Support new memfd_secret linux syscall (447)

memfd_secret is a new syscall in linux 5.14. memfd_secret() is disabled by default and a command-line option needs to be added to enable it at boot time. $ cat /proc/cmdline [...] secretmem.enable=y https://bugs.kde.org/451878 https://lwn.net/Articles/865256/
2026-02-04 02:18:37 +00:00 · 2022-04-15 00:08:17 +08:00 · 2022-04-15 00:08:17 +08:00 · fca4a3d8e5
commit fca4a3d8e5
parent 9c9fd9ae24
6 changed files with 29 additions and 0 deletions
--- a/coregrind/m_syswrap/priv_syswrap-linux.h
+++ b/coregrind/m_syswrap/priv_syswrap-linux.h
@ -323,6 +323,9 @@ DECL_TEMPLATE(linux, sys_io_uring_register);
 // Linux-specific (new in Linux 5.9)
 DECL_TEMPLATE(linux, sys_close_range);

+// Linux-specific (new in Linux 5.14)
+DECL_TEMPLATE(linux, sys_memfd_secret);
+
 /* ---------------------------------------------------------------------
   Wrappers for sockets and ipc-ery.  These are split into standalone
   procedures because x86-linux hides them inside multiplexors
--- a/coregrind/m_syswrap/syswrap-amd64-linux.c
+++ b/coregrind/m_syswrap/syswrap-amd64-linux.c
@ -880,6 +880,8 @@ static SyscallTableEntry syscall_table[] = {
   LINXY(__NR_close_range,       sys_close_range),       // 436

   LINX_(__NR_faccessat2,	 sys_faccessat2),        // 439
+
+   LINXY(__NR_memfd_secret,      sys_memfd_secret),      // 447
 };

 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )
--- a/coregrind/m_syswrap/syswrap-arm64-linux.c
+++ b/coregrind/m_syswrap/syswrap-arm64-linux.c
@ -835,6 +835,8 @@ static SyscallTableEntry syscall_main_table[] = {
   LINXY(__NR_close_range,       sys_close_range),       // 436

   LINX_(__NR_faccessat2,        sys_faccessat2),        // 439
+
+   LINXY(__NR_memfd_secret,      sys_memfd_secret),      // 447
 };


--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@ -4116,6 +4116,24 @@ POST(sys_memfd_create)
   }
 }

+PRE(sys_memfd_secret)
+{
+   PRINT("sys_memfd_secret ( %#" FMT_REGWORD "x )", ARG1);
+   PRE_REG_READ1(int, "memfd_secret", unsigned int, flags);
+}
+
+POST(sys_memfd_secret)
+{
+   vg_assert(SUCCESS);
+   if (!ML_(fd_allowed)(RES, "memfd_secret", tid, True)) {
+      VG_(close)(RES);
+      SET_STATUS_Failure( VKI_EMFILE );
+   } else {
+      if (VG_(clo_track_fds))
+         ML_(record_fd_open_nameless)(tid, RES);
+   }
+}
+
 PRE(sys_membarrier)
 {
   PRINT("sys_membarrier ( %#" FMT_REGWORD "x )", ARG1);
--- a/coregrind/m_syswrap/syswrap-x86-linux.c
+++ b/coregrind/m_syswrap/syswrap-x86-linux.c
@ -1651,6 +1651,8 @@ static SyscallTableEntry syscall_table[] = {
   LINXY(__NR_close_range,       sys_close_range),      // 436

   LINX_(__NR_faccessat2,	 sys_faccessat2),       // 439
+
+   LINXY(__NR_memfd_secret,      sys_memfd_secret),      // 447
 };

 SyscallTableEntry* ML_(get_linux_syscall_entry) ( UInt sysno )
--- a/include/vki/vki-scnums-shared-linux.h
+++ b/include/vki/vki-scnums-shared-linux.h
@ -44,4 +44,6 @@

 #define __NR_faccessat2		439

+#define __NR_memfd_secret		447
+
 #endif