| 1 | /* |
|---|
| 2 | * Copyright © 2012 Collabora, Ltd. |
|---|
| 3 | * |
|---|
| 4 | * Permission is hereby granted, free of charge, to any person obtaining |
|---|
| 5 | * a copy of this software and associated documentation files (the |
|---|
| 6 | * "Software"), to deal in the Software without restriction, including |
|---|
| 7 | * without limitation the rights to use, copy, modify, merge, publish, |
|---|
| 8 | * distribute, sublicense, and/or sell copies of the Software, and to |
|---|
| 9 | * permit persons to whom the Software is furnished to do so, subject to |
|---|
| 10 | * the following conditions: |
|---|
| 11 | * |
|---|
| 12 | * The above copyright notice and this permission notice (including the |
|---|
| 13 | * next paragraph) shall be included in all copies or substantial |
|---|
| 14 | * portions of the Software. |
|---|
| 15 | * |
|---|
| 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
|---|
| 17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
|---|
| 18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
|---|
| 19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
|---|
| 20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|---|
| 21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
|---|
| 22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
|---|
| 23 | * SOFTWARE. |
|---|
| 24 | */ |
|---|
| 25 | |
|---|
| 26 | #define _GNU_SOURCE |
|---|
| 27 | |
|---|
| 28 | #include "config.h" |
|---|
| 29 | |
|---|
| 30 | #include <sys/types.h> |
|---|
| 31 | #include <unistd.h> |
|---|
| 32 | #include <fcntl.h> |
|---|
| 33 | #include <errno.h> |
|---|
| 34 | #include <string.h> |
|---|
| 35 | #include <stdlib.h> |
|---|
| 36 | |
|---|
| 37 | #ifdef HAVE_MEMFD_CREATE |
|---|
| 38 | #include <sys/mman.h> |
|---|
| 39 | #endif |
|---|
| 40 | |
|---|
| 41 | #include "os-compatibility.h" |
|---|
| 42 | |
|---|
| 43 | #ifndef HAVE_MKOSTEMP |
|---|
| 44 | static int |
|---|
| 45 | set_cloexec_or_close(int fd) |
|---|
| 46 | { |
|---|
| 47 | long flags; |
|---|
| 48 | |
|---|
| 49 | if (fd == -1) |
|---|
| 50 | return -1; |
|---|
| 51 | |
|---|
| 52 | flags = fcntl(fd, F_GETFD); |
|---|
| 53 | if (flags == -1) |
|---|
| 54 | goto err; |
|---|
| 55 | |
|---|
| 56 | if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) |
|---|
| 57 | goto err; |
|---|
| 58 | |
|---|
| 59 | return fd; |
|---|
| 60 | |
|---|
| 61 | err: |
|---|
| 62 | close(fd); |
|---|
| 63 | return -1; |
|---|
| 64 | } |
|---|
| 65 | #endif |
|---|
| 66 | |
|---|
| 67 | static int |
|---|
| 68 | create_tmpfile_cloexec(char *tmpname) |
|---|
| 69 | { |
|---|
| 70 | int fd; |
|---|
| 71 | |
|---|
| 72 | #ifdef HAVE_MKOSTEMP |
|---|
| 73 | fd = mkostemp(template: tmpname, O_CLOEXEC); |
|---|
| 74 | if (fd >= 0) |
|---|
| 75 | unlink(name: tmpname); |
|---|
| 76 | #else |
|---|
| 77 | fd = mkstemp(tmpname); |
|---|
| 78 | if (fd >= 0) { |
|---|
| 79 | fd = set_cloexec_or_close(fd); |
|---|
| 80 | unlink(tmpname); |
|---|
| 81 | } |
|---|
| 82 | #endif |
|---|
| 83 | |
|---|
| 84 | return fd; |
|---|
| 85 | } |
|---|
| 86 | |
|---|
| 87 | /* |
|---|
| 88 | * Create a new, unique, anonymous file of the given size, and |
|---|
| 89 | * return the file descriptor for it. The file descriptor is set |
|---|
| 90 | * CLOEXEC. The file is immediately suitable for mmap()'ing |
|---|
| 91 | * the given size at offset zero. |
|---|
| 92 | * |
|---|
| 93 | * The file should not have a permanent backing store like a disk, |
|---|
| 94 | * but may have if XDG_RUNTIME_DIR is not properly implemented in OS. |
|---|
| 95 | * |
|---|
| 96 | * The file name is deleted from the file system. |
