aboutsummaryrefslogtreecommitdiff
path: root/winsup/cygserver/shm.cc
blob: dc5632355e813f400bc53ab8342efdf31945345c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
/* cygserver_shm.cc: Single unix specification IPC interface for Cygwin

Copyright 2001, 2002 Red Hat, Inc.

Originally written by Robert Collins <robert.collins@hotmail.com>

This file is part of Cygwin.

This software is a copyrighted work licensed under the terms of the
Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
details. */

#ifdef __OUTSIDE_CYGWIN__
#undef __INSIDE_CYGWIN__
#else
#include "winsup.h"
#endif

#ifndef __INSIDE_CYGWIN__
#define DEBUG 0
#define system_printf printf
#define debug_printf if (DEBUG) printf
#define api_fatal printf
#include <stdio.h>
#include <windows.h>
#endif

#include <sys/stat.h>
#include <errno.h>
#include "cygerrno.h"
#include <unistd.h>
#include "security.h"
//#include "fhandler.h"
//#include "dtable.h"
//#include "cygheap.h"
#include <stdio.h>
//#include "thread.h"
#ifndef __INSIDE_CYGWIN__
#define __INSIDE_CYGWIN__
#include "cygwin_shm.h"
#undef __INSIDE_CYGWIN__
#else
#include "cygwin_shm.h"
#endif
//#include "perprocess.h"
#include <threaded_queue.h>
#include <cygwin/cygserver_process.h>
#include "cygserver_shm.h"

// FIXME IS THIS CORRECT
/* Implementation notes: We use two shared memory regions per key:
 * One for the control structure, and one for the shared memory.
 * While this has a higher overhead tham a single shared area,
 * It allows more flexability. As the entire code is transparent to the user
 * We can merge these in the future should it be needed.
 * Also, IPC_PRIVATE keys create unique mappings each time. The shm_ids just
 * keep monotonically incrementing - system wide.
 */
size_t
getsystemallocgranularity ()
{
  SYSTEM_INFO sysinfo;
  static size_t buffer_offset = 0;
  if (buffer_offset)
    return buffer_offset;
  GetSystemInfo (&sysinfo);
  buffer_offset = sysinfo.dwAllocationGranularity;
  return buffer_offset;
}


client_request_shm::client_request_shm ():client_request (CYGSERVER_REQUEST_SHM_GET,
		sizeof (parameters))
{
  buffer = (char *) &parameters;
}

/* FIXME: If building on a 64-bit compiler, the address->int typecast will fail.
 * Solution: manually calculate the next id value
 */

#if 0
extern
"C" void *
shmat (int shmid, const void *shmaddr, int parameters.in.shmflg)
{
  class shmid_ds *
    shm = (class shmid_ds *)
    shmid;			//FIXME: verifyable object test

  if (shmaddr)
    {
      //FIXME: requested base address ?!
      set_errno (EINVAL);
      return (void *) -1;
    }

  void *
    rv =
    MapViewOfFile (shm->attachmap,


		   (parameters.in.shmflg & SHM_RDONLY) ?
		   FILE_MAP_READ : FILE_MAP_WRITE, 0,
		   0, 0);

  if (!rv)
    {
      //FIXME: translate GetLastError()
      set_errno (EACCES);
      return (void *) -1;
    }

/* FIXME: this needs to be globally protected to prevent a mismatch betwen
 * attach count and attachees list
 */

  InterlockedIncrement (&shm->shm_nattch);
  _shmattach *
    attachnode =
    new
    _shmattach;

  attachnode->data = rv;
  attachnode->next =
    (_shmattach *) InterlockedExchangePointer ((LONG *) & shm->attachhead,
					       (long int) attachnode);
  return rv;
}
#endif

/* FIXME: evaluate getuid() and getgid() against the requested mode. Then
 * choose PAGE_READWRITE | PAGE_READONLY and FILE_MAP_WRITE  |  FILE_MAP_READ
 * appropriately
 */

/* Test result from openbsd: shm ids are persistent cross process if a handle is left
 * open. This could lead to resource starvation: we're not copying that behaviour
 * unless we have to. (It will involve acygwin1.dll gloal shared list :[ ).
 */
/* FIXME: shmid should be a verifyable object
 */

