Improve memfd-secret guard page allocation #18
Conversation
… page Co-authored-by: Prabhpreet Dua <[email protected]> Co-authored-by: Karolin Varner <[email protected]>
Improve memfd-secret guard page allocation by using combination of mmap to map allocation area, and nest memfd-secret mapping and meta information with different permissions within the area Implemented in quininer/memsec#18 Co-authored-by: Prabhpreet Dua <[email protected]> Co-authored-by: Karolin Varner <[email protected]>
src/alloc/allocext/linux.rs
Outdated
| @@ -21,10 +28,17 @@ mod memfd_secret_alloc { | |||
| let _ = libc::ftruncate(fd, size as libc::off_t); | |||
|
|
|||
| let ptr = libc::mmap( | |||
| ptr::null_mut(), | |||
| if ptr.is_some() { | |||
There was a problem hiding this comment.
| if ptr.is_some() { | |
| ptr.unwrap_or_else(ptr::null_mut) |
There was a problem hiding this comment.
Thank you, changed
src/alloc/allocext/linux.rs
Outdated
| let total_size = front_guard_size + unprotected_size + back_guard_size; | ||
|
|
||
| let base_ptr = libc::mmap( | ||
| null_mut(), |
There was a problem hiding this comment.
| null_mut(), | |
| ptr::null_mut(), |
There was a problem hiding this comment.
Thank you, changed
src/alloc/allocext/linux.rs
Outdated
| pub unsafe fn alloc_memfd_secret(size: usize) -> Option<(NonNull<u8>, libc::c_int)> { | ||
| pub unsafe fn alloc_memfd_secret( | ||
| size: usize, | ||
| ptr: Option<*mut libc::c_void>, |
There was a problem hiding this comment.
That is just for added flexibility, under cases a user directly wants to use alloc_memfd_secret and doesn't want to set a specific address for the mapping
There was a problem hiding this comment.
This is an internal function and no user will call it directly. we don't have to keep Option.
src/alloc/allocext/linux.rs
Outdated
| use super::*; | ||
| use core::convert::TryInto; | ||
|
|
||
| #[inline] | ||
| pub unsafe fn alloc_memfd_secret(size: usize) -> Option<(NonNull<u8>, libc::c_int)> { | ||
| pub unsafe fn alloc_memfd_secret( |
There was a problem hiding this comment.
Changed to alloc_memfd_secret_at_ptr
src/alloc/allocext/linux.rs
Outdated
| pub unsafe fn alloc_memfd_secret(size: usize) -> Option<(NonNull<u8>, libc::c_int)> { | ||
| pub unsafe fn alloc_memfd_secret( | ||
| size: usize, | ||
| ptr: Option<*mut libc::c_void>, |
There was a problem hiding this comment.
This is an internal function and no user will call it directly. we don't have to keep Option.
|
@quininer seems like the Github action is running forever. Is it possible to restart it? |
|
It looks like procspawn has some issue in the process spawned- I'll be able to attend to this only after next week |
Improve memfd-secret guard page allocation by using combination of mmap to map allocation area, and nest memfd-secret mapping and meta information with different permissions within the area
Ideated by @koraa