• Alexey Min's avatar
    samsung-klte: backport memfd_create() syscall (!479) · 2fb18b5d
    Alexey Min authored
    This brings in several patches needed to add support for a
    memfd_create() syscall into kernel version 3.4 from kernel
    version 3.17. This is required for running lxc >= 3.1.0-r1
    with security patch that fixes CVE-2019-5736.
    In short, security issue was: in a privileged container root
    process could overwrite lxc-start executable by opening its
    file descriptor and rewriting executable contents. This is
    where memfd comes to help: you can create an in-memory file,
    copy your executable there, and place a set of SEALS to protect
    it from modifying at a deep level. Then you fexecve() that fd
    and you're safe.
    For example, pulseaudio also can benefit from having
    memfd_create() implemented.
    This backports the following commits from upstream linux:
     - dd37978c50bc8b354e5c4633f69387f16572fdac: cache the value
       of file_inode() in struct file
       commit from linux-3.10 to have an f_inode member inside
       struct file and a helper function file_inode() that is
       used in some of the following commits
     - 40e041a2c858b3caefc757e26cb85bfceae5062b shm: add sealing API
       from 3.17: security measure called SEALS, that you can put
       on memfd file to restrict operations on it
     - 9183df25fe7b194563db3fec6dc3202a5855839c shm: add memfd_create()
       also from 3.17
     - 503e6636b6f96056210062be703356f4253b6db9 asm-generic: add
       memfd_create system call to unistd.h
     - e57e41931134e09fc6c03c8d4eb19d516cc6e59b ARM: wire up
       memfd_create syscall
    The last two are needed to make the syscall visible/usable from
    userspace, one in generic context, other for ARM arch.
    The test program (https://github.com/minlexx/test_memfd/) was
    written to verify that this works.
    [ci:skip-build]: already built successfully in CI
0010-Backport-shm-add-sealing-API.patch 12.8 KB