Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753043AbdHIMnB (ORCPT ); Wed, 9 Aug 2017 08:43:01 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40838 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753018AbdHIMm7 (ORCPT ); Wed, 9 Aug 2017 08:42:59 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D27C78B95B Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=fweimer@redhat.com Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK To: "Kirill A. Shutemov" , Rik van Riel Cc: Michal Hocko , linux-kernel@vger.kernel.org, mike.kravetz@oracle.com, linux-mm@kvack.org, colm@allcosts.net, akpm@linux-foundation.org, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, mingo@kernel.org, dave.hansen@intel.com, linux-api@vger.kernel.org References: <20170806140425.20937-1-riel@redhat.com> <20170807132257.GH32434@dhcp22.suse.cz> <20170807134648.GI32434@dhcp22.suse.cz> <1502117991.6577.13.camel@redhat.com> <20170809095957.kv47or2w4obaipkn@node.shutemov.name> From: Florian Weimer Message-ID: <8fe8040c-7595-ec09-6ce7-0da4fadc82c4@redhat.com> Date: Wed, 9 Aug 2017 14:42:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170809095957.kv47or2w4obaipkn@node.shutemov.name> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 09 Aug 2017 12:42:59 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 289 Lines: 9 On 08/09/2017 11:59 AM, Kirill A. Shutemov wrote: > It's not obvious to me what would break if kernel would ignore > MADV_DONTFORK or MADV_DONTDUMP. Ignoring MADV_DONTDUMP could cause secrets to be written to disk, contrary to the expected security policy of the system. Thanks, Florian