard->xkb_info;
-  GError *error = NULL;
-  char *keymap_str;
-  size_t previous_size;
+  MetaWaylandXkbInfo *xkb_info = &keyboard->xkb_info;
 
   if (keymap == NULL)
     {
@@ -162,60 +193,24 @@ meta_wayland_keyboard_take_keymap (MetaWaylandKeyboard *keyboard,
       return;
     }
 
+  g_clear_pointer (&xkb_info->keymap_string, g_free);
   xkb_keymap_unref (xkb_info->keymap);
   xkb_info->keymap = xkb_keymap_ref (keymap);
 
   meta_wayland_keyboard_update_xkb_state (keyboard);
 
-  keymap_str = xkb_map_get_as_string (xkb_info->keymap);
-  if (keymap_str == NULL)
+  xkb_info->keymap_string =
+    xkb_keymap_get_as_string (xkb_info->keymap, XKB_KEYMAP_FORMAT_TEXT_V1);
+  if (!xkb_info->keymap_string)
     {
-      g_warning ("failed to get string version of keymap");
+      g_warning ("Failed to get string version of keymap");
       return;
     }
-  previous_size = xkb_info->keymap_size;
-  xkb_info->keymap_size = strlen (keymap_str) + 1;
-
-  if (xkb_info->keymap_fd >= 0)
-    close (xkb_info->keymap_fd);
-
-  xkb_info->keymap_fd = create_anonymous_file (xkb_info->keymap_size, &error);
-  if (xkb_info->keymap_fd < 0)
-    {
-      g_warning ("creating a keymap file for %lu bytes failed: %s",
-                 (unsigned long) xkb_info->keymap_size,
-                 error->message);
-      g_clear_error (&error);
-      goto err_keymap_str;
-    }
-
-  if (xkb_info->keymap_area)
-    munmap (xkb_info->keymap_area, previous_size);
-
-  xkb_info->keymap_area = mmap (NULL, xkb_info->keymap_size,
-                                PROT_READ | PROT_WRITE,
-                                MAP_SHARED, xkb_info->keymap_fd, 0);
-  if (xkb_info->keymap_area == MAP_FAILED)
-    {
-      g_warning ("failed to mmap() %lu bytes\n",
-                 (unsigned long) xkb_info->keymap_size);
-      goto err_dev_zero;
-    }
-  strcpy (xkb_info->keymap_area, keymap_str);
-  free (keymap_str);
+  xkb_info->keymap_size = strlen (xkb_info->keymap_string) + 1;
 
   inform_clients_of_new_keymap (keyboard);
 
   notify_modifiers (keyboard);
-
-  return;
-
-err_dev_zero:
-  close (xkb_info->keymap_fd);
-  xkb_info->keymap_fd = -1;
-err_keymap_str:
-  free (keymap_str);
-  return;
 }
 
 static xkb_mod_mask_t
@@ -707,28 +702,12 @@ meta_wayland_keyboard_enable (MetaWaylandKeyboard *keyboard)
   maybe_restore_numlock_state (keyboard);
 }
 
-static void
-meta_wayland_xkb_info_init (MetaWaylandXkbInfo *xkb_info)
-{
-  xkb_info->keymap_fd = -1;
-}
-
 static void
 meta_wayland_xkb_info_destroy (MetaWaylandXkbInfo *xkb_info)
 {
   g_clear_pointer (&xkb_info->keymap, xkb_keymap_unref);
   g_clear_pointer (&xkb_info->state, xkb_state_unref);
-
-  if (xkb_info->keymap_area)
-    {
-      munmap (xkb_info->keymap_area, xkb_info->keymap_size);
-      xkb_info->keymap_area = NULL;
-    }
-  if (xkb_info->keymap_fd >= 0)
-    {
-      close (xkb_info->keymap_fd);
-      xkb_info->keymap_fd = -1;
-    }
+  g_clear_pointer (&xkb_info->keymap_string, g_free);
 }
 
 void
@@ -1001,10 +980,7 @@ meta_wayland_keyboard_create_new_resource (MetaWaylandKeyboard *keyboard,
   wl_resource_set_implementation (resource, &keyboard_interface,
                                   keyboard, unbind_resource);
 
-  wl_keyboard_send_keymap (resource,
-                           WL_KEYBOARD_KEYMAP_FORMAT_XKB_V1,
-                           keyboard->xkb_info.keymap_fd,
-                           keyboard->xkb_info.keymap_size);
+  send_keymap (keyboard, resource);
 
   notify_key_repeat_for_resource (keyboard, resource);
 
@@ -1050,8 +1026,6 @@ meta_wayland_keyboard_init (MetaWaylandKeyboard *keyboard)
   wl_list_init (&keyboard->resource_list);
   wl_list_init (&keyboard->focus_resource_list);
 
-  meta_wayland_xkb_info_init (&keyboard->xkb_info);
-
   keyboard->default_grab.interface = &default_keyboard_grab_interface;
   keyboard->default_grab.keyboard = keyboard;
   keyboard->grab = &keyboard->default_grab;
diff --git a/src/wayland/meta-wayland-keyboard.h b/src/wayland/meta-wayland-keyboard.h
index 39f06ef17..dba9fda0c 100644
--- a/src/wayland/meta-wayland-keyboard.h
+++ b/src/wayland/meta-wayland-keyboard.h
@@ -74,9 +74,8 @@ typedef struct
 {
   struct xkb_keymap *keymap;
   struct xkb_state *state;
-  int keymap_fd;
   size_t keymap_size;
-  char *keymap_area;
+  char *keymap_string;
 } MetaWaylandXkbInfo;
 
 struct _MetaWaylandKeyboard
-- 
2.19.0