Fix three bugs in Unix MemoryMappedFiles implementation

stephentoub · stephentoub · commit 42e940f6c3b5 · 2015-07-13T14:59:30.000-04:00
- When a map is created with CreateFromFile and a capacity is specified to CreateFromFile that's larger than the file using to back the map, the file's length is increased to match.  If the capacity is too large to successfully increase the length of the file, on Windows an IOException results, but on Unix we were throwing an ArgumentException.  The fix just catches the ArgumentException and translates it to an IOException.  This should be a very rare occurence, even for an exception case, and the additional overheads involved in the catch and throw-new should be immaterial.

- It's possible to create a map view with a size of zero (over a map with a non-zero size).  In some of these cases, we were passing invalid data to the underlying SafeBuffer that gets created, resulting in exceptions for what should be valid cases.  The fix is to reset some values appropriately to reflect the 0-size special case (there's already a special case for this in the code, we just weren't configuring everything that needed to be configured).

- When we create the backing stores for anonymous maps, we first create the object (memory or file) and then attempt to resize it.  In the case of an extremely large capacity, it's possible the resize could fail.  We weren't deterministically then cleaning up the handle that had just been recreated, instead waiting for finalization to do so.  This commit fixes that.
diff --git a/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Unix.BackingObject_File.cs b/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Unix.BackingObject_File.cs
@@ -20,8 +20,16 @@ private static FileStream CreateSharedBackingObject(Interop.libc.MemoryMappedPro
             // Then enlarge it to the requested capacity.
             const int DefaultBufferSize = 0x1000;
             var fs = new FileStream(path, FileMode.CreateNew, TranslateProtectionsToFileAccess(protections), FileShare.ReadWrite, DefaultBufferSize);
-            Interop.CheckIo(Interop.libc.unlink(path));
-            fs.SetLength(capacity);
+            try
+            {
+                Interop.CheckIo(Interop.libc.unlink(path));
+                fs.SetLength(capacity);
+            }
+            catch
+            {
+                fs.Dispose();
+                throw;
+            }
             return fs;
         }
 
diff --git a/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Unix.BackingObject_Memory.cs b/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Unix.BackingObject_Memory.cs
@@ -32,20 +32,27 @@ private static FileStream CreateSharedBackingObject(
             int fd;
             Interop.CheckIo(fd = Interop.libc.shm_open(mapName, flags, (int)perms), mapName);
             SafeFileHandle fileHandle = new SafeFileHandle((IntPtr)fd, ownsHandle: true);
-
-            // Unlink the shared memory object immediatley so that it'll go away once all handles 
-            // to it are closed (as with opened then unlinked files, it'll remain usable via
-            // the open handles even though it's unlinked and can't be opened anew via its name).
-            Interop.CheckIo(Interop.libc.shm_unlink(mapName));
-
-            // Give it the right capacity.  We do this directly with ftruncate rather
-            // than via FileStream.SetLength after the FileStream is created because, on some systems,
-            // lseek fails on shared memory objects, causing the FileStream to think it's unseekable,
-            // causing it to preemptively throw from SetLength.
-            Interop.CheckIo(Interop.libc.ftruncate(fd, capacity));
-
-            // Wrap the file descriptor in a stream and return it.
-            return new FileStream(fileHandle, TranslateProtectionsToFileAccess(protections));
+            try
+            {
+                // Unlink the shared memory object immediatley so that it'll go away once all handles 
+                // to it are closed (as with opened then unlinked files, it'll remain usable via
+                // the open handles even though it's unlinked and can't be opened anew via its name).
+                Interop.CheckIo(Interop.libc.shm_unlink(mapName));
+
+                // Give it the right capacity.  We do this directly with ftruncate rather
+                // than via FileStream.SetLength after the FileStream is created because, on some systems,
+                // lseek fails on shared memory objects, causing the FileStream to think it's unseekable,
+                // causing it to preemptively throw from SetLength.
+                Interop.CheckIo(Interop.libc.ftruncate(fd, capacity));
+
+                // Wrap the file descriptor in a stream and return it.
+                return new FileStream(fileHandle, TranslateProtectionsToFileAccess(protections));
+            }
+            catch
+            {
+                fileHandle.Dispose();
+                throw;
+            }
         }
     }
 }
diff --git a/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Unix.cs b/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedFile.Unix.cs
@@ -40,7 +40,16 @@ private static unsafe SafeMemoryMappedFileHandle CreateCore(
                 // at least as big as the requested capacity of the map.
                 if (fileStream.Length < capacity)
                 {
-                    fileStream.SetLength(capacity);
+                    try
+                    {
+                        fileStream.SetLength(capacity);
+                    }
+                    catch (ArgumentException exc)
+                    {
+                        // If the capacity is too large, we'll get an ArgumentException from SetLength, 
+                        // but on Windows this same condition is represented by an IOException.
+                        throw new IOException(exc.Message, exc);
+                    }
                 }
             }
             else
diff --git a/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedView.Unix.cs b/src/System.IO.MemoryMappedFiles/src/System/IO/MemoryMappedFiles/MemoryMappedView.Unix.cs
@@ -44,6 +44,7 @@ public unsafe static MemoryMappedView CreateView(
             // the right size and not extending the size to be page-aligned.)
             ulong nativeSize, extraMemNeeded, nativeOffset;
             int pageSize = Interop.libc.sysconf(Interop.libc.SysConfNames._SC_PAGESIZE);
+            Debug.Assert(pageSize > 0);
             ValidateSizeAndOffset(
                 requestedSize, requestedOffset, pageSize, 
                 out nativeSize, out extraMemNeeded, out nativeOffset);
@@ -115,6 +116,8 @@ public unsafe static MemoryMappedView CreateView(
                         flags | Interop.libc.MemoryMappedFlags.MAP_ANONYMOUS,
                         -1,        // ignore the actual fd even if there was one
                         0);
+                    requestedSize = 0;
+                    extraMemNeeded = 0;
                 }
                 if ((long)addr < 0)
                 {

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,16 @@ private static unsafe SafeMemoryMappedFileHandle CreateCore(`
`40`	`40`	`// at least as big as the requested capacity of the map.`
`41`	`41`	`if (fileStream.Length < capacity)`
`42`	`42`	`{`
`43`		`- fileStream.SetLength(capacity);`
	`43`	`+ try`
	`44`	`+ {`
	`45`	`+ fileStream.SetLength(capacity);`
	`46`	`+ }`
	`47`	`+ catch (ArgumentException exc)`
	`48`	`+ {`
	`49`	`+ // If the capacity is too large, we'll get an ArgumentException from SetLength,`
	`50`	`+ // but on Windows this same condition is represented by an IOException.`
	`51`	`+ throw new IOException(exc.Message, exc);`
	`52`	`+ }`
`44`	`53`	`}`
`45`	`54`	`}`
`46`	`55`	`else`