1*795d594fSAndroid Build Coastguard Worker /*
2*795d594fSAndroid Build Coastguard Worker * Copyright (C) 2018 The Android Open Source Project
3*795d594fSAndroid Build Coastguard Worker *
4*795d594fSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*795d594fSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*795d594fSAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*795d594fSAndroid Build Coastguard Worker *
8*795d594fSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*795d594fSAndroid Build Coastguard Worker *
10*795d594fSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*795d594fSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*795d594fSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*795d594fSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*795d594fSAndroid Build Coastguard Worker * limitations under the License.
15*795d594fSAndroid Build Coastguard Worker */
16*795d594fSAndroid Build Coastguard Worker
17*795d594fSAndroid Build Coastguard Worker #include "memfd.h"
18*795d594fSAndroid Build Coastguard Worker
19*795d594fSAndroid Build Coastguard Worker #include <errno.h>
20*795d594fSAndroid Build Coastguard Worker #include <stdio.h>
21*795d594fSAndroid Build Coastguard Worker #if !defined(_WIN32)
22*795d594fSAndroid Build Coastguard Worker #include <fcntl.h>
23*795d594fSAndroid Build Coastguard Worker #include <sys/syscall.h>
24*795d594fSAndroid Build Coastguard Worker #include <sys/utsname.h>
25*795d594fSAndroid Build Coastguard Worker #include <unistd.h>
26*795d594fSAndroid Build Coastguard Worker #endif
27*795d594fSAndroid Build Coastguard Worker #if defined(__BIONIC__)
28*795d594fSAndroid Build Coastguard Worker #include <linux/memfd.h> // To access memfd flags.
29*795d594fSAndroid Build Coastguard Worker #endif
30*795d594fSAndroid Build Coastguard Worker
31*795d594fSAndroid Build Coastguard Worker #include <android-base/logging.h>
32*795d594fSAndroid Build Coastguard Worker #include <android-base/unique_fd.h>
33*795d594fSAndroid Build Coastguard Worker
34*795d594fSAndroid Build Coastguard Worker #include "macros.h"
35*795d594fSAndroid Build Coastguard Worker
36*795d594fSAndroid Build Coastguard Worker namespace art {
37*795d594fSAndroid Build Coastguard Worker
38*795d594fSAndroid Build Coastguard Worker #if defined(__NR_memfd_create)
39*795d594fSAndroid Build Coastguard Worker
memfd_create(const char * name,unsigned int flags)40*795d594fSAndroid Build Coastguard Worker int memfd_create(const char* name, unsigned int flags) {
41*795d594fSAndroid Build Coastguard Worker // Check kernel version supports memfd_create(). Some older kernels segfault executing
42*795d594fSAndroid Build Coastguard Worker // memfd_create() rather than returning ENOSYS (b/116769556).
43*795d594fSAndroid Build Coastguard Worker static constexpr int kRequiredMajor = 3;
44*795d594fSAndroid Build Coastguard Worker static constexpr int kRequiredMinor = 17;
45*795d594fSAndroid Build Coastguard Worker struct utsname uts;
46*795d594fSAndroid Build Coastguard Worker int major, minor;
47*795d594fSAndroid Build Coastguard Worker if (uname(&uts) != 0 ||
48*795d594fSAndroid Build Coastguard Worker strcmp(uts.sysname, "Linux") != 0 ||
49*795d594fSAndroid Build Coastguard Worker sscanf(uts.release, "%d.%d", &major, &minor) != 2 ||
50*795d594fSAndroid Build Coastguard Worker (major < kRequiredMajor || (major == kRequiredMajor && minor < kRequiredMinor))) {
51*795d594fSAndroid Build Coastguard Worker errno = ENOSYS;
52*795d594fSAndroid Build Coastguard Worker return -1;
53*795d594fSAndroid Build Coastguard Worker }
54*795d594fSAndroid Build Coastguard Worker
55*795d594fSAndroid Build Coastguard Worker return syscall(__NR_memfd_create, name, flags);
56*795d594fSAndroid Build Coastguard Worker }
57*795d594fSAndroid Build Coastguard Worker
58*795d594fSAndroid Build Coastguard Worker #else // __NR_memfd_create
59*795d594fSAndroid Build Coastguard Worker
60*795d594fSAndroid Build Coastguard Worker int memfd_create([[maybe_unused]] const char* name, [[maybe_unused]] unsigned int flags) {
61*795d594fSAndroid Build Coastguard Worker errno = ENOSYS;
62*795d594fSAndroid Build Coastguard Worker return -1;
63*795d594fSAndroid Build Coastguard Worker }
64*795d594fSAndroid Build Coastguard Worker
65*795d594fSAndroid Build Coastguard Worker #endif // __NR_memfd_create
66*795d594fSAndroid Build Coastguard Worker
67*795d594fSAndroid Build Coastguard Worker // This is a wrapper that will attempt to simulate memfd_create if normal running fails.
