From 73843b52585d42cc1a970a1c664818ece6942e9e Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 30 Oct 2014 18:28:37 +0100 Subject: [PATCH 1/1] memfd: always use our internal utility functions where we have them --- src/journal/journal-send.c | 11 ++++++----- src/journal/journald-native.c | 5 ++--- src/libsystemd/sd-bus/bus-kernel.c | 13 +++---------- src/libsystemd/sd-bus/bus-message.c | 11 ++++++----- 4 files changed, 17 insertions(+), 23 deletions(-) diff --git a/src/journal/journal-send.c b/src/journal/journal-send.c index bfc404e37..0ee83cdb7 100644 --- a/src/journal/journal-send.c +++ b/src/journal/journal-send.c @@ -32,6 +32,7 @@ #include "sd-journal.h" #include "util.h" #include "socket-util.h" +#include "memfd.h" #define SNDBUF_SIZE (8*1024*1024) @@ -313,16 +314,16 @@ _public_ int sd_journal_sendv(const struct iovec *iov, int n) { * here, since we want this to be a tmpfs, and one that is * available from early boot on and where unprivileged users * can create files. */ - buffer_fd = memfd_create("journal-message", MFD_ALLOW_SEALING | MFD_CLOEXEC); + buffer_fd = memfd_new(NULL); if (buffer_fd < 0) { - if (errno == ENOSYS) { + if (buffer_fd == -ENOSYS) { buffer_fd = open_tmpfile("/dev/shm", O_RDWR | O_CLOEXEC); if (buffer_fd < 0) return buffer_fd; seal = false; } else - return -errno; + return buffer_fd; } n = writev(buffer_fd, w, j); @@ -330,9 +331,9 @@ _public_ int sd_journal_sendv(const struct iovec *iov, int n) { return -errno; if (seal) { - r = fcntl(buffer_fd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE | F_SEAL_SEAL); + r = memfd_set_sealed(buffer_fd); if (r < 0) - return -errno; + return r; } mh.msg_iov = NULL; diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c index 6a9ae8a6c..d3735ec73 100644 --- a/src/journal/journald-native.c +++ b/src/journal/journald-native.c @@ -33,6 +33,7 @@ #include "journald-console.h" #include "journald-syslog.h" #include "journald-wall.h" +#include "memfd.h" bool valid_user_field(const char *p, size_t l, bool allow_protected) { const char *a; @@ -319,9 +320,7 @@ void server_process_native_file( /* If it's a memfd, check if it is sealed. If so, we can just * use map it and use it, and do not need to copy the data * out. */ - r = fcntl(fd, F_GET_SEALS); - sealed = r >= 0 && - (r & (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL)) == (F_SEAL_SHRINK|F_SEAL_GROW|F_SEAL_WRITE|F_SEAL_SEAL); + sealed = memfd_get_sealed(fd) > 0; if (!sealed && (!ucred || ucred->uid != 0)) { _cleanup_free_ char *sl = NULL, *k = NULL; diff --git a/src/libsystemd/sd-bus/bus-kernel.c b/src/libsystemd/sd-bus/bus-kernel.c index 3f8b0ab65..6692d9b7f 100644 --- a/src/libsystemd/sd-bus/bus-kernel.c +++ b/src/libsystemd/sd-bus/bus-kernel.c @@ -1118,20 +1118,13 @@ int bus_kernel_pop_memfd(sd_bus *bus, void **address, size_t *mapped, size_t *al assert_se(pthread_mutex_lock(&bus->memfd_cache_mutex) >= 0); if (bus->n_memfd_cache <= 0) { - _cleanup_free_ char *g = NULL; int r; assert_se(pthread_mutex_unlock(&bus->memfd_cache_mutex) >= 0); - assert(bus->connection_name); - - g = bus_label_escape(bus->connection_name); - if (!g) - return -ENOMEM; - - r = memfd_create(g, MFD_ALLOW_SEALING|MFD_CLOEXEC); + r = memfd_new(bus->connection_name); if (r < 0) - return -errno; + return r; *address = NULL; *mapped = 0; @@ -1188,7 +1181,7 @@ void bus_kernel_push_memfd(sd_bus *bus, int fd, void *address, size_t mapped, si /* If overly long, let's return a bit to the OS */ if (mapped > max_mapped) { - assert_se(ftruncate(fd, max_mapped) >= 0); + assert_se(memfd_set_size(fd, max_mapped) >= 0); assert_se(munmap((uint8_t*) address + max_mapped, PAGE_ALIGN(mapped - max_mapped)) >= 0); c->mapped = c->allocated = max_mapped; } else { diff --git a/src/libsystemd/sd-bus/bus-message.c b/src/libsystemd/sd-bus/bus-message.c index 1362a60f0..0eea32b64 100644 --- a/src/libsystemd/sd-bus/bus-message.c +++ b/src/libsystemd/sd-bus/bus-message.c @@ -1097,10 +1097,10 @@ static int part_make_space( uint64_t new_allocated; new_allocated = PAGE_ALIGN(sz > 0 ? 2 * sz : 1); - r = ftruncate(part->memfd, new_allocated); + r = memfd_set_size(part->memfd, new_allocated); if (r < 0) { m->poisoned = true; - return -errno; + return r; } part->allocated = new_allocated; @@ -2820,11 +2820,12 @@ int bus_message_seal(sd_bus_message *m, uint64_t cookie, usec_t timeout) { /* Then, sync up real memfd size */ sz = part->size; - if (ftruncate(part->memfd, sz) < 0) - return -errno; + r = memfd_set_size(part->memfd, sz); + if (r < 0) + return r; /* Finally, try to seal */ - if (fcntl(part->memfd, F_ADD_SEALS, F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE) >= 0) + if (memfd_set_sealed(part->memfd) >= 0) part->sealed = true; } } -- 2.30.2