On Thu, Apr 25, 2019 at 5:44 AM Vlastimil Babka <vbabka@xxxxxxx> wrote: > > On 4/25/19 2:14 PM, Michal Hocko wrote: > > Please cc linux-api for user visible API proposals (now done). Keep the > > rest of the email intact for reference. > > > > On Wed 24-04-19 14:10:39, Matthew Garrett wrote: > >> From: Matthew Garrett <mjg59@xxxxxxxxxx> > >> > >> Applications that hold secrets and wish to avoid them leaking can use > >> mlock() to prevent the page from being pushed out to swap and > >> MADV_DONTDUMP to prevent it from being included in core dumps. Applications > > So, do we really need a new madvise() flag and VMA flag, or can we just > infer this page clearing from mlock+MADV_DONTDUMP being both applied? I think the combination would probably imply that this is the behaviour you want, but I'm a little concerned about changing the semantics given the corner cases described earlier in the thread. If we can figure those out in a way that won't break any existing code, I could buy this.
