Merge #15600: lockedpool: When possible, use madvise to avoid including sensitive information in core dumps

d831831822 lockedpool: When possible, use madvise to avoid including sensitive information in core dumps (Luke Dashjr)

Pull request description:

  If we're mlocking something, it's because it's sensitive information. Therefore, don't include it in core dump files, ~~and unmap it from forked processes~~.

  The return value is not checked because the madvise calls might fail on older kernels as a rule (unsure).

ACKs for top commit:
  practicalswift:
    Code review ACK d831831822 -- patch looks correct
  laanwj:
    ACK d831831822
  jonatack:
    ACK d831831822
  vasild:
    ACK d831831822

Tree-SHA512: 9a6c1fef126a4bbee0698bfed5a01233460fbcc86380d984e80dfbdfbed3744fef74527a8e3439ea226167992cff9d3ffa8f2d4dbd5ae96ebe0c12f3eee0eb9e
pull/18443/head
Wladimir J. van der Laan 5 years ago
commit 23991ee53a
No known key found for this signature in database
GPG Key ID: 1E4AED62986CD25D

@ -253,6 +253,9 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess)
}
if (addr) {
*lockingSuccess = mlock(addr, len) == 0;
#ifdef MADV_DONTDUMP
madvise(addr, len, MADV_DONTDUMP);
#endif
}
return addr;
}

Loading…
Cancel
Save