/* FIXME: on NT we should check everything against the SD. On 95 we just emulate.
 */

extern GENERIC_MAPPING
  access_mapping;

extern int
check_and_dup_handle (HANDLE from_process, HANDLE to_process,
		      HANDLE from_process_token,
		      DWORD access,
		      HANDLE from_handle,
		      HANDLE * to_handle_ptr, BOOL bInheritHandle);

//FIXME: where should this live
static shmnode *
  shm_head =
  NULL;
//FIXME: ditto.
static shmnode *
  deleted_head = NULL;
/* must be long for InterlockedIncrement */
static long
  new_id =
  0;
static long
  new_private_key =
  0;

static void
delete_shmnode (shmnode **nodeptr)
{
  shmnode *node = *nodeptr;

  // remove from the list
  if (node == shm_head)
    shm_head = shm_head->next;
  else
    {
      shmnode *tempnode = shm_head;
      while (tempnode && tempnode->next != node)
	tempnode = tempnode->next;
      if (tempnode)
	tempnode->next = node->next;
      // else log the unexpected !
    }

    // release the shared data view
    UnmapViewOfFile (node->shmds->mapptr);
    delete node->shmds;
    CloseHandle (node->filemap);
    CloseHandle (node->attachmap);

    // free the memory
    delete node;
    nodeptr = NULL;
}

void
client_request_shm::serve (transport_layer_base * conn, process_cache * cache)
{
//  DWORD sd_size = 4096;
//  char sd_buf[4096];
  PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR) parameters.in.sd_buf;
//  /* create a sd for our open requests based on shmflag & 0x01ff */
//  psd = alloc_sd (getuid (), getgid (), cygheap->user.logsrv (),
//		    parameters.in.shmflg & 0x01ff, psd, &sd_size);

  HANDLE from_process_handle = NULL;
  HANDLE token_handle = NULL;
  DWORD rc;

  from_process_handle = cache->process (parameters.in.pid)->handle ();
  /* possible TODO: reduce the access on the handle before we use it */
  /* Note that unless we do this, we don't need to call CloseHandle - it's kept open
   * by the process cache until the process terminates.
   * We may need a refcount on the cache however...
   */
  if (!from_process_handle)
    {
      debug_printf ("error opening process (%lu)\n", GetLastError ());
      header.error_code = EACCES;
      return;
    }

  conn->impersonate_client ();

  rc = OpenThreadToken (GetCurrentThread (),
			TOKEN_QUERY, TRUE, &token_handle);

  conn->revert_to_self ();

  if (!rc)
    {
      debug_printf ("error opening thread token (%lu)\n", GetLastError ());
      header.error_code = EACCES;
      CloseHandle (from_process_handle);
      return;
    }


  /* we trust the clients request - we will be doing it as them, and
   * the worst they can do is open their own permissions
   */


  SECURITY_ATTRIBUTES sa;
  sa.nLength = sizeof (sa);
  sa.lpSecurityDescriptor = psd;
  sa.bInheritHandle = TRUE;	/* the memory structures inherit ok */

  char *shmname = NULL, *shmaname = NULL;
  char stringbuf[29], stringbuf1[29];

  /* TODO: make this code block a function! */
  if (parameters.in.type == SHM_REATTACH)
    {
      /* just find and fill out the existing shm_id */
      shmnode *tempnode = shm_head;
      while (tempnode)
	{
	  if (tempnode->shm_id == parameters.in.shm_id)
	    {
	      parameters.out.shm_id = tempnode->shm_id;
	      parameters.out.key = tempnode->key;
	      if (check_and_dup_handle
		  (GetCurrentProcess (), from_process_handle, token_handle,
		   DUPLICATE_SAME_ACCESS, tempnode->filemap,
		   &parameters.out.filemap, TRUE) != 0)
		{
		  debug_printf ("error duplicating filemap handle (%lu)\n",
				GetLastError ());
		  header.error_code = EACCES;
		}
	      if (check_and_dup_handle
		  (GetCurrentProcess (), from_process_handle, token_handle,
		   DUPLICATE_SAME_ACCESS, tempnode->attachmap,
		   &parameters.out.attachmap, TRUE) != 0)
		{
		  debug_printf ("error duplicating attachmap handle (%lu)\n",
				GetLastError ());
		  header.error_code = EACCES;
		}
	      CloseHandle (token_handle);
	      return;
	    }
	  tempnode = tempnode->next;
	}
      header.error_code = EINVAL;
      CloseHandle (token_handle);
      return;
    }

