stpncpy: fix size checking [BZ #18975]
[glibc.git] / nptl / sem_open.c
blob5ee8b71aa5311a52442a413e6d5d136efb962ce2
1 /* Copyright (C) 2002-2015 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Ulrich Drepper <drepper@redhat.com>, 2002.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <pthread.h>
22 #include <search.h>
23 #include <semaphore.h>
24 #include <stdarg.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <unistd.h>
29 #include <sys/mman.h>
30 #include <sys/stat.h>
31 #include "semaphoreP.h"
32 #include <shm-directory.h>
33 #include <futex-internal.h>
36 /* Comparison function for search of existing mapping. */
37 int
38 attribute_hidden
39 __sem_search (const void *a, const void *b)
41 const struct inuse_sem *as = (const struct inuse_sem *) a;
42 const struct inuse_sem *bs = (const struct inuse_sem *) b;
44 if (as->ino != bs->ino)
45 /* Cannot return the difference the type is larger than int. */
46 return as->ino < bs->ino ? -1 : (as->ino == bs->ino ? 0 : 1);
48 if (as->dev != bs->dev)
49 /* Cannot return the difference the type is larger than int. */
50 return as->dev < bs->dev ? -1 : (as->dev == bs->dev ? 0 : 1);
52 return strcmp (as->name, bs->name);
56 /* The search tree for existing mappings. */
57 void *__sem_mappings attribute_hidden;
59 /* Lock to protect the search tree. */
60 int __sem_mappings_lock attribute_hidden = LLL_LOCK_INITIALIZER;
63 /* Search for existing mapping and if possible add the one provided. */
64 static sem_t *
65 check_add_mapping (const char *name, size_t namelen, int fd, sem_t *existing)
67 sem_t *result = SEM_FAILED;
69 /* Get the information about the file. */
70 struct stat64 st;
71 if (__fxstat64 (_STAT_VER, fd, &st) == 0)
73 /* Get the lock. */
74 lll_lock (__sem_mappings_lock, LLL_PRIVATE);
76 /* Search for an existing mapping given the information we have. */
77 struct inuse_sem *fake;
78 fake = (struct inuse_sem *) alloca (sizeof (*fake) + namelen);
79 memcpy (fake->name, name, namelen);
80 fake->dev = st.st_dev;
81 fake->ino = st.st_ino;
83 struct inuse_sem **foundp = __tfind (fake, &__sem_mappings,
84 __sem_search);
85 if (foundp != NULL)
87 /* There is already a mapping. Use it. */
88 result = (*foundp)->sem;
89 ++(*foundp)->refcnt;
91 else
93 /* We haven't found a mapping. Install ione. */
94 struct inuse_sem *newp;
96 newp = (struct inuse_sem *) malloc (sizeof (*newp) + namelen);
97 if (newp != NULL)
99 /* If the caller hasn't provided any map it now. */
100 if (existing == SEM_FAILED)
101 existing = (sem_t *) mmap (NULL, sizeof (sem_t),
102 PROT_READ | PROT_WRITE, MAP_SHARED,
103 fd, 0);
105 newp->dev = st.st_dev;
106 newp->ino = st.st_ino;
107 newp->refcnt = 1;
108 newp->sem = existing;
109 memcpy (newp->name, name, namelen);
111 /* Insert the new value. */
112 if (existing != MAP_FAILED
113 && __tsearch (newp, &__sem_mappings, __sem_search) != NULL)
114 /* Successful. */
115 result = existing;
116 else
117 /* Something went wrong while inserting the new
118 value. We fail completely. */
119 free (newp);
123 /* Release the lock. */
124 lll_unlock (__sem_mappings_lock, LLL_PRIVATE);
127 if (result != existing && existing != SEM_FAILED && existing != MAP_FAILED)
129 /* Do not disturb errno. */
130 int save = errno;
131 munmap (existing, sizeof (sem_t));
132 errno = save;
135 return result;
139 sem_t *
140 sem_open (const char *name, int oflag, ...)
