src/bin/lttng-sessiond/shm.c

   1 /*
   2  * Copyright (C) 2011 EfficiOS Inc.
   3  * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
   4  *
   5  * SPDX-License-Identifier: GPL-2.0-only
   6  *
   7  */
   8
   9 #define _LGPL_SOURCE
  10 #include <fcntl.h>
  11 #include <limits.h>
  12 #include <sys/mman.h>
  13 #include <sys/stat.h>
  14 #include <sys/types.h>
  15 #include <sys/wait.h>
  16 #include <unistd.h>
  17 #include <urcu.h>
  18
  19 #include <common/error.h>
  20
  21 #include "shm.h"
  22
  23 /*
  24  * We deal with the shm_open vs ftruncate race (happening when the sessiond owns
  25  * the shm and does not let everybody modify it, to ensure safety against
  26  * shm_unlink) by simply letting the mmap fail and retrying after a few
  27  * seconds. For global shm, everybody has rw access to it until the sessiond
  28  * starts.
  29  */
  30 static int get_wait_shm(char *shm_path, size_t mmap_size, int global)
  31 {
  32         int wait_shm_fd, ret;
  33         mode_t mode, old_mode;
  34
  35         assert(shm_path);
  36
  37         /* Default permissions */
  38         mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP;
  39
  40         /*
  41          * Change owner of the shm path.
  42          */
  43         if (global) {
  44                 /*
  45                  * If global session daemon, any application can
  46                  * register. Make it initially writeable so applications
  47                  * registering concurrently can do ftruncate() by
  48                  * themselves.
  49                  */
  50                 mode |= S_IROTH | S_IWOTH;
  51         }
  52
  53         old_mode = umask(~mode);
  54
  55         /*
  56          * Try creating shm (or get rw access). We don't do an exclusive open,
  57          * because we allow other processes to create+ftruncate it concurrently.
  58          *
  59          * A sysctl, fs.protected_regular may prevent the session daemon from
  60          * opening a previously created shm when the O_CREAT flag is provided.
  61          * Systemd enables this ABI-breaking change by default since v241.
  62          *
  63          * First, attempt to use the create-or-open semantic that is
  64          * desired here. If this fails with EACCES, work around this broken
  65          * behaviour and attempt to open the shm without the O_CREAT flag.
  66          *
  67          * The two attempts are made in this order since applications are
  68          * expected to race with the session daemon to create this shm.
  69          * Attempting an shm_open() without the O_CREAT flag first could fail
  70          * because the file doesn't exist. It could then be created by an
  71          * application, which would cause a second try with the O_CREAT flag to
  72          * fail with EACCES.
  73          *
  74          * Note that this introduces a new failure mode where a user could
  75          * launch an application (creating the shm) and unlink the shm while
  76          * the session daemon is launching, causing the second attempt
  77          * to fail. This is not recovered-from as unlinking the shm will
  78          * prevent userspace tracing from succeeding anyhow: the sessiond would
  79          * use a now-unlinked shm, while the next application would create
  80          * a new named shm.
  81          */
  82         wait_shm_fd = shm_open(shm_path, O_RDWR | O_CREAT, mode);
  83         if (wait_shm_fd < 0) {
  84                 if (errno == EACCES) {
  85                         /* Work around sysctl fs.protected_regular. */
  86                         DBG("shm_open of %s returned EACCES, this may be caused "
  87                                         "by the fs.protected_regular sysctl. "
  88                                         "Attempting to open the shm without "
  89                                         "creating it.", shm_path);
  90                         wait_shm_fd = shm_open(shm_path, O_RDWR, mode);
  91                 }
  92                 if (wait_shm_fd < 0) {
  93                         PERROR("Failed to open wait shm at %s", shm_path);
  94                         goto error;
  95                 }
  96         }
  97
  98         ret = ftruncate(wait_shm_fd, mmap_size);
  99         if (ret < 0) {
 100                 PERROR("ftruncate wait shm");
 101                 goto error;
 102         }
 103
 104 #ifndef __FreeBSD__
 105         if (global) {
 106                 ret = fchown(wait_shm_fd, 0, 0);
 107                 if (ret < 0) {
 108                         PERROR("fchown");
 109                         goto error;
 110                 }
 111                 /*
 112                  * If global session daemon, any application can
 113                  * register so the shm needs to be set in read-only mode
 114                  * for others.
 115                  */
 116                 mode &= ~S_IWOTH;
 117                 ret = fchmod(wait_shm_fd, mode);
 118                 if (ret < 0) {
 119                         PERROR("fchmod");
 120                         goto error;
 121                 }
 122         } else {
 123                 ret = fchown(wait_shm_fd, getuid(), getgid());
 124                 if (ret < 0) {
 125                         PERROR("fchown");
 126                         goto error;
 127                 }
 128         }
 129 #else
 130 #warning "FreeBSD does not support setting file mode on shm FD."
 131 #endif
 132
 133         DBG("Got the wait shm fd %d", wait_shm_fd);
 134 end:
 135         (void) umask(old_mode);
 136         return wait_shm_fd;
 137
 138 error:
 139         DBG("Failing to get the wait shm fd");
 140         if (wait_shm_fd >= 0) {
 141                 if (close(wait_shm_fd)) {
 142                         PERROR("Failed to close wait shm file descriptor during error handling");
 143                 }
 144         }
 145
 146         wait_shm_fd = -1;
 147         goto end;
 148 }
 149
 150 /*
 151  * Return the wait shm mmap for UST application notification. The global
 152  * variable is used to indicate if the the session daemon is global
 153  * (root:tracing) or running with an unprivileged user.
 154  *
 155  * This returned value is used by futex_wait_update() in futex.c to WAKE all
 156  * waiters which are UST application waiting for a session daemon.
 157  */
 158 char *shm_ust_get_mmap(char *shm_path, int global)
 159 {
 160         size_t mmap_size;
 161         int wait_shm_fd, ret;
 162         char *wait_shm_mmap;
 163         long sys_page_size;
 164
 165         assert(shm_path);
 166
 167         sys_page_size = sysconf(_SC_PAGE_SIZE);
 168         if (sys_page_size < 0) {
 169                 PERROR("sysconf PAGE_SIZE");
 170                 goto error;
 171         }
 172         mmap_size = sys_page_size;
 173
 174         wait_shm_fd = get_wait_shm(shm_path, mmap_size, global);
 175         if (wait_shm_fd < 0) {
 176                 goto error;
 177         }
 178
 179         wait_shm_mmap = mmap(NULL, mmap_size, PROT_WRITE | PROT_READ,
 180                         MAP_SHARED, wait_shm_fd, 0);
 181
 182         /* close shm fd immediately after taking the mmap reference */
 183         ret = close(wait_shm_fd);
 184         if (ret) {
 185                 PERROR("Error closing fd");
 186         }
 187
 188         if (wait_shm_mmap == MAP_FAILED) {
 189                 DBG("mmap error (can be caused by race with ust).");
 190                 goto error;
 191         }
 192
 193         return wait_shm_mmap;
 194
 195 error:
 196         return NULL;
 197 }