/*
- * Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
- * Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+ * Copyright (C) 2011 David Goulet <david.goulet@polymtl.ca>
+ * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
*
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; only version 2 of the License.
+ * SPDX-License-Identifier: GPL-2.0-only
*
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-#define _GNU_SOURCE
+#define _LGPL_SOURCE
#include <fcntl.h>
#include <limits.h>
#include <sys/mman.h>
int wait_shm_fd, ret;
mode_t mode;
+ assert(shm_path);
+
/* Default permissions */
mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP;
- /* Change owner of the shm path */
+ /*
+ * Change owner of the shm path.
+ */
if (global) {
- ret = chown(shm_path, 0, 0);
- if (ret < 0) {
- if (errno != ENOENT) {
- perror("chown wait shm");
- goto error;
- }
- }
-
/*
- * If global session daemon, any application can register so the shm
- * needs to be set in read-only mode for others.
+ * If global session daemon, any application can
+ * register. Make it initially writeable so applications
+ * registering concurrently can do ftruncate() by
+ * themselves.
*/
- mode |= S_IROTH;
- } else {
- ret = chown(shm_path, getuid(), getgid());
- if (ret < 0) {
- if (errno != ENOENT) {
- perror("chown wait shm");
- goto error;
- }
- }
- }
-
- /*
- * Set permissions to the shm even if we did not create the shm.
- */
- ret = chmod(shm_path, mode);
- if (ret < 0) {
- if (errno != ENOENT) {
- perror("chmod wait shm");
- goto error;
- }
+ mode |= S_IROTH | S_IWOTH;
}
/*
/*
* Try creating shm (or get rw access). We don't do an exclusive open,
* because we allow other processes to create+ftruncate it concurrently.
+ *
+ * A sysctl, fs.protected_regular may prevent the session daemon from
+ * opening a previously created shm when the O_CREAT flag is provided.
+ * Systemd enables this ABI-breaking change by default since v241.
+ *
+ * First, attempt to use the create-or-open semantic that is
+ * desired here. If this fails with EACCES, work around this broken
+ * behaviour and attempt to open the shm without the O_CREAT flag.
+ *
+ * The two attempts are made in this order since applications are
+ * expected to race with the session daemon to create this shm.
+ * Attempting an shm_open() without the O_CREAT flag first could fail
+ * because the file doesn't exist. It could then be created by an
+ * application, which would cause a second try with the O_CREAT flag to
+ * fail with EACCES.
+ *
+ * Note that this introduces a new failure mode where a user could
+ * launch an application (creating the shm) and unlink the shm while
+ * the session daemon is launching, causing the second attempt
+ * to fail. This is not recovered-from as unlinking the shm will
+ * prevent userspace tracing from succeeding anyhow: the sessiond would
+ * use a now-unlinked shm, while the next application would create
+ * a new named shm.
*/
wait_shm_fd = shm_open(shm_path, O_RDWR | O_CREAT, mode);
if (wait_shm_fd < 0) {
- perror("shm_open wait shm");
- goto error;
+ if (errno == EACCES) {
+ /* Work around sysctl fs.protected_regular. */
+ DBG("shm_open of %s returned EACCES, this may be caused "
+ "by the fs.protected_regular sysctl. "
+ "Attempting to open the shm without "
+ "creating it.", shm_path);
+ wait_shm_fd = shm_open(shm_path, O_RDWR, mode);
+ }
+ if (wait_shm_fd < 0) {
+ PERROR("Failed to open wait shm at %s", shm_path);
+ goto error;
+ }
}
ret = ftruncate(wait_shm_fd, mmap_size);
if (ret < 0) {
- perror("ftruncate wait shm");
+ PERROR("ftruncate wait shm");
exit(EXIT_FAILURE);
}
-#ifndef __FreeBSD__
- ret = fchmod(wait_shm_fd, mode);
- if (ret < 0) {
- perror("fchmod");
- exit(EXIT_FAILURE);
+ if (global) {
+ ret = fchown(wait_shm_fd, 0, 0);
+ if (ret < 0) {
+ PERROR("fchown");
+ exit(EXIT_FAILURE);
+ }
+ /*
+ * If global session daemon, any application can
+ * register so the shm needs to be set in read-only mode
+ * for others.
+ */
+ mode &= ~S_IWOTH;
+ ret = fchmod(wait_shm_fd, mode);
+ if (ret < 0) {
+ PERROR("fchmod");
+ exit(EXIT_FAILURE);
+ }
+ } else {
+ ret = fchown(wait_shm_fd, getuid(), getgid());
+ if (ret < 0) {
+ PERROR("fchown");
+ exit(EXIT_FAILURE);
+ }
}
-#else
-#warning "FreeBSD does not support setting file mode on shm FD. Remember that for secure use, lttng-sessiond should be started before applications linked on lttng-ust."
-#endif
DBG("Got the wait shm fd %d", wait_shm_fd);
*/
char *shm_ust_get_mmap(char *shm_path, int global)
{
- size_t mmap_size = sysconf(_SC_PAGE_SIZE);
+ size_t mmap_size;
int wait_shm_fd, ret;
char *wait_shm_mmap;
+ long sys_page_size;
+
+ assert(shm_path);
+
+ sys_page_size = sysconf(_SC_PAGE_SIZE);
+ if (sys_page_size < 0) {
+ PERROR("sysconf PAGE_SIZE");
+ goto error;
+ }
+ mmap_size = sys_page_size;
wait_shm_fd = get_wait_shm(shm_path, mmap_size, global);
if (wait_shm_fd < 0) {
/* close shm fd immediately after taking the mmap reference */
ret = close(wait_shm_fd);
if (ret) {
- perror("Error closing fd");
+ PERROR("Error closing fd");
}
if (wait_shm_mmap == MAP_FAILED) {
projects / lttng-tools.git / blobdiff