From ac98b85157e6e23bc89eaa1eb402f05502d011eb Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Wed, 3 Oct 2018 09:47:04 +0530 Subject: [PATCH] Wayland: Use memfd_create() and seals if available MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allows the compositor to avoid having to setup and teardown a SIGBUS signal handler whenever it needs to read from this surface, as it knows we won’t be able to shrink the file and so doesn’t have to protect against that. Only enabled on Linux, since only Linux has memfd_create() --- glfw/memfd.h | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ glfw/wl_window.c | 26 ++++++++++++------------ 2 files changed, 64 insertions(+), 13 deletions(-) create mode 100644 glfw/memfd.h diff --git a/glfw/memfd.h b/glfw/memfd.h new file mode 100644 index 000000000..06686314a --- /dev/null +++ b/glfw/memfd.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2018 Kovid Goyal + * + * Distributed under terms of the GPL3 license. + */ + +#pragma once + +#if defined(__linux__) + +#define _GNU_SOURCE +#include +#include +static inline int memfd_create(const char *name, unsigned int flags) { + return syscall(__NR_memfd_create, name, flags); +} + +#ifndef F_LINUX_SPECIFIC_BASE +#define F_LINUX_SPECIFIC_BASE 1024 +#endif + +#ifndef F_ADD_SEALS +#define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9) +#define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10) + +#define F_SEAL_SEAL 0x0001 /* prevent further seals from being set */ +#define F_SEAL_SHRINK 0x0002 /* prevent file from shrinking */ +#define F_SEAL_GROW 0x0004 /* prevent file from growing */ +#define F_SEAL_WRITE 0x0008 /* prevent writes */ +#endif + +#ifndef MFD_CLOEXEC +#define MFD_CLOEXEC 0x0001U +#define MFD_ALLOW_SEALING 0x0002U +#endif + +#else + +static inline int +createTmpfileCloexec(char* tmpname) +{ + int fd; + + fd = mkostemp(tmpname, O_CLOEXEC); + if (fd >= 0) + unlink(tmpname); + + return fd; +} + +#endif diff --git a/glfw/wl_window.c b/glfw/wl_window.c index 0fd07dc04..525b3d959 100644 --- a/glfw/wl_window.c +++ b/glfw/wl_window.c @@ -28,6 +28,7 @@ #include "internal.h" #include "backend_utils.h" +#include "memfd.h" #include #include @@ -115,18 +116,6 @@ static const struct wl_shell_surface_listener shellSurfaceListener = { handlePopupDone }; -static int -createTmpfileCloexec(char* tmpname) -{ - int fd; - - fd = mkostemp(tmpname, O_CLOEXEC); - if (fd >= 0) - unlink(tmpname); - - return fd; -} - /* * Create a new, unique, anonymous file of the given size, and * return the file descriptor for it. The file descriptor is set @@ -150,11 +139,21 @@ createTmpfileCloexec(char* tmpname) static int createAnonymousFile(off_t size) { + int ret; +#if defined(__linux__) + int fd = memfd_create("glfw-shared", MFD_CLOEXEC | MFD_ALLOW_SEALING); + if (fd < 0) return -1; + // We can add this seal before calling posix_fallocate(), as the file + // is currently zero-sized anyway. + // + // There is also no need to check for the return value, we couldn’t do + // anything with it anyway. + fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_SEAL); +#else static const char template[] = "/glfw-shared-XXXXXX"; const char* path; char* name; int fd; - int ret; path = getenv("XDG_RUNTIME_DIR"); if (!path) @@ -173,6 +172,7 @@ createAnonymousFile(off_t size) if (fd < 0) return -1; +#endif ret = posix_fallocate(fd, 0, size); if (ret != 0) {