Add support for dedicated 'secretmemfd' system call.

If this system call is not implemented, retry with
memfd_create(MFD_SECRET).

Signed-off-by: Mike Rapoport <rppt@linux.ibm.com>
diff --git a/preload.c b/preload.c
index 67fc793..87a42ee 100644
--- a/preload.c
+++ b/preload.c
@@ -2,6 +2,7 @@
 #include <unistd.h>
 #include <stdlib.h>
 #include <string.h>
+#include <errno.h>
 
 #include <sys/ioctl.h>
 #include <sys/mman.h>
@@ -16,6 +17,10 @@
 #define MFD_SECRET_EXCLUSIVE	_IOW(MFD_SECRET_IOCTL, 0x13, unsigned long)
 #define MFD_SECRET_UNCACHED	_IOW(MFD_SECRET_IOCTL, 0x14, unsigned long)
 
+/* secretmemfd defines */
+#define SECRETMEM_EXCLUSIVE	0x1
+#define SECRETMEM_UNCACHED	0x2
+
 #define ASSERT(x) do { if (!(x)) { printf("ASSERTION failed at line %d\n", __LINE__); exit(1); } } while (0)
 
 /* glibc should have defined this by now, sigh */
@@ -24,6 +29,46 @@
 	return syscall(__NR_memfd_create, name, flags);
 }
 
+#ifndef __NR_secretmemfd
+#define __NR_secretmemfd 440
+#endif
+
+static inline int secretmemfd(unsigned long flags)
+{
+	return syscall(__NR_secretmemfd, flags);
+}
+
+static int use_secret = 1;
+static int secret_option = MFD_SECRET_EXCLUSIVE;
+
+static int secretmem_open(void)
+{
+	unsigned long secretmemfd_flags = SECRETMEM_EXCLUSIVE;
+	int fd, ret;
+
+	if (!use_secret)
+		return memfd_create("secure", MFD_CLOEXEC);
+
+	if (secret_option == MFD_SECRET_UNCACHED)
+		secretmemfd_flags = SECRETMEM_EXCLUSIVE;
+
+	/* try dedicated syscall first */
+	fd = secretmemfd(secretmemfd_flags);
+	if (fd >= 0 || errno != ENOSYS)
+		return fd;
+
+	/* secretmemfd is not implemented, maybe memfd_create(SECRET) is */
+	fd = memfd_create("secure", MFD_CLOEXEC|MFD_SECRET);
+	if (fd < 0)
+		return fd;
+
+	ret = ioctl(fd, secret_option);
+	if (ret < 0)
+		return ret;
+
+	return fd;
+}
+
 
 /* segment size.  Matches hugepage size */
 #define SEG_SIZE 2*1024*1024
@@ -180,9 +225,6 @@
 	printf("SHOW SEGMENT END\n");
 }
 
-static int use_secret = 1;
-static int secret_option = MFD_SECRET_EXCLUSIVE;
-
 static void alloc_segment(void)
 {
 	int fd;
@@ -192,16 +234,8 @@
 	const size_t ssize = pad_request(sizeof(*seg));
 	struct malloc_chunk *c;
 
-	if (use_secret)
-		fd = memfd_create("secure", MFD_CLOEXEC|MFD_SECRET);
-	else
-		fd = memfd_create("secure", MFD_CLOEXEC);
-	check(fd < 0, "memfd_create");
-
-	if (use_secret) {
-		ret = ioctl(fd, secret_option);
-		check(ret < 0, "ioctl");
-	}
+	fd = secretmem_open();
+	check(fd < 0, "secretmem_open");
 
 	ret = ftruncate(fd, SEG_SIZE);
 	check(ret < 0, "ftruncate");