On Mon, Dec 5, 2022 at 3:01 AM Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > + mm->def_flags |= > + /* > + * Don't allow state to be written to swap, to preserve forward secrecy. > + * This works in conjunction with MAP_LOCKED in do_mmap(), below, which > + * actually does the locking (and associated permission check and accounting). > + * Here, VM_LOCKONFAULT together with VM_NORESERVE simply make the mlocking > + * happen the first time it's actually used, the same as when calling > + * mlock2(MLOCK_ONFAULT) from userspace. > + */ > + VM_LOCKONFAULT | VM_NORESERVE | Have you checked the interaction with this line in dup_mmap()? "tmp->vm_flags &= ~(VM_LOCKED | VM_LOCKONFAULT);" As the mlock.2 manpage says, "Memory locks are not inherited by a child created via fork(2)". I think the intention here is that the VMA should stay unswappable after fork(), right? Of course, trying to reserve more mlocked memory in fork() would also be problematic...