|---|
| 97 | * |
|---|
| 98 | * The file is suitable for buffer sharing between processes by |
|---|
| 99 | * transmitting the file descriptor over Unix sockets using the |
|---|
| 100 | * SCM_RIGHTS methods. |
|---|
| 101 | * |
|---|
| 102 | * If the C library implements posix_fallocate(), it is used to |
|---|
| 103 | * guarantee that disk space is available for the file at the |
|---|
| 104 | * given size. If disk space is insufficient, errno is set to ENOSPC. |
|---|
| 105 | * If posix_fallocate() is not supported, program may receive |
|---|
| 106 | * SIGBUS on accessing mmap()'ed file contents instead. |
|---|
| 107 | * |
|---|
| 108 | * If the C library implements memfd_create(), it is used to create the |
|---|
| 109 | * file purely in memory, without any backing file name on the file |
|---|
| 110 | * system, and then sealing off the possibility of shrinking it. This |
|---|
| 111 | * can then be checked before accessing mmap()'ed file contents, to |
|---|
| 112 | * make sure SIGBUS can't happen. It also avoids requiring |
|---|
| 113 | * XDG_RUNTIME_DIR. |
|---|
| 114 | */ |
|---|
| 115 | int |
|---|
| 116 | os_create_anonymous_file(off_t size) |
|---|
| 117 | { |
|---|
| 118 | static const char template[] = "/wayland-cursor-shared-XXXXXX" ; |
|---|
| 119 | const char *path; |
|---|
| 120 | char *name; |
|---|
| 121 | int fd; |
|---|
| 122 | |
|---|
| 123 | #ifdef HAVE_MEMFD_CREATE |
|---|
| 124 | fd = memfd_create(name: "wayland-cursor" , MFD_CLOEXEC | MFD_ALLOW_SEALING); |
|---|
| 125 | if (fd >= 0) { |
|---|
| 126 | /* We can add this seal before calling posix_fallocate(), as |
|---|
| 127 | * the file is currently zero-sized anyway. |
|---|
| 128 | * |
|---|
| 129 | * There is also no need to check for the return value, we |
|---|
| 130 | * couldn't do anything with it anyway. |
|---|
| 131 | */ |
|---|
| 132 | fcntl(fd: fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_SEAL); |
|---|
| 133 | } else |
|---|
| 134 | #endif |
|---|
| 135 | { |
|---|
| 136 | path = getenv(name: "XDG_RUNTIME_DIR" ); |
|---|
| 137 | if (!path) { |
|---|
| 138 | errno = ENOENT; |
|---|
| 139 | return -1; |
|---|
| 140 | } |
|---|
| 141 | |
|---|
| 142 | name = malloc(size: strlen(s: path) + sizeof(template)); |
|---|
| 143 | if (!name) |
|---|
| 144 | return -1; |
|---|
| 145 | |
|---|
| 146 | strcpy(dest: name, src: path); |
|---|
| 147 | strcat(dest: name, src: template); |
|---|
| 148 | |
|---|
| 149 | fd = create_tmpfile_cloexec(tmpname: name); |
|---|
| 150 | |
|---|
| 151 | free(ptr: name); |
|---|
| 152 | |
|---|
| 153 | if (fd < 0) |
|---|
| 154 | return -1; |
|---|
| 155 | } |
|---|
| 156 | |
|---|
| 157 | if (os_resize_anonymous_file(fd, size) < 0) { |
|---|
| 158 | close(fd: fd); |
|---|
| 159 | return -1; |
|---|
| 160 | } |
|---|
| 161 | |
|---|
| 162 | return fd; |
|---|
| 163 | } |
|---|
| 164 | |
|---|
| 165 | int |
|---|
| 166 | os_resize_anonymous_file(int fd, off_t size) |
|---|
| 167 | { |
|---|
| 168 | #ifdef HAVE_POSIX_FALLOCATE |
|---|
| 169 | /* |
|---|
| 170 | * Filesystems that do support fallocate will return EINVAL or |
|---|
| 171 | * EOPNOTSUPP. In this case we need to fall back to ftruncate |
|---|
| 172 | */ |
|---|
| 173 | errno = posix_fallocate(fd: fd, offset: 0, len: size); |
|---|
| 174 | if (errno == 0) |
|---|
| 175 | return 0; |
|---|
| 176 | else if (errno != EINVAL && errno != EOPNOTSUPP) |
|---|
| 177 | return -1; |
|---|
| 178 | #endif |
|---|
| 179 | if (ftruncate(fd: fd, length: size) < 0) |
|---|
| 180 | return -1; |
|---|
| 181 | |
|---|
| 182 | return 0; |
|---|
| 183 | } |
|---|
| 184 | |
|---|
