X-Git-Url: http://git.efficios.com/?p=lttng-tools.git;a=blobdiff_plain;f=src%2Fbin%2Flttng-sessiond%2Fshm.c;h=1fc07dbd3915fec4606139cdee3bf1012b4edba9;hp=432d07ecea5eb4462d36a6a4727737532e97791f;hb=3a4595c2469472dee1656cde5f8882c2123efd3c;hpb=52b07d8a5f38946bea3176d486c1934ca7639415 diff --git a/src/bin/lttng-sessiond/shm.c b/src/bin/lttng-sessiond/shm.c index 432d07ece..1fc07dbd3 100644 --- a/src/bin/lttng-sessiond/shm.c +++ b/src/bin/lttng-sessiond/shm.c @@ -1,22 +1,12 @@ /* - * Copyright (C) 2011 - David Goulet - * Mathieu Desnoyers + * Copyright (C) 2011 David Goulet + * Copyright (C) 2011 Mathieu Desnoyers * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; only version 2 of the License. + * SPDX-License-Identifier: GPL-2.0-only * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 59 Temple - * Place - Suite 330, Boston, MA 02111-1307, USA. */ -#define _GNU_SOURCE +#define _LGPL_SOURCE #include #include #include @@ -43,43 +33,22 @@ static int get_wait_shm(char *shm_path, size_t mmap_size, int global) int wait_shm_fd, ret; mode_t mode; + assert(shm_path); + /* Default permissions */ mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP; - /* Change owner of the shm path */ + /* + * Change owner of the shm path. + */ if (global) { - ret = chown(shm_path, 0, 0); - if (ret < 0) { - if (errno != ENOENT) { - PERROR("chown wait shm"); - goto error; - } - } - /* - * If global session daemon, any application can register so the shm - * needs to be set in read-only mode for others. + * If global session daemon, any application can + * register. Make it initially writeable so applications + * registering concurrently can do ftruncate() by + * themselves. */ - mode |= S_IROTH; - } else { - ret = chown(shm_path, getuid(), getgid()); - if (ret < 0) { - if (errno != ENOENT) { - PERROR("chown wait shm"); - goto error; - } - } - } - - /* - * Set permissions to the shm even if we did not create the shm. - */ - ret = chmod(shm_path, mode); - if (ret < 0) { - if (errno != ENOENT) { - PERROR("chmod wait shm"); - goto error; - } + mode |= S_IROTH | S_IWOTH; } /* @@ -91,11 +60,44 @@ static int get_wait_shm(char *shm_path, size_t mmap_size, int global) /* * Try creating shm (or get rw access). We don't do an exclusive open, * because we allow other processes to create+ftruncate it concurrently. + * + * A sysctl, fs.protected_regular may prevent the session daemon from + * opening a previously created shm when the O_CREAT flag is provided. + * Systemd enables this ABI-breaking change by default since v241. + * + * First, attempt to use the create-or-open semantic that is + * desired here. If this fails with EACCES, work around this broken + * behaviour and attempt to open the shm without the O_CREAT flag. + * + * The two attempts are made in this order since applications are + * expected to race with the session daemon to create this shm. + * Attempting an shm_open() without the O_CREAT flag first could fail + * because the file doesn't exist. It could then be created by an + * application, which would cause a second try with the O_CREAT flag to + * fail with EACCES. + * + * Note that this introduces a new failure mode where a user could + * launch an application (creating the shm) and unlink the shm while + * the session daemon is launching, causing the second attempt + * to fail. This is not recovered-from as unlinking the shm will + * prevent userspace tracing from succeeding anyhow: the sessiond would + * use a now-unlinked shm, while the next application would create + * a new named shm. */ wait_shm_fd = shm_open(shm_path, O_RDWR | O_CREAT, mode); if (wait_shm_fd < 0) { - PERROR("shm_open wait shm"); - goto error; + if (errno == EACCES) { + /* Work around sysctl fs.protected_regular. */ + DBG("shm_open of %s returned EACCES, this may be caused " + "by the fs.protected_regular sysctl. " + "Attempting to open the shm without " + "creating it.", shm_path); + wait_shm_fd = shm_open(shm_path, O_RDWR, mode); + } + if (wait_shm_fd < 0) { + PERROR("Failed to open wait shm at %s", shm_path); + goto error; + } } ret = ftruncate(wait_shm_fd, mmap_size); @@ -105,13 +107,32 @@ static int get_wait_shm(char *shm_path, size_t mmap_size, int global) } #ifndef __FreeBSD__ - ret = fchmod(wait_shm_fd, mode); - if (ret < 0) { - PERROR("fchmod"); - exit(EXIT_FAILURE); + if (global) { + ret = fchown(wait_shm_fd, 0, 0); + if (ret < 0) { + PERROR("fchown"); + exit(EXIT_FAILURE); + } + /* + * If global session daemon, any application can + * register so the shm needs to be set in read-only mode + * for others. + */ + mode &= ~S_IWOTH; + ret = fchmod(wait_shm_fd, mode); + if (ret < 0) { + PERROR("fchmod"); + exit(EXIT_FAILURE); + } + } else { + ret = fchown(wait_shm_fd, getuid(), getgid()); + if (ret < 0) { + PERROR("fchown"); + exit(EXIT_FAILURE); + } } #else -#warning "FreeBSD does not support setting file mode on shm FD. Remember that for secure use, lttng-sessiond should be started before applications linked on lttng-ust." +#warning "FreeBSD does not support setting file mode on shm FD." #endif DBG("Got the wait shm fd %d", wait_shm_fd); @@ -134,9 +155,19 @@ error: */ char *shm_ust_get_mmap(char *shm_path, int global) { - size_t mmap_size = sysconf(_SC_PAGE_SIZE); + size_t mmap_size; int wait_shm_fd, ret; char *wait_shm_mmap; + long sys_page_size; + + assert(shm_path); + + sys_page_size = sysconf(_SC_PAGE_SIZE); + if (sys_page_size < 0) { + PERROR("sysconf PAGE_SIZE"); + goto error; + } + mmap_size = sys_page_size; wait_shm_fd = get_wait_shm(shm_path, mmap_size, global); if (wait_shm_fd < 0) {