crosvm

mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2024-11-25 13:23:08 +00:00

History

Daniel Verkamp 5b7cdc1eb0 base: use MFD_NOEXEC_SEAL if available when creating memfds The new MFD_NOEXEC_SEAL flag allows creating memfds that don't have the execute file mode. Add a function to detect whether this feature is available on the currently running kernel so we can make the guest memory memfd a non-executable file if the feature is available. BUG=b:282221246 TEST=run crosvm on a ChromeOS kernel with MFD_NOEXEC patch TEST=stat -L /proc/<crosvm pid>/fd/<crosvm memfd>; observe no x TEST=run crosvm on an older vanilla Linux kernel without MFD_NOEXEC Change-Id: I5d60cfe4b90eb23f79ecbc04d6bde9e1f46eeb8e Reviewed-on: https://chromium-review.googlesource.com/c/crosvm/crosvm/+/4528584 Reviewed-by: Dmitry Torokhov <dtor@chromium.org> Commit-Queue: Daniel Verkamp <dverkamp@chromium.org> Reviewed-by: Jeff Xu <jeffxu@google.com>		2023-06-14 21:31:28 +00:00
..
base_event_token_derive
src	base: use MFD_NOEXEC_SEAL if available when creating memfds	2023-06-14 21:31:28 +00:00
tests
.build_test_serial
Cargo.toml