[pulseaudio-commits] [Git][pulseaudio/pulseaudio][master] shm: use MFD_NOEXEC_SEAL for shared memory

PulseAudio Marge Bot (@pulseaudio-merge-bot) gitlab at gitlab.freedesktop.org
Sat Aug 12 16:01:54 UTC 2023



PulseAudio Marge Bot pushed to branch master at PulseAudio / pulseaudio


Commits:
7d063d65 by Rudi Heitbaum at 2023-08-12T15:58:11+00:00
shm: use MFD_NOEXEC_SEAL for shared memory

ref: https://lore.kernel.org/lkml/20221207154939.2532830-4-jeffxu@google.com/

The new MFD_NOEXEC_SEAL and MFD_EXEC flags allows application to
set executable bit at creation time (memfd_create).

When MFD_NOEXEC_SEAL is set, memfd is created without executable bit
(mode:0666), and sealed with F_SEAL_EXEC, so it can't be chmod to
be executable (mode: 0777) after creation.

when MFD_EXEC flag is set, memfd is created with executable bit
(mode:0777), this is the same as the old behavior of memfd_create.

Signed-off-by: Rudi Heitbaum <rudi at heitbaum.com>
Part-of: <https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/merge_requests/792>

- - - - -


2 changed files:

- src/pulsecore/memfd-wrappers.h
- src/pulsecore/shm.c


Changes:

=====================================
src/pulsecore/memfd-wrappers.h
=====================================
@@ -66,4 +66,8 @@ static inline int memfd_create(const char *name, unsigned int flags) {
 
 #endif /* HAVE_MEMFD && !HAVE_MEMFD_CREATE */
 
+#ifndef MFD_NOEXEC_SEAL
+#define MFD_NOEXEC_SEAL   0x0008U
+#endif
+
 #endif


=====================================
src/pulsecore/shm.c
=====================================
@@ -164,7 +164,7 @@ static int sharedmem_create(pa_shm *m, pa_mem_type_t type, size_t size, mode_t m
 #endif
 #ifdef HAVE_MEMFD
     case PA_MEM_TYPE_SHARED_MEMFD:
-        fd = memfd_create("pulseaudio", MFD_ALLOW_SEALING|MFD_CLOEXEC);
+        fd = memfd_create("pulseaudio", MFD_ALLOW_SEALING|MFD_CLOEXEC|MFD_NOEXEC_SEAL);
         break;
 #endif
     default:



View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/7d063d6544b9a2686c6ea5929abf1612d394bd41

-- 
View it on GitLab: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/commit/7d063d6544b9a2686c6ea5929abf1612d394bd41
You're receiving this email because of your account on gitlab.freedesktop.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/pulseaudio-commits/attachments/20230812/68d81130/attachment-0001.htm>


More information about the pulseaudio-commits mailing list