Fix memfd_create in shared libraries on amd64 Linux < kernel 6.3

https://github.com/upx/upx/issues/929 modified: stub/src/amd64-linux.elf-so_fold.S plus generated .h .dump
2025-09-09 14:58:00 -07:00 · 2025-09-09 14:58:00 -07:00 · aef93548f9
commit aef93548f9
parent 26ca21f6cb
3 changed files with 1220 additions and 1202 deletions
--- a/src/stub/amd64-linux.elf-so_fold.h
+++ b/src/stub/amd64-linux.elf-so_fold.h
--- a/src/stub/src/amd64-linux.elf-so_fold.S
+++ b/src/stub/src/amd64-linux.elf-so_fold.S
@ -102,7 +102,7 @@ memcpy: .globl memcpy  // void *memcpy(void *dst, void const *src, size_t n)
 /* 64-bit mode only! */
 __NR_read=  0
 __NR_write= 1
-//__NR_open=  2
+__NR_open=  2
 __NR_openat= 257
  FD_CWD= -100
 __NR_close= 3
@ -190,8 +190,6 @@ exit: .globl exit
        push $ __NR_exit; 5: jmp 5f
 ftruncate: .globl ftruncate
        push $__NR_ftruncate; 5: jmp 5f
-memfd_create: .globl memfd_create
-        push $__NR_memfd_create; 5: jmp 5f
 close: .globl close
        push $ __NR_close; 5: jmp 5f
 openat: .globl openat
@ -202,4 +200,21 @@ write: .globl write
 read: .globl read
        push $ __NR_read; 5: jmp sysgo

+memfd_create: .globl memfd_create
+0:
+        movl $__NR_memfd_create,%eax; syscall
+        test %eax,%eax; js 1f; ret  // success
+1:
+        test %arg2l,%arg2l; jz no_memfd  // memfd_create failed twice
+        xor %arg2l,%arg2l; jmp 0b  // try again without MFD_EXEC
+no_memfd:  // so try /dev/shm
+O_RDWR= 2
+O_DIRECTORY= 0200000  // 0x010000
+O_TMPFILE= 020000000  // 0x400000
+        call 0f; .int 0700, O_RDWR|O_DIRECTORY|O_TMPFILE; .asciz "/dev/shm"; 0: pop %rsi
+        lodsl;            xchg %eax,%arg3l
+        lodsl; push %rsi; xchg %eax,%arg2l
+               pop %arg1
+        push $__NR_open; jmp sysgo
+
 // section SO_MAIN inserted here
--- a/src/stub/tmp/amd64-linux.elf-so_fold.bin.dump
+++ b/src/stub/tmp/amd64-linux.elf-so_fold.bin.dump
@ -8,18 +8,18 @@ Idx Name          Size      VMA               LMA               File off  Algn
  3 SO_MAIN       0813  0  0  0150  2**4  CONTENTS
  4 SO_HEAD       044  0  0  0963  2**0  CONTENTS
  5 ptr_NEXT      0  0  0  09a7  2**0  CONTENTS
-  6 SO_TAIL       0c9  0  0  09a7  2**0  CONTENTS
-  7 EXP_HEAD      0e9  0  0  0a70  2**0  CONTENTS
-  8 NRV2E         0e8  0  0  0b59  2**0  CONTENTS
-  9 NRV2D         0db  0  0  0c41  2**0  CONTENTS
- 10 NRV2B         0c4  0  0  0d1c  2**0  CONTENTS
- 11 LZMA_DAISY    0a  0  0  0de0  2**0  CONTENTS
- 12 LZMA_ELF00    065  0  0  0dea  2**0  CONTENTS
- 13 LZMA_DEC10    09f7  0  0  0e4f  2**0  CONTENTS
- 14 LZMA_DEC20    09f7  0  0  01846  2**0  CONTENTS
- 15 LZMA_DEC30    019  0  0  0223d  2**0  CONTENTS
- 16 EXP_TAIL      014  0  0  02258  2**2  CONTENTS
- 17 STRCON        04b  0  0  0226c  2**0  CONTENTS
+  6 SO_TAIL       0fa  0  0  09a7  2**0  CONTENTS
+  7 EXP_HEAD      0e9  0  0  0aa1  2**0  CONTENTS
+  8 NRV2E         0e8  0  0  0b8a  2**0  CONTENTS
+  9 NRV2D         0db  0  0  0c72  2**0  CONTENTS
+ 10 NRV2B         0c4  0  0  0d4d  2**0  CONTENTS
+ 11 LZMA_DAISY    0a  0  0  0e11  2**0  CONTENTS
+ 12 LZMA_ELF00    065  0  0  0e1b  2**0  CONTENTS
+ 13 LZMA_DEC10    09f7  0  0  0e80  2**0  CONTENTS
+ 14 LZMA_DEC20    09f7  0  0  01877  2**0  CONTENTS
+ 15 LZMA_DEC30    019  0  0  0226e  2**0  CONTENTS
+ 16 EXP_TAIL      014  0  0  02288  2**2  CONTENTS
+ 17 STRCON        04b  0  0  0229c  2**0  CONTENTS
 SYMBOL TABLE:
 0000000000000000 l    d  SO_HEAD 0 SO_HEAD
 0000000000000000 l    d  EXP_HEAD 0 EXP_HEAD
@ -54,22 +54,22 @@ SYMBOL TABLE:
 0000000000000000 g     F UMF_LINUX 0f9 upx_mmap_and_fd_linux
 0000000000000000 g     F SO_TAIL 0 eof
 00000000000004c3 g     F SO_MAIN 0b9 prep_SELinux
-00000000000000c1 g       SO_TAIL 0 write
+00000000000000ba g       SO_TAIL 0 write
 00000000000003fa g     F SO_MAIN 01d PF_to_PROT
-00000000000000af g       SO_TAIL 0 memfd_create
-00000000000000c5 g       SO_TAIL 0 read
+00000000000000c2 g       SO_TAIL 0 memfd_create
+00000000000000be g       SO_TAIL 0 read
 0000000000000184 g     F SO_MAIN 0ef make_hatch
 0000000000000013 g       SO_TAIL 0 memset
 0000000000000042 g       SO_TAIL 0 msync
 0000000000000011 g       SO_TAIL 0 my_bkpt
 0000000000000046 g       SO_TAIL 0 Pprotect
-00000000000000c1 g       SO_TAIL 0 Pwrite
+00000000000000ba g       SO_TAIL 0 Pwrite
 0000000000000095 g       SO_TAIL 0 Punmap
 00000000000000a7 g       SO_TAIL 0 exit
-00000000000000ba g       SO_TAIL 0 openat
+00000000000000b3 g       SO_TAIL 0 openat
 0000000000000080 g       SO_TAIL 0 open
 0000000000000057 g       SO_TAIL 0 mprotect
-00000000000000b6 g       SO_TAIL 0 close
+00000000000000af g       SO_TAIL 0 close
 000000000000057c g     F SO_MAIN 0297 upx_so_main

 RELOCATION RECORDS FOR [HUMF_A]: