summaryrefslogtreecommitdiffstats
path: root/src/basic/memfd-util.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* basic/memfd: fix memfd_map() seal testDavid Rheinsberg2023-08-011-5/+6
| | | | | | | | | | | | | Private mappings are required when F_SEAL_WRITE is set on a memfd, because otherwise you could end up with writable mappings through mprotect() and other calls. This is a limitation of the kernel implementation, and might be lifted by future extensions. Regardless, the current code tests for the full `is_sealed()` before using MAP_PRIVATE. This might end up using MAP_SHARED for write-sealed memfds, which will be refused by the kernel. Fix this and make memfd_map() check for exactly `F_SEAL_WRITE`.
* basic/memfd: add fcntl() wrappersDavid Rheinsberg2023-08-011-8/+25
| | | | | Add wrappers around GET/ADD_SEALS to allow future use outside of the current `memfd_get/set_sealed()` helpers.
* basic/memfd: reduce default seals to historic setDavid Rheinsberg2023-08-011-7/+1
| | | | | | | | | | | | | | | | Rather than always setting all seals, make `memfd_set_seals()` employ the original set of seals, that is: SEAL+GROW+SHRINK+WRITE Historically, the memfd code was used with the out-of-tree memfd patches, which merely supported a single seal ("SEALED", which effectively was GROW+SHRINK+WRITE). When the code was adapted to the upstream memfd seals, it was extended to the full seal set. With more and more seals being added upstream, this because more problematic. In particular, it is unclear what the function really is meant to achieve. Instead of just adding all seals, the function is returned to its original purpose: seal the memfd so futher modifications to its content are prevented.
* basic/memfd: drop test for F_SEAL_SEALDavid Rheinsberg2023-08-011-1/+1
| | | | | | | | | | | | | | | | | | With `F_SEAL_SEAL` a memfd can disable further sealing operations, effectively sealing the set of seals. Testing for it ensures that no further seals can be added, it never prevents seals from being dropped, since seals cannot be dropped, ever. Now testing for `F_SEAL_SEAL` makes sense if you want to ensure that some seals are *not* set. That is, you either test for the entire set of seals to match a local set, or you verify that a specific seal is not set. Neither is what we are doing, so it feels wrong requiring it to be set. By dropping the requirement for `F_SEAL_SEAL`, the same FD can be shared with other entities while retaining the ability to further restrict the set of seals later on (e.g., being able to mark a region as executable later on, and then adding `F_SEAL_EXEC`).
* memfd-util: set F_SEAL_EXEC flag if supportedYu Watanabe2023-05-161-1/+7
|
* memfd-util: memfd may also have F_SEAL_EXEC flagYu Watanabe2023-05-161-1/+2
| | | | | | Follow-up for c29715a8f77d96cd731b4a3083b3a852b3b61eb8. Fixes #27608.
* treewide: memfd_create: use exec flagsThomas Weißschuh2023-03-151-1/+1
| | | | | | | | | | | | | Use the flags MEMFD_EXEC or MEMFD_NOEXEC_SEAL as applicable. These warnings instruct the kernel wether the memfd is executable or not. Without specifying those flags the kernel will emit the following warning since version 6.3, commit 105ff5339f49 ("mm/memfd: add MFD_NOEXEC_SEAL and MFD_EXEC"): kernel: memfd_create() without MFD_EXEC nor MFD_NOEXEC_SEAL, pid=1 'systemd'
* memfd-util: add wrapper for memfd_createThomas Weißschuh2023-03-151-0/+16
| | | | | The wrapper removes the flags MFD_EXEC and MFD_NOEXEC_SEAL when running on kernels not understanding those flags.
* memfd-util: Add memfd_new_and_seal()Daan De Meyer2023-03-091-0/+31
|
* tree-wide: use -EBADF for fd initializationZbigniew Jędrzejewski-Szmek2022-12-191-1/+1
| | | | | | | | | | | | | | | | -1 was used everywhere, but -EBADF or -EBADFD started being used in various places. Let's make things consistent in the new style. Note that there are two candidates: EBADF 9 Bad file descriptor EBADFD 77 File descriptor in bad state Since we're initializating the fd, we're just assigning a value that means "no fd yet", so it's just a bad file descriptor, and the first errno fits better. If instead we had a valid file descriptor that became invalid because of some operation or state change, the other errno would fit better. In some places, initialization is dropped if unnecessary.
* tree-wide: use new RET_NERRNO() helper at various placesLennart Poettering2021-11-161-24/+5
|
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* tree-wide: drop missing.hYu Watanabe2019-10-311-3/+3
|
* tree-wide: get rid of strappend()Lennart Poettering2019-07-121-1/+1
| | | | | It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* macro: introduce new TAKE_FD() macroLennart Poettering2018-03-221-4/+1
| | | | | | | This is similar to TAKE_PTR() but operates on file descriptors, and thus assigns -1 to the fd parameter after returning it. Removes 60 lines from our codebase. Pretty good too I think.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-041-1/+1
| | | | | | | | | | | | | | | The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* basic: re-sort includesThomas Hindoe Paaboel Andersen2015-12-011-1/+1
| | | | | My previous patch to only include what we use accidentially placed the added inlcudes in non-sorted order.
* basic: include only what we useThomas Hindoe Paaboel Andersen2015-11-301-1/+4
| | | | | This is a cleaned up result of running iwyu but without forward declarations on src/basic.
* util-lib: split out allocation calls into alloc-util.[ch]Lennart Poettering2015-10-271-0/+1
|
* util-lib: split out fd-related operations into fd-util.[ch]Lennart Poettering2015-10-251-1/+2
| | | | | There are more than enough to deserve their own .c file, hence move them over.
* util-lib: split our string related calls from util.[ch] into its own file ↵Lennart Poettering2015-10-241-7/+7
| | | | | | | | | | | | | | string-util.[ch] There are more than enough calls doing string manipulations to deserve its own files, hence do something about it. This patch also sorts the #include blocks of all files that needed to be updated, according to the sorting suggestions from CODING_STYLE. Since pretty much every file needs our string manipulation functions this effectively means that most files have sorted #include blocks now. Also touches a few unrelated include files.
* build-sys: split internal basic/ library from shared/Kay Sievers2015-06-111-0/+171
basic/ can be used by everything cannot use anything outside of basic/ libsystemd/ can use basic/ cannot use shared/ shared/ can use libsystemd/