Compare commits

..

10 Commits

Author SHA1 Message Date
Avril e47caa8035
`test` target: Added final non-ignored exec (base) when running test.
7 months ago
Avril 053bbb4c3b
Fixed bug where test files were being added to library. (Hack fix, removes `src/test/*` from source lookup.)
7 months ago
Avril 94562877e0
Added `TARGET` var for `test` - {debug,release}.{a,so} (which build of lib to link to,) and configurable `TEST_{C,LD}FLAGS`. Fixed bug of adding test flags to dep build when it doesn"t already exist.
7 months ago
Avril 8c94ce5f70
Added configurable `INCLUDE_PREFIX` for install targets.
7 months ago
Avril 7d182704b9
Improved `test` make target: Added phony: `test`, builds and runs the test program against the debug static lib target.
7 months ago
Avril 7eaf4df51c
Added `test` make target & test program.
7 months ago
Avril 5b683de5ee
Changed IFUNC symbol generation slightly.
7 months ago
Avril aca36aec62
Added static & shared library targets; as well as install & uninstall targets.
7 months ago
Avril 9ea30b0cb2
Tested impl: works! Thoudh... XXX: man says `FD_CLOEXEC` should be passable to `memfd_secret()`, but it fails with `EINVAL` if passed `FD_CLOEXEC`...? Find out why?
7 months ago
Avril fde7eb2ee5
Added `memfd_secret()`"s disabled path. Added checks to translate valid flags {from,to} `memfd_{secret,create}()` (if the flag bits aren"t the same at comptime.)
7 months ago

2
.gitignore vendored

@ -5,5 +5,7 @@ perf/
*.o
*-debug
*-release
*-test
*.so
*.so.*
*.gch

@ -3,12 +3,13 @@
PROJECT=memfd_secret-shim
AUTHOR=Avril (Flanchan) <flanchan@cumallover.me>
DESCRIPTION=
VERSION=0.0.0
VERSION=0.0.0r1
SRC = src
SRC_C = $(shell find $(SRC)/ -type f -name \*.c)
SRC_CXX = $(shell find -O2 $(SRC)/ -type f -name \*.cpp -or -name \*.cxx)
# Exclude `src/test/*` from search.
SRC_C = $(shell find $(SRC)/ -type f -name \*.c -a -not -path src/test/\*)
SRC_CXX = $(shell find -O2 $(SRC)/ -type f -name \*.cpp -or -name \*.cxx -a -not -path src/test/\*)
INCLUDE=include
# If PCH should be auto-included for all TUs, set to 1.
@ -17,27 +18,54 @@ INCLUDE_PCH_GLOBAL?=0
INCLUDE_GLOBAL=
# Link to these libraries dynamicalls
SHARED_LIBS=fmt
SHARED_LIBS=
# Link to these libraries statically
STATIC_LIBS=
# Prefix for un/install targets
ifeq ($(PREFIX),)
PREFIX := /usr/local
endif
INCLUDE_PREFIX := $(PROJECT)/
# Default archivers
AR?=ar
RANLIB?=ranlib
# Use gcc-{ar,ranlib} when using gcc
ifeq ($(CXX),g++)
