1// Copyright (C) 2013 David Faure <faure+bluesystems@kde.org>
2// Copyright (C) 2017 Intel Corporation.
3// Copyright (C) 2016 The Qt Company Ltd.
4// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
5// Qt-Security score:significant reason:default
6
7#include "private/qlockfile_p.h"
8
9#include "QtCore/qtemporaryfile.h"
10#include "QtCore/qfileinfo.h"
11#include "QtCore/qdebug.h"
12#include "QtCore/qdatetime.h"
13#include "QtCore/qfileinfo.h"
14#include "QtCore/qcache.h"
15#include "QtCore/qglobalstatic.h"
16#include "QtCore/qmutex.h"
17
18#include "private/qcore_unix_p.h" // qt_safe_open
19#include "private/qabstractfileengine_p.h"
20#include "private/qfilesystementry_p.h"
21#include "private/qtemporaryfile_p.h"
22
23#if !defined(Q_OS_INTEGRITY)
24#include <sys/file.h> // flock
25#endif
26
27#if defined(Q_OS_RTEMS)
28// flock() does not work in these OSes and produce warnings when we try to use
29# undef LOCK_EX
30# undef LOCK_NB
31#endif
32
33#include <sys/types.h> // kill
34#include <signal.h> // kill
35#include <unistd.h> // gethostname
36
37#if defined(Q_OS_MACOS)
38# include <libproc.h>
39#elif defined(Q_OS_LINUX)
40# include <unistd.h>
41# include <cstdio>
42#elif defined(Q_OS_HAIKU)
43# include <kernel/OS.h>
44#elif defined(Q_OS_BSD4) && !defined(QT_PLATFORM_UIKIT)
45# include <sys/cdefs.h>
46# include <sys/param.h>
47# include <sys/sysctl.h>
48# if !defined(Q_OS_NETBSD)
49# include <sys/user.h>
50# endif
51#endif
52
53QT_BEGIN_NAMESPACE
54
55// ### merge into qt_safe_write?
56static qint64 qt_write_loop(int fd, const char *data, qint64 len)
57{
58 qint64 pos = 0;
59 while (pos < len) {
60 const qint64 ret = qt_safe_write(fd, data: data + pos, len: len - pos);
61 if (ret == -1) // e.g. partition full
62 return pos;
63 pos += ret;
64 }
65 return pos;
66}
67
68/*
69 * Details about file locking on Unix.
70 *
71 * There are three types of advisory locks on Unix systems:
72 * 1) POSIX process-wide locks using fcntl(F_SETLK)
73 * 2) BSD flock(2) system call
74 * 3) Linux-specific file descriptor locks using fcntl(F_OFD_SETLK)
75 * There's also a mandatory locking feature by POSIX, which is deprecated on
76 * Linux and users are advised not to use it.
77 *
78 * The first problem is that the POSIX API is braindead. POSIX.1-2008 says:
79 *
80 * All locks associated with a file for a given process shall be removed when
81 * a file descriptor for that file is closed by that process or the process
82 * holding that file descriptor terminates.
83 *
84 * The Linux manpage is clearer:
85 *
86 * * If a process closes _any_ file descriptor referring to a file, then all
87 * of the process's locks on that file are released, regardless of the file
88 * descriptor(s) on which the locks were obtained. This is bad: [...]
89 *
90 * * The threads in a process share locks. In other words, a multithreaded
91 * program can't use record locking to ensure that threads don't
92 * simultaneously access the same region of a file.
93 *
94 * So in order to use POSIX locks, we'd need a global mutex that stays locked
95 * while the QLockFile is locked. For that reason, Qt does not use POSIX
96 * advisory locks anymore.
97 *
98 * The next problem is that POSIX leaves undefined the relationship between
99 * locks with fcntl(), flock() and lockf(). In some systems (like the BSDs),
100 * all three use the same record set, while on others (like Linux) the locks
101 * are independent, except if locking over NFS mounts, in which case they're
102 * actually the same. Therefore, it's a very bad idea to mix them in the same
103 * process.
