[openib-general] Re: madvise MADV_DONTFORK/MADV_DOFORK
Michael S. Tsirkin
mst at mellanox.co.il
Mon Feb 13 14:09:47 PST 2006
Quoting r. Hugh Dickins <hugh at veritas.com>:
> Subject: Re: [openib-general] Re: madvise MADV_DONTFORK/MADV_DOFORK
>
> On Mon, 13 Feb 2006, Michael S. Tsirkin wrote:
> >
> > Like this then?
>
> Almost. I would still prefer madvise_vma to allow MADV_DONTFORK
> on a VM_IO vma, even though it must prohibit MADV_DOFORK there.
> But if Linus disagrees, of course ignore me.
I'm not sure about this point. Linus?
> Comments much better, thanks. I didn't get your point about mlock'd
> memory, but I'm content to believe you're thinking of an issue that
> hasn't occurred to me.
I'm referring to the follwing, from man mlock(2):
"Cryptographic security software often handles critical bytes like passwords
or secret keys as data structures. As a result of paging, these secrets could
be transfered onto a persistent swap store medium, where they might be
accessible to the enemy long after the security software has erased the
secrets in RAM and terminated."
--
Michael S. Tsirkin
Staff Engineer, Mellanox Technologies
More information about the general
mailing list