AR:=gcc-ar
RANLIB:=gcc-ranlib
endif
# Pre-compile these headers
PCH_HEADERS+=
# PCH_HEADERS depend on these header files
PCH_INCLUDES+=
# Link executable statically (in release builds only.)
STATIC?=no
# Compile-time default program features (see `Features application` below.)
FEATURES?=
# Build constants
CONSTANTS+=_GNU_SOURCE
# Testing
# Can be {release,debug}.{a,so}
TARGET?=debug.a
TEST_LDFLAGS+= -lfmt -lstdc++ -Wl,-z,now -Wl,-z -Wl,relro
TEST_CFLAGS+= -Og -g -fwhole-program
override __COMMA=,
override __VERSION_SPLIT:= $(subst ., ,$(VERSION))
override __VERSION_REVISION:=$(word 3,$(__VERSION_SPLIT)) 0
VERSION_MAJOR:= $(word 1,$(__VERSION_SPLIT))
VERSION_MINOR:= $(word 2,$(__VERSION_SPLIT))
VERSION_BUGFIX:= $(word 3,$(__VERSION_SPLIT))
VERSION_REVISION:= $(word 2,$(subst r, ,$(__VERSION_REVISION)))
override __VERSION_SPLIT:= MAJOR:$(word 1,$(__VERSION_SPLIT)) MINOR:$(word 2,$(__VERSION_SPLIT)) BUGFIX:$(word 1,$(subst r, ,$(__VERSION_REVISION))) REVISION:$(word 2,$(subst r, ,$(__VERSION_REVISION))) REVISION_STRING:$(word 3,$(__VERSION_SPLIT))
COMMON_FLAGS+= -W -Wall
@ -51,14 +79,27 @@ COMMON_FLAGS+= $(addprefix -D_VERSION_,$(subst :,=,$(__VERSION_SPLIT))) '-D_VERS
ARCH?=native
CPU?=native
# Enable OpenMP and loop parallelisation? (dyn-links to openmp)
PARALLEL?=yes
PARALLEL?=no
# Enable CPU-specific features
CPU_FLAGS?=
BINFLAGS+=
DEBUG_BINFLAGS+=
RELEASE_BINFLAGS+= -fuse-linker-plugin
OPT_FLAGS?= -fgraphite \
-floop-interchange -ftree-loop-distribution -floop-strip-mine -floop-block \
-fno-stack-check
# Static and shared common flags
SHARED_FLAGS+=-fPIC
SHARED_RELEASE_FLAGS+=
SHARED_DEBUG_FLAGS+=
STATIC_FLAGS+=
STATIC_RELEASE_FLAGS+=-ffat-lto-objects
STATIC_DEBUG_FLAGS+=
# Features application
## Tell program which features are enabled via `FEATURE_<feature name in UPPER_SNAKE_CASE>`.
@ -83,7 +124,8 @@ ifneq ($(CPU),)
endif
ifeq ($(PARALLEL),yes)
OPT_FLAGS+= -fopenmp -floop-parallelize-all -ftree-parallelize-loops=4
SHARED_FLAGS+= -fopenmp
SHARED_RELEASE_FLAGS+= -floop-parallelize-all -ftree-parallelize-loops=4
endif
COMMON_FLAGS+=$(addprefix -m,$(CPU_FLAGS))
@ -103,7 +145,7 @@ DEBUG_COMMON_FLAGS+= -ggdb -gz -ftrapv -fbounds-check
ifneq ($(TARGET_SPEC_FLAGS),no)
RELEASE_CFLAGS?= -O3 -flto $(OPT_FLAGS)
RELEASE_CXXFLAGS?= -O3 -flto $(CXX_OPT_FLAGS)
RELEASE_LDFLAGS?= -Wl,-O3 -Wl,-flto -fuse-linker-plugin
RELEASE_LDFLAGS?= -Wl,-O3 -Wl,-flto
DEBUG_CFLAGS?= -Og
DEBUG_CXXFLAGS?= -Og
@ -111,10 +153,6 @@ ifneq ($(TARGET_SPEC_FLAGS),no)
DEBUG_LDFLAGS?=
endif
ifeq ($(STATIC),yes)
RELEASE_LDFLAGS+=-static
endif
DEBUG_CFLAGS+=-DDEBUG $(DEBUG_COMMON_FLAGS)
DEBUG_CXXFLAGS+=-DDEBUG $(DEBUG_COMMON_FLAGS) -fasynchronous-unwind-tables
@ -169,7 +207,7 @@ CFLAGS += $(COMMON_FLAGS) --std=$(CSTD)
CXXFLAGS += $(COMMON_FLAGS) --std=$(CXXSTD)
LDFLAGS += $(addsuffix .a,$(addprefix -l:lib,$(STATIC_LIBS))) $(addprefix -l,$(SHARED_LIBS))
# PGO
# PGO (unused for lib targets)
PROF_FLAGS= -D_PGO_GEN -fprofile-generate
PGO_OBJ_C= $(addprefix prof/c/,$(SRC_C:.c=.o))
