iofunc_space_verify()

Updated: April 19, 2023

Do permission checks for the _IO_SPACE message

Synopsis:

#include <sys/iofunc.h>

int iofunc_space_verify( resmgr_context_t *ctp, 
                         io_space_t *msg, 
                         iofunc_ocb_t *ocb, 
                         int *nonblock ); 

Arguments:

ctp
A pointer to a resmgr_context_t structure that the resource-manager library uses to pass context information between functions.
msg
A pointer to the io_space_t structure that contains the message that the resource manager received; see below.
ocb
A pointer to the iofunc_ocb_t structure for the Open Control Block that was created when the client opened the resource.
nonblock
NULL, or a pointer to a location where the function can store a value that indicates whether or not the device is nonblocking:
  • Zero — the client doesn't want to be blocked (i.e., O_NONBLOCK was set).
  • Nonzero — the client wants to be blocked.

Library:

libc

Use the -l c option to qcc to link against this library. This library is usually included automatically.

Description:

The iofunc_space_verify() function checks that the client _IO_SPACE message is well-formed and the operation should be allowed to succeed. This function may update fields for proper behavior. Optionally, it further reports if the operation may be treated as nonblocking.

All space handlers should start with a call to iofunc_space_verify() and proceed only if it returns EOK.

This function checks at least that:
  • the original open included write access
  • this operation is not attempting to write to a directory
  • the file is not on a read-only filesystem
  • on regular files on 32-bit filesystems, if whence equals SEEK_SET, start + len does not exceed INT32_MAX
This function updates the following:
  • If a non-NULL nonblock pointer is passed in, the value pointed to will be set to 0 if the operation may be allowed to block, and to O_NONBLOCK if the operation should not be allowed to block.
  • If this is a space operation on an executable file with any setid bits set (e.g., the setuid bit), then all setid bits will be zeroed (unset) in the attribute structure, unless the space operation is from a root (i.e., an euid of 0) process

io_space_t structure

The io_space_t structure holds the _IO_SPACE message received by the resource manager:

struct _io_space {
    uint16_t                    type;
    uint16_t                    combine_len;
    uint16_t                    subtype;
    short                       whence;
    uint64_t                    start;
    uint64_t                    len;
};

typedef union {
    struct _io_space            i;
    uint64_t                    o;
} io_space_t;

The I/O message structures are unions of an input message (coming to the resource manager) and an output or reply message (going back to the client).

The i member is a structure of type _io_space that contains the following members:

type
_IO_SPACE.
combine_len
If the message is a combine message, _IO_COMBINE_FLAG is set in this member. For more information, see Combine Messages chapter of Writing a Resource Manager.
subtype
F_ALLOCSP, F_FREESP, or F_GROWSP.
whence
The position in the file. The possible values (defined in <unistd.h>) are:
SEEK_CUR
The new file position is computed relative to the current file position. The value of start may be positive, negative or zero.
SEEK_END
The new file position is computed relative to the end of the file.
SEEK_SET
The new file position is computed relative to the start of the file. The value of start must not be negative.
start
The relative offset from the file position determined by the whence member.
len
The relative size by which to increase the file. A value of zero means to end of file.

The o member is the file size.

The _IO_SPACE message is generated by functions that set a file size or grow a file, such as ftruncate() or posix_fallocate().

Returns:

EOK
The client is allowed to perform this space operation.
EBADF
The resource wasn't opened for writing.
EFBIG
The file is a regular file, and the length is greater than the maximum offset associated with the file.
EISDIR
The resource is a directory.
EROFS
The file resides on a read-only filesystem (e.g., it was opened with O_RDWR and later the filesystem was remounted as read-only).

Classification:

QNX Neutrino

Safety:  
Cancellation point No
Interrupt handler No
Signal handler Yes
Thread Yes