MCPcopy Index your code
hub / github.com/google/gvisor / IMAWorkAroundForMemFile

Function IMAWorkAroundForMemFile

pkg/sentry/pgalloc/pgalloc.go:493–515  ·  view source on GitHub ↗

IMAWorkAroundForMemFile works around IMA by immediately creating a temporary PROT_EXEC mapping, while the backing file is still small. IMA will ignore any future mappings. The Linux kernel contains an optional feature called "Integrity Measurement Architecture" (IMA). If IMA is enabled, it will che

(fd uintptr)

Source from the content-addressed store, hash-verified

491// large, it will allocate all of the sparse pages and quickly exhaust all
492// memory.
493func IMAWorkAroundForMemFile(fd uintptr) {
494 m, _, errno := unix.Syscall6(
495 unix.SYS_MMAP,
496 0,
497 hostarch.PageSize,
498 unix.PROT_EXEC,
499 unix.MAP_SHARED,
500 fd,
501 0)
502 if errno != 0 {
503 // This isn't fatal (IMA may not even be in use). Log the error, but
504 // don't return it.
505 log.Warningf("Failed to pre-map MemoryFile PROT_EXEC: %v", errno)
506 } else {
507 if _, _, errno := unix.Syscall(
508 unix.SYS_MUNMAP,
509 m,
510 hostarch.PageSize,
511 0); errno != 0 {
512 panic(fmt.Sprintf("failed to unmap PROT_EXEC MemoryFile mapping: %v", errno))
513 }
514 }
515}
516
517// Destroy releases all resources used by f.
518//

Callers 2

createGoferFilestoresMethod · 0.92
NewMemoryFileFunction · 0.85

Calls 2

WarningfFunction · 0.92
SyscallMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…