142 int fd;
143 sem_t *result;
145 /* Check that shared futexes are supported. */
146 int err = futex_supports_pshared (PTHREAD_PROCESS_SHARED);
147 if (err != 0)
149 __set_errno (err);
150 return SEM_FAILED;
153 /* Create the name of the final file in local variable SHM_NAME. */
154 SHM_GET_NAME (EINVAL, SEM_FAILED, SEM_SHM_PREFIX);
156 /* If the semaphore object has to exist simply open it. */
157 if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0)
159 try_again:
160 fd = __libc_open (shm_name,
161 (oflag & ~(O_CREAT|O_ACCMODE)) | O_NOFOLLOW | O_RDWR);
163 if (fd == -1)
165 /* If we are supposed to create the file try this next. */
166 if ((oflag & O_CREAT) != 0 && errno == ENOENT)
167 goto try_create;
169 /* Return. errno is already set. */
171 else
172 /* Check whether we already have this semaphore mapped and
173 create one if necessary. */
174 result = check_add_mapping (name, namelen, fd, SEM_FAILED);
176 else
178 /* We have to open a temporary file first since it must have the
179 correct form before we can start using it. */
180 char *tmpfname;
181 mode_t mode;
182 unsigned int value;
183 va_list ap;
185 try_create:
186 va_start (ap, oflag);
188 mode = va_arg (ap, mode_t);
189 value = va_arg (ap, unsigned int);
191 va_end (ap);
193 if (value > SEM_VALUE_MAX)
195 __set_errno (EINVAL);
196 return SEM_FAILED;
199 /* Create the initial file content. */
200 union
202 sem_t initsem;
203 struct new_sem newsem;
204 } sem;
206 #if __HAVE_64B_ATOMICS
207 sem.newsem.data = value;
208 #else
209 sem.newsem.value = value << SEM_VALUE_SHIFT;
210 sem.newsem.nwaiters = 0;
211 #endif
212 /* This always is a shared semaphore. */
213 sem.newsem.private = FUTEX_SHARED;
215 /* Initialize the remaining bytes as well. */
216 memset ((char *) &sem.initsem + sizeof (struct new_sem), '\0',
217 sizeof (sem_t) - sizeof (struct new_sem));
219 tmpfname = __alloca (shm_dirlen + sizeof SEM_SHM_PREFIX + 6);
220 char *xxxxxx = __mempcpy (tmpfname, shm_dir, shm_dirlen);
222 int retries = 0;
223 #define NRETRIES 50
224 while (1)
226 /* Add the suffix for mktemp. */
227 strcpy (xxxxxx, "XXXXXX");
229 /* We really want to use mktemp here. We cannot use mkstemp
230 since the file must be opened with a specific mode. The
231 mode cannot later be set since then we cannot apply the
232 file create mask. */
233 if (__mktemp (tmpfname) == NULL)
234 return SEM_FAILED;
236 /* Open the file. Make sure we do not overwrite anything. */
237 fd = __libc_open (tmpfname, O_RDWR | O_CREAT | O_EXCL, mode);
238 if (fd == -1)
240 if (errno == EEXIST)
242 if (++retries < NRETRIES)
243 continue;
245 __set_errno (EAGAIN);
248 return SEM_FAILED;
251 /* We got a file. */
252 break;
255 if (TEMP_FAILURE_RETRY (__libc_write (fd, &sem.initsem, sizeof (sem_t)))
256 == sizeof (sem_t)
257 /* Map the sem_t structure from the file. */
258 && (result = (sem_t *) mmap (NULL, sizeof (sem_t),
259 PROT_READ | PROT_WRITE, MAP_SHARED,
260 fd, 0)) != MAP_FAILED)
262 /* Create the file. Don't overwrite an existing file. */
263 if (link (tmpfname, shm_name) != 0)
265 /* Undo the mapping. */
266 (void) munmap (result, sizeof (sem_t));
268 /* Reinitialize 'result'. */
269 result = SEM_FAILED;
271 /* This failed. If O_EXCL is not set and the problem was
272 that the file exists, try again. */
273 if ((oflag & O_EXCL) == 0 && errno == EEXIST)
275 /* Remove the file. */
276 (void) unlink (tmpfname);
278 /* Close the file. */
279 (void) __libc_close (fd);
281 goto try_again;
284 else
285 /* Insert the mapping into the search tree. This also
286 determines whether another thread sneaked by and already
287 added such a mapping despite the fact that we created it. */
288 result = check_add_mapping (name, namelen, fd, result);
291 /* Now remove the temporary name. This should never fail. If
292 it fails we leak a file name. Better fix the kernel. */
293 (void) unlink (tmpfname);
296 /* Map the mmap error to the error we need. */
297 if (MAP_FAILED != (void *) SEM_FAILED && result == MAP_FAILED)
298 result = SEM_FAILED;
300 /* We don't need the file descriptor anymore. */
301 if (fd != -1)
303 /* Do not disturb errno. */
304 int save = errno;
305 __libc_close (fd);
306 errno = save;
309 return result;