If os_resize_anonymous_file() called from os_create_anonymous_file()
fails with EINTR (Interrupted system call), then the buffer allocation
fails.
To avoid that, retry posix_fallocate() on EINTR.
However, in the presence of an alarm, the interrupt may trigger
repeatedly and prevent a large posix_fallocate() to ever complete
successfully, so we need to first block SIGALRM to prevent this.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
The [spec][1] reads:
> All paths set in these environment variables must be absolute. If an
> implementation encounters a relative path in any of these variables it should
> consider the path invalid and ignore it.
and
> If $XDG_DATA_HOME is either not set or empty, a default equal to
> $HOME/.local/share should be used.
Testing that the path is absolute also entails that is is non-empty.
[1]: https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
Signed-off-by: Antonin Décimo <antonin.decimo@gmail.com>
Some filesystems do not support fallocate and return EOPNOTSUPP.
On musl-based distros libwayland-cursor exits abruptly which causes the
application to crash. Unlike glibc, musl does not provide a fallback
mechanism for handling unsupported fallocate. Instead, musl developers
argue that application should handle the case of unsupported system
call.
This commit allows falback to ftruncate in case when EOPNOTSUPP
was recieved.
Signed-off-by: Ihor Antonov <ihor@antonovs.family>
This (so-far) Linux-only API lets users create file descriptors purely
in memory, without any backing file on the filesystem and the race
condition which could ensue when unlink()ing it.
It also allows seals to be placed on the file, ensuring to every other
process that we won’t be allowed to shrink the contents, potentially
causing a SIGBUS when they try reading it.
This patch is best viewed with the -w option of git log -p.
Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
Reviewed-by: Simon Ser <contact@emersion.fr>
This mildly confused me during some debugging, so I guess it wouldn't
hurt to make the filename more indicative of where it was actually
created.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Giulio Camuffo <giuliocamuffo@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
If posix_fallocate is available, use it instead of ftruncate. Unlike
ftruncate, when posix_fallocate succeeds, it guarantees that you cannot
run out of disk space, when later writing to the mmap()'ed file.
With posix_fallocate, if os_create_anonymous_file() succeeds, the
program cannot get a SIGBUS later from accessing this file via mmap. If
there is insufficient disk space, the function fails and errno is set to
ENOSPC.
This is useful on systems, that limit the available buffer space by
having XDG_RUNTIME_DIR on a small tmpfs.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Copy the implementation of os_create_anonymous_file() here from weston,
so we can use it instead of hardcoding a path to /tmp.
Signed-off-by: Pekka Paalanen <ppaalanen@gmail.com>
