(Resend to pulseaudio-discuss list only) On 2015-09-20 23:21, Ahmed S. Darwish wrote: > Hi everyone, > > This RFC patch series introduces memfd support [*] to PulseAudio, > laying out the necessary (but not yet sufficient) groundwork for > sandboxing, protecting PulseAudio from its clients, and protecting > clients (data) from each other. Hi! So I've skimmed through the patches now and at this point I have two high-level comments: 1) There was some discussion about how the pa_mem struct should look like. I think it should just look like this: struct pa_mem { void *ptr; size_t size; pa_mem_type_t type; int fd; unsigned id; /* both shm and memfd need an id, see below */ bool shm_do_unlink; } Memfd and shm can then share some methods because they're both fd backed (e g, closing is to call munmap and then fclose for both). Plus, it's all much simpler than anonymous unions and structs, IMO. All methods would take a pa_mem*, and methods specific to a type can just start with an assert!(mem->type == PA_MEM_TYPE_xxx); 2) The second big thing that makes me confused is how the memfd is initially set up and sent over the pipe to the client. Am I reading your code wrong, or do you actually send an extra memfd packet with the fd in *for every packet* sent? The per-client memfd should be set up by the server at SHM negotiation time (and sealed, but you've said that's a future patch set). Then send a packet with the memfd as ancil data (or extend PA_COMMAND_ENABLE_SRBCHANNEL, if that's simpler). This packet should also have an ID that identifies the memfd. Every memfd and shm now have a unique ID, so you can just put that ID when you do the memexport, so on the sender side you don't need to distinguish between the two types. And on the memimport side you'd look this ID up, and see if it matches a previously received memfd, if not, it's a posix-shm ID that you need to call pa_shm_attach on. Does that make sense to you? -- David Henningsson, Canonical Ltd. https://launchpad.net/~diwic