rixxc/agent_lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove seal from shared memory page

Browse Source
This commit is contained in:
Aaron Kaiser
2025-04-04 13:10:45 +02:00
parent a97adf188b
commit c61fb504c6
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/agent.rs
View File

@@ -1,11 +1,10 @@
use anyhow::{bail, Result}; use anyhow::{bail, Result};
use libc::{ use libc::{
c_char, c_void, close, execve, fcntl, fork, ftruncate, memfd_create, mmap, perror, syscall, c_char, c_void, close, execve, fork, ftruncate, memfd_create, mmap, perror, MAP_FAILED,
SYS_futex, FUTEX_WAIT, FUTEX_WAKE, F_ADD_SEALS, F_SEAL_FUTURE_WRITE, MAP_FAILED, MAP_SHARED, MAP_SHARED, PROT_READ, PROT_WRITE,
MFD_ALLOW_SEALING, PROT_READ, PROT_WRITE,
}; };
use shared_memory_heap::get_shared_mem_fd; use shared_memory_heap::get_shared_mem_fd;
use std::{arch::x86_64::_mm_mfence, ffi::CString, path::Path, ptr, usize}; use std::{arch::x86_64::_mm_mfence, ffi::CString, path::Path, ptr};
pub struct Agent { pub struct Agent {
sync_mem: *mut usize, sync_mem: *mut usize,
@@ -16,7 +15,7 @@ unsafe impl Send for Agent {}
impl Agent { impl Agent {
pub(crate) unsafe fn new(agent_path: &Path, keyfile_path: &Path) -> Result<Self> { pub(crate) unsafe fn new(agent_path: &Path, keyfile_path: &Path) -> Result<Self> {
let data_fd = get_shared_mem_fd(); let data_fd = get_shared_mem_fd();
let sync_fd = memfd_create("sync\x00".as_ptr() as *const c_char, MFD_ALLOW_SEALING); let sync_fd = memfd_create(r#"sync\0"#.as_ptr() as *const c_char, 0);
if sync_fd <= 0 { if sync_fd <= 0 {
bail!("creating memfd failed"); bail!("creating memfd failed");
@@ -36,8 +35,6 @@ impl Agent {
0, 0,
) as *mut usize; ) as *mut usize;
fcntl(sync_fd, F_ADD_SEALS, F_SEAL_FUTURE_WRITE);
if sync_mem == MAP_FAILED as *mut usize { if sync_mem == MAP_FAILED as *mut usize {
bail!("mmap failed"); bail!("mmap failed");
} }