  /* someone attached */
  /* someone can send shm_id's they don't have and currently we will increment those
   * attach counts. If someone wants to fix that, please go ahead.
   * The problem is that shm_get has nothing to do with the ability to attach. Attach
   * requires a permission check, which we get the OS to do in MapViewOfFile.
   */
  if (parameters.in.type == SHM_ATTACH)
    {
      shmnode *tempnode = shm_head;
      while (tempnode)
	{
	  if (tempnode->shm_id == parameters.in.shm_id)
	    {
	      InterlockedIncrement (&tempnode->shmds->shm_nattch);
	      header.error_code = 0;
	      CloseHandle (token_handle);
	      return;
	    }
	  tempnode = tempnode->next;
	}
      header.error_code = EINVAL;
      CloseHandle (token_handle);
      return;
    }

  /* Someone detached */
  if (parameters.in.type == SHM_DETACH)
    {
      shmnode *tempnode = shm_head;
      while (tempnode)
	{
	  if (tempnode->shm_id == parameters.in.shm_id)
	    {
	      InterlockedDecrement (&tempnode->shmds->shm_nattch);
	      header.error_code = 0;
	      CloseHandle (token_handle);
	      return;
	    }
	  tempnode = tempnode->next;
	}
      header.error_code = EINVAL;
      CloseHandle (token_handle);
      return;
    }

  /* Someone wants the ID removed. */
  if (parameters.in.type == SHM_DEL)
    {
      shmnode **tempnode = &shm_head;
      while (*tempnode)
	  {
	    if ((*tempnode)->shm_id == parameters.in.shm_id)
	      {
		// unlink from the accessible node list
		shmnode *temp2 = *tempnode;
		*tempnode = temp2->next;
		// link into the deleted list
		temp2->next = deleted_head;
		deleted_head = temp2;

		// FIXME: when/where do we delete the handles?
		if (temp2->shmds->shm_nattch)
		  {
		    // FIXME: add to a pending queue?
		  }
		else
		  {
		    delete_shmnode (&temp2);
		  }

		header.error_code = 0;
		CloseHandle (token_handle);
		return;
	      }
	    tempnode = &(*tempnode)->next;
	  }
      header.error_code = EINVAL;
      CloseHandle (token_handle);
      return;
    }


  if (parameters.in.type == SHM_CREATE)
    {
      /* FIXME: enter the checking for existing keys mutex. This mutex _must_ be system wide
       * to prevent races on shmget.
       */

      if (parameters.in.key == IPC_PRIVATE)
	{
	  /* create the mapping name (CYGWINSHMKPRIVATE_0x01234567 */
	  /* The K refers to Key, the actual mapped area has D */
	  long private_key = (int) InterlockedIncrement (&new_private_key);
	  snprintf (stringbuf, 29, "CYGWINSHMKPRIVATE_0x%0x", private_key);
	  shmname = stringbuf;
	  snprintf (stringbuf1, 29, "CYGWINSHMDPRIVATE_0x%0x", private_key);
	  shmaname = stringbuf1;
	}
      else
	{
	  /* create the mapping name (CYGWINSHMK0x0123456789abcdef */
	  /* The K refers to Key, the actual mapped area has D */

	  snprintf (stringbuf, 29, "CYGWINSHMK0x%0qx", parameters.in.key);
	  shmname = stringbuf;
	  snprintf (stringbuf1, 29, "CYGWINSHMD0x%0qx", parameters.in.key);
	  shmaname = stringbuf1;
	  debug_printf ("system id strings are \n%s\n%s\n", shmname,
			shmaname);
	  debug_printf ("key input value is 0x%0qx\n", parameters.in.key);
	}

      /* attempt to open the key */

      /* get an existing key */
      /* On unix the same shmid identifier is returned on multiple calls to shm_get
       * with the same key and size. Different modes is a ?.
       */



