Re: [openib-general] Re: madvise MADV_DONTFORK/MADV_DOFORK
From: Michael S. Tsirkin
Date: Mon Feb 13 2006 - 17:06:42 EST
Quoting r. Hugh Dickins <hugh@xxxxxxxxxxx>:
> Subject: Re: [openib-general] Re: madvise MADV_DONTFORK/MADV_DOFORK
>
> On Mon, 13 Feb 2006, Michael S. Tsirkin wrote:
> >
> > Like this then?
>
> Almost. I would still prefer madvise_vma to allow MADV_DONTFORK
> on a VM_IO vma, even though it must prohibit MADV_DOFORK there.
> But if Linus disagrees, of course ignore me.
I'm not sure about this point. Linus?
> Comments much better, thanks. I didn't get your point about mlock'd
> memory, but I'm content to believe you're thinking of an issue that
> hasn't occurred to me.
I'm referring to the follwing, from man mlock(2):
"Cryptographic security software often handles critical bytes like passwords
or secret keys as data structures. As a result of paging, these secrets could
be transfered onto a persistent swap store medium, where they might be
accessible to the enemy long after the security software has erased the
secrets in RAM and terminated."
--
Michael S. Tsirkin
Staff Engineer, Mellanox Technologies
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/