1 | /* |
2 | * Copyright © 2012 Collabora, Ltd. |
3 | * |
4 | * Permission is hereby granted, free of charge, to any person obtaining |
5 | * a copy of this software and associated documentation files (the |
6 | * "Software"), to deal in the Software without restriction, including |
7 | * without limitation the rights to use, copy, modify, merge, publish, |
8 | * distribute, sublicense, and/or sell copies of the Software, and to |
9 | * permit persons to whom the Software is furnished to do so, subject to |
10 | * the following conditions: |
11 | * |
12 | * The above copyright notice and this permission notice (including the |
13 | * next paragraph) shall be included in all copies or substantial |
14 | * portions of the Software. |
15 | * |
16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
17 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
18 | * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
19 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
20 | * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
21 | * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
22 | * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
23 | * SOFTWARE. |
24 | */ |
25 | |
26 | #define _GNU_SOURCE |
27 | |
28 | #include "config.h" |
29 | |
30 | #include <sys/types.h> |
31 | #include <unistd.h> |
32 | #include <fcntl.h> |
33 | #include <errno.h> |
34 | #include <string.h> |
35 | #include <stdlib.h> |
36 | |
37 | #ifdef HAVE_MEMFD_CREATE |
38 | #include <sys/mman.h> |
39 | #endif |
40 | |
41 | #include "os-compatibility.h" |
42 | |
43 | #ifndef HAVE_MKOSTEMP |
44 | static int |
45 | set_cloexec_or_close(int fd) |
46 | { |
47 | long flags; |
48 | |
49 | if (fd == -1) |
50 | return -1; |
51 | |
52 | flags = fcntl(fd, F_GETFD); |
53 | if (flags == -1) |
54 | goto err; |
55 | |
56 | if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) |
57 | goto err; |
58 | |
59 | return fd; |
60 | |
61 | err: |
62 | close(fd); |
63 | return -1; |
64 | } |
65 | #endif |
66 | |
67 | static int |
68 | create_tmpfile_cloexec(char *tmpname) |
69 | { |
70 | int fd; |
71 | |
72 | #ifdef HAVE_MKOSTEMP |
73 | fd = mkostemp(template: tmpname, O_CLOEXEC); |
74 | if (fd >= 0) |
75 | unlink(name: tmpname); |
76 | #else |
77 | fd = mkstemp(tmpname); |
78 | if (fd >= 0) { |
79 | fd = set_cloexec_or_close(fd); |
80 | unlink(tmpname); |
81 | } |
82 | #endif |
83 | |
84 | return fd; |
85 | } |
86 | |
87 | /* |
88 | * Create a new, unique, anonymous file of the given size, and |
89 | * return the file descriptor for it. The file descriptor is set |
90 | * CLOEXEC. The file is immediately suitable for mmap()'ing |
91 | * the given size at offset zero. |
92 | * |
93 | * The file should not have a permanent backing store like a disk, |
94 | * but may have if XDG_RUNTIME_DIR is not properly implemented in OS. |
95 | * |
96 | * The file name is deleted from the file system. |
97 | * |
98 | * The file is suitable for buffer sharing between processes by |
99 | * transmitting the file descriptor over Unix sockets using the |
100 | * SCM_RIGHTS methods. |
101 | * |
102 | * If the C library implements posix_fallocate(), it is used to |
103 | * guarantee that disk space is available for the file at the |
104 | * given size. If disk space is insufficient, errno is set to ENOSPC. |
105 | * If posix_fallocate() is not supported, program may receive |
106 | * SIGBUS on accessing mmap()'ed file contents instead. |
107 | * |
108 | * If the C library implements memfd_create(), it is used to create the |
109 | * file purely in memory, without any backing file name on the file |
110 | * system, and then sealing off the possibility of shrinking it. This |
111 | * can then be checked before accessing mmap()'ed file contents, to |
112 | * make sure SIGBUS can't happen. It also avoids requiring |
113 | * XDG_RUNTIME_DIR. |
114 | */ |
115 | int |
116 | os_create_anonymous_file(off_t size) |
117 | { |
118 | static const char template[] = "/wayland-cursor-shared-XXXXXX" ; |
119 | const char *path; |
120 | char *name; |
121 | int fd; |
122 | |
123 | #ifdef HAVE_MEMFD_CREATE |
124 | fd = memfd_create(name: "wayland-cursor" , MFD_CLOEXEC | MFD_ALLOW_SEALING); |
125 | if (fd >= 0) { |
126 | /* We can add this seal before calling posix_fallocate(), as |
127 | * the file is currently zero-sized anyway. |
128 | * |
129 | * There is also no need to check for the return value, we |
130 | * couldn't do anything with it anyway. |
131 | */ |
132 | fcntl(fd: fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_SEAL); |
133 | } else |
134 | #endif |
135 | { |
136 | path = getenv(name: "XDG_RUNTIME_DIR" ); |
137 | if (!path) { |
138 | errno = ENOENT; |
139 | return -1; |
140 | } |
141 | |
142 | name = malloc(size: strlen(s: path) + sizeof(template)); |
143 | if (!name) |
144 | return -1; |
145 | |
146 | strcpy(dest: name, src: path); |
147 | strcat(dest: name, src: template); |
148 | |
149 | fd = create_tmpfile_cloexec(tmpname: name); |
150 | |
151 | free(ptr: name); |
152 | |
153 | if (fd < 0) |
154 | return -1; |
155 | } |
156 | |
157 | if (os_resize_anonymous_file(fd, size) < 0) { |
158 | close(fd: fd); |
159 | return -1; |
160 | } |
161 | |
162 | return fd; |
163 | } |
164 | |
165 | int |
166 | os_resize_anonymous_file(int fd, off_t size) |
167 | { |
168 | #ifdef HAVE_POSIX_FALLOCATE |
169 | /* |
170 | * Filesystems that do support fallocate will return EINVAL or |
171 | * EOPNOTSUPP. In this case we need to fall back to ftruncate |
172 | */ |
173 | errno = posix_fallocate(fd: fd, offset: 0, len: size); |
174 | if (errno == 0) |
175 | return 0; |
176 | else if (errno != EINVAL && errno != EOPNOTSUPP) |
177 | return -1; |
178 | #endif |
179 | if (ftruncate(fd: fd, length: size) < 0) |
180 | return -1; |
181 | |
182 | return 0; |
183 | } |
184 | |