On Wed, Jun 21, 2023 at 01:06:37PM +1000, David Gibson wrote:
> seccomp.sh generates seccomp.h piece by piece using >> directives.  This
> means that if two instances of seccomp.h are run concurrently a corrupted
> version of seccomp.h will be generated. Amongst other problems this can
> cause spurious failures on clang-tidy.
> 
> Alter seccomp.sh to build the output in a temporary file and atomic move it
> to seccomp.h, so concurrent invocations will still result in valud output.
> 
> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>

A note on context: I discovered this while working on the Avocado
stuff: avocado would run "make cppcheck" and "make clang-tidy" in
parallel, since both require seccomp.h to be generated, they'd both
try to generate it at the same time, and it would blow up.

> ---
>  seccomp.sh | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/seccomp.sh b/seccomp.sh
> index 092c24e0..e1224e0d 100755
> --- a/seccomp.sh
> +++ b/seccomp.sh
> @@ -15,7 +15,7 @@
>  
>  TMP="$(mktemp)"
>  IN="$@"
> -OUT="seccomp.h"
> +OUT="$(mktemp)"
>  
>  [ -z "${ARCH}" ] && ARCH="$(uname -m)"
>  [ -z "${CC}" ] && CC="cc"
> @@ -53,7 +53,7 @@ BST='	BPF_JUMP(BPF_JMP | BPF_JGE | BPF_K, @NR@, @R@, @L@),'
>  
>  # cleanup() - Remove temporary file if it exists
>  cleanup() {
> -	rm -f "${TMP}"
> +	rm -f "${TMP}" "${OUT}"
>  }
>  trap "cleanup" EXIT
>  
> @@ -254,3 +254,5 @@ for __p in ${__profiles}; do
>  
>  	gen_profile "${__p}" ${__calls}
>  done
> +
> +mv "${OUT}" seccomp.h

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson