Skip to content

samsung-klte: backport memfd_create() syscall and related stuff

Administrator requested to merge minlexx/klte-backport-memfd into master

This merge request brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17 (!). This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736.

In short, security issue was that in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe.

This elminates the need for me to keep a forked lxc package that is built without mentioned CVE-2019-5736 fix, thus not requiring memfd_create() syscall.

This backports the following commits:

  • 0009-Backport-cache-the-value-of-file_inode-in-struct-file - commit from 3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits
  • 0010-Backport-shm-add-sealing-API - that miraculous SEALS you can put on memfd file
  • 0011-Backport-shm-add-memfd_create-syscall - the syscall itself
  • 0012-Backport-asm-generic-add-memfd_create-system-call-to-unistd.h and 0013-Backport-ARM-wire-up-memfd_create-syscall are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch.

I wrote a small test program to test this syscall, taking parts of code from lxc, it is there: https://github.com/minlexx/test_memfd/blob/master/main.c . Running it on my phone without these backports results in:

klte:~/dev/test_memfd/build$ ./test_memfd_exec 
Hello, World!
Function not implemented - Failed to rexec as memfd
Failed to re-execute liblxc via memory file descriptor

Now it succeds: image

Later I've confirmed that original upstream unmodified lxc runs my android in container without issues.

Oh, and also this MR moves kernel base commit to a newer one in lineageOS 14.1 branch. It got ~10 commits with various backports/fixes, too (see the commits on Jun 19, 2019).

Edited by Administrator

Merge request reports