Added `memfd_secret()`"s disabled path. Added checks to translate valid flags {from,to} `memfd_{secret,create}()` (if the flag bits aren"t the same at comptime.)

Added `memfd_secret()` IFUNC resolver.

Fortune for memfd_secret-shim's current commit: Middle blessing − 中吉
master
Avril 7 months ago
parent f1c89d50e1
commit fde7eb2ee5
Signed by: flanchan
GPG Key ID: 284488987C31F630

@ -1,13 +1,16 @@
#include <sys/syscall.h> #include <sys/syscall.h>
#include <sys/mman.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h>
#include <errno.h> #include <errno.h>
#include "ifunc.h" #include "ifunc.h"
#include <memfd_secret.h> #include <memfd_secret.h>
#define READ_ONCE(slot) ((__typeof__(slot))(*(const volatile __typeof__(slot)*)(slot))) #define READ_ONCE(slot) ((__typeof__(slot))(*(const volatile __typeof__(slot)*)&(slot)))
#define WRITE_ONCE(slot, value) (*((volatile __typeof__(slot)*)(slot)) = (value)) #define WRITE_ONCE(slot, value) (*((volatile __typeof__(slot)*)&(slot)) = (value))
__attribute__((gnu_inline)) __attribute__((gnu_inline))
static inline static inline
@ -69,8 +72,15 @@ int IFUNC_IMPL(memfd_secret, $enabled) (unsigned int flags)
__attribute__((visibility("hidden"))) __attribute__((visibility("hidden")))
int IFUNC_IMPL(memfd_secret, $disabled) (unsigned int flags) int IFUNC_IMPL(memfd_secret, $disabled) (unsigned int flags)
{ {
if( FD_CLOEXEC != MEMFD_CLOEXEC ) { // NOTE: This is a constant expression, and this code will be removed if they are equal. // Translate mask `flags`, from `FD_CLOEXEC` (if it is set) -> `MEMFD_CLOEXEC`.
//TODO: Translate mask `flags`, from `FD_CLOEXEC` (if it is set) -> `MEMFD_CLOEXEC`. if( FD_CLOEXEC != MFD_CLOEXEC ) { // NOTE: This is a constant expression, and this code will be removed if they are equal.
// Check if all bit(s) of `FD_CLOEXEC` is in `flags`.
if((flags & FD_CLOEXEC) == FD_CLOEXEC) {
// Mask out the `FD_CLOEXEC` bit(s)
flags &= ~FD_CLOEXEC;
// Mask in the `MFD_CLOEXEC` bit(s)
flags |= MFD_CLOEXEC;
} // NOTE: We do not need to check cases where `flags & FD_CLOEXEC` is non-zero but the above branch is not hit, that would be an invalid call anyway. Plus I highly doubt any system will set `FD_CLOEXEC` to be more than 1 set bit anyway.
} }
return memfd_create("memfd_secret@?", flags); return memfd_create("memfd_secret@?", flags);
} }

Loading…
Cancel
Save