From fde7eb2ee586bb949ccd2aca6c9706c7675c3206 Mon Sep 17 00:00:00 2001
From: Avril <flanchan@cumallover.me>
Date: Mon, 15 Apr 2024 16:59:26 +0100
Subject: [PATCH] Added `memfd_secret()`"s disabled path. Added checks to
 translate valid flags {from,to} `memfd_{secret,create}()` (if the flag bits
 aren"t the same at comptime.)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added `memfd_secret()` IFUNC resolver.

Fortune for memfd_secret-shim's current commit: Middle blessing − 中吉
---
 src/memfd_secret.c | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/memfd_secret.c b/src/memfd_secret.c
index 3c5320a..16f1468 100644
--- a/src/memfd_secret.c
+++ b/src/memfd_secret.c
@@ -1,13 +1,16 @@
 #include <sys/syscall.h>
+#include <sys/mman.h>
 #include <unistd.h>
+#include <fcntl.h>
 #include <errno.h>
 
+
 #include "ifunc.h"
 
 #include <memfd_secret.h>
 
-#define READ_ONCE(slot) ((__typeof__(slot))(*(const volatile __typeof__(slot)*)(slot)))
-#define WRITE_ONCE(slot, value) (*((volatile __typeof__(slot)*)(slot)) = (value))
+#define READ_ONCE(slot) ((__typeof__(slot))(*(const volatile __typeof__(slot)*)&(slot)))
+#define WRITE_ONCE(slot, value) (*((volatile __typeof__(slot)*)&(slot)) = (value))
 
 __attribute__((gnu_inline))
 static inline
@@ -69,8 +72,15 @@ int IFUNC_IMPL(memfd_secret, $enabled) (unsigned int flags)
 __attribute__((visibility("hidden")))
 int IFUNC_IMPL(memfd_secret, $disabled) (unsigned int flags)
 {
-	if( FD_CLOEXEC != MEMFD_CLOEXEC ) { // NOTE: This is a constant expression, and this code will be removed if they are equal.
-		//TODO: Translate mask `flags`, from `FD_CLOEXEC` (if it is set) -> `MEMFD_CLOEXEC`.
+	// Translate mask `flags`, from `FD_CLOEXEC` (if it is set) -> `MEMFD_CLOEXEC`.
+	if( FD_CLOEXEC != MFD_CLOEXEC ) { // NOTE: This is a constant expression, and this code will be removed if they are equal.
+		// Check if all bit(s) of `FD_CLOEXEC` is in `flags`.
+		if((flags & FD_CLOEXEC) == FD_CLOEXEC) {
+			// Mask out the `FD_CLOEXEC` bit(s)
+			flags &= ~FD_CLOEXEC;
+			// Mask in the `MFD_CLOEXEC` bit(s)
+			flags |= MFD_CLOEXEC;
+		} // NOTE: We do not need to check cases where `flags & FD_CLOEXEC` is non-zero but the above branch is not hit, that would be an invalid call anyway. Plus I highly doubt any system will set `FD_CLOEXEC` to be more than 1 set bit anyway.
 	}
 	return memfd_create("memfd_secret@?", flags);
 }