package/weston/0002-shared-guard-all-the-seal-logic-behind-HAVE_MEMFD_CR.patch - buildroot - Git at Google

 From f0d3a6149158f682230ae9a1e69289431974f635 Mon Sep 17 00:00:00 2001
 From: Sebastian Wick <sebastian@sebastianwick.net>
 Date: Wed, 5 Feb 2020 10:27:23 +0100
 Subject: [PATCH] shared: guard all the seal logic behind HAVE_MEMFD_CREATE

 The initial version of os_ro_anonymous_file missed two guards around the
 seal logic which leads to a compilation error on older systems.

 Also make the check for a read-only file symmetric in
 os_ro_anonymous_file_get_fd and os_ro_anonymous_file_put_fd.

 Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>
 [james.hilliard1@gmail.com: backport from upstream commit
 f0d3a6149158f682230ae9a1e69289431974f635]
 Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
 ---
  shared/os-compatibility.c | 15 +++++++++------
  1 file changed, 9 insertions(+), 6 deletions(-)

 diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
 index 041c929f..2e12b7cc 100644
 --- a/shared/os-compatibility.c
 +++ b/shared/os-compatibility.c
 @@ -340,6 +340,7 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
  	void *src, *dst;
  	int seals, fd;

 +#ifdef HAVE_MEMFD_CREATE
  	seals = fcntl(file->fd, F_GET_SEALS);

  	/* file was sealed for read-only and we don't have to support MAP_SHARED
 @@ -348,6 +349,7 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
  	if (seals != -1 && mapmode == RO_ANONYMOUS_FILE_MAPMODE_PRIVATE &&
  	    (seals & READONLY_SEALS) == READONLY_SEALS)
  		return file->fd;
 +#endif

  	/* for all other cases we create a new anonymous file that can be mapped
  	 * with MAP_SHARED and copy the contents to it and return that instead
 @@ -388,17 +390,18 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
  int
  os_ro_anonymous_file_put_fd(int fd)
  {
 +#ifdef HAVE_MEMFD_CREATE
  	int seals = fcntl(fd, F_GET_SEALS);
  	if (seals == -1 && errno != EINVAL)
  		return -1;

 -	/* If the fd cannot be sealed seals is -1 at this point
 -	 * or the file can be sealed but has not been sealed for writing.
 -	 * In both cases we created a new anonymous file that we have to
 -	 * close.
 +	/* The only case in which we do NOT have to close the file is when the file
 +	 * was sealed for read-only
  	 */
 -	if (seals == -1 || !(seals & F_SEAL_WRITE))
 -		close(fd);
 +	if (seals != -1 && (seals & READONLY_SEALS) == READONLY_SEALS)
 +		return 0;
 +#endif

 +	close(fd);
  	return 0;
  }
 --
 2.20.1
	From f0d3a6149158f682230ae9a1e69289431974f635 Mon Sep 17 00:00:00 2001
	From: Sebastian Wick <sebastian@sebastianwick.net>
	Date: Wed, 5 Feb 2020 10:27:23 +0100
	Subject: [PATCH] shared: guard all the seal logic behind HAVE_MEMFD_CREATE

	The initial version of os_ro_anonymous_file missed two guards around the
	seal logic which leads to a compilation error on older systems.

	Also make the check for a read-only file symmetric in
	os_ro_anonymous_file_get_fd and os_ro_anonymous_file_put_fd.

	Signed-off-by: Sebastian Wick <sebastian@sebastianwick.net>
	[james.hilliard1@gmail.com: backport from upstream commit
	f0d3a6149158f682230ae9a1e69289431974f635]
	Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
	---
	shared/os-compatibility.c \| 15 +++++++++------
	1 file changed, 9 insertions(+), 6 deletions(-)

	diff --git a/shared/os-compatibility.c b/shared/os-compatibility.c
	index 041c929f..2e12b7cc 100644
	--- a/shared/os-compatibility.c
	+++ b/shared/os-compatibility.c
	@@ -340,6 +340,7 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
	void src, dst;
	int seals, fd;

	+#ifdef HAVE_MEMFD_CREATE
	seals = fcntl(file->fd, F_GET_SEALS);

	/* file was sealed for read-only and we don't have to support MAP_SHARED
	@@ -348,6 +349,7 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
	if (seals != -1 && mapmode == RO_ANONYMOUS_FILE_MAPMODE_PRIVATE &&
	(seals & READONLY_SEALS) == READONLY_SEALS)
	return file->fd;
	+#endif

	/* for all other cases we create a new anonymous file that can be mapped
	* with MAP_SHARED and copy the contents to it and return that instead
	@@ -388,17 +390,18 @@ os_ro_anonymous_file_get_fd(struct ro_anonymous_file *file,
	int
	os_ro_anonymous_file_put_fd(int fd)
	{
	+#ifdef HAVE_MEMFD_CREATE
	int seals = fcntl(fd, F_GET_SEALS);
	if (seals == -1 && errno != EINVAL)
	return -1;

	- /* If the fd cannot be sealed seals is -1 at this point
	- * or the file can be sealed but has not been sealed for writing.
	- * In both cases we created a new anonymous file that we have to
	- * close.
	+ /* The only case in which we do NOT have to close the file is when the file
	+ * was sealed for read-only
	*/
	- if (seals == -1 \|\| !(seals & F_SEAL_WRITE))
	- close(fd);
	+ if (seals != -1 && (seals & READONLY_SEALS) == READONLY_SEALS)
	+ return 0;
	+#endif

	+ close(fd);
	return 0;
	}
	--
	2.20.1