From: Di Chen Date: Thu, 14 Apr 2022 16:08:17 +0000 (+0800) Subject: Support new memfd_secret linux syscall (447) X-Git-Tag: VALGRIND_3_20_0~101 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fca4a3d8e59c29bc7d239ff4de72b1260c0c23ee;p=thirdparty%2Fvalgrind.git Support new memfd_secret linux syscall (447) memfd_secret is a new syscall in linux 5.14. memfd_secret() is disabled by default and a command-line option needs to be added to enable it at boot time. $ cat /proc/cmdline [...] secretmem.enable=y https://bugs.kde.org/451878 https://lwn.net/Articles/865256/ --- diff --git a/coregrind/m_syswrap/priv_syswrap-linux.h b/coregrind/m_syswrap/priv_syswrap-linux.h index baf362f112..d929caf5ed 100644 --- a/coregrind/m_syswrap/priv_syswrap-linux.h +++ b/coregrind/m_syswrap/priv_syswrap-linux.h @@ -323,6 +323,9 @@ DECL_TEMPLATE(linux, sys_io_uring_register); // Linux-specific (new in Linux 5.9) DECL_TEMPLATE(linux, sys_close_range); +// Linux-specific (new in Linux 5.14) +DECL_TEMPLATE(linux, sys_memfd_secret); + /* --------------------------------------------------------------------- Wrappers for sockets and ipc-ery. These are split into standalone procedures because x86-linux hides them inside multiplexors diff --git a/coregrind/m_syswrap/syswrap-amd64-linux.c b/coregrind/m_syswrap/syswrap-amd64-linux.c index 18b25f80ae..430907c49e 100644 --- a/coregrind/m_syswrap/syswrap-amd64-linux.c +++ b/coregrind/m_syswrap/syswrap-amd64-linux.c @@ -880,6 +880,8 @@ static SyscallTableEntry syscall_table[] = { LINXY(__NR_close_range, sys_close_range), // 436 LINX_(__NR_faccessat2, sys_faccessat2), // 439 + + LINXY(__NR_memfd_secret, sys_memfd_secret), // 447 }; SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/coregrind/m_syswrap/syswrap-arm64-linux.c b/coregrind/m_syswrap/syswrap-arm64-linux.c index 2066a38ea9..3ed71e143b 100644 --- a/coregrind/m_syswrap/syswrap-arm64-linux.c +++ b/coregrind/m_syswrap/syswrap-arm64-linux.c @@ -835,6 +835,8 @@ static SyscallTableEntry syscall_main_table[] = { LINXY(__NR_close_range, sys_close_range), // 436 LINX_(__NR_faccessat2, sys_faccessat2), // 439 + + LINXY(__NR_memfd_secret, sys_memfd_secret), // 447 }; diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c index e2fafd4213..70aaec2f2d 100644 --- a/coregrind/m_syswrap/syswrap-linux.c +++ b/coregrind/m_syswrap/syswrap-linux.c @@ -4116,6 +4116,24 @@ POST(sys_memfd_create) } } +PRE(sys_memfd_secret) +{ + PRINT("sys_memfd_secret ( %#" FMT_REGWORD "x )", ARG1); + PRE_REG_READ1(int, "memfd_secret", unsigned int, flags); +} + +POST(sys_memfd_secret) +{ + vg_assert(SUCCESS); + if (!ML_(fd_allowed)(RES, "memfd_secret", tid, True)) { + VG_(close)(RES); + SET_STATUS_Failure( VKI_EMFILE ); + } else { + if (VG_(clo_track_fds)) + ML_(record_fd_open_nameless)(tid, RES); + } +} + PRE(sys_membarrier) { PRINT("sys_membarrier ( %#" FMT_REGWORD "x )", ARG1); diff --git a/coregrind/m_syswrap/syswrap-x86-linux.c b/coregrind/m_syswrap/syswrap-x86-linux.c index 8662ff501a..120cefc77a 100644 --- a/coregrind/m_syswrap/syswrap-x86-linux.c +++ b/coregrind/m_syswrap/syswrap-x86-linux.c @@ -1651,6 +1651,8 @@ static SyscallTableEntry syscall_table[] = { LINXY(__NR_close_range, sys_close_range), // 436 LINX_(__NR_faccessat2, sys_faccessat2), // 439 + + LINXY(__NR_memfd_secret, sys_memfd_secret), // 447 }; SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno ) diff --git a/include/vki/vki-scnums-shared-linux.h b/include/vki/vki-scnums-shared-linux.h index fa63c7a9bc..f591611f6d 100644 --- a/include/vki/vki-scnums-shared-linux.h +++ b/include/vki/vki-scnums-shared-linux.h @@ -44,4 +44,6 @@ #define __NR_faccessat2 439 +#define __NR_memfd_secret 447 + #endif