mirror of
https://gitlab.freedesktop.org/wayland/weston
synced 2024-07-21 10:44:25 +00:00
99b2b958f9
This function will be used between fork() and exec() to remove the close-on-exec flag. The first user will be compositor/xwayland.c. Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
423 lines
9.7 KiB
C
423 lines
9.7 KiB
C
/*
|
|
* Copyright © 2012 Collabora, Ltd.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
* a copy of this software and associated documentation files (the
|
|
* "Software"), to deal in the Software without restriction, including
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
* the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice (including the
|
|
* next paragraph) shall be included in all copies or substantial
|
|
* portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
|
|
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
|
|
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
|
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE.
|
|
*/
|
|
|
|
#include "config.h"
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
#include <errno.h>
|
|
#include <sys/epoll.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <libweston/zalloc.h>
|
|
#include <sys/mman.h>
|
|
|
|
#include "os-compatibility.h"
|
|
|
|
#define READONLY_SEALS (F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)
|
|
|
|
int
|
|
os_fd_clear_cloexec(int fd)
|
|
{
|
|
int flags;
|
|
|
|
flags = fcntl(fd, F_GETFD);
|
|
if (flags == -1)
|
|
return -1;
|
|
|
|
if (fcntl(fd, F_SETFD, flags & ~(int)FD_CLOEXEC) == -1)
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int
|
|
os_fd_set_cloexec(int fd)
|
|
{
|
|
int flags;
|
|
|
|
if (fd == -1)
|
|
return -1;
|
|
|
|
flags = fcntl(fd, F_GETFD);
|
|
if (flags == -1)
|
|
return -1;
|
|
|
|
if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1)
|
|
return -1;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
set_cloexec_or_close(int fd)
|
|
{
|
|
if (os_fd_set_cloexec(fd) != 0) {
|
|
close(fd);
|
|
return -1;
|
|
}
|
|
return fd;
|
|
}
|
|
|
|
int
|
|
os_socketpair_cloexec(int domain, int type, int protocol, int *sv)
|
|
{
|
|
int ret;
|
|
|
|
#ifdef SOCK_CLOEXEC
|
|
ret = socketpair(domain, type | SOCK_CLOEXEC, protocol, sv);
|
|
if (ret == 0 || errno != EINVAL)
|
|
return ret;
|
|
#endif
|
|
|
|
ret = socketpair(domain, type, protocol, sv);
|
|
if (ret < 0)
|
|
return ret;
|
|
|
|
sv[0] = set_cloexec_or_close(sv[0]);
|
|
sv[1] = set_cloexec_or_close(sv[1]);
|
|
|
|
if (sv[0] != -1 && sv[1] != -1)
|
|
return 0;
|
|
|
|
close(sv[0]);
|
|
close(sv[1]);
|
|
return -1;
|
|
}
|
|
|
|
int
|
|
os_epoll_create_cloexec(void)
|
|
{
|
|
int fd;
|
|
|
|
#ifdef EPOLL_CLOEXEC
|
|
fd = epoll_create1(EPOLL_CLOEXEC);
|
|
if (fd >= 0)
|
|
return fd;
|
|
if (errno != EINVAL)
|
|
return -1;
|
|
#endif
|
|
|
|
fd = epoll_create(1);
|
|
return set_cloexec_or_close(fd);
|
|
}
|
|
|
|
static int
|
|
create_tmpfile_cloexec(char *tmpname)
|
|
{
|
|
int fd;
|
|
|
|
#ifdef HAVE_MKOSTEMP
|
|
fd = mkostemp(tmpname, O_CLOEXEC);
|
|
if (fd >= 0)
|
|
unlink(tmpname);
|
|
#else
|
|
fd = mkstemp(tmpname);
|
|
if (fd >= 0) {
|
|
fd = set_cloexec_or_close(fd);
|
|
unlink(tmpname);
|
|
}
|
|
#endif
|
|
|
|
return fd;
|
|
}
|
|
|
|
/*
|
|
* Create a new, unique, anonymous file of the given size, and
|
|
* return the file descriptor for it. The file descriptor is set
|
|
* CLOEXEC. The file is immediately suitable for mmap()'ing
|
|
* the given size at offset zero.
|
|
*
|
|
* The file should not have a permanent backing store like a disk,
|
|
* but may have if XDG_RUNTIME_DIR is not properly implemented in OS.
|
|
*
|
|
* The file name is deleted from the file system.
|
|
*
|
|
* The file is suitable for buffer sharing between processes by
|
|
* transmitting the file descriptor over Unix sockets using the
|
|
* SCM_RIGHTS methods.
