From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Wed, 8 Mar 2023 13:42:24 +0000 (+0100)
Subject: memfd-util: Add memfd_new_and_seal()
X-Git-Tag: v254-rc1~1066^2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=44777d7ad6b22ab65a9361b2519bc4b516b02eab;p=thirdparty%2Fsystemd.git

memfd-util: Add memfd_new_and_seal()
---

diff --git a/src/basic/memfd-util.c b/src/basic/memfd-util.c
index fb86ac2b5ba..96024bc485d 100644
--- a/src/basic/memfd-util.c
+++ b/src/basic/memfd-util.c
@@ -133,3 +133,34 @@ int memfd_new_and_map(const char *name, size_t sz, void **p) {
 
         return TAKE_FD(fd);
 }
+
+int memfd_new_and_seal(const char *name, const void *data, size_t sz) {
+        _cleanup_close_ int fd = -EBADF;
+        ssize_t n;
+        off_t f;
+        int r;
+
+        assert(data || sz == 0);
+
+        fd = memfd_new(name);
+        if (fd < 0)
+                return fd;
+
+        if (sz > 0) {
+                n = write(fd, data, sz);
+                if (n < 0)
+                        return -errno;
+                if ((size_t) n != sz)
+                        return -EIO;
+
+                f = lseek(fd, 0, SEEK_SET);
+                if (f != 0)
+                        return -errno;
+        }
+
+        r = memfd_set_sealed(fd);
+        if (r < 0)
+                return r;
+
+        return TAKE_FD(fd);
+}
diff --git a/src/basic/memfd-util.h b/src/basic/memfd-util.h
index 8596c1a3690..d6da268da05 100644
--- a/src/basic/memfd-util.h
+++ b/src/basic/memfd-util.h
@@ -8,6 +8,7 @@
 
 int memfd_new(const char *name);
 int memfd_new_and_map(const char *name, size_t sz, void **p);
+int memfd_new_and_seal(const char *name, const void *data, size_t sz);
 
 int memfd_map(int fd, uint64_t offset, size_t size, void **p);
 
diff --git a/src/journal/fuzz-journald-native-fd.c b/src/journal/fuzz-journald-native-fd.c
index 9adbb8b0dc5..edbf834478d 100644
--- a/src/journal/fuzz-journald-native-fd.c
+++ b/src/journal/fuzz-journald-native-fd.c
@@ -23,11 +23,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
         dummy_server_init(&s, NULL, 0);
 
-        sealed_fd = memfd_new(NULL);
+        sealed_fd = memfd_new_and_seal(NULL, data, size);
         assert_se(sealed_fd >= 0);
-        assert_se(write(sealed_fd, data, size) == (ssize_t) size);
-        assert_se(memfd_set_sealed(sealed_fd) >= 0);
-        assert_se(lseek(sealed_fd, 0, SEEK_SET) == 0);
         ucred = (struct ucred) {
                 .pid = getpid_cached(),
                 .uid = geteuid(),
diff --git a/src/shared/data-fd-util.c b/src/shared/data-fd-util.c
index 895d8e8b334..2baba0c5f1c 100644
--- a/src/shared/data-fd-util.c
+++ b/src/shared/data-fd-util.c
@@ -31,7 +31,6 @@ int acquire_data_fd(const void *data, size_t size, unsigned flags) {
         _cleanup_close_ int fd = -EBADF;
         int isz = 0, r;
         ssize_t n;
-        off_t f;
 
         assert(data || size == 0);
 
@@ -59,23 +58,13 @@ int acquire_data_fd(const void *data, size_t size, unsigned flags) {
                 return RET_NERRNO(open("/dev/null", O_RDONLY|O_CLOEXEC|O_NOCTTY));
 
         if ((flags & ACQUIRE_NO_MEMFD) == 0) {
-                fd = memfd_new("data-fd");
-                if (fd < 0)
-                        goto try_pipe;
-
-                n = write(fd, data, size);
-                if (n < 0)
-                        return -errno;
-                if ((size_t) n != size)
-                        return -EIO;
+                fd = memfd_new_and_seal("data-fd", data, size);
+                if (fd < 0) {
+                        if (ERRNO_IS_NOT_SUPPORTED(fd))
+                                goto try_pipe;
 
-                f = lseek(fd, 0, SEEK_SET);
-                if (f != 0)
-                        return -errno;
-
-                r = memfd_set_sealed(fd);
-                if (r < 0)
-                        return r;
+                        return fd;
+                }
 
                 return TAKE_FD(fd);
         }