This function will be used between fork() and exec() to remove the
close-on-exec flag. The first user will be compositor/xwayland.c.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
fcntl(2) manual says the return type is int, and that F_SETFD takes an
int. So use int.
Noticed by code inspection.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Fix the following build warning by moving the 'seals' declaration inside the
HAVE_MEMFD_CREATE guard:
../shared/os-compatibility.c: In function ‘os_ro_anonymous_file_get_fd’:
../shared/os-compatibility.c:341:6: warning: unused variable ‘seals’ [-Wunused-variable]
int seals, fd;
^
Signed-off-by: Frank Binns <frank.binns@imgtec.com>
The initial version of os_ro_anonymous_file missed two guards around the
seal logic which leads to a compilation error on older systems.
Also make the check for a read-only file symmetric in
os_ro_anonymous_file_get_fd and os_ro_anonymous_file_put_fd.
Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>
Fixes:
../shared/os-compatibility.c:273:25: error: ‘PROT_READ’ undeclared (first use in this function); did you mean ‘LOCK_READ’?
map = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, file->fd, 0);
^~~~~~~~~
LOCK_READ
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
The ro_anonymous_file is an abstraction around anonymous read-only files.
os_ro_anonymous_file_create creates such a file with the contents passed
in data. Subsequent calls to os_ro_anonymous_file_get_fd return a fd
that's ready to be send over the socket.
When mapmode is RO_ANONYMOUS_FILE_MAPMODE_PRIVATE the fd is only
guaranteed to be mmap-able readonly with MAP_PRIVATE but does not
require duplicating the file for each resource when memfd_create is
available. RO_ANONYMOUS_FILE_MAPMODE_SHARED may be used when the client
must be able to map the file with MAP_SHARED but it also means that the
file has to be duplicated even when memfd_create is available.
See also:
weston commit 76829fc4ea
wayland commit 905c0a341ddf0a885811d19e2b79c65a3f1d210c
Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>
This (so-far) Linux-only API lets users create file descriptors purely
in memory, without any backing file on the filesystem and the race
condition which could ensue when unlink()ing it.
It also allows seals to be placed on the file, ensuring to every other
process that we won’t be allowed to shrink the contents, potentially
causing a SIGBUS when they try reading it.
This patch is best viewed with the -w option of git log -p.
It is an almost exact copy of Wayland commit
6908c8c85a2e33e5654f64a55cd4f847bf385cae, see
https://gitlab.freedesktop.org/wayland/wayland/merge_requests/4
Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
The man page indicates that ftruncate() can set errno to EINTR, so test
for this.
I have not actually been able to provoke an EINTR error from ftruncate()
in testing though.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
posix_fallocate() can return EINTR and need to be restarted - I've hit
this when running weston-terminal under gdb.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
If posix_fallocate is available, use it instead of ftruncate. Unlike
ftruncate, when posix_fallocate succeeds, it guarantees that you cannot
run out of disk space, when later writing to the mmap()'ed file.
With posix_fallocate, if os_create_anonymous_file() succeeds, the
program cannot get a SIGBUS later from accessing this file via mmap. If
there is insufficient disk space, the function fails and errno is set to
ENOSPC.
This is useful on systems, that limit the available buffer space by
having XDG_RUNTIME_DIR on a small tmpfs.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
AC_USE_SYSTEM_EXTENSIONS enables _XOPEN_SOURCE, _GNU_SOURCE and similar
macros to expose the largest extent of functionality supported by the
underlying system. This is required since these macros are often
limiting rather than merely additive, e.g. _XOPEN_SOURCE will actually
on some systems hide declarations which are not part of the X/Open spec.
Since this goes into config.h rather than the command line, ensure all
source is consistently including config.h before anything else,
including system libraries. This doesn't need to be guarded by a
HAVE_CONFIG_H ifdef, which was only ever a hangover from the X.Org
modular transition.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
[pq: rebased and converted more files]
We had duplicated code in many places, using hardcoded paths for
temporary files into more than one path. Some cases did not bother with
O_CLOEXEC, and all hardcoded paths that might not exist.
Add an OS helper function for creating a unique anonymous file with
close-on-exec semantics. The helper uses $XDG_RUNTIME_DIR as the
directory for a file.
This patch unifies the buffer file creation in both Weston and the
clients.
As simple clients are better not linking to libshared, as it would
require e.g. Cairo, they pull the OS compatibility code directly.
Android does not have mkostemp(), so a configure test is added for it,
and a fallback used if it is not available.
Changes in v2:
remove all the alternate possible directory definitions and use
XDG_RUNTIME_DIR only, and fail is it is not set.
Signed-off-by: Pekka Paalanen <ppaalanen@gmail.com>