104 *
105 * We therefore use only flock(2), except on Android.
106 *
107 * Android Compatibility:
108 * Some versions of Android have known issues where flock does not function correctly.
109 * As a result, on Android, we use POSIX fcntl(F_SETLK) to handle file locking.
110 * fcntl is better integrated with Android’s underlying system, avoiding
111 * the limitations of flock.
112 */
113
114static bool setNativeLocks(int fd)
115{
116#if defined(Q_OS_ANDROID)
117 struct flock fl;
118 fl.l_type = F_WRLCK;
119 fl.l_whence = SEEK_SET;
120 fl.l_start = 0;
121 fl.l_len = 0;
122 if (fcntl(fd, F_SETLK, &fl) == -1)
123 return false;
124#elif defined(LOCK_EX) && defined(LOCK_NB)
125 if (flock(fd: fd, LOCK_EX | LOCK_NB) == -1) // other threads, and other processes on a local fs
126 return false;
127#else
128 Q_UNUSED(fd);
129#endif
130 return true;
131}
132
133QLockFile::LockError QLockFilePrivate::tryLock_sys()
134{
135 const QByteArray lockFileName = QFile::encodeName(fileName);
136 const int fd = qt_safe_open(pathname: lockFileName.constData(), O_RDWR | O_CREAT | O_EXCL, mode: 0666);
137 if (fd < 0) {
138 switch (errno) {
139 case EEXIST:
140 return QLockFile::LockFailedError;
141 case EACCES:
142 case EROFS:
143 return QLockFile::PermissionError;
144 default:
145 return QLockFile::UnknownError;
146 }
147 }
148 // Ensure nobody else can delete the file while we have it
149 if (!setNativeLocks(fd)) {
150 const int errnoSaved = errno;
151 qWarning() << "setNativeLocks failed:" << qt_error_string(errorCode: errnoSaved);
152 }
153
154 QByteArray fileData = lockFileContents();
155 if (qt_write_loop(fd, data: fileData.constData(), len: fileData.size()) < fileData.size()) {
156 qt_safe_close(fd);
157 if (!QFile::remove(fileName))
158 qWarning(msg: "QLockFile: Could not remove our own lock file %ls.", qUtf16Printable(fileName));
159 return QLockFile::UnknownError; // partition full
160 }
161
162 // We hold the lock, continue.
163 fileHandle = fd;
164
165 // Sync to disk if possible. Ignore errors (e.g. not supported).
166#if defined(_POSIX_SYNCHRONIZED_IO) && _POSIX_SYNCHRONIZED_IO > 0
167 fdatasync(fildes: fileHandle);
168#else
169 fsync(fileHandle);
170#endif
171
172 return QLockFile::NoError;
173}
174
175bool QLockFilePrivate::removeStaleLock()
176{
177 const QByteArray lockFileName = QFile::encodeName(fileName);
178 const int fd = qt_safe_open(pathname: lockFileName.constData(), O_WRONLY, mode: 0666);
179 if (fd < 0) // gone already?
180 return false;
181 bool success = setNativeLocks(fd) && (::unlink(name: lockFileName) == 0);
182 close(fd: fd);
183 return success;
184}
185
186bool QLockFilePrivate::isProcessRunning(qint64 pid, const QString &appname)
187{
188 if (::kill(pid: pid_t(pid), sig: 0) == -1 && errno == ESRCH)
189 return false; // PID doesn't exist anymore
190
191 const QString processName = processNameByPid(pid);
192 if (!processName.isEmpty()) {
193 QFileInfo fi(appname);
194 if (fi.isSymLink())
195 fi.setFile(fi.symLinkTarget());
196 if (processName != fi.fileName())
197 return false; // PID got reused by a different application.
