1 /*
2 * Copyright © 2012 Collabora, Ltd.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice (including the
13 * next paragraph) shall be included in all copies or substantial
14 * portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
20 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
21 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23 * SOFTWARE.
24 */
25
26 #include "config.h"
27
28 #include <sys/types.h>
29 #include <unistd.h>
30 #include <fcntl.h>
31 #include <errno.h>
32 #include <string.h>
33 #include <stdlib.h>
34 #include <sys/mman.h>
35
36 #include "os-compatibility.h"
37
38 #ifndef HAVE_MKOSTEMP
39 static int
set_cloexec_or_close(int fd)40 set_cloexec_or_close(int fd)
41 {
42 long flags;
43
44 if (fd == -1)
45 return -1;
46
47 flags = fcntl(fd, F_GETFD);
48 if (flags == -1)
49 goto err;
50
51 if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1)
52 goto err;
53
54 return fd;
55
56 err:
57 close(fd);
58 return -1;
59 }
60 #endif
61
62 static int
create_tmpfile_cloexec(char * tmpname)63 create_tmpfile_cloexec(char *tmpname)
64 {
65 int fd;
66
67 #ifdef HAVE_MKOSTEMP
68 fd = mkostemp(tmpname, O_CLOEXEC);
69 if (fd >= 0)
70 unlink(tmpname);
71 #else
72 fd = mkstemp(tmpname);
73 if (fd >= 0) {
74 fd = set_cloexec_or_close(fd);
75 unlink(tmpname);
76 }
77 #endif
78
79 return fd;
80 }
81
82 /*
83 * Create a new, unique, anonymous file of the given size, and
84 * return the file descriptor for it. The file descriptor is set
85 * CLOEXEC. The file is immediately suitable for mmap()'ing
86 * the given size at offset zero.
87 *
88 * The file should not have a permanent backing store like a disk,
89 * but may have if XDG_RUNTIME_DIR is not properly implemented in OS.
90 *
91 * The file name is deleted from the file system.
92 *
93 * The file is suitable for buffer sharing between processes by
94 * transmitting the file descriptor over Unix sockets using the
95 * SCM_RIGHTS methods.
96 *
97 * If the C library implements posix_fallocate(), it is used to
98 * guarantee that disk space is available for the file at the
99 * given size. If disk space is insufficient, errno is set to ENOSPC.
100 * If posix_fallocate() is not supported, program may receive
101 * SIGBUS on accessing mmap()'ed file contents instead.
102 *
103 * If the C library implements memfd_create(), it is used to create the
104 * file purely in memory, without any backing file name on the file
105 * system, and then sealing off the possibility of shrinking it. This
106 * can then be checked before accessing mmap()'ed file contents, to
107 * make sure SIGBUS can't happen. It also avoids requiring
108 * XDG_RUNTIME_DIR.
109 */
110 int
os_create_anonymous_file(off_t size)111 os_create_anonymous_file(off_t size)
112 {
113 static const char template[] = "/wayland-cursor-shared-XXXXXX";
114 const char *path;
115 char *name;
116 int fd;
117 int ret;
118
119 #ifdef HAVE_MEMFD_CREATE
120 fd = memfd_create("wayland-cursor", MFD_CLOEXEC | MFD_ALLOW_SEALING);
121 if (fd >= 0) {
122 /* We can add this seal before calling posix_fallocate(), as
123 * the file is currently zero-sized anyway.
124 *
125 * There is also no need to check for the return value, we
126 * couldn't do anything with it anyway.
127 */
128 fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_SEAL);
129 } else
130 #endif
131 {
132 path = getenv("XDG_RUNTIME_DIR");
133 if (!path) {
134 errno = ENOENT;
135 return -1;
136 }
137
138 name = malloc(strlen(path) + sizeof(template));
139 if (!name)
140 return -1;
141
142 strcpy(name, path);
143 strcat(name, template);
144
145 fd = create_tmpfile_cloexec(name);
146
147 free(name);
148
149 if (fd < 0)
150 return -1;
151 }
152
153 #ifdef HAVE_POSIX_FALLOCATE
154 ret = posix_fallocate(fd, 0, size);
155 if (ret != 0) {
156 close(fd);
157 errno = ret;
158 return -1;
159 }
160 #else
161 ret = ftruncate(fd, size);
162 if (ret < 0) {
163 close(fd);
164 return -1;
165 }
166 #endif
167
168 return fd;
169 }
170