meta-agl-profile-graphical: disable memfd usage in weston

The YP dunfell release's Weston 8.0.0 is the first version to switch
to hard-coded usage of memfd's for its shared memory access if the
memfd_create system call is available in libc. At the moment, this
is problematic since accesses to the non-filesystem file descriptors
get blocked by SMACK. For now, while a longer-term solution is
worked out in SPEC-3305, patch Weston to allow disabling memfs usage
at build time, and do so by using the option in our bbappend.

Bug-AGL: SPEC-3302, SPEC-3305

Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Change-Id: Ie217c63cd4f43e3de1e802cb026c1ee2905bc5b7

diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch
new file mode 100644 (file)
index 0000000..2780871
--- /dev/null
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0004-unconditionally-include-mman.h.patch
@@ -0,0 +1,33 @@
+commit 7b36f171d09354a2d3a48db0ae2d34d66aa4f1ae
+Author: James Hilliard <james.hilliard1@gmail.com>
+Date:   Sat Feb 1 20:02:29 2020 -0700
+
+    unconditionally include sys/mman.h in os-compatibility.c
+    
+    Fixes:
+     ../shared/os-compatibility.c:273:25: error: ‘PROT_READ’ undeclared (first use in this function); did you mean ‘LOCK_READ’?
+       map = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, file->fd, 0);
+                              ^~~~~~~~~
+                              LOCK_READ
+    
+    Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
+
+Upstream-Status: Backport
+
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+
+diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
+index 5e1ce479..041c929f 100644
+--- a/shared/os-compatibility.c
++++ b/shared/os-compatibility.c
+@@ -34,10 +34,7 @@
+ #include <string.h>
+ #include <stdlib.h>
+ #include <libweston/zalloc.h>
+-
+-#ifdef HAVE_MEMFD_CREATE
+ #include <sys/mman.h>
+-#endif
+ 
+ #include "os-compatibility.h"
+ 

diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
new file mode 100644 (file)
index 0000000..f4ea601
--- /dev/null
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston/0005-add-memfd-create-option.patch
@@ -0,0 +1,48 @@
+Add memfd-create option
+
+Add a meson build option, memfd-create, that controls whether the
+memfd_create system call support will be enabled.  The default value
+is true so that it will be enabled, but it allows users like AGL
+that currently has issues with security labels and memfd to disable
+it.
+
+Upstream-Status: Pending
+
+Signed-off-by: Scott Murray <scott.murray@konsulko.com>
+
+diff --git a/meson.build b/meson.build
+index 82107e1..9d042ca 100644
+--- a/meson.build
++++ b/meson.build
+@@ -78,8 +78,12 @@ elif cc.has_header_symbol('sys/mkdev.h', 'major')
+ endif
+ 
+ optional_libc_funcs = [
+-      'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate', 'memfd_create'
++      'mkostemp', 'strchrnul', 'initgroups', 'posix_fallocate'
+ ]
++if get_option('memfd-create')
++      optional_libc_funcs += [ 'memfd_create' ]
++endif
++
+ foreach func : optional_libc_funcs
+       if cc.has_function(func)
+               config_h.set('HAVE_' + func.to_upper(), 1)
+diff --git a/meson_options.txt b/meson_options.txt
+index 80a2ad7..4a93472 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -99,6 +99,13 @@ option(
+       description: 'systemd service plugin: state notify, watchdog, socket activation'
+ )
+ 
++option(
++      'memfd-create',
++      type: 'boolean',
++      value: true,
++      description: 'Use memfd_create system call'
++)
++
+ option(
+       'remoting',
+       type: 'boolean',

diff --git a/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend b/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
index 737992c..03626ab 100644 (file)
--- a/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
+++ b/meta-agl-profile-graphical/recipes-graphics/wayland/weston_8.0.0.bbappend
@@ -9,6 +9,8 @@ SRC_URI_append = "\
     file://use-XDG_RUNTIMESHARE_DIR.patch \
     file://0002-ivi-shell-Fix-crash-due-no-transmitter-screen.patch \
     file://0001-libweston-Expose-weston_output_damage-in-libweston.patch \
+    file://0004-unconditionally-include-mman.h.patch \
+    file://0005-add-memfd-create-option.patch \
     "
 
-EXTRA_OEMESON_append = " -Denable-user-start=true"
+EXTRA_OEMESON_append = " -Denable-user-start=true -Dmemfd-create=false"