summaryrefslogtreecommitdiffstats
path: root/man2/memfd_secret.2
diff options
context:
space:
mode:
Diffstat (limited to 'man2/memfd_secret.2')
-rw-r--r--man2/memfd_secret.238
1 files changed, 19 insertions, 19 deletions
diff --git a/man2/memfd_secret.2 b/man2/memfd_secret.2
index 5d2436cc5..f3b946d19 100644
--- a/man2/memfd_secret.2
+++ b/man2/memfd_secret.2
@@ -27,7 +27,7 @@ Standard C library
glibc provides no wrapper for
.BR memfd_secret (),
necessitating the use of
-.BR syscall (2).
+.MR syscall 2 .
.SH DESCRIPTION
.BR memfd_secret ()
creates an anonymous RAM-based file and returns a file descriptor
@@ -39,10 +39,10 @@ Once all open references to the file are closed,
it is automatically released.
The initial size of the file is set to 0.
Following the call, the file size should be set using
-.BR ftruncate (2).
+.MR ftruncate 2 .
.P
The memory areas backing the file created with
-.BR memfd_secret (2)
+.MR memfd_secret 2
are visible only to the processes that have access to the file descriptor.
The memory region is removed from the kernel page tables
and only the page tables of the processes holding the file descriptor
@@ -59,11 +59,11 @@ to control the behavior of
.B FD_CLOEXEC
Set the close-on-exec flag on the new file descriptor,
which causes the region to be removed from the process on
-.BR execve (2).
+.MR execve 2 .
See the description of the
.B O_CLOEXEC
flag in
-.BR open (2)
+.MR open 2
.P
As its return value,
.BR memfd_secret ()
@@ -75,20 +75,20 @@ and
is set for the file descriptor.
.P
With respect to
-.BR fork (2)
+.MR fork 2
and
-.BR execve (2),
+.MR execve 2 ,
the usual semantics apply for the file descriptor created by
.BR memfd_secret ().
A copy of the file descriptor is inherited by the child produced by
-.BR fork (2)
+.MR fork 2
and refers to the same file.
The file descriptor is preserved across
-.BR execve (2),
+.MR execve 2 ,
unless the close-on-exec flag has been set.
.P
The memory region is locked into memory in the same way as with
-.BR mlock (2),
+.MR mlock 2 ,
so that it will never be written into swap,
and hibernation is inhibited for as long as any
.BR memfd_secret ()
@@ -96,13 +96,13 @@ descriptions exist.
However the implementation of
.BR memfd_secret ()
will not try to populate the whole range during the
-.BR mmap (2)
+.MR mmap 2
call that attaches the region into the process's address space;
instead, the pages are only actually allocated
as they are faulted in.
The amount of memory allowed for memory mappings
of the file descriptor obeys the same rules as
-.BR mlock (2)
+.MR mlock 2
and cannot exceed
.BR RLIMIT_MEMLOCK .
.SH RETURN VALUE
@@ -180,7 +180,7 @@ a kernel-side attack would need to
either walk the page tables and create new ones,
or spawn a new privileged user-space process to perform
secrets exfiltration using
-.BR ptrace (2).
+.MR ptrace 2 .
.P
The way
.BR memfd_secret ()
@@ -196,9 +196,9 @@ hybernation is prevented when there are active
.BR memfd_secret ()
users.
.SH SEE ALSO
-.BR fcntl (2),
-.BR ftruncate (2),
-.BR mlock (2),
-.BR memfd_create (2),
-.BR mmap (2),
-.BR setrlimit (2)
+.MR fcntl 2 ,
+.MR ftruncate 2 ,
+.MR mlock 2 ,
+.MR memfd_create 2 ,
+.MR mmap 2 ,
+.MR setrlimit 2
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 11:15:58 +0000