5 changed files with 170 additions and 66 deletions
--- a/SOURCES/libffi-3.1-libffi_tmpdir.patch
+++ b/SOURCES/libffi-3.1-libffi_tmpdir.patch
@ -0,0 +1,17 @@
 Most temp file directories need to be hardened against execution, but
 libffi needs execute privileges.  Add a libffi-specific temp directory
 that can be set up by sysadmins as needed with suitable permissions.
 This both ensures that libffi will have a valid temp directory to use
 as well as preventing attempts to access other directories.
 diff -rup a/src/closures.c b/src/closures.c
 --- a/src/closures.c	2014-05-11 09:54:19.000000000 -0400
 +++ b/src/closures.c	2020-04-29 20:50:00.454853909 -0400
@@ -362,6 +362,7 @@ static struct
   const char *arg;
   int repeat;
 } open_temp_exec_file_opts[] = {
 +  { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
   { open_temp_exec_file_env, "TMPDIR", 0 },
   { open_temp_exec_file_dir, "/tmp", 0 },
   { open_temp_exec_file_dir, "/var/tmp", 0 },
--- a/SOURCES/libffi-3.1-memfd.patch
+++ b/SOURCES/libffi-3.1-memfd.patch
@ -0,0 +1,120 @@
 From 5c63b463b87d3c06102a4a7f05f395929d9ea79b Mon Sep 17 00:00:00 2001
 From: DJ Delorie <dj@delorie.com>
 Date: Wed, 2 Dec 2020 16:14:27 -0500
 Subject: Use memfd_create() (#604)
 memfd_create creates a file in a memory-only filesystem that may
 bypass strict security protocols in filesystem-based temporary
 files.
 diff -rup a/configure.ac b/configure.ac
 --- a/configure.ac	2014-05-11 09:57:49.000000000 -0400
 +++ b/configure.ac	2021-11-03 17:41:31.935391831 -0400
@@ -63,6 +63,9 @@ EOF
 AM_MAINTAINER_MODE
 +AC_CHECK_HEADERS(sys/memfd.h)
 +AC_CHECK_FUNCS([memfd_create])
 +
 AC_CHECK_HEADERS(sys/mman.h)
 AC_CHECK_FUNCS(mmap)
 AC_FUNC_MMAP_BLACKLIST
 diff -rup a/configure b/configure
 --- a/configure	2014-05-19 09:44:03.000000000 -0400
 +++ b/configure	2021-11-18 17:29:45.484951520 -0500
@@ -16976,6 +16976,30 @@ fi
 +for ac_header in sys/memfd.h
 +do :
 +  ac_fn_c_check_header_mongrel "$LINENO" "sys/memfd.h" "ac_cv_header_sys_memfd_h" "$ac_includes_default"
 +if test "x$ac_cv_header_sys_memfd_h" = xyes; then :
 +  cat >>confdefs.h <<_ACEOF
 +#define HAVE_SYS_MEMFD_H 1
 +_ACEOF
 +
 +fi
 +
 +done
 +
 +for ac_func in memfd_create
 +do :
 +  ac_fn_c_check_func "$LINENO" "memfd_create" "ac_cv_func_memfd_create"
 +if test "x$ac_cv_func_memfd_create" = xyes; then :
 +  cat >>confdefs.h <<_ACEOF
 +#define HAVE_MEMFD_CREATE 1
 +_ACEOF
 +
 +fi
 +done
 +
 +
 for ac_header in sys/mman.h
 do :
   ac_fn_c_check_header_mongrel "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "$ac_includes_default"
 diff -rup a/fficonfig.h.in b/fficonfig.h.in
 --- a/fficonfig.h.in	2014-05-19 09:44:04.000000000 -0400