      /* walk the list of known keys and return the id if found. remember, we are
       * authoritative...
       */

      shmnode *tempnode = shm_head;
      while (tempnode)
	{
	  if (tempnode->key == parameters.in.key
	      && parameters.in.key != IPC_PRIVATE)
	    {
	      // FIXME: free the mutex
	      if (parameters.in.size
		  && tempnode->shmds->shm_segsz < parameters.in.size)
		{
		  header.error_code = EINVAL;
		  CloseHandle (token_handle);
		  return;
		}
	      /* FIXME: can the same process call this twice without error ? test
	       * on unix
	       */
	      if ((parameters.in.shmflg & IPC_CREAT)
		  && (parameters.in.shmflg & IPC_EXCL))
		{
		  header.error_code = EEXIST;
		  debug_printf
		    ("attempt to exclusively create already created shm_area with key 0x%0qx\n",
		     parameters.in.key);
		  // FIXME: free the mutex
		  CloseHandle (token_handle);
		  return;
		}
	      // FIXME: do we need to other tests of the requested mode with the
	      // tempnode->shm_id mode ? testcase on unix needed.
	      // FIXME how do we do the security test? or
	      // do we wait for shmat to bother with that?
	      /* One possibly solution: impersonate the client, and then test we can
	       * reopen the area. In fact we'll probably have to do that to get
	       * handles back to them, alternatively just tell them the id, and then
	       * let them attempt the open.
	       */
	      parameters.out.shm_id = tempnode->shm_id;
	      if (check_and_dup_handle
		  (GetCurrentProcess (), from_process_handle, token_handle,
		   DUPLICATE_SAME_ACCESS, tempnode->filemap,
		   &parameters.out.filemap, TRUE) != 0)
		{
		  printf ("error duplicating filemap handle (%lu)\n",
			  GetLastError ());
		  header.error_code = EACCES;
/*mutex*/
		  CloseHandle (token_handle);
		  return;
		}
	      if (check_and_dup_handle
		  (GetCurrentProcess (), from_process_handle, token_handle,
		   DUPLICATE_SAME_ACCESS, tempnode->attachmap,
		   &parameters.out.attachmap, TRUE) != 0)
		{
		  printf ("error duplicating attachmap handle (%lu)\n",
			  GetLastError ());
		  header.error_code = EACCES;
/*mutex*/
		  CloseHandle (token_handle);
		  return;
		}

	      CloseHandle (token_handle);
	      return;
	    }
	  tempnode = tempnode->next;
	}
      /* couldn't find a currently open shm area. */

      /* create one */
      /* do this as the client */
      conn->impersonate_client ();
      /* This may need sh_none... it's only a control structure */
      HANDLE filemap = CreateFileMapping (INVALID_HANDLE_VALUE,	// system pagefile.
					  &sa,
					  PAGE_READWRITE,	// protection
					  0x00000000,
					  getsystemallocgranularity (),
					  shmname	// object name
	);
      int lasterr = GetLastError ();
      conn->revert_to_self ();

      if (filemap == NULL)
	{
	  /* We failed to open the filemapping ? */
	  system_printf ("failed to open file mapping: %lu\n",
			 GetLastError ());
	  // free the mutex
	  // we can assume that it exists, and that it was an access problem.
	  header.error_code = EACCES;
	  CloseHandle (token_handle);
	  return;
	}

      /* successfully opened the control region mapping */
      /* did we create it ? */
      int oldmapping = lasterr == ERROR_ALREADY_EXISTS;
      if (oldmapping)
	{
	  /* should never happen - we are the global daemon! */
#if 0
	  if ((parameters.in.shmflg & IPC_CREAT)
	      && (parameters.in.shmflg & IPC_EXCL))
#endif
	    {
	      /* FIXME free mutex */
	      CloseHandle (filemap);
	      header.error_code = EEXIST;
	      CloseHandle (token_handle);
	      return;
	    }
	}