@ -184,14 +222,33 @@ PROF_SMALL_BOUND= 1024
# Phonies
# XXX: This doesn't force them to run in series for some reason?
.PHONY: release
release: | dirs $(PROJECT)-release
release: | dirs
$(MAKE) lib$(PROJECT).a
@$(MAKE) clean-rebuild >> /dev/null
@$(MAKE) dirs >> /dev/null
$(MAKE) lib$(PROJECT).so
.PHONY: debug
debug: | dirs $(PROJECT)-debug
.PHONY: pgo
pgo: | dirs $(PROJECT)-pgo
debug: | dirs
$(MAKE) lib$(PROJECT)-debug.a
@$(MAKE) clean-rebuild >> /dev/null
@$(MAKE) dirs >> /dev/null
$(MAKE) lib$(PROJECT)-debug.so
# Rebuild both release and debug targets from scratch
.PHONY: all
all: | clean
@$(MAKE) release
@$(MAKE) clean-rebuild
@$(MAKE) debug
.PHONY: test
test: $(PROJECT)-test
-strace ./$<
-valgrind ./$<
./$(PROJECT)-test
# Targets
@ -239,75 +296,43 @@ prof/cxx/%.o: %.cpp $(PCH_OUTPUT)
$(CXX) -c $< $(CXXFLAGS) -o $@ $(PROF_FLAGS)
#$(LDFLAGS)
$(PROJECT)-release: CFLAGS+= $(RELEASE_CFLAGS) $(PCH_USE_CFLAGS)
$(PROJECT)-release: CXXFLAGS += $(RELEASE_CXXFLAGS) $(PCH_USE_CXXFLAGS)
$(PROJECT)-release: LDFLAGS += $(RELEASE_LDFLAGS)
$(PROJECT)-release: $(OBJ)
$(CXX) $^ $(CXXFLAGS) -o $@ $(LDFLAGS)
lib$(PROJECT)-release.a: CFLAGS+= $(RELEASE_CFLAGS) $(STATIC_FLAGS) $(STATIC_RELEASE_FLAGS)
lib$(PROJECT)-release.a: CXXFLAGS += $(RELEASE_CXXFLAGS) $(STATIC_FLAGS) $(STATIC_RELEASE_FLAGS)
lib$(PROJECT)-release.a: LDFLAGS += $(RELEASE_LDFLAGS)
lib$(PROJECT)-release.a: $(OBJ)
$(AR) rcs $@ $^
$(RANLIB) $@
lib$(PROJECT)-debug.a: CFLAGS+= $(DEBUG_CFLAGS) $(STATIC_FLAGS) $(STATIC_DEBUG_FLAGS)
lib$(PROJECT)-debug.a: CXXFLAGS += $(DEBUG_CXXFLAGS) $(STATIC_FLAGS) $(STATIC_DEBUG_FLAGS)
lib$(PROJECT)-debug.a: LDFLAGS += $(DEBUG_LDFLAGS)
lib$(PROJECT)-debug.a: $(OBJ)
$(AR) rcs $@ $^
$(RANLIB) $@
lib$(PROJECT)-release.so: CFLAGS+= $(RELEASE_CFLAGS) $(SHARED_FLAGS) $(SHARED_RELEASE_FLAGS)
lib$(PROJECT)-release.so: CXXFLAGS += $(RELEASE_CXXFLAGS) $(SHARED_FLAGS) $(SHARED_RELEASE_FLAGS)
lib$(PROJECT)-release.so: LDFLAGS += $(RELEASE_LDFLAGS)
lib$(PROJECT)-release.so: BINFLAGS += $(RELEASE_BINFLAGS)
lib$(PROJECT)-release.so: $(OBJ)
$(CXX) -shared $^ $(BINFLAGS) $(CXXFLAGS) -o $@ $(LDFLAGS)
$(STRIP) $@
$(PROJECT)-debug: CFLAGS+= $(DEBUG_CFLAGS) $(PCH_USE_CFLAGS)
$(PROJECT)-debug: CXXFLAGS += $(DEBUG_CXXFLAGS) $(PCH_USE_CXXFLAGS)
$(PROJECT)-debug: LDFLAGS += $(DEBUG_LDFLAGS)
$(PROJECT)-debug: $(OBJ)
$(CXX) $^ $(CXXFLAGS) -o $@ $(LDFLAGS)
pgo-reset:
find -O3 prof -type f -name \*.gcda -exec rm {} +
pgo-generate: CFLAGS+= $(RELEASE_CFLAGS) $(PCH_USE_CFLAGS)
