Merge #15600: lockedpool: When possible, use madvise to avoid including sensitive information in core dumps

laanwj · laanwj · commit 23991ee53af2 · 2020-03-26T16:56:03.000+01:00
d831831 lockedpool: When possible, use madvise to avoid including sensitive information in core dumps (Luke Dashjr) Pull request description: If we're mlocking something, it's because it's sensitive information. Therefore, don't include it in core dump files, ~~and unmap it from forked processes~~. The return value is not checked because the madvise calls might fail on older kernels as a rule (unsure). ACKs for top commit: practicalswift: Code review ACK d831831 -- patch looks correct laanwj: ACK d831831 jonatack: ACK d831831 vasild: ACK d831831 Tree-SHA512: 9a6c1fef126a4bbee0698bfed5a01233460fbcc86380d984e80dfbdfbed3744fef74527a8e3439ea226167992cff9d3ffa8f2d4dbd5ae96ebe0c12f3eee0eb9e
diff --git a/src/support/lockedpool.cpp b/src/support/lockedpool.cpp
@@ -253,6 +253,9 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess)
     }
     if (addr) {
         *lockingSuccess = mlock(addr, len) == 0;
+#ifdef MADV_DONTDUMP
+        madvise(addr, len, MADV_DONTDUMP);
+#endif
     }
     return addr;
 }

Original file line number	Diff line number	Diff line change
`@@ -253,6 +253,9 @@ void PosixLockedPageAllocator::AllocateLocked(size_t len, bool lockingSuccess)`
`253`	`253`	`}`
`254`	`254`	`if (addr) {`
`255`	`255`	`*lockingSuccess = mlock(addr, len) == 0;`
	`256`	`+#ifdef MADV_DONTDUMP`
	`257`	`+ madvise(addr, len, MADV_DONTDUMP);`
	`258`	`+#endif`
`256`	`259`	`}`
`257`	`260`	`return addr;`
`258`	`261`	`}`