198 }
199
200 return true;
201}
202
203QString QLockFilePrivate::processNameByPid(qint64 pid)
204{
205#if defined(Q_OS_MACOS)
206 char name[1024];
207 proc_name(pid, name, sizeof(name) / sizeof(char));
208 return QFile::decodeName(name);
209#elif defined(Q_OS_LINUX)
210 if (!qt_haveLinuxProcfs())
211 return QString();
212
213 char exePath[64];
214 sprintf(s: exePath, format: "/proc/%lld/exe", pid);
215
216 QByteArray buf = qt_readlink(path: exePath);
217 if (buf.isEmpty()) {
218 // The pid is gone. Return some invalid process name to fail the test.
219 return QStringLiteral("/ERROR/");
220 }
221
222 // remove the " (deleted)" suffix, if any
223 static const char deleted[] = " (deleted)";
224 if (buf.endsWith(bv: deleted))
225 buf.chop(n: strlen(s: deleted));
226
227 return QFileSystemEntry(buf, QFileSystemEntry::FromNativePath()).fileName();
228#elif defined(Q_OS_HAIKU)
229 thread_info info;
230 if (get_thread_info(pid, &info) != B_OK)
231 return QString();
232 return QFile::decodeName(info.name);
233#elif defined(Q_OS_BSD4) && !defined(QT_PLATFORM_UIKIT)
234# if defined(Q_OS_NETBSD)
235 struct kinfo_proc2 kp;
236 int mib[6] = { CTL_KERN, KERN_PROC2, KERN_PROC_PID, (int)pid, sizeof(struct kinfo_proc2), 1 };
237# elif defined(Q_OS_OPENBSD)
238 struct kinfo_proc kp;
239 int mib[6] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, (int)pid, sizeof(struct kinfo_proc), 1 };
240# else
241 struct kinfo_proc kp;
242 int mib[4] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, (int)pid };
243# endif
244 size_t len = sizeof(kp);
245 u_int mib_len = sizeof(mib)/sizeof(u_int);
246
247 if (sysctl(mib, mib_len, &kp, &len, NULL, 0) < 0)
248 return QString();
249
250# if defined(Q_OS_OPENBSD) || defined(Q_OS_NETBSD)
251 if (kp.p_pid != pid)
252 return QString();
253 QString name = QFile::decodeName(kp.p_comm);
254# else
255 if (kp.ki_pid != pid)
256 return QString();
257 QString name = QFile::decodeName(kp.ki_comm);
258# endif
259 return name;
260#elif defined(Q_OS_QNX)
261 char exePath[PATH_MAX];
262 sprintf(exePath, "/proc/%lld/exefile", pid);
263
264 int fd = qt_safe_open(exePath, O_RDONLY);
265 if (fd == -1)
266 return QString();
267
268 QT_STATBUF sbuf;
269 if (QT_FSTAT(fd, &sbuf) == -1) {
270 qt_safe_close(fd);
271 return QString();
272 }
273
274 QByteArray buffer(sbuf.st_size, Qt::Uninitialized);
275 buffer.resize(qt_safe_read(fd, buffer.data(), sbuf.st_size - 1));
276 if (buffer.isEmpty()) {
277 // The pid is gone. Return some invalid process name to fail the test.
278 return QStringLiteral("/ERROR/");
279 }
280 return QFileSystemEntry(buffer, QFileSystemEntry::FromNativePath()).fileName();
281#else
282 Q_UNUSED(pid);
283 return QString();
284#endif
285}
286
287void QLockFile::unlock()
288{
289 Q_D(QLockFile);
290 if (!d->isLocked)
291 return;
292 close(fd: d->fileHandle);
293 d->fileHandle = -1;
294 if (!QFile::remove(fileName: d->fileName)) {
295 qWarning() << "Could not remove our own lock file" << d->fileName << "maybe permissions changed meanwhile?";
296 // This is bad because other users of this lock file will now have to wait for the stale-lock-timeout...
297 }
298 d->lockError = QLockFile::NoError;
299 d->isLocked = false;
300}
301
302QT_END_NAMESPACE
303

source code of qtbase/src/corelib/io/qlockfile_unix.cpp