2 * Copyright (C) 2011 EfficiOS Inc.
3 * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
5 * SPDX-License-Identifier: GPL-2.0-only
14 #include <sys/types.h>
19 #include <common/error.h>
24 * We deal with the shm_open vs ftruncate race (happening when the sessiond owns
25 * the shm and does not let everybody modify it, to ensure safety against
26 * shm_unlink) by simply letting the mmap fail and retrying after a few
27 * seconds. For global shm, everybody has rw access to it until the sessiond
30 static int get_wait_shm(char *shm_path
, size_t mmap_size
, int global
)
33 mode_t mode
, old_mode
;
37 /* Default permissions */
38 mode
= S_IRUSR
| S_IWUSR
| S_IRGRP
| S_IWGRP
;
41 * Change owner of the shm path.
45 * If global session daemon, any application can
46 * register. Make it initially writeable so applications
47 * registering concurrently can do ftruncate() by
50 mode
|= S_IROTH
| S_IWOTH
;
53 old_mode
= umask(~mode
);
56 * Try creating shm (or get rw access). We don't do an exclusive open,
57 * because we allow other processes to create+ftruncate it concurrently.
59 * A sysctl, fs.protected_regular may prevent the session daemon from
60 * opening a previously created shm when the O_CREAT flag is provided.
61 * Systemd enables this ABI-breaking change by default since v241.
63 * First, attempt to use the create-or-open semantic that is
64 * desired here. If this fails with EACCES, work around this broken
65 * behaviour and attempt to open the shm without the O_CREAT flag.
67 * The two attempts are made in this order since applications are
68 * expected to race with the session daemon to create this shm.
69 * Attempting an shm_open() without the O_CREAT flag first could fail
70 * because the file doesn't exist. It could then be created by an
71 * application, which would cause a second try with the O_CREAT flag to
74 * Note that this introduces a new failure mode where a user could
75 * launch an application (creating the shm) and unlink the shm while
76 * the session daemon is launching, causing the second attempt
77 * to fail. This is not recovered-from as unlinking the shm will
78 * prevent userspace tracing from succeeding anyhow: the sessiond would
79 * use a now-unlinked shm, while the next application would create
82 wait_shm_fd
= shm_open(shm_path
, O_RDWR
| O_CREAT
, mode
);
83 if (wait_shm_fd
< 0) {
84 if (errno
== EACCES
) {
85 /* Work around sysctl fs.protected_regular. */
86 DBG("shm_open of %s returned EACCES, this may be caused "
87 "by the fs.protected_regular sysctl. "
88 "Attempting to open the shm without "
89 "creating it.", shm_path
);
90 wait_shm_fd
= shm_open(shm_path
, O_RDWR
, mode
);
92 if (wait_shm_fd
< 0) {
93 PERROR("Failed to open wait shm at %s", shm_path
);
98 ret
= ftruncate(wait_shm_fd
, mmap_size
);
100 PERROR("ftruncate wait shm");
106 ret
= fchown(wait_shm_fd
, 0, 0);
112 * If global session daemon, any application can
113 * register so the shm needs to be set in read-only mode
117 ret
= fchmod(wait_shm_fd
, mode
);
123 ret
= fchown(wait_shm_fd
, getuid(), getgid());
130 #warning "FreeBSD does not support setting file mode on shm FD."
133 DBG("Got the wait shm fd %d", wait_shm_fd
);
135 (void) umask(old_mode
);
139 DBG("Failing to get the wait shm fd");
140 if (wait_shm_fd
>= 0) {
141 if (close(wait_shm_fd
)) {
142 PERROR("Failed to close wait shm file descriptor during error handling");
151 * Return the wait shm mmap for UST application notification. The global
152 * variable is used to indicate if the the session daemon is global
153 * (root:tracing) or running with an unprivileged user.
155 * This returned value is used by futex_wait_update() in futex.c to WAKE all
156 * waiters which are UST application waiting for a session daemon.
158 char *shm_ust_get_mmap(char *shm_path
, int global
)
161 int wait_shm_fd
, ret
;
167 sys_page_size
= sysconf(_SC_PAGE_SIZE
);
168 if (sys_page_size
< 0) {
169 PERROR("sysconf PAGE_SIZE");
172 mmap_size
= sys_page_size
;
174 wait_shm_fd
= get_wait_shm(shm_path
, mmap_size
, global
);
175 if (wait_shm_fd
< 0) {
179 wait_shm_mmap
= mmap(NULL
, mmap_size
, PROT_WRITE
| PROT_READ
,
180 MAP_SHARED
, wait_shm_fd
, 0);
182 /* close shm fd immediately after taking the mmap reference */
183 ret
= close(wait_shm_fd
);
185 PERROR("Error closing fd");
188 if (wait_shm_mmap
== MAP_FAILED
) {
189 DBG("mmap error (can be caused by race with ust).");
193 return wait_shm_mmap
;
This page took 0.043234 seconds and 4 git commands to generate.