pgo-generate: CXXFLAGS+= $(RELEASE_CXXFLAGS) $(PCH_USE_CXXFLAGS)
pgo-generate: LDFLAGS+= $(RELEASE_LDFLAGS)
pgo-generate: $(PGO_OBJ)
$(CXX) $^ $(CXXFLAGS) $(PROF_FLAGS) -o $@ $(LDFLAGS) $(PROF_FLAGS)
pgo-profile: | pgo-generate pgo-reset
set -e errexit && shopt -s inherit_errexit && set -eo pipefail; \
rm -rf $(PROF_LOCATION); \
for i in {0..$(PROF_ITERATIONS)}; do \
>&2 printf ">>> Iteration $$i \b\b"; \
mkdir -p $(PROF_LOCATION)/{direct,indirect}; \
for j in {0..$(PROF_LARGE_BOUND)}; do \
./pgo-generate; \
done > $(PROF_LOCATION)/full; \
for j in {0..$(PROF_SMALL_BOUND)}; do \
./pgo-generate > $(PROF_LOCATION)/direct/$$j; \
done; \
for j in {0..$(PROF_SMALL_BOUND)}; do \
./pgo-generate >> $(PROF_LOCATION)/indirect/$$i; \
done; \
for j in {0..$(PROF_SMALL_BOUND)}; do \
./pgo-generate > $(PROF_LOCATION)/direct/$$i-$$j & : ; \
done; \
for j in {0..$(PROF_SMALL_BOUND)}; do \
./pgo-generate >> $(PROF_LOCATION)/indirect/$$i-$$j & : ; \
done; \
for j in {0..$(PROF_SMALL_BOUND)}; do \
./pgo-generate >/dev/null & : ; \
done; \
wait; \
rm -rf $(PROF_LOCATION)/{direct,indirect,full}; \
>&2 printf "OK\r"; \
done
@echo ""
rm -rf $(PROF_LOCATION)
rm pgo-generate
pgo-use: CFLAGS+= $(RELEASE_CFLAGS) $(PCH_USE_CFLAGS)
pgo-use: CXXFLAGS+= $(RELEASE_CXXFLAGS) $(PCH_USE_CXXFLAGS)
pgo-use: LDFLAGS+= $(RELEASE_LDFLAGS)
pgo-use: PROF_FLAGS = -fprofile-use -fprofile-correction
pgo-use: $(PGO_OBJ)
$(CXX) $^ $(CXXFLAGS) $(PROF_FLAGS) -o $@ $(LDFLAGS) $(PROF_FLAGS)
$(PROJECT)-pgo: CFLAGS+= $(RELEASE_CFLAGS) $(PCH_USE_CFLAGS)
$(PROJECT)-pgo: CXXFLAGS+= $(RELEASE_CXXFLAGS) $(PCH_USE_CXXFLAGS)
$(PROJECT)-pgo: LDFLAGS+= $(RELEASE_LDFLAGS)
$(PROJECT)-pgo: pgo-profile
find -O3 ./prof -type f -name \*.o -exec rm {} +
$(MAKE) pgo-use
mv pgo-use $@
strip $@
lib$(PROJECT)-debug.so: CFLAGS+= $(DEBUG_CFLAGS) $(SHARED_FLAGS) $(SHARED_DEBUG_FLAGS)
lib$(PROJECT)-debug.so: CXXFLAGS += $(DEBUG_CXXFLAGS) $(SHARED_FLAGS) $(SHARED_DEBUG_FLAGS)
lib$(PROJECT)-debug.so: LDFLAGS += $(DEBUG_LDFLAGS)
lib$(PROJECT)-debug.so: BINFLAGS += $(DEBUG_BINFLAGS)
lib$(PROJECT)-debug.so: $(OBJ)
$(CXX) -shared $^ $(BINFLAGS) $(CXXFLAGS) -o $@ $(LDFLAGS)
lib$(PROJECT).a: lib$(PROJECT)-release.a
ln -f $< $@
lib$(PROJECT).so: LDFLAGS+= -Wl,-soname,lib$(PROJECT).so.$(VERSION_MAJOR)
lib$(PROJECT).so: lib$(PROJECT)-release.so
ln -f $< $@.$(VERSION)
ln -sf $@.$(VERSION) $@.$(VERSION_MAJOR)
ln -sf $@.$(VERSION_MAJOR) $@
clean-source:
find -O2 {obj,prof}/ -type f -exec rm {} +