      /* we created a new mapping */
      if (parameters.in.key != IPC_PRIVATE &&
	  (parameters.in.shmflg & IPC_CREAT) == 0)
	{
	  CloseHandle (filemap);
	  /* FIXME free mutex */
	  header.error_code = ENOENT;
	  CloseHandle (token_handle);
	  return;
	}

      conn->impersonate_client ();
      void *mapptr = MapViewOfFile (filemap, FILE_MAP_WRITE, 0, 0, 0);
      conn->revert_to_self ();

      if (!mapptr)
	{
	  CloseHandle (filemap);
	  //FIXME: close filemap and free the mutex
	  /* we couldn't access the mapped area with the requested permissions */
	  header.error_code = EACCES;
	  CloseHandle (token_handle);
	  return;
	}

      conn->impersonate_client ();
      /* Now get the user data */
      HANDLE attachmap = CreateFileMapping (INVALID_HANDLE_VALUE,	// system pagefile
					    &sa,
					    PAGE_READWRITE,	// protection (FIXME)
					    0x00000000,
					    parameters.in.size +
					    parameters.in.size %
					    getsystemallocgranularity (),
					    shmaname	// object name
	);
      conn->revert_to_self ();

      if (attachmap == NULL)
	{
	  system_printf ("failed to get shm attachmap\n");
	  header.error_code = ENOMEM;
	  UnmapViewOfFile (mapptr);
	  CloseHandle (filemap);
	  /* FIXME exit the mutex */
	  CloseHandle (token_handle);
	  return;
	}

      shmid_ds *shmtemp = new shmid_ds;
      if (!shmtemp)
	{
	  system_printf ("failed to malloc shm node\n");
	  header.error_code = ENOMEM;
	  UnmapViewOfFile (mapptr);
	  CloseHandle (filemap);
	  CloseHandle (attachmap);
	  /* FIXME exit mutex */
	  CloseHandle (token_handle);
	  return;
	}

      /* fill out the node data */
      shmtemp->shm_perm.cuid = getuid ();
      shmtemp->shm_perm.uid = shmtemp->shm_perm.cuid;
      shmtemp->shm_perm.cgid = getgid ();
      shmtemp->shm_perm.gid = shmtemp->shm_perm.cgid;
      shmtemp->shm_perm.mode = parameters.in.shmflg & 0x01ff;
      shmtemp->shm_lpid = 0;
      shmtemp->shm_nattch = 0;
      shmtemp->shm_atime = 0;
      shmtemp->shm_dtime = 0;
      shmtemp->shm_ctime = time (NULL);
      shmtemp->shm_segsz = parameters.in.size;
      *(shmid_ds *) mapptr = *shmtemp;
      shmtemp->mapptr = mapptr;

      /* no need for InterlockedExchange here, we're serialised by the global mutex */
      tempnode = new shmnode;
      tempnode->shmds = shmtemp;
      tempnode->shm_id = (int) InterlockedIncrement (&new_id);
      tempnode->key = parameters.in.key;
      tempnode->filemap = filemap;
      tempnode->attachmap = attachmap;
      tempnode->next = shm_head;
      shm_head = tempnode;

      /* we now have the area in the daemon list, opened.

	 FIXME: leave the system wide shm mutex */

      parameters.out.shm_id = tempnode->shm_id;
      if (check_and_dup_handle (GetCurrentProcess (), from_process_handle,
				token_handle,
				DUPLICATE_SAME_ACCESS,
				tempnode->filemap, &parameters.out.filemap,
				TRUE) != 0)
	{
	  printf ("error duplicating filemap handle (%lu)\n",
		  GetLastError ());
	  header.error_code = EACCES;
	  CloseHandle (token_handle);
/* mutex et al */
	  return;
	}
      if (check_and_dup_handle (GetCurrentProcess (), from_process_handle,
				token_handle,
				DUPLICATE_SAME_ACCESS,
				tempnode->attachmap,
				&parameters.out.attachmap, TRUE) != 0)
	{
	  printf ("error duplicating attachmap handle (%lu)\n",
		  GetLastError ());
	  header.error_code = EACCES;
	  CloseHandle (from_process_handle);
	  CloseHandle (token_handle);
/* more cleanup... yay! */
	  return;
	}
      CloseHandle (token_handle);

      return;
    }

  header.error_code = ENOSYS;
  CloseHandle (token_handle);


  return;
}