memfd_create_compat(const char * name,unsigned int flags)68*795d594fSAndroid Build Coastguard Worker int memfd_create_compat(const char* name, unsigned int flags) {
69*795d594fSAndroid Build Coastguard Worker int res = memfd_create(name, flags);
70*795d594fSAndroid Build Coastguard Worker if (res >= 0) {
71*795d594fSAndroid Build Coastguard Worker return res;
72*795d594fSAndroid Build Coastguard Worker }
73*795d594fSAndroid Build Coastguard Worker #if !defined(_WIN32)
74*795d594fSAndroid Build Coastguard Worker // Try to create an anonymous file with tmpfile that we can use instead.
75*795d594fSAndroid Build Coastguard Worker if (flags == 0) {
76*795d594fSAndroid Build Coastguard Worker FILE* file = tmpfile();
77*795d594fSAndroid Build Coastguard Worker if (file != nullptr) {
78*795d594fSAndroid Build Coastguard Worker // We want the normal 'dup' semantics since memfd_create without any flags isn't CLOEXEC.
79*795d594fSAndroid Build Coastguard Worker // Unfortunately on some android targets we will compiler error if we use dup directly and so
80*795d594fSAndroid Build Coastguard Worker // need to use fcntl.
81*795d594fSAndroid Build Coastguard Worker int nfd = fcntl(fileno(file), F_DUPFD, /*lowest allowed fd*/ 0);
82*795d594fSAndroid Build Coastguard Worker fclose(file);
83*795d594fSAndroid Build Coastguard Worker return nfd;
84*795d594fSAndroid Build Coastguard Worker }
85*795d594fSAndroid Build Coastguard Worker }
86*795d594fSAndroid Build Coastguard Worker #endif
87*795d594fSAndroid Build Coastguard Worker return res;
88*795d594fSAndroid Build Coastguard Worker }
89*795d594fSAndroid Build Coastguard Worker
90*795d594fSAndroid Build Coastguard Worker #if defined(__BIONIC__)
91*795d594fSAndroid Build Coastguard Worker
IsSealFutureWriteSupportedInternal()92*795d594fSAndroid Build Coastguard Worker static bool IsSealFutureWriteSupportedInternal() {
93*795d594fSAndroid Build Coastguard Worker android::base::unique_fd fd(art::memfd_create("test_android_memfd", MFD_ALLOW_SEALING));
94*795d594fSAndroid Build Coastguard Worker if (fd == -1) {
95*795d594fSAndroid Build Coastguard Worker LOG(INFO) << "memfd_create failed: " << strerror(errno) << ", no memfd support.";
96*795d594fSAndroid Build Coastguard Worker return false;
97*795d594fSAndroid Build Coastguard Worker }
98*795d594fSAndroid Build Coastguard Worker
99*795d594fSAndroid Build Coastguard Worker if (fcntl(fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE) == -1) {
100*795d594fSAndroid Build Coastguard Worker LOG(INFO) << "fcntl(F_ADD_SEALS) failed: " << strerror(errno) << ", no memfd support.";
101*795d594fSAndroid Build Coastguard Worker return false;
102*795d594fSAndroid Build Coastguard Worker }
103*795d594fSAndroid Build Coastguard Worker
104*795d594fSAndroid Build Coastguard Worker LOG(INFO) << "Using memfd for future sealing";
105*795d594fSAndroid Build Coastguard Worker return true;
106*795d594fSAndroid Build Coastguard Worker }
107*795d594fSAndroid Build Coastguard Worker
IsSealFutureWriteSupported()108*795d594fSAndroid Build Coastguard Worker bool IsSealFutureWriteSupported() {
109*795d594fSAndroid Build Coastguard Worker static bool is_seal_future_write_supported = IsSealFutureWriteSupportedInternal();
110*795d594fSAndroid Build Coastguard Worker return is_seal_future_write_supported;
111*795d594fSAndroid Build Coastguard Worker }
112*795d594fSAndroid Build Coastguard Worker
113*795d594fSAndroid Build Coastguard Worker #else
114*795d594fSAndroid Build Coastguard Worker
IsSealFutureWriteSupported()115*795d594fSAndroid Build Coastguard Worker bool IsSealFutureWriteSupported() {
116*795d594fSAndroid Build Coastguard Worker return false;
117*795d594fSAndroid Build Coastguard Worker }
118*795d594fSAndroid Build Coastguard Worker
119*795d594fSAndroid Build Coastguard Worker #endif
120*795d594fSAndroid Build Coastguard Worker
121*795d594fSAndroid Build Coastguard Worker } // namespace art
122