 +++ b/fficonfig.h.in	2021-11-18 17:45:39.000000000 -0500
@@ -79,6 +79,9 @@
 /* Define to 1 if you have the `memcpy' function. */
 #undef HAVE_MEMCPY
 +/* Define to 1 if you have the `memfd_create' function. */
 +#undef HAVE_MEMFD_CREATE
 +
 /* Define to 1 if you have the <memory.h> header file. */
 #undef HAVE_MEMORY_H
@@ -109,6 +112,9 @@
 /* Define to 1 if you have the <string.h> header file. */
 #undef HAVE_STRING_H
 +/* Define to 1 if you have the <sys/memfd.h> header file. */
 +#undef HAVE_SYS_MEMFD_H
 +
 /* Define to 1 if you have the <sys/mman.h> header file. */
 #undef HAVE_SYS_MMAN_H
 diff -rup a/src/closures.c b/src/closures.c
 --- a/src/closures.c	2021-11-03 17:37:37.841416436 -0400
 +++ b/src/closures.c	2021-11-03 17:43:19.027498783 -0400
@@ -117,6 +117,9 @@
 #endif /* HAVE_MNTENT */
 #include <sys/param.h>
 #include <pthread.h>
 +#ifdef  HAVE_SYS_MEMFD_H
 +#include <sys/memfd.h>
 +#endif
 /* We don't want sys/mman.h to be included after we redefine mmap and
    dlmunmap.  */
@@ -263,6 +266,17 @@ static int execfd = -1;
 /* The amount of space already allocated from the temporary file.  */
 static size_t execsize = 0;
 +#ifdef HAVE_MEMFD_CREATE
 +/* Open a temporary file name, and immediately unlink it.  */
 +static int
 +open_temp_exec_file_memfd (const char *name)
 +{
 +  int fd;
 +  fd = memfd_create (name, MFD_CLOEXEC);
 +  return fd;
 +}
 +#endif
 +
 /* Open a temporary file name, and immediately unlink it.  */
 static int
 open_temp_exec_file_name (char *name, int flags)
@@ -382,6 +396,9 @@ static struct
   const char *arg;
   int repeat;
 } open_temp_exec_file_opts[] = {
 +#ifdef HAVE_MEMFD_CREATE
 +  { open_temp_exec_file_memfd, "libffi", 0 },
 +#endif
   { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
   { open_temp_exec_file_env, "TMPDIR", 0 },
   { open_temp_exec_file_dir, "/tmp", 0 },
--- a/SOURCES/libffi-3.1-rh2014228.patch
+++ b/SOURCES/libffi-3.1-rh2014228.patch
@ -0,0 +1,13 @@
 diff -rup a/src/closures.c b/src/closures.c
 --- a/src/closures.c	2022-11-16 15:27:45.632725415 -0500
 +++ b/src/closures.c	2022-11-18 13:56:17.948172306 -0500
@@ -140,6 +140,9 @@ selinux_enabled_check (void)
   char *buf = NULL;
   size_t len = 0;
 +  if (access ("/etc/sysconfig/libffi-force-shared-memory-check-first", F_OK) >= 0)
 +    return 0;
 +
   if (statfs ("/selinux", &sfs) >= 0
       && (unsigned int) sfs.f_type == 0xf97cff8cU)
     return 1;
--- a/SOURCES/libffi-rh1652930.patch
+++ b/SOURCES/libffi-rh1652930.patch
@ -1,63 +0,0 @@
 Also flush the code alias mapping when creating a closure.  It seems
 that this is necessary on some aarch64 implementations.  The existing
 code only flashes the writable mapping.
