From 9a6ff5bc53dedbaa601a1a76cbaf8a76afd60c9f Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 15 Apr 2024 21:41:06 +0200
Subject: Adding upstream version 6.7.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 man2/memfd_secret.2 | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

(limited to 'man2/memfd_secret.2')

diff --git a/man2/memfd_secret.2 b/man2/memfd_secret.2
index fcc39f6..8b4fb48 100644
--- a/man2/memfd_secret.2
+++ b/man2/memfd_secret.2
@@ -7,7 +7,7 @@
 .\"
 .\" SPDX-License-Identifier: GPL-2.0-or-later
 .\"
-.TH memfd_secret 2 2023-03-30 "Linux man-pages 6.05.01"
+.TH memfd_secret 2 2023-10-31 "Linux man-pages 6.7"
 .SH NAME
 memfd_secret \- create an anonymous RAM-based file
 to access secret memory regions
@@ -16,13 +16,13 @@ Standard C library
 .RI ( libc ", " \-lc )
 .SH SYNOPSIS
 .nf
-.PP
+.P
 .BR "#include <sys/syscall.h>" "      /* Definition of " SYS_* " constants */"
 .B #include <unistd.h>
-.PP
+.P
 .BI "int syscall(SYS_memfd_secret, unsigned int " flags );
 .fi
-.PP
+.P
 .IR Note :
 glibc provides no wrapper for
 .BR memfd_secret (),
@@ -40,7 +40,7 @@ it is automatically released.
 The initial size of the file is set to 0.
 Following the call, the file size should be set using
 .BR ftruncate (2).
-.PP
+.P
 The memory areas backing the file created with
 .BR memfd_secret (2)
 are visible only to the processes that have access to the file descriptor.
@@ -50,7 +50,7 @@ map the corresponding physical memory.
 (Thus, the pages in the region can't be accessed by the kernel itself,
 so that, for example, pointers to the region can't be passed to
 system calls.)
-.PP
+.P
 The following values may be bitwise ORed in
 .I flags
 to control the behavior of
@@ -64,7 +64,7 @@ See the description of the
 .B O_CLOEXEC
 flag in
 .BR open (2)
-.PP
+.P
 As its return value,
 .BR memfd_secret ()
 returns a new file descriptor that refers to an anonymous file.
@@ -73,7 +73,7 @@ This file descriptor is opened for both reading and writing
 and
 .B O_LARGEFILE
 is set for the file descriptor.
-.PP
+.P
 With respect to
 .BR fork (2)
 and
@@ -86,7 +86,7 @@ and refers to the same file.
 The file descriptor is preserved across
 .BR execve (2),
 unless the close-on-exec flag has been set.
-.PP
+.P
 The memory region is locked into memory in the same way as with
 .BR mlock (2),
 so that it will never be written into swap,
@@ -147,7 +147,7 @@ memory ranges backed by
 .BR memfd_secret ()
 in any circumstances, but nevertheless,
 it is much harder to exfiltrate data from these regions.
-.PP
+.P
 .BR memfd_secret ()
 provides the following protections:
 .IP \[bu] 3
@@ -181,14 +181,14 @@ either walk the page tables and create new ones,
 or spawn a new privileged user-space process to perform
 secrets exfiltration using
 .BR ptrace (2).
-.PP
+.P
 The way
 .BR memfd_secret ()
 allocates and locks the memory may impact overall system performance,
 therefore the system call is disabled by default and only available
 if the system administrator turned it on using
 "secretmem.enable=y" kernel parameter.
-.PP
+.P
 To prevent potential data leaks of memory regions backed by
 .BR memfd_secret ()
 from a hybernation image,
-- 
cgit v1.2.3