From e2c93c5b5ba29f3e4b901f870d2e11e5e485da35 Mon Sep 17 00:00:00 2001
From: Scott Murray <scott.murray@konsulko.com>
Date: Thu, 2 Apr 2020 11:49:45 -0400
Subject: meta-agl-profile-graphical: disable memfd usage in weston

The YP dunfell release's Weston 8.0.0 is the first version to switch
to hard-coded usage of memfd's for its shared memory access if the
memfd_create system call is available in libc. At the moment, this
is problematic since accesses to the non-filesystem file descriptors
get blocked by SMACK. For now, while a longer-term solution is
worked out in SPEC-3305, patch Weston to allow disabling memfs usage
at build time, and do so by using the option in our bbappend.

Bug-AGL: SPEC-3302, SPEC-3305

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ie217c63cd4f43e3de1e802cb026c1ee2905bc5b7
---
 .../0004-unconditionally-include-mman.h.patch      | 33 +++++++++++++++
 .../weston/0005-add-memfd-create-option.patch      | 48 ++++++++++++++++++++++
 .../recipes-graphics/wayland/weston_8.0.0.bbappend |  4 +-
 3 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch
 create mode 100644 meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch

diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch
new file mode 100644
index 000000000..278087156
--- /dev/null
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch
@@ -0,0 +1,33 @@
+commit 7b36f171d09354a2d3a48db0ae2d34d66aa4f1ae
+Author: James Hilliard <james.hilliard1@gmail.com>
+Date:   Sat Feb 1 20:02:29 2020 -0700
+
+    unconditionally include sys/mman.h in os-compatibility.c
+    
+    Fixes:
+     ../shared/os-compatibility.c:273:25: error: ‘PROT_READ’ undeclared (first use in this function); did you mean ‘LOCK_READ’?
+       map = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, file->fd, 0);
+                              ^~~~~~~~~
+                              LOCK_READ
+    
+    Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+
+Upstream-Status: Backport
+
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+
+diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
+index 5e1ce479..041c929f 100644
+--- a/shared/os-compatibility.c
++++ b/shared/os-compatibility.c
+@@ -34,10 +34,7 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <libweston/zalloc.h>
+-
+-#ifdef HAVE_MEMFD_CREATE
+ #include <sys/mman.h>
+-#endif
+ 
+ #include "os-compatibility.h"
+ 
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
new file mode 100644
index 000000000..f4ea60130
--- /dev/null
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
@@ -0,0 +1,48 @@
+Add memfd-create option
+
+Add a meson build option, memfd-create, that controls whether the
+memfd_create system call support will be enabled.  The default value
+is true so that it will be enabled, but it allows users like AGL
+that currently has issues with security labels and memfd to disable
+it.
+
+Upstream-Status: Pending
+
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+
+diff --git a/meson.build b/meson.build
+index 82107e1..9d042ca 100644
+--- a/meson.build
++++ b/meson.build
+@@ -78,8 +78,12 @@ elif cc.has_header_symbol('sys/mkdev.h', 'major')
+ endif
+ 
+ optional_libc_funcs = [
+-	'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate', 'memfd_create'
++	'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate'
+ ]
++if get_option('memfd-create')
++	optional_libc_funcs += [ 'memfd_create' ]
++endif
++
+ foreach func : optional_libc_funcs
+ 	if cc.has_function(func)
+ 		config_h.set('HAVE_' + func.to_upper(), 1)
+diff --git a/meson_options.txt b/meson_options.txt
+index 80a2ad7..4a93472 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -99,6 +99,13 @@ option(
+ 	description: 'systemd service plugin: state notify, watchdog, socket activation'
+ )
+ 
++option(
++	'memfd-create',
++	type: 'boolean',
++	value: true,
++	description: 'Use memfd_create system call'
++)
++
+ option(
+ 	'remoting',
+ 	type: 'boolean',
diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend b/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
index 737992c62..03626abe8 100644
--- a/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
@@ -9,6 +9,8 @@ SRC_URI_append = "\
     file://use-XDG_RUNTIMESHARE_DIR.patch \
     file://0002-ivi-shell-Fix-crash-due-no-transmitter-screen.patch \
     file://0001-libweston-Expose-weston_output_damage-in-libweston.patch \
+    file://0004-unconditionally-include-mman.h.patch \
+    file://0005-add-memfd-create-option.patch \
     "
 
-EXTRA_OEMESON_append = " -Denable-user-start=true"
+EXTRA_OEMESON_append = " -Denable-user-start=true -Dmemfd-create=false"
-- 
cgit 1.2.3-korg