Bug 451878 - Add support for new syscall memfd_secret
Summary: Add support for new syscall memfd_secret
Status: RESOLVED FIXED
Alias: None
Product: valgrind
Classification: Developer tools
Component: general (other bugs)
Version First Reported In: unspecified
Platform: Other Linux
: NOR normal
Target Milestone: ---
Assignee: Di Chen
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-03-25 10:20 UTC by Di Chen
Modified: 2022-04-19 10:05 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
[patch] memfd test should be memfd_create test (3.88 KB, patch)
2022-03-30 09:46 UTC, Di Chen 		Details
[patch v1] Support new memfd_secret linux syscall (447) (4.10 KB, patch)
2022-04-18 14:26 UTC, Di Chen 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Di Chen 2022-03-25 10:20:55 UTC 
memfd_secret introduced in kernel 5.14.

According to https://lwn.net/Articles/865256/, 
"memfd_secret() was disabled by default and a command-line option (secretmem_enable=) was added to enable it at boot time."

$ cat /proc/cmdline 
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.15.0-0.rc4.33.fc36.x86_64 root=UUID=6fd107e8-438a-48a2-915e-651e43fb438e ro rootflags=subvol=root rhgb quiet secretmem.enable=y

$ cat memfd_secret.c
#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>
#include <fcntl.h>
#include <err.h>
#include <stdio.h>
#include <errno.h> 

int main(void){
    printf("memfd_secret demo prog\n");
    int fd;
    fd = syscall(SYS_memfd_secret, O_CLOEXEC);
    printf("fd = %d\n", fd);
    printf("errno = %d\n", errno);
    return 0;
}

$ gcc -o test memfd_secret.c
$ ./test 
memfd_secret demo prog
fd = 3
errno = 0
Comment 1 Di Chen 2022-03-30 09:46:34 UTC 
Created attachment 147839 [details]
[patch] memfd test should be memfd_create test

memfd test should be memfd_create test

Currently, syscall memfd_create was tested by this:

$ perl tests/vg_regtest memcheck/tests/linux/memfd.vgtest

Since memfd_secret introduced in kernel 5.14, valgrind should rename
the "memfd" test to "memfd_create" test to avoid the ambiguity, so that
user will not get confused with the "memfd_secret" test.

After this change, syscall memfd_create will be tested by:

$ perl tests/vg_regtest memcheck/tests/linux/memfd_create.vgtest
Comment 2 Mark Wielaard 2022-04-06 22:57:33 UTC 
Looks like my email about this to your @outlook.com address bounced. So just in case you didn't see it:

Thanks, that applied fine. And I admit having been confused by memfd_create vs memfd_secret before. I
have pushed this. Hope that helps creating a separate memfd_secret. But we are very close to the 3.19.0
release. So that might have to wait till after the release.
Comment 3 Di Chen 2022-04-18 14:26:23 UTC 
Created attachment 148223 [details]
[patch v1] Support new memfd_secret linux syscall (447)

This patch supports memfd_secret across these arches: arm64, amd64(x86_64), x86(i386) according to this link[1].
This patch does not contain a corresponding test case.

[1] https://marcin.juszkiewicz.com.pl/download/tables/syscalls.html
Comment 4 Mark Wielaard 2022-04-19 10:05:26 UTC 
I can see how adding a testcase is somewhat tricky if it depends on whether it is enabled by a boot flag.
But the code looks correct. Pushed as:

commit fca4a3d8e59c29bc7d239ff4de72b1260c0c23ee
Author: Di Chen <dichen@redhat.com>
Date:   Fri Apr 15 00:08:17 2022 +0800

    Support new memfd_secret linux syscall (447)
    
    memfd_secret is a new syscall in linux 5.14. memfd_secret() is
    disabled by default and a command-line option needs to be added to
    enable it at boot time.
    
    $ cat /proc/cmdline
    [...] secretmem.enable=y
    
    https://bugs.kde.org/451878
    https://lwn.net/Articles/865256/

Thanks