From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 16 Dec 2024 10:28:46 +0000 (+0100)
Subject: memfd-util: introduce memfd_new_full() helper
X-Git-Tag: v258-rc1~1831^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d98709cb2d04525e3e96917128dfa7fd58a5125;p=thirdparty%2Fsystemd.git

memfd-util: introduce memfd_new_full() helper

This is just like memfd_new(), but allows fine grained control of the
sealing flags.

This switches over all uses of memfd_new() where we actually want
sealing to use memfd_new_full().

This then allows use to use memfd_new() for two further calls, where we
previously used the more lowlevel memfd_create_wrapper().
---

diff --git a/src/basic/memfd-util.c b/src/basic/memfd-util.c
index 42ceb93545c..3bcb5c9582c 100644
--- a/src/basic/memfd-util.c
+++ b/src/basic/memfd-util.c
@@ -41,7 +41,7 @@ int memfd_create_wrapper(const char *name, unsigned mode) {
         return RET_NERRNO(memfd_create(name, mode_compat));
 }
 
-int memfd_new(const char *name) {
+int memfd_new_full(const char *name, unsigned extra_flags) {
         _cleanup_free_ char *g = NULL;
 
         if (!name) {
@@ -70,7 +70,9 @@ int memfd_new(const char *name) {
                 }
         }
 
-        return memfd_create_wrapper(name, MFD_ALLOW_SEALING | MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+        return memfd_create_wrapper(
+                        name,
+                        MFD_CLOEXEC | MFD_NOEXEC_SEAL | extra_flags);
 }
 
 int memfd_add_seals(int fd, unsigned int seals) {
@@ -183,7 +185,7 @@ int memfd_new_and_seal(const char *name, const void *data, size_t sz) {
         if (sz == SIZE_MAX)
                 sz = strlen(data);
 
-        fd = memfd_new(name);
+        fd = memfd_new_full(name, MFD_ALLOW_SEALING);
         if (fd < 0)
                 return fd;
 
diff --git a/src/basic/memfd-util.h b/src/basic/memfd-util.h
index 020dccb4f6a..06af55c1b00 100644
--- a/src/basic/memfd-util.h
+++ b/src/basic/memfd-util.h
@@ -8,8 +8,13 @@
 
 int memfd_create_wrapper(const char *name, unsigned mode);
 
-int memfd_new(const char *name);
+int memfd_new_full(const char *name, unsigned extra_flags);
+static inline int memfd_new(const char *name) {
+        return memfd_new_full(name, 0);
+}
+
 int memfd_new_and_map(const char *name, size_t sz, void **p);
+
 int memfd_new_and_seal(const char *name, const void *data, size_t sz);
 static inline int memfd_new_and_seal_string(const char *name, const char *s) {
         return memfd_new_and_seal(name, s, SIZE_MAX);
diff --git a/src/home/homed-home.c b/src/home/homed-home.c
index 751b197be8a..fd9d90be902 100644
--- a/src/home/homed-home.c
+++ b/src/home/homed-home.c
@@ -1271,7 +1271,7 @@ static int home_start_work(
 
         log_debug("Sending to worker: %s", formatted);
 
-        stdout_fd = memfd_create_wrapper("homework-stdout", MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+        stdout_fd = memfd_new("homework-stdout");
         if (stdout_fd < 0)
                 return stdout_fd;
 
diff --git a/src/libsystemd/sd-journal/journal-send.c b/src/libsystemd/sd-journal/journal-send.c
index bbfe9cf0fad..93f9fc9df02 100644
--- a/src/libsystemd/sd-journal/journal-send.c
+++ b/src/libsystemd/sd-journal/journal-send.c
@@ -22,6 +22,7 @@
 #include "iovec-util.h"
 #include "journal-send.h"
 #include "memfd-util.h"
+#include "missing_mman.h"
 #include "missing_syscall.h"
 #include "process-util.h"
 #include "socket-util.h"
@@ -313,7 +314,7 @@ _public_ int sd_journal_sendv(const struct iovec *iov, int n) {
 
         /* Message doesn't fit... Let's dump the data in a memfd or temporary file and just pass a file
          * descriptor of it to the other side. */
-        buffer_fd = memfd_new("journal-data");
+        buffer_fd = memfd_new_full("journal-data", MFD_ALLOW_SEALING);
         if (buffer_fd < 0)
                 return buffer_fd;
 
diff --git a/src/shared/data-fd-util.c b/src/shared/data-fd-util.c
index 4ef41005646..2a9549f0c2b 100644
--- a/src/shared/data-fd-util.c
+++ b/src/shared/data-fd-util.c
@@ -57,7 +57,7 @@ int copy_data_fd(int fd) {
         if (!S_ISREG(st.st_mode) || (uint64_t) st.st_size < DATA_FD_MEMORY_LIMIT) {
 
                 /* Try a memfd first */
-                copy_fd = memfd_new("data-fd");
+                copy_fd = memfd_new_full("data-fd", MFD_ALLOW_SEALING);
                 if (copy_fd < 0)
                         return copy_fd;
 
diff --git a/src/shared/serialize.c b/src/shared/serialize.c
index eb490aa2c4a..8fce19ce903 100644
--- a/src/shared/serialize.c
+++ b/src/shared/serialize.c
@@ -547,8 +547,9 @@ void deserialize_ratelimit(RateLimit *rl, const char *name, const char *value) {
 }
 
 int open_serialization_fd(const char *ident) {
+        assert(ident);
 
-        int fd = memfd_create_wrapper(ident, MFD_CLOEXEC | MFD_NOEXEC_SEAL);
+        int fd = memfd_new(ident);
         if (fd < 0)
                 return fd;
 
diff --git a/src/test/test-memfd-util.c b/src/test/test-memfd-util.c
index f8e1b460753..d38397a3f3b 100644
--- a/src/test/test-memfd-util.c
+++ b/src/test/test-memfd-util.c
@@ -5,6 +5,7 @@
 #include "errno-util.h"
 #include "fd-util.h"
 #include "memfd-util.h"
+#include "missing_mman.h"
 #include "string-util.h"
 #include "tests.h"
 
@@ -12,7 +13,7 @@ TEST(memfd_get_sealed) {
 #define TEST_TEXT "this is some random test text we are going to write to a memfd"
         _cleanup_close_ int fd = -EBADF;
 
-        fd = memfd_new("test-memfd-get-sealed");
+        fd = memfd_new_full("test-memfd-get-sealed", MFD_ALLOW_SEALING);
         if (fd < 0) {
                 assert_se(ERRNO_IS_NOT_SUPPORTED(fd));
                 return;