28418 – Add support for new syscall memfd_secret

Bug 28418 - Add support for new syscall memfd_secret

Summary: Add support for new syscall memfd_secret

Status:	RESOLVED FIXED

Alias:	None

Product:	systemtap
Classification:	Unclassified
Component:	tapsets (show other bugs)
Version:	unspecified

Importance:	P2 normal
Target Milestone:	---
Assignee:	Di Chen

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-10-05 16:56 UTC by Aaron Merey
Modified:	2022-03-07 20:13 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aaron Merey 2021-10-05 16:56:12 UTC

memfd_secret introduced in kernel 5.14.

For more information see https://lwn.net/Articles/865256/

Comment 1 Di Chen 2021-10-10 16:32:44 UTC

According to https://lwn.net/Articles/865256/, 
"memfd_secret() was disabled by default and a command-line option (secretmem_enable=) was added to enable it at boot time."

$ cat /proc/cmdline 
BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.15.0-0.rc4.33.fc36.x86_64 root=UUID=6fd107e8-438a-48a2-915e-651e43fb438e ro rootflags=subvol=root rhgb quiet secretmem.enable=y

$ cat memfd_secret.c
#define _GNU_SOURCE
#include <unistd.h>
#include <sys/syscall.h>
#include <fcntl.h>
#include <err.h>
#include <stdio.h>
#include <errno.h> 

int main(void){
    printf("memfd_secret demo prog\n");
    int fd;
    fd = syscall(SYS_memfd_secret, O_CLOEXEC);
    printf("fd = %d\n", fd);
    printf("errno = %d\n", errno);
    return 0;
}

$ gcc -o test memfd_secret.c
$ ./test 
memfd_secret demo prog
fd = 3
errno = 0

Comment 2 Aaron Merey 2022-03-07 20:13:19 UTC

Fixed in commit 8e4f7ba372b4.