samsung-klte: backport memfd_create() syscall and related stuff

This merge request brings in several patches needed to add support for a memfd_create() syscall into kernel version 3.4 from kernel version 3.17 (!). This is required for running lxc >= 3.1.0-r1 with security patch that fixes CVE-2019-5736.

In short, security issue was that in a privileged container root process could overwrite lxc-start executable by opening its file descriptor and rewriting executable contents. This is where memfd comes to help: you can create an in-memory file, copy your executable there, and place a set of SEALS to protect it from modifying at a deep level. Then you fexecve() that fd and you're safe.

This elminates the need for me to keep a forked lxc package that is built without mentioned CVE-2019-5736 fix, thus not requiring memfd_create() syscall.

This backports the following commits:

• 0009-Backport-cache-the-value-of-file_inode-in-struct-file - commit from 3.10 to have an f_inode member inside struct file and a helper function file_inode() that is used in some of the following commits
• 0010-Backport-shm-add-sealing-API - that miraculous SEALS you can put on memfd file
• 0011-Backport-shm-add-memfd_create-syscall - the syscall itself
• 0012-Backport-asm-generic-add-memfd_create-system-call-to-unistd.h and 0013-Backport-ARM-wire-up-memfd_create-syscall are needed to make the syscall visible/usable from userspace, one in generic context, other for ARM arch.

I wrote a small test program to test this syscall, taking parts of code from lxc, it is there: https://github.com/minlexx/test_memfd/blob/master/main.c . Running it on my phone without these backports results in:

klte:~/dev/test_memfd/build$ ./test_memfd_exec 
Hello, World!
Function not implemented - Failed to rexec as memfd
Failed to re-execute liblxc via memory file descriptor

Now it succeds:

Later I've confirmed that original upstream unmodified lxc runs my android in container without issues.

Oh, and also this MR moves kernel base commit to a newer one in lineageOS 14.1 branch. It got ~10 commits with various backports/fixes, too (see the commits on Jun 19, 2019).

added category::device type::feature labels

assigned to @minlexx

By Alexey Min on 2019-07-03T19:24:56

changed the description

By Alexey Min on 2019-07-03T19:25:56

Here's the kernel branch with all of the patches applied, for reference: https://github.com/minlexx/android_kernel_samsung_msm8974/commits/postmarketos-7.1-next

By Alexey Min on 2019-07-03T19:31:25

added 2 commits

• 9620435c - 1 commit from branch postmarketOS:master
• 6beff624 - linux-samsung-klte: backport memfd_create() syscall and related stuff (!479 (merged))

Compare with previous version

By Alexey Min on 2019-07-03T19:33:24

Do you think it would be good to apply those patches to all devices? Or do we just need it for devices where we want to use libhybris?

By Luca Weiss on 2019-07-03T20:58:21

changed the description

By Alexey Min on 2019-07-03T20:17:26

changed the description

By Alexey Min on 2019-07-03T21:52:57

added 1 commit

• fed37d04 - linux-samsung-klte: backport memfd_create() syscall and related stuff (!479 (merged))

Compare with previous version

By Alexey Min on 2019-07-05T14:13:11

changed the description

By Alexey Min on 2019-07-05T14:16:34

resolved all threads

By Alexey Min on 2019-07-05T14:30:54

added 3 commits

• fed37d04...975640fc - 2 commits from branch postmarketOS:master
• 20fc2009 - linux-samsung-klte: backport memfd_create() syscall and related stuff (!479 (merged))

Compare with previous version

By Alexey Min on 2019-07-05T21:48:00

Example strace from device: https://paste.sr.ht/%7Eminlexx/3450653a9d69b8fe2d6418fcdc79e81ce3e2112b

Commits fixed, this is now ready for review

By Alexey Min on 2019-07-05T22:55:42

Change looks good to me!

@minlexx: you have written a great MR description above. Would you mind to put that content into the commit message as well, with an eye on the best practices?

@MartijnBraam, maybe it makes sense to integrate that neat test program with hwtest? (I know that hwtest is written in python, but still.)

By Oliver Smith on 2019-07-06T15:20:38

approved this merge request

By Oliver Smith on 2019-07-06T01:50:58

I don't think that test_memfd_exec fits into what hwtest is designed to do - which is to check if hardware is working and not if some security features are implemented correctly.

What I would do is, if we want to go down the backporting rabbit hole, is create a test suite of tools which check if a backport is applied (correctly); which would include this test_memfd_exec utility.

On a kind of unrelated note, I've also looked into backporting the commit for IFA_F_NOPREFIXROUTE (which we have a workaround in the dhcpcd package) but it didn't seem easy on 3.4 unfortunately.

By Luca Weiss on 2019-07-09T19:27:27

added 6 commits

• 20fc2009...17ab67d2 - 5 commits from branch postmarketOS:master
• 296aa286 - samsung-klte: backport memfd_create() syscall (!479 (merged))

Compare with previous version

By Alexey Min on 2019-07-06T15:45:48

changed title from linux-samsung-klte: backport memfd_create() syscall and related stuff to samsung-klte: backport memfd_create() syscall and related stuff

By Alexey Min on 2019-07-06T15:51:01

resolved all threads

By Alexey Min on 2019-07-06T16:49:27

added 1 commit

• 2fb18b5d - samsung-klte: backport memfd_create() syscall (!479 (merged))

Compare with previous version

By Oliver Smith on 2019-07-09T19:23:15

resolved all threads

By Oliver Smith on 2019-07-09T19:27:32

approved this merge request

By Oliver Smith on 2019-07-09T19:27:39

Thanks again @minlexx, let's ship this!

By Oliver Smith on 2019-07-09T19:28:09

merged

By Oliver Smith on 2019-07-09T19:28:17

mentioned in commit 2fb18b5d

By Alexey Min on 2019-07-11T17:50:33

mentioned in issue #703 (closed)

By Alexey Min on 2020-07-30T17:03:58