Bug 451878

Summary: Add support for new syscall memfd_secret
Product: [Developer tools] valgrind Reporter: Di Chen <di.chen16>
Component: generalAssignee: Di Chen <di.chen16>
Status: RESOLVED FIXED    
Severity: normal CC: mark
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: [patch] memfd test should be memfd_create test
[patch v1] Support new memfd_secret linux syscall (447)

Description Di Chen 2022-03-25 10:20:55 UTC 
memfd_secret introduced in kernel 5.14.

According to https://lwn.net/Articles/865256/, 
"memfd_secret() was disabled by default and a command-line option (secretmem_enable=) was added to enable it at boot time."

$ cat /proc/cmdline 
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.15.0-0.rc4.33.fc36.x86_64 root=UUID=6fd107e8-438a-48a2-915e-651e43fb438e ro rootflags=subvol=root rhgb quiet secretmem.enable=y

$ cat memfd_secret.c
#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>
#include <fcntl.h>
#include <err.h>
#include <stdio.h>
#include <errno.h> 

int main(void){
    printf("memfd_secret demo prog\n");
    int fd;
    fd = syscall(SYS_memfd_secret, O_CLOEXEC);
    printf("fd = %d\n", fd);
    printf("errno = %d\n", errno);
    return 0;
}

$ gcc -o test memfd_secret.c
$ ./test 
memfd_secret demo prog
fd = 3
errno = 0
Comment 1 Di Chen 2022-03-30 09:46:34 UTC 
Created attachment 147839 [details]
[patch] memfd test should be memfd_create test

memfd test should be memfd_create test

Currently, syscall memfd_create was tested by this:

$ perl tests/vg_regtest memcheck/tests/linux/memfd.vgtest

Since memfd_secret introduced in kernel 5.14, valgrind should rename
the "memfd" test to "memfd_create" test to avoid the ambiguity, so that
user will not get confused with the "memfd_secret" test.

After this change, syscall memfd_create will be tested by:

$ perl tests/vg_regtest memcheck/tests/linux/memfd_create.vgtest
Comment 2 Mark Wielaard 2022-04-06 22:57:33 UTC 
Looks like my email about this to your @outlook.com address bounced. So just in case you didn't see it:

Thanks, that applied fine. And I admit having been confused by memfd_create vs memfd_secret before. I
have pushed this. Hope that helps creating a separate memfd_secret. But we are very close to the 3.19.0
release. So that might have to wait till after the release.
Comment 3 Di Chen 2022-04-18 14:26:23 UTC 
Created attachment 148223 [details]
[patch v1] Support new memfd_secret linux syscall (447)

This patch supports memfd_secret across these arches: arm64, amd64(x86_64), x86(i386) according to this link[1].
This patch does not contain a corresponding test case.

[1] https://marcin.juszkiewicz.com.pl/download/tables/syscalls.html
Comment 4 Mark Wielaard 2022-04-19 10:05:26 UTC 
I can see how adding a testcase is somewhat tricky if it depends on whether it is enabled by a boot flag.
But the code looks correct. Pushed as:

commit fca4a3d8e59c29bc7d239ff4de72b1260c0c23ee
Author: Di Chen <dichen@redhat.com>
Date:   Fri Apr 15 00:08:17 2022 +0800

    Support new memfd_secret linux syscall (447)
    
    memfd_secret is a new syscall in linux 5.14. memfd_secret() is
    disabled by default and a command-line option needs to be added to
    enable it at boot time.
    
    $ cat /proc/cmdline
    [...] secretmem.enable=y
    
    https://bugs.kde.org/451878
    https://lwn.net/Articles/865256/

Thanks