@ -317,7 +342,26 @@ clean-rebuild: clean-source
clean: clean-rebuild
rm -f $(PROJECT)-{release,debug,pgo}
rm -f lib$(PROJECT){,-{release,debug,pgo}}.{a,so{,.*}}
rm -f $(PROJECT)-test
clean-full: clean
rm -rf {obj,prof}
install:
install -d $(DESTDIR)$(PREFIX)/lib/
install -m 644 lib$(PROJECT).a $(DESTDIR)$(PREFIX)/lib/
install -s -m 755 lib$(PROJECT).so.$(VERSION) $(DESTDIR)$(PREFIX)/lib/
ln -sf lib$(PROJECT).so.$(VERSION) $(DESTDIR)$(PREFIX)/lib/lib$(PROJECT).so.$(VERSION_MAJOR)
ln -sf lib$(PROJECT).so.$(VERSION_MAJOR) $(DESTDIR)$(PREFIX)/lib/lib$(PROJECT).so
install -d $(DESTDIR)$(PREFIX)/include/$(INCLUDE_PREFIX)
install -m 644 $(wildcard $(INCLUDE)/*.*) $(DESTDIR)$(PREFIX)/include/$(INCLUDE_PREFIX)
uninstall:
-rm $(DESTDIR)$(PREFIX)/lib/lib$(PROJECT).{a,so{,.*}}
cd $(INCLUDE) && find . -type f | xargs -I {} rm "$(DESTDIR)$(PREFIX)/include/$(INCLUDE_PREFIX){}"
[[ -d "$(DESTDIR)$(PREFIX)/include/$(INCLUDE_PREFIX)" ]] && \
rmdir $(DESTDIR)$(PREFIX)/include/$(INCLUDE_PREFIX) || :
#TODO: We can make the target between `{debug,release}{.a,.so}` configurable by call. e.g. `TARGET=release.a make test`
$(PROJECT)-test: lib$(PROJECT)-$(TARGET)
$(CC) $(CFLAGS) $(TEST_CFLAGS) src/test/*.c -o $@ -l:$< $(LDFLAGS) $(TEST_LDFLAGS)

@ -2,10 +2,14 @@
#define _IT_IFUNC_H
//! ifunc helpers
#if !IFUNC_PREFIX
#if !defined(IFUNC_PREFIX)
#define IFUNC_PREFIX _ifun__
#endif
#if !defined(IFUNC_IMPL_PREFIX)
#define IFUNC_IMPL_PREFIX _impl__
#endif
#define _IFUNC_STR_(X) #X
#define _IFUNC_STR(X) _IFUNC_STR_(X)
@ -16,10 +20,11 @@
#define _IFUNC_PREFIX(X) _IFUNC_PASTE(IFUNC_PREFIX, X)
#define IFUNC_NAME(name, ver) _impl__ ## name ## __ ## ver
#define IFUNC_NAME(name, ver) _IFUNC_PASTE(_IFUNC_PASTE(_IFUNC_PASTE(IFUNC_IMPL_PREFIX, name), __), ver)
#define IFUNC_IMPL(name, ver) __attribute__((copy(name))) IFUNC_NAME(name, ver)
#define IFUNC_RESOLVER_A(attr, name) __attribute__((returns_nonnull)) (* __attribute__(attr) _IFUNC_PREFIX(name) /*_ifun__ ## name*/ (void)) // When the ifunc resolver wants to return a function pointer that has attributes on it, the attribute inner list (e.g. `(returns_nonnull, const, nonnull)') can be provided as the first argument
#define IFUNC_RESOLVER(name) IFUNC_RESOLVER_A((copy(name)), name)
#define IFUNC_DEF(name, params) name params __attribute__((__ifunc__(_IFUNC_PREFIX_S #name)))
//TODO: Find out if changing visibility of IFUNC resolver is sound. If it is, set to hidden or internal.
