1 /*
2  * Copyright © 2012 Collabora, Ltd.
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice (including the
13  * next paragraph) shall be included in all copies or substantial
14  * portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19  * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
20  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
21  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
22  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
23  * SOFTWARE.
24  */
25 
26 #include "config.h"
27 
28 #include <sys/types.h>
29 #include <unistd.h>
30 #include <fcntl.h>
31 #include <errno.h>
32 #include <string.h>
33 #include <stdlib.h>
34 #include <sys/mman.h>
35 
36 #include "os-compatibility.h"
37 
38 #ifndef HAVE_MKOSTEMP
39 static int
set_cloexec_or_close(int fd)40 set_cloexec_or_close(int fd)
41 {
42 	long flags;
43 
44 	if (fd == -1)
45 		return -1;
46 
47 	flags = fcntl(fd, F_GETFD);
48 	if (flags == -1)
49 		goto err;
50 
51 	if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1)
52 		goto err;
53 
54 	return fd;
55 
56 err:
57 	close(fd);
58 	return -1;
59 }
60 #endif
61 
62 static int
create_tmpfile_cloexec(char * tmpname)63 create_tmpfile_cloexec(char *tmpname)
64 {
65 	int fd;
66 
67 #ifdef HAVE_MKOSTEMP
68 	fd = mkostemp(tmpname, O_CLOEXEC);
69 	if (fd >= 0)
70 		unlink(tmpname);
71 #else
72 	fd = mkstemp(tmpname);
73 	if (fd >= 0) {
74 		fd = set_cloexec_or_close(fd);
75 		unlink(tmpname);
76 	}
77 #endif
78 
79 	return fd;
80 }
81 
82 /*
83  * Create a new, unique, anonymous file of the given size, and
84  * return the file descriptor for it. The file descriptor is set
85  * CLOEXEC. The file is immediately suitable for mmap()'ing
86  * the given size at offset zero.
87  *
88  * The file should not have a permanent backing store like a disk,
89  * but may have if XDG_RUNTIME_DIR is not properly implemented in OS.
90  *
91  * The file name is deleted from the file system.
92  *
93  * The file is suitable for buffer sharing between processes by
94  * transmitting the file descriptor over Unix sockets using the
95  * SCM_RIGHTS methods.
96  *
97  * If the C library implements posix_fallocate(), it is used to
98  * guarantee that disk space is available for the file at the
99  * given size. If disk space is insufficient, errno is set to ENOSPC.
100  * If posix_fallocate() is not supported, program may receive
101  * SIGBUS on accessing mmap()'ed file contents instead.
102  *
103  * If the C library implements memfd_create(), it is used to create the
104  * file purely in memory, without any backing file name on the file
105  * system, and then sealing off the possibility of shrinking it.  This
106  * can then be checked before accessing mmap()'ed file contents, to
107  * make sure SIGBUS can't happen.  It also avoids requiring
108  * XDG_RUNTIME_DIR.
109  */
110 int
os_create_anonymous_file(off_t size)111 os_create_anonymous_file(off_t size)
112 {
113 	static const char template[] = "/wayland-cursor-shared-XXXXXX";
114 	const char *path;
115 	char *name;
116 	int fd;
117 	int ret;
118 
119 #ifdef HAVE_MEMFD_CREATE
120 	fd = memfd_create("wayland-cursor", MFD_CLOEXEC | MFD_ALLOW_SEALING);
121 	if (fd >= 0) {
122 		/* We can add this seal before calling posix_fallocate(), as
123 		 * the file is currently zero-sized anyway.
124 		 *
125 		 * There is also no need to check for the return value, we
126 		 * couldn't do anything with it anyway.
127 		 */
128 		fcntl(fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_SEAL);
129 	} else
130 #endif
131 	{
132 		path = getenv("XDG_RUNTIME_DIR");
133 		if (!path) {
134 			errno = ENOENT;
135 			return -1;
136 		}
137 
138 		name = malloc(strlen(path) + sizeof(template));
139 		if (!name)
140 			return -1;
141 
142 		strcpy(name, path);
143 		strcat(name, template);
144 
145 		fd = create_tmpfile_cloexec(name);
146 
147 		free(name);
148 
149 		if (fd < 0)
150 			return -1;
151 	}
152 
153 #ifdef HAVE_POSIX_FALLOCATE
154 	ret = posix_fallocate(fd, 0, size);
155 	if (ret != 0) {
156 		close(fd);
157 		errno = ret;
158 		return -1;
159 	}
160 #else
161 	ret = ftruncate(fd, size);
162 	if (ret < 0) {
163 		close(fd);
164 		return -1;
165 	}
166 #endif
167 
168 	return fd;
169 }
170