linux: Require /dev/shm as the shared memory file system

Previously, glibc would pick an arbitrary tmpfs file system from
/proc/mounts if /dev/shm was not available.  This could lead to
an unsuitable file system being picked for the backing storage for
shm_open, sem_open, and related functions.

This patch introduces a new function, __shm_get_name, which builds
the file name under the appropriate (now hard-coded) directory.  It is
called from the various shm_* and sem_* function.  Unlike the
SHM_GET_NAME macro it replaces, the callers handle the return values
and errno updates.  shm-directory.c is moved directly into the posix
subdirectory because it can be implemented directly using POSIX
functionality.  It resides in libc because it is needed by both
librt and nptl/htl.

In the sem_open implementation, tmpfname is initialized directly
from a string constant.  This happens to remove one alloca call.

Checked on x86_64-linux-gnu.

3 files changed, 49 insertions, 1 deletions

diff --git a/posix/Makefile b/posix/Makefile
index 956ef7d397..f54015b9a8 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -65,7 +65,8 @@ routines :=								      \
 	spawnattr_setsigmask spawnattr_setschedpolicy spawnattr_setschedparam \
 	posix_madvise							      \
 	get_child_max sched_cpucount sched_cpualloc sched_cpufree \
-	streams-compat
+	streams-compat \
+	shm-directory
 
 aux		:= init-posix environ
 tests		:= test-errno tstgetopt testfnm runtests runptests \
diff --git a/posix/Versions b/posix/Versions
index 7d06a6d0c0..cfd3819966 100644
--- a/posix/Versions
+++ b/posix/Versions
@@ -150,5 +150,6 @@ libc {
   GLIBC_PRIVATE {
     __libc_fork; __libc_pread; __libc_pwrite;
     __nanosleep_nocancel; __pause_nocancel;
+    __shm_get_name;
   }
 }
diff --git a/posix/shm-directory.c b/posix/shm-directory.c
new file mode 100644
index 0000000000..c06bf96aa7
--- /dev/null
+++ b/posix/shm-directory.c
@@ -0,0 +1,46 @@
+/* Determine directory for shm/sem files.  Generic POSIX version.
+   Copyright (C) 2014-2021 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <unistd.h>
+
+#if _POSIX_MAPPED_FILES
+
+#include <alloc_buffer.h>
+#include <shm-directory.h>
+#include <string.h>
+
+int
+__shm_get_name (struct shmdir_name *result, const char *name, bool sem_prefix)
+{
+  while (name[0] == '/')
+    ++name;
+  size_t namelen = strlen (name);
+
+  struct alloc_buffer buffer
+    = alloc_buffer_create (result->name, sizeof (result->name));
+  alloc_buffer_copy_bytes (&buffer, SHMDIR, strlen (SHMDIR));
+  if (sem_prefix)
+    alloc_buffer_copy_bytes (&buffer, "sem.", strlen ("sem."));
+  alloc_buffer_copy_bytes (&buffer, name, namelen + 1);
+  if (namelen == 0 || memchr (name, '/', namelen) != NULL
+      || alloc_buffer_has_failed (&buffer))
+    return -1;
+  return 0;
+}
+
+#endif