#define IFUNC_DEF(name, params) name params __attribute__((/*__visibility__("internal"),*/ __ifunc__(_IFUNC_PREFIX_S #name)))
#endif /* _IT_IFUNC_H */

@ -1,15 +1,20 @@
#include <sys/syscall.h>
#include <sys/mman.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#define IFUNC_PREFIX _$ifun__
#define IFUNC_IMPL_PREFIX _$impl__
#include "ifunc.h"
#include <memfd_secret.h>
#define READ_ONCE(slot) ((__typeof__(slot))(*(const volatile __typeof__(slot)*)(slot)))
#define WRITE_ONCE(slot, value) (*((volatile __typeof__(slot)*)(slot)) = (value))
#define READ_ONCE(slot) ((__typeof__(slot))(*(const volatile __typeof__(slot)*)&(slot)))
#define WRITE_ONCE(slot, value) (*((volatile __typeof__(slot)*)&(slot)) = (value))
__attribute__((gnu_inline))
__attribute__((gnu_inline/*, always_inline*/))
static inline
int _memfd_secret_raw(unsigned int flags)
{
@ -26,7 +31,7 @@ static inline
int _has_memfd_secret_raw()
{
// Attempt syscall
int fd = _memfd_secret_raw(FD_CLOEXEC);
int fd = _memfd_secret(0); //XXX: NOTE: man page says `FD_CLOEXEC` is a valid flag, but using it returns `EINVAL`?
// If failure to create new fd was caused by `ENOSYS`, it is not available.
if(fd < 0 && errno == ENOSYS)
@ -69,8 +74,15 @@ int IFUNC_IMPL(memfd_secret, $enabled) (unsigned int flags)
__attribute__((visibility("hidden")))
int IFUNC_IMPL(memfd_secret, $disabled) (unsigned int flags)
{
if( FD_CLOEXEC != MEMFD_CLOEXEC ) { // NOTE: This is a constant expression, and this code will be removed if they are equal.
//TODO: Translate mask `flags`, from `FD_CLOEXEC` (if it is set) -> `MEMFD_CLOEXEC`.
// Translate mask `flags`, from `FD_CLOEXEC` (if it is set) -> `MEMFD_CLOEXEC`.
if( FD_CLOEXEC != MFD_CLOEXEC ) { // NOTE: This is a constant expression, and this code will be removed if they are equal.
// Check if all bit(s) of `FD_CLOEXEC` is in `flags`.
if((flags & FD_CLOEXEC) == FD_CLOEXEC) {
// Mask out the `FD_CLOEXEC` bit(s)
flags &= ~FD_CLOEXEC;
// Mask in the `MFD_CLOEXEC` bit(s)
flags |= MFD_CLOEXEC;
} // NOTE: We do not need to check cases where `flags & FD_CLOEXEC` is non-zero but the above branch is not hit, that would be an invalid call anyway. Plus I highly doubt any system will set `FD_CLOEXEC` to be more than 1 set bit anyway.
}
return memfd_create("memfd_secret@?", flags);
}

@ -0,0 +1,21 @@
#include <sys/mman.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>
#include <memfd_secret.h>
int main()
{
int fd = memfd_secret(0);
if(fd < 0) {
perror("memfd_secret() failed");
return 1;
}
printf("Created memfd_secret (sec: %d): fd = %d\n", (int)_has_memfd_secret(), fd);
close(fd);
return 0;
}
Loading…
Cancel
Save