2 * Copyright (C) 2011 EfficiOS Inc.
3 * Copyright (C) 2011 Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
5 * SPDX-License-Identifier: GPL-2.0-only
14 #include <sys/types.h>
19 #include <common/error.hpp>
24 * Using fork to set umask in the child process (not multi-thread safe). We
25 * deal with the shm_open vs ftruncate race (happening when the sessiond owns
26 * the shm and does not let everybody modify it, to ensure safety against
27 * shm_unlink) by simply letting the mmap fail and retrying after a few
28 * seconds. For global shm, everybody has rw access to it until the sessiond
31 static int get_wait_shm(char *shm_path
, size_t mmap_size
, int global
)
36 LTTNG_ASSERT(shm_path
);
38 /* Default permissions */
39 mode
= S_IRUSR
| S_IWUSR
| S_IRGRP
| S_IWGRP
;
42 * Change owner of the shm path.
46 * If global session daemon, any application can
47 * register. Make it initially writeable so applications
48 * registering concurrently can do ftruncate() by
51 mode
|= S_IROTH
| S_IWOTH
;
55 * We're alone in a child process, so we can modify the process-wide
61 * Try creating shm (or get rw access). We don't do an exclusive open,
62 * because we allow other processes to create+ftruncate it concurrently.
64 * A sysctl, fs.protected_regular may prevent the session daemon from
65 * opening a previously created shm when the O_CREAT flag is provided.
66 * Systemd enables this ABI-breaking change by default since v241.
68 * First, attempt to use the create-or-open semantic that is
69 * desired here. If this fails with EACCES, work around this broken
70 * behaviour and attempt to open the shm without the O_CREAT flag.
72 * The two attempts are made in this order since applications are
73 * expected to race with the session daemon to create this shm.
74 * Attempting an shm_open() without the O_CREAT flag first could fail
75 * because the file doesn't exist. It could then be created by an
76 * application, which would cause a second try with the O_CREAT flag to
79 * Note that this introduces a new failure mode where a user could
80 * launch an application (creating the shm) and unlink the shm while
81 * the session daemon is launching, causing the second attempt
82 * to fail. This is not recovered-from as unlinking the shm will
83 * prevent userspace tracing from succeeding anyhow: the sessiond would
84 * use a now-unlinked shm, while the next application would create
87 wait_shm_fd
= shm_open(shm_path
, O_RDWR
| O_CREAT
, mode
);
88 if (wait_shm_fd
< 0) {
89 if (errno
== EACCES
) {
90 /* Work around sysctl fs.protected_regular. */
91 DBG("shm_open of %s returned EACCES, this may be caused "
92 "by the fs.protected_regular sysctl. "
93 "Attempting to open the shm without "
94 "creating it.", shm_path
);
95 wait_shm_fd
= shm_open(shm_path
, O_RDWR
, mode
);
97 if (wait_shm_fd
< 0) {
98 PERROR("Failed to open \"wait\" shared memory object: path = '%s'", shm_path
);
103 ret
= ftruncate(wait_shm_fd
, mmap_size
);
105 PERROR("Failed to truncate \"wait\" shared memory object: fd = %d, size = %zu",
106 wait_shm_fd
, mmap_size
);
111 ret
= fchown(wait_shm_fd
, 0, 0);
113 PERROR("Failed to set ownership of \"wait\" shared memory object: fd = %d, owner = 0, group = 0",
118 * If global session daemon, any application can
119 * register so the shm needs to be set in read-only mode
123 ret
= fchmod(wait_shm_fd
, mode
);
125 PERROR("Failed to set the mode of the \"wait\" shared memory object: fd = %d, mode = %d",
130 ret
= fchown(wait_shm_fd
, getuid(), getgid());
132 PERROR("Failed to set ownership of \"wait\" shared memory object: fd = %d, owner = %d, group = %d",
133 wait_shm_fd
, getuid(), getgid());
138 DBG("Wait shared memory file descriptor created successfully: path = '%s', mmap_size = %zu, global = %s, fd = %d",
139 shm_path
, mmap_size
, global
? "true" : "false",
145 DBG("Failed to open shared memory file descriptor: path = '%s', mmap_size = %zu, global = %s",
146 shm_path
, mmap_size
, global
? "true" : "false");
152 * Return the wait shm mmap for UST application notification. The global
153 * variable is used to indicate if the the session daemon is global
154 * (root:tracing) or running with an unprivileged user.
156 * This returned value is used by futex_wait_update() in futex.c to WAKE all
157 * waiters which are UST application waiting for a session daemon.
159 char *shm_ust_get_mmap(char *shm_path
, int global
)
162 int wait_shm_fd
, ret
;
166 LTTNG_ASSERT(shm_path
);
168 sys_page_size
= sysconf(_SC_PAGE_SIZE
);
169 if (sys_page_size
< 0) {
170 PERROR("Failed to get PAGE_SIZE of system");
173 mmap_size
= sys_page_size
;
175 wait_shm_fd
= get_wait_shm(shm_path
, mmap_size
, global
);
176 if (wait_shm_fd
< 0) {
180 wait_shm_mmap
= (char *) mmap(NULL
, mmap_size
, PROT_WRITE
| PROT_READ
,
181 MAP_SHARED
, wait_shm_fd
, 0);
183 /* close shm fd immediately after taking the mmap reference */
184 ret
= close(wait_shm_fd
);
186 PERROR("Failed to close \"wait\" shared memory object file descriptor: fd = %d",
190 if (wait_shm_mmap
== MAP_FAILED
) {
191 DBG("Failed to mmap the \"wait\" shareed memory object (can be caused by race with ust): path = '%s', global = %s",
192 shm_path
, global
? "true" : "false");
196 return wait_shm_mmap
;
203 * shm_create_anonymous is never called concurrently within a process.
205 int shm_create_anonymous(const char *owner_name
)
207 char tmp_name
[NAME_MAX
];
210 ret
= snprintf(tmp_name
, NAME_MAX
, "/shm-%s-%d", owner_name
, getpid());
212 PERROR("Failed to format shm path: owner_name = '%s', pid = %d",
213 owner_name
, getpid());
218 * Allocate shm, and immediately unlink its shm oject, keeping only the
219 * file descriptor as a reference to the object.
221 shmfd
= shm_open(tmp_name
, O_CREAT
| O_EXCL
| O_RDWR
, 0700);
223 PERROR("Failed to open shared memory object: path = '%s'", tmp_name
);
227 ret
= shm_unlink(tmp_name
);
228 if (ret
< 0 && errno
!= ENOENT
) {
229 PERROR("Failed to unlink shared memory object: path = '%s'",
231 goto error_shm_release
;
239 PERROR("Failed to close shared memory object file descriptor: fd = %d, path = '%s'",
This page took 0.036484 seconds and 4 git commands to generate.