IMAWorkAroundForMemFile works around IMA by immediately creating a temporary PROT_EXEC mapping, while the backing file is still small. IMA will ignore any future mappings. The Linux kernel contains an optional feature called "Integrity Measurement Architecture" (IMA). If IMA is enabled, it will che
(fd uintptr)
| 491 | // large, it will allocate all of the sparse pages and quickly exhaust all |
| 492 | // memory. |
| 493 | func IMAWorkAroundForMemFile(fd uintptr) { |
| 494 | m, _, errno := unix.Syscall6( |
| 495 | unix.SYS_MMAP, |
| 496 | 0, |
| 497 | hostarch.PageSize, |
| 498 | unix.PROT_EXEC, |
| 499 | unix.MAP_SHARED, |
| 500 | fd, |
| 501 | 0) |
| 502 | if errno != 0 { |
| 503 | // This isn't fatal (IMA may not even be in use). Log the error, but |
| 504 | // don't return it. |
| 505 | log.Warningf("Failed to pre-map MemoryFile PROT_EXEC: %v", errno) |
| 506 | } else { |
| 507 | if _, _, errno := unix.Syscall( |
| 508 | unix.SYS_MUNMAP, |
| 509 | m, |
| 510 | hostarch.PageSize, |
| 511 | 0); errno != 0 { |
| 512 | panic(fmt.Sprintf("failed to unmap PROT_EXEC MemoryFile mapping: %v", errno)) |
| 513 | } |
| 514 | } |
| 515 | } |
| 516 | |
| 517 | // Destroy releases all resources used by f. |
| 518 | // |
no test coverage detected
searching dependent graphs…