pmaports/device/unmaintained/linux-samsung-klte-downstream/0012-Backport-asm-generic-add-memfd_create-system-call-to-unistd.h.patch

42 lines
1.4 KiB
Diff
Raw Normal View History

samsung-klte: backport memfd_create() syscall (!479) This brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17. This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736. In short, security issue was: in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe. For example, pulseaudio also can benefit from having memfd_create() implemented. This backports the following commits from upstream linux: - dd37978c50bc8b354e5c4633f69387f16572fdac: cache the value of file_inode() in struct file commit from linux-3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits - 40e041a2c858b3caefc757e26cb85bfceae5062b shm: add sealing API from 3.17: security measure called SEALS, that you can put on memfd file to restrict operations on it - 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create() syscall also from 3.17 - 503e6636b6f96056210062be703356f4253b6db9 asm-generic: add memfd_create system call to unistd.h - e57e41931134e09fc6c03c8d4eb19d516cc6e59b ARM: wire up memfd_create syscall The last two are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch. The test program (https://github.com/minlexx/test_memfd/) was written to verify that this works. [ci:skip-build]: already built successfully in CI
2019-07-01 00:29:30 +00:00
From b307cbc85399f0aeee3747e1ace50ca036f77c96 Mon Sep 17 00:00:00 2001
From: Will Deacon <will.deacon@arm.com>
Date: Tue, 2 Jul 2019 02:47:26 +0300
Subject: [PATCH 4/5] asm-generic: add memfd_create system call to unistd.h
Commit 9183df25fe7b ("shm: add memfd_create() syscall") added a new
system call (memfd_create) but didn't update the asm-generic unistd
header.
This patch adds the new system call to the asm-generic version of
unistd.h so that it can be used by architectures such as arm64.
Cc: Arnd Bergmann <arnd@arndb.de>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
---
include/asm-generic/unistd.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/include/asm-generic/unistd.h b/include/asm-generic/unistd.h
index ae8513b32af..a4fafc379f5 100644
--- a/include/asm-generic/unistd.h
+++ b/include/asm-generic/unistd.h
@@ -693,9 +693,13 @@ __SC_COMP(__NR_process_vm_writev, sys_process_vm_writev, \
compat_sys_process_vm_writev)
#define __NR_seccomp 277
__SYSCALL(__NR_seccomp, sys_seccomp)
+/*#define __NR_getrandom 278
+__SYSCALL(__NR_getrandom, sys_getrandom) unfortunately getrandom is not backported yet */
+#define __NR_memfd_create 279
+__SYSCALL(__NR_memfd_create, sys_memfd_create)
#undef __NR_syscalls
-#define __NR_syscalls 278
+#define __NR_syscalls 280
/*
* All syscalls below here should go away really,
--
2.20.1