summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Murray <scott.murray@konsulko.com>2020-04-02 11:49:45 -0400
committerJan-Simon Möller <jsmoeller@linuxfoundation.org>2020-04-27 17:12:24 +0200
commite2c93c5b5ba29f3e4b901f870d2e11e5e485da35 (patch)
tree80761dbb80dcf059e1338cad4bba2000a543b037
parentbe9c8115c8f9665586b874098a91f925a6896d95 (diff)
meta-agl-profile-graphical: disable memfd usage in weston
The YP dunfell release's Weston 8.0.0 is the first version to switch to hard-coded usage of memfd's for its shared memory access if the memfd_create system call is available in libc. At the moment, this is problematic since accesses to the non-filesystem file descriptors get blocked by SMACK. For now, while a longer-term solution is worked out in SPEC-3305, patch Weston to allow disabling memfs usage at build time, and do so by using the option in our bbappend. Bug-AGL: SPEC-3302, SPEC-3305 Signed-off-by: Scott Murray <scott.murray@konsulko.com> Change-Id: Ie217c63cd4f43e3de1e802cb026c1ee2905bc5b7
-rw-r--r--meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch33
-rw-r--r--meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch48
-rw-r--r--meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend4
3 files changed, 84 insertions, 1 deletions
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch
new file mode 100644
index 000000000..278087156
--- /dev/null
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch
@@ -0,0 +1,33 @@
+commit 7b36f171d09354a2d3a48db0ae2d34d66aa4f1ae
+Author: James Hilliard <james.hilliard1@gmail.com>
+Date: Sat Feb 1 20:02:29 2020 -0700
+
+ unconditionally include sys/mman.h in os-compatibility.c
+
+ Fixes:
+ ../shared/os-compatibility.c:273:25: error: ‘PROT_READ’ undeclared (first use in this function); did you mean ‘LOCK_READ’?
+ map = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, file->fd, 0);
+ ^~~~~~~~~
+ LOCK_READ
+
+ Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+
+Upstream-Status: Backport
+
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+
+diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
+index 5e1ce479..041c929f 100644
+--- a/shared/os-compatibility.c
++++ b/shared/os-compatibility.c
+@@ -34,10 +34,7 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <libweston/zalloc.h>
+-
+-#ifdef HAVE_MEMFD_CREATE
+ #include <sys/mman.h>
+-#endif
+
+ #include "os-compatibility.h"
+
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
new file mode 100644
index 000000000..f4ea60130
--- /dev/null
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
@@ -0,0 +1,48 @@
+Add memfd-create option
+
+Add a meson build option, memfd-create, that controls whether the
+memfd_create system call support will be enabled. The default value
+is true so that it will be enabled, but it allows users like AGL
+that currently has issues with security labels and memfd to disable
+it.
+
+Upstream-Status: Pending
+
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+
+diff --git a/meson.build b/meson.build
+index 82107e1..9d042ca 100644
+--- a/meson.build
++++ b/meson.build
+@@ -78,8 +78,12 @@ elif cc.has_header_symbol('sys/mkdev.h', 'major')
+ endif
+
+ optional_libc_funcs = [
+- 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate', 'memfd_create'
++ 'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate'
+ ]
++if get_option('memfd-create')
++ optional_libc_funcs += [ 'memfd_create' ]
++endif
++
+ foreach func : optional_libc_funcs
+ if cc.has_function(func)
+ config_h.set('HAVE_' + func.to_upper(), 1)
+diff --git a/meson_options.txt b/meson_options.txt
+index 80a2ad7..4a93472 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -99,6 +99,13 @@ option(
+ description: 'systemd service plugin: state notify, watchdog, socket activation'
+ )
+
++option(
++ 'memfd-create',
++ type: 'boolean',
++ value: true,
++ description: 'Use memfd_create system call'
++)
++
+ option(
+ 'remoting',
+ type: 'boolean',
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend b/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
index 737992c62..03626abe8 100644
--- a/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
@@ -9,6 +9,8 @@ SRC_URI_append = "\
file://use-XDG_RUNTIMESHARE_DIR.patch \
file://0002-ivi-shell-Fix-crash-due-no-transmitter-screen.patch \
file://0001-libweston-Expose-weston_output_damage-in-libweston.patch \
+ file://0004-unconditionally-include-mman.h.patch \
+ file://0005-add-memfd-create-option.patch \
"
-EXTRA_OEMESON_append = " -Denable-user-start=true"
+EXTRA_OEMESON_append = " -Denable-user-start=true -Dmemfd-create=false"