waylandsink: Use memfd_create() when available

This (so-far) Linux- and FreeBSD-only API lets users create file
descriptors purely in memory, without any backing file on the filesystem
and the race condition which could ensue when unlink()ing it.

It also allows seals to be placed on the file, ensuring to every other
process that we won’t be allowed to shrink the contents, potentially
causing a SIGBUS when they try reading it.

This patch is best viewed with the -w option of git log -p.

It is an almost exact copy of Wayland commit
6908c8c85a2e33e5654f64a55cd4f847bf385cae, see
https://gitlab.freedesktop.org/wayland/wayland/merge_requests/4

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1577>
This commit is contained in:
Emmanuel Gil Peyrot 2020-09-15 17:51:51 +02:00 committed by GStreamer Merge Bot
parent 7f10f8a93e
commit f97b718b4c
2 changed files with 26 additions and 10 deletions

View file

@ -49,16 +49,33 @@ gst_wl_shm_allocator_alloc (GstAllocator * allocator, gsize size,
/* TODO: make use of the allocation params, if necessary */ /* TODO: make use of the allocation params, if necessary */
/* allocate shm pool */ #ifdef HAVE_MEMFD_CREATE
snprintf (filename, 1024, "%s/%s-%d-%s", g_get_user_runtime_dir (), fd = memfd_create ("gst-wayland-shm", MFD_CLOEXEC | MFD_ALLOW_SEALING);
"wayland-shm", init++, "XXXXXX"); if (fd >= 0) {
/* We can add this seal before calling posix_fallocate(), as
* the file is currently zero-sized anyway.
*
* There is also no need to check for the return value, we
* couldn't do anything with it anyway.
*/
fcntl (fd, F_ADD_SEALS, F_SEAL_SHRINK);
} else
#endif
{
/* allocate shm pool */
snprintf (filename, 1024, "%s/%s-%d-%s", g_get_user_runtime_dir (),
"wayland-shm", init++, "XXXXXX");
fd = g_mkstemp (filename); fd = g_mkstemp (filename);
if (fd < 0) { if (fd < 0) {
GST_ERROR_OBJECT (self, "opening temp file %s failed: %s", filename, GST_ERROR_OBJECT (self, "opening temp file %s failed: %s", filename,
strerror (errno)); strerror (errno));
return NULL; return NULL;
}
unlink (filename);
} }
if (ftruncate (fd, size) < 0) { if (ftruncate (fd, size) < 0) {
GST_ERROR_OBJECT (self, "ftruncate failed: %s", strerror (errno)); GST_ERROR_OBJECT (self, "ftruncate failed: %s", strerror (errno));
close (fd); close (fd);
@ -84,8 +101,6 @@ gst_wl_shm_allocator_alloc (GstAllocator * allocator, gsize size,
* need it to release the miniobject lock */ * need it to release the miniobject lock */
gst_memory_unmap (mem, &info); gst_memory_unmap (mem, &info);
unlink (filename);
return mem; return mem;
} }

View file

@ -158,6 +158,7 @@ check_functions = [
['HAVE_DCGETTEXT', 'dcgettext'], ['HAVE_DCGETTEXT', 'dcgettext'],
['HAVE_GETPAGESIZE', 'getpagesize'], ['HAVE_GETPAGESIZE', 'getpagesize'],
['HAVE_GMTIME_R', 'gmtime_r'], ['HAVE_GMTIME_R', 'gmtime_r'],
['HAVE_MEMFD_CREATE', 'memfd_create'],
['HAVE_MMAP', 'mmap'], ['HAVE_MMAP', 'mmap'],
['HAVE_PIPE2', 'pipe2'], ['HAVE_PIPE2', 'pipe2'],
['HAVE_GETRUSAGE', 'getrusage', '#include<sys/resource.h>'], ['HAVE_GETRUSAGE', 'getrusage', '#include<sys/resource.h>'],