summaryrefslogtreecommitdiffstats
path: root/man2/memfd_secret.2
diff options
context:
space:
mode:
Diffstat (limited to 'man2/memfd_secret.2')
-rw-r--r--man2/memfd_secret.224
1 files changed, 12 insertions, 12 deletions
diff --git a/man2/memfd_secret.2 b/man2/memfd_secret.2
index fcc39f6..8b4fb48 100644
--- a/man2/memfd_secret.2
+++ b/man2/memfd_secret.2
@@ -7,7 +7,7 @@
.\"
.\" SPDX-License-Identifier: GPL-2.0-or-later
.\"
-.TH memfd_secret 2 2023-03-30 "Linux man-pages 6.05.01"
+.TH memfd_secret 2 2023-10-31 "Linux man-pages 6.7"
.SH NAME
memfd_secret \- create an anonymous RAM-based file
to access secret memory regions
@@ -16,13 +16,13 @@ Standard C library
.RI ( libc ", " \-lc )
.SH SYNOPSIS
.nf
-.PP
+.P
.BR "#include <sys/syscall.h>" " /* Definition of " SYS_* " constants */"
.B #include <unistd.h>
-.PP
+.P
.BI "int syscall(SYS_memfd_secret, unsigned int " flags );
.fi
-.PP
+.P
.IR Note :
glibc provides no wrapper for
.BR memfd_secret (),
@@ -40,7 +40,7 @@ it is automatically released.
The initial size of the file is set to 0.
Following the call, the file size should be set using
.BR ftruncate (2).
-.PP
+.P
The memory areas backing the file created with
.BR memfd_secret (2)
are visible only to the processes that have access to the file descriptor.
@@ -50,7 +50,7 @@ map the corresponding physical memory.
(Thus, the pages in the region can't be accessed by the kernel itself,
so that, for example, pointers to the region can't be passed to
system calls.)
-.PP
+.P
The following values may be bitwise ORed in
.I flags
to control the behavior of
@@ -64,7 +64,7 @@ See the description of the
.B O_CLOEXEC
flag in
.BR open (2)
-.PP
+.P
As its return value,
.BR memfd_secret ()
returns a new file descriptor that refers to an anonymous file.
@@ -73,7 +73,7 @@ This file descriptor is opened for both reading and writing
and
.B O_LARGEFILE
is set for the file descriptor.
-.PP
+.P
With respect to
.BR fork (2)
and
@@ -86,7 +86,7 @@ and refers to the same file.
The file descriptor is preserved across
.BR execve (2),
unless the close-on-exec flag has been set.
-.PP
+.P
The memory region is locked into memory in the same way as with
.BR mlock (2),
so that it will never be written into swap,
@@ -147,7 +147,7 @@ memory ranges backed by
.BR memfd_secret ()
in any circumstances, but nevertheless,
it is much harder to exfiltrate data from these regions.
-.PP
+.P
.BR memfd_secret ()
provides the following protections:
.IP \[bu] 3
@@ -181,14 +181,14 @@ either walk the page tables and create new ones,
or spawn a new privileged user-space process to perform
secrets exfiltration using
.BR ptrace (2).
-.PP
+.P
The way
.BR memfd_secret ()
allocates and locks the memory may impact overall system performance,
therefore the system call is disabled by default and only available
if the system administrator turned it on using
"secretmem.enable=y" kernel parameter.
-.PP
+.P
To prevent potential data leaks of memory regions backed by
.BR memfd_secret ()
from a hybernation image,
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-10 00:02:01 +0000