 diff -rup a/include/ffi_common.h b/include/ffi_common.h
 --- a/include/ffi_common.h	2014-04-25 13:45:13.000000000 -0400
 +++ b/include/ffi_common.h	2019-06-14 14:12:04.387499160 -0400
@@ -82,6 +82,10 @@ ffi_status ffi_prep_cif_machdep(ffi_cif
 ffi_status ffi_prep_cif_machdep_var(ffi_cif *cif,
 	 unsigned int nfixedargs, unsigned int ntotalargs);
 +/* Translate a data pointer to a code pointer.  Needed for closures on
 +   some targets.  */
 +void *ffi_data_to_code_pointer (void *data) FFI_HIDDEN;
 +
 /* Extended cif, used in callback from assembly routine */
 typedef struct
 {
 Only in b/include: ffi_common.h.orig
 diff -rup a/src/aarch64/ffi.c b/src/aarch64/ffi.c
 --- a/src/aarch64/ffi.c	2019-06-14 14:11:03.485469505 -0400
 +++ b/src/aarch64/ffi.c	2019-06-14 14:12:04.392499162 -0400
@@ -926,6 +926,10 @@ ffi_prep_closure_loc (ffi_closure* closu
   FFI_INIT_TRAMPOLINE (&closure->tramp[0], &ffi_closure_SYSV, codeloc,
 		       cif->aarch64_flags);
 +  /* Also clear the cache on the executable alias mapping.  */
 +  unsigned char *code = ffi_data_to_code_pointer (&closure->tramp[0]);
 +  ffi_clear_cache (code, code + FFI_TRAMPOLINE_SIZE);
 +
   closure->cif  = cif;
   closure->user_data = user_data;
   closure->fun  = fun;
 Only in b/src/aarch64: ffi.c.orig
 diff -rup a/src/closures.c b/src/closures.c
 --- a/src/closures.c	2014-05-11 09:54:19.000000000 -0400
 +++ b/src/closures.c	2019-06-14 14:12:04.396499164 -0400
@@ -597,6 +597,13 @@ ffi_closure_alloc (size_t size, void **c
   return ptr;
 }
 +void *
 +ffi_data_to_code_pointer (void *data)
 +{
 +  msegmentptr seg = segment_holding (gm, data);
 +  return add_segment_exec_offset (data, seg);
 +}
 +
 /* Release a chunk of memory allocated with ffi_closure_alloc.  If
    FFI_CLOSURE_FREE_CODE is nonzero, the given address can be the
    writable or the executable address given.  Otherwise, only the
@@ -656,5 +663,11 @@ ffi_closure_free (void *ptr)
   free (ptr);
 }
 +void *
 +ffi_data_to_code_pointer (void *data)
 +{
 +  return data;
 +}
 +
 # endif /* ! FFI_MMAP_EXEC_WRIT */
 #endif /* FFI_CLOSURES */
--- a/SPECS/libffi.spec
+++ b/SPECS/libffi.spec
@ -2,7 +2,7 @@
 Name:		libffi
 Version:	3.1
-Release:	20%{?dist}
+Release:	24%{?dist}
 Summary:	A portable foreign function interface library
 Group:		System Environment/Libraries
@ -15,8 +15,10 @@ Patch0:		libffi-3.1-fix-include-path.patch
 Patch1:		libffi-3.1-fix-exec-stack.patch
 Patch2:		libffi-aarch64-rhbz1174037.patch
 Patch3:		libffi-3.1-aarch64-fix-exec-stack.patch
 Patch4:		libffi-rh1652930.patch
 Patch5:		libffi-3.1-closures-Create-temporary-file-with-O_TMPFILE-and-O_.patch
 Patch6:		libffi-3.1-libffi_tmpdir.patch
 Patch7:		libffi-3.1-memfd.patch
 Patch8:		libffi-3.1-rh2014228.patch
 %description
 Compilers for high level languages generate code that follow certain
@ -65,8 +67,10 @@ developing applications that use %{name}.
 %patch1 -p1 -b .execstack
 %patch2 -p1 -b .aarch64
 %patch3 -p1 -b .aarch64execstack
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %patch8 -p1
 %build
@ -127,6 +131,19 @@ fi
 %{_infodir}/libffi.info.gz
 %changelog
 * Wed Nov 16 2022 DJ Delorie <dj@redhat.com> - 3.1-24
 - Use /etc/sysconfig/libffi-force-shared-memory-check-first to
  override selinux permissions check for shared memory access (#2014228)
 * Fri Nov 19 2021 DJ Delorie <dj@redhat.com> - 3.1-23
 - Use memfd_create() to allocate closures (#1875340)
 * Wed May 6 2020 DJ Delorie <dj@redhat.com> - 3.1-22
 - Add $LIBFFI_TMPDIR environment variable support (#1723951)
 * Thu Aug 1 2019 DJ Delorie <dj@redhat.com> - 3.1-21
 - Revert 1652930 until 1721569 can be fixed (#1652930)
 * Fri Jun 14 2019 DJ Delorie <dj@redhat.com> - 3.1-20
 - closures: Create temporary file with O_TMPFILE and O_CLOEXEC (#1720600)