💾 Archived View for gmi.noulin.net › man › man2 › memfd_secret.2.gmi captured on 2023-12-28 at 16:05:39. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-06-12)

-=-=-=-=-=-=-

MEMFD_SECRET(2)                                                         Linux Programmer's Manual                                                        MEMFD_SECRET(2)

NAME
       memfd_secret - create an anonymous RAM-based file to access secret memory regions

SYNOPSIS
       #include <sys/syscall.h>      /* Definition of SYS_* constants */
       #include <unistd.h>

       int syscall(SYS_memfd_secret, unsigned int flags);

       Note: glibc provides no wrapper for memfd_secret(), necessitating the use of syscall(2).

DESCRIPTION
       memfd_secret()  creates an anonymous RAM-based file and returns a file descriptor that refers to it.  The file provides a way to create and access memory regions
       with stronger protection than usual RAM-based files and anonymous memory mappings.  Once all open references to the file are  closed,  it  is  automatically  re‐
       leased.  The initial size of the file is set to 0.  Following the call, the file size should be set using ftruncate(2).

       The  memory  areas backing the file created with memfd_secret(2) are visible only to the processes that have access to the file descriptor.  The memory region is
       removed from the kernel page tables and only the page tables of the processes holding the file descriptor map the  corresponding  physical  memory.   (Thus,  the
       pages in the region can't be accessed by the kernel itself, so that, for example, pointers to the region can't be passed to system calls.)

       The following values may be bitwise ORed in flags to control the behavior of memfd_secret():

       FD_CLOEXEC
              Set  the  close-on-exec  flag on the new file descriptor, which causes the region to be removed from the process on execve(2).  See the description of the
              O_CLOEXEC flag in open(2)

       As its return value, memfd_secret() returns a new file descriptor that refers to an anonymous file.  This file descriptor is opened for both reading and  writing
       (O_RDWR) and O_LARGEFILE is set for the file descriptor.

       With  respect  to fork(2) and execve(2), the usual semantics apply for the file descriptor created by memfd_secret().  A copy of the file descriptor is inherited
       by the child produced by fork(2) and refers to the same file.  The file descriptor is preserved across execve(2), unless the close-on-exec flag has been set.

       The memory region is locked into memory in the same way as with mlock(2), so that it will never be written into swap.  However the  implementation  of  memfd_se‐
       cret()  will  not  try to populate the whole range during the mmap(2) call that attaches the region into the process's address space; instead, the pages are only
       actually allocated as they are faulted in.  The amount of memory allowed for memory mappings of the file descriptor obeys the same rules as mlock(2)  and  cannot
       exceed RLIMIT_MEMLOCK.

RETURN VALUE
       On success, memfd_secret() returns a new file descriptor.  On error, -1 is returned and errno is set to indicate the error.

ERRORS
       EINVAL flags included unknown bits.

       EMFILE The per-process limit on the number of open file descriptors has been reached.

       EMFILE The system-wide limit on the total number of open files has been reached.

       ENOMEM There was insufficient memory to create a new anonymous file.

       ENOSYS memfd_secret() is not implemented on this architecture.

VERSIONS
       The memfd_secret() system call first appeared in Linux 5.14.

CONFORMING TO
       The memfd_secret() system call is Linux-specific.

SEE ALSO
       fcntl(2), ftruncate(2), mlock(2), memfd_create(2), mmap(2), setrlimit(2)

Linux                                                                          2020-08-02                                                                MEMFD_SECRET(2)