Support new memfd_secret linux syscall (447)

memfd_secret is a new syscall in linux 5.14. memfd_secret() is
disabled by default and a command-line option needs to be added to
enable it at boot time.

$ cat /proc/cmdline
[...] secretmem.enable=y

https://bugs.kde.org/451878
https://lwn.net/Articles/865256/

diff --git a/coregrind/m_syswrap/priv_syswrap-linux.h b/coregrind/m_syswrap/priv_syswrap-linux.h
index baf362f112fac1e285a8d9c567040d50384f4cac..d929caf5edd0dc4b728db9915c75a459b6c5fd2e 100644 (file)
--- a/coregrind/m_syswrap/priv_syswrap-linux.h
+++ b/coregrind/m_syswrap/priv_syswrap-linux.h
@@ -323,6 +323,9 @@ DECL_TEMPLATE(linux, sys_io_uring_register);
 // Linux-specific (new in Linux 5.9)
 DECL_TEMPLATE(linux, sys_close_range);
 
+// Linux-specific (new in Linux 5.14)
+DECL_TEMPLATE(linux, sys_memfd_secret);
+
 /* ---------------------------------------------------------------------
    Wrappers for sockets and ipc-ery.  These are split into standalone
    procedures because x86-linux hides them inside multiplexors

diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c
index 18b25f80ae1a542801dc4b0832534da5ed07395b..430907c49ebc54c381b122d3e17e9d420ee0b961 100644 (file)
--- a/coregrind/m_syswrap/syswrap-amd64-linux.c
+++ b/coregrind/m_syswrap/syswrap-amd64-linux.c
@@ -880,6 +880,8 @@ static SyscallTableEntry syscall_table[] = {
    LINXY(__NR_close_range,       sys_close_range),       // 436
 
    LINX_(__NR_faccessat2,       sys_faccessat2),        // 439
+
+   LINXY(__NR_memfd_secret,      sys_memfd_secret),      // 447
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/coregrind/m_syswrap/syswrap-arm64-linux.c b/coregrind/m_syswrap/syswrap-arm64-linux.c
index 2066a38ea9ab2ac15bdf4d2890c68a275c756cc9..3ed71e143b7644cb9f3b696872e6a04afc379c4e 100644 (file)
--- a/coregrind/m_syswrap/syswrap-arm64-linux.c
+++ b/coregrind/m_syswrap/syswrap-arm64-linux.c
@@ -835,6 +835,8 @@ static SyscallTableEntry syscall_main_table[] = {
    LINXY(__NR_close_range,       sys_close_range),       // 436
 
    LINX_(__NR_faccessat2,        sys_faccessat2),        // 439
+
+   LINXY(__NR_memfd_secret,      sys_memfd_secret),      // 447
 };
 
 

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index e2fafd4213abfa43e5791ec3f5d07e32754a4308..70aaec2f2d68d977b71b5125fb84d3a4ef9fdc12 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -4116,6 +4116,24 @@ POST(sys_memfd_create)
    }
 }
 
+PRE(sys_memfd_secret)
+{
+   PRINT("sys_memfd_secret ( %#" FMT_REGWORD "x )", ARG1);
+   PRE_REG_READ1(int, "memfd_secret", unsigned int, flags);
+}
+
+POST(sys_memfd_secret)
+{
+   vg_assert(SUCCESS);
+   if (!ML_(fd_allowed)(RES, "memfd_secret", tid, True)) {
+      VG_(close)(RES);
+      SET_STATUS_Failure( VKI_EMFILE );
+   } else {
+      if (VG_(clo_track_fds))
+         ML_(record_fd_open_nameless)(tid, RES);
+   }
+}
+
 PRE(sys_membarrier)
 {
    PRINT("sys_membarrier ( %#" FMT_REGWORD "x )", ARG1);

diff --git a/coregrind/m_syswrap/syswrap-x86-linux.c b/coregrind/m_syswrap/syswrap-x86-linux.c
index 8662ff501a261ab04bf2ebf00ef2debe218beb6a..120cefc77a3d840ed1b50535e524a8b179bdc2f5 100644 (file)
--- a/coregrind/m_syswrap/syswrap-x86-linux.c
+++ b/coregrind/m_syswrap/syswrap-x86-linux.c
@@ -1651,6 +1651,8 @@ static SyscallTableEntry syscall_table[] = {
    LINXY(__NR_close_range,       sys_close_range),      // 436
 
    LINX_(__NR_faccessat2,       sys_faccessat2),       // 439
+
+   LINXY(__NR_memfd_secret,      sys_memfd_secret),      // 447
 };
 
 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )

diff --git a/include/vki/vki-scnums-shared-linux.h b/include/vki/vki-scnums-shared-linux.h
index fa63c7a9bc18c3cb74f77b45b86b6ef176e632ab..f591611f6dff65d6be4c84e372322539b6ca1e9a 100644 (file)
--- a/include/vki/vki-scnums-shared-linux.h
+++ b/include/vki/vki-scnums-shared-linux.h
@@ -44,4 +44,6 @@
 
 #define __NR_faccessat2                439
 
+#define __NR_memfd_secret              447
+
 #endif