|
|
*
|
|
* If the C library implements posix_fallocate(), it is used to
|
|
* guarantee that disk space is available for the file at the
|
|
* given size. If disk space is insufficient, errno is set to ENOSPC.
|
|
* If posix_fallocate() is not supported, program may receive
|
|
* SIGBUS on accessing mmap()'ed file contents instead.
|
|
*
|
|
* If the C library implements memfd_create(), it is used to create the
|
|
* file purely in memory, without any backing file name on the file
|
|
* system, and then sealing off the possibility of shrinking it. This
|
|
* can then be checked before accessing mmap()'ed file contents, to
|
|
* make sure SIGBUS can't happen. It also avoids requiring
|
|
* XDG_RUNTIME_DIR.
|
|
*/
|
|
int
|
|
os_create_anonymous_file(off_t size)
|
|
{
|
|
static const char template[] = "/weston-shared-XXXXXX";
|
|
const char *path;
|
|
char *name;
|
|
int fd;
|
|
int ret;
|
|
|
|
#ifdef HAVE_MEMFD_CREATE
|
|
fd = memfd_create("weston-shared", MFD_CLOEXEC | MFD_ALLOW_SEALING);
|
|
if (fd >= 0) {
|
|
/* We can add this seal before calling posix_fallocate(), as
|
|
* the file is currently zero-sized anyway.
|
|
*
|
|
* There is also no need to check for the return value, we
|
|
* couldn't do anything with it anyway.
|
|
*/
|
|
fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK);
|
|
} else
|
|
#endif
|
|
{
|
|
path = getenv("XDG_RUNTIME_DIR");
|
|
if (!path) {
|
|
errno = ENOENT;
|
|
return -1;
|
|
}
|
|
|
|
name = malloc(strlen(path) + sizeof(template));
|
|
if (!name)
|
|
return -1;
|
|
|
|
strcpy(name, path);
|
|
strcat(name, template);
|
|
|
|
fd = create_tmpfile_cloexec(name);
|
|
|
|
free(name);
|
|
|
|
if (fd < 0)
|
|
return -1;
|
|
}
|
|
|
|
#ifdef HAVE_POSIX_FALLOCATE
|
|
do {
|
|
ret = posix_fallocate(fd, 0, size);
|
|
} while (ret == EINTR);
|
|
if (ret != 0) {
|
|
close(fd);
|
|
errno = ret;
|
|
return -1;
|
|
}
|
|
#else
|
|
do {
|
|
ret = ftruncate(fd, size);
|
|
} while (ret < 0 && errno == EINTR);
|
|
if (ret < 0) {
|
|
close(fd);
|
|
return -1;
|
|
}
|
|
#endif
|
|
|
|
return fd;
|
|
}
|
|
|
|
#ifndef HAVE_STRCHRNUL
|
|
char *
|
|
strchrnul(const char *s, int c)
|
|
{
|
|
while (*s && *s != c)
|
|
s++;
|
|
return (char *)s;
|
|
}
|
|
#endif
|
|
|
|
struct ro_anonymous_file {
|
|
int fd;
|
|
size_t size;
|
|
};
|
|
|
|
/** Create a new anonymous read-only file of the given size and the given data
|
|
*
|
|
* \param size The size of \p data.
|
|
* \param data The data of the file with the size \p size.
|
|
* \return A new \c ro_anonymous_file, or NULL on failure.
|
|
*
|
|
* The intended use-case is for sending mid-sized data from the compositor
|
|
* to clients.
|
|
* If the function fails errno is set.
|
|
*/
|
|
struct ro_anonymous_file *
|
|
os_ro_anonymous_file_create(size_t size,
|
|
const char *data)
|
|
{
|
|
struct ro_anonymous_file *file;
|
|
void *map;
|
|
|
|
file = zalloc(sizeof *file);
|
|
if (!file) {
|
|
errno = ENOMEM;
|
|
return NULL;
|
|
}
|
|
|
|
file->size = size;
|
|
file->fd = os_create_anonymous_file(size);
|
|
if (file->fd == -1)
|
|
goto err_free;
|
|
|
|
map = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, file->fd, 0);
|
|
if (map == MAP_FAILED)
|
|
goto err_close;
|
|
|
|
memcpy(map, data, size);
|
|
|
|
munmap(map, size);
|
|
|
|
#ifdef HAVE_MEMFD_CREATE
|
|
/* try to put seals on the file to make it read-only so that we can
|
|
* return the fd later directly when support_shared is not set.
|
|
* os_ro_anonymous_file_get_fd can handle the fd even if it is not
|
|
* sealed read-only and will instead create a new anonymous file on
|
|
* each invocation.
|
|
*/
|
|
fcntl(file->fd, F_ADD_SEALS, READONLY_SEALS);
|
|
#endif
|
|
|
|
return file;
|
|
|
|
err_close:
|
|
close(file->fd);
|
|
err_free:
|
|
free(file);
|
|
return NULL;
|
|
}
|
|
|
|
/** Destroy an anonymous read-only file
|
|
*
|
|
* \param file The file to destroy.
|
|
*/
|
|
void
|
|
os_ro_anonymous_file_destroy(struct ro_anonymous_file *file)
|
|
{
|
|
close(file->fd);
|
|
free(file);
|
|
}
|
|
|
|
/** Get the size of an anonymous read-only file
|
|
*
|
|
* \param file The file to get the size of.
|
|
* \return The size of the file.
|
|
*/
|
|
size_t
|
|
os_ro_anonymous_file_size(struct ro_anonymous_file *file)
|
|
{
|
|
return file->size;
|
|
}
|
|
|
|
/** Returns a file descriptor for the given file, ready to be send to a client.
|
|
*
|
|
* \param file The file for which to get a file descriptor.
|
|
* \param mapmode Describes the ways in which the returned file descriptor can
|
|
* be used with mmap.
|
|
* \return A file descriptor for the given file that can be send to a client
|
|
* or -1 on failure.
|
|
*
|
|
* The returned file descriptor must not be shared between multiple clients.
|
|
* When \p mapmode is RO_ANONYMOUS_FILE_MAPMODE_PRIVATE the file descriptor is
|
|
* only guaranteed to be mmapable with \c MAP_PRIVATE, when \p mapmode is
|
|
* RO_ANONYMOUS_FILE_MAPMODE_SHARED the file descriptor can be mmapped with
|
|
* either MAP_PRIVATE or MAP_SHARED.
|
|
* When you're done with the fd you must call \c os_ro_anonymous_file_put_fd
|
|
* instead of calling \c close.
|
|
* If the function fails errno is set.
|
|
*/
|
|
int
|
|
os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
|
|
enum ro_anonymous_file_mapmode mapmode)
|
|
{
|
|
void *src, *dst;
|
|
int fd;
|
|
|
|
#ifdef HAVE_MEMFD_CREATE
|
|
int seals = fcntl(file->fd, F_GET_SEALS);
|
|
|
|
/* file was sealed for read-only and we don't have to support MAP_SHARED
|
|
* so we can simply pass the memfd fd
|
|
*/
|
|
if (seals != -1 && mapmode == RO_ANONYMOUS_FILE_MAPMODE_PRIVATE &&
|
|
(seals & READONLY_SEALS) == READONLY_SEALS)
|
|
return file->fd;
|
|
#endif
|
|
|
|
/* for all other cases we create a new anonymous file that can be mapped
|
|
* with MAP_SHARED and copy the contents to it and return that instead
|
|
*/
|
|
fd = os_create_anonymous_file(file->size);
|
|
if (fd == -1)
|
|
return fd;
|
|
|
|
src = mmap(NULL, file->size, PROT_READ, MAP_PRIVATE, file->fd, 0);
|
|
if (src == MAP_FAILED) {
|
|
close(fd);
|
|
return -1;
|
|
}
|
|
|
|
dst = mmap(NULL, file->size, PROT_WRITE, MAP_SHARED, fd, 0);
|
|
if (dst == MAP_FAILED) {
|
|
close(fd);
|
|
munmap(src, file->size);
|
|
return -1;
|
|
}
|
|
|
|
memcpy(dst, src, file->size);
|
|
munmap(src, file->size);
|
|
munmap(dst, file->size);
|
|
|
|
return fd;
|
|
}
|
|
|
|
/** Release a file descriptor returned by \c os_ro_anonymous_file_get_fd
|
|
*
|
|
* \param fd A file descriptor returned by \c os_ro_anonymous_file_get_fd.
|
|
* \return 0 on success, or -1 on failure.
|
|
*
|
|
* This function must be called for every file descriptor created with
|
|
* \c os_ro_anonymous_file_get_fd to not leake any resources.
|
|
* If the function fails errno is set.
|
|
*/
|
|
int
|
|
os_ro_anonymous_file_put_fd(int fd)
|
|
{
|
|
#ifdef HAVE_MEMFD_CREATE
|
|
int seals = fcntl(fd, F_GET_SEALS);
|
|
if (seals == -1 && errno != EINVAL)
|
|
return -1;
|
|
|
|
/* The only case in which we do NOT have to close the file is when the file
|
|
* was sealed for read-only
|
|
*/
|
|
if (seals != -1 && (seals & READONLY_SEALS) == READONLY_SEALS)
|
|
return 0;
|
|
#endif
|
|
|
|
close(fd);
|
|
return 0;
|
|
}
|