Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754302Ab0HXHJd (ORCPT ); Tue, 24 Aug 2010 03:09:33 -0400 Received: from casper.infradead.org ([85.118.1.10]:59774 "EHLO casper.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750917Ab0HXHJb convert rfc822-to-8bit (ORCPT ); Tue, 24 Aug 2010 03:09:31 -0400 Subject: Re: [RFC] mlock/stack guard interaction fixup From: Peter Zijlstra To: Jeremy Fitzhardinge Cc: Linus Torvalds , Ian Jackson , Greg KH , Ian Campbell , linux-kernel@vger.kernel.org, stable@kernel.org, stable-review@kernel.org, akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk In-Reply-To: <4C72D1E1.1040709@goop.org> References: <1282391770.29609.1223.camel@localhost.localdomain> <1282460275.11348.865.camel@localhost.localdomain> <1282462386.11348.871.camel@localhost.localdomain> <1282470917.11348.891.camel@localhost.localdomain> <20100822172548.GB8957@suse.de> <19570.38608.79434.179797@chiark.greenend.org.uk> <1282580751.2605.1997.camel@laptop> <19570.44367.719276.128881@chiark.greenend.org.uk> <4C72C2E9.3070408@goop.org> <1282590457.2605.2200.camel@laptop> <4C72CAA7.5070202@goop.org> <1282591592.2605.2221.camel@laptop> <4C72D1E1.1040709@goop.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8BIT Date: Tue, 24 Aug 2010 09:08:14 +0200 Message-ID: <1282633694.2605.2254.camel@laptop> Mime-Version: 1.0 X-Mailer: Evolution 2.28.3 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1177 Lines: 26 On Mon, 2010-08-23 at 12:54 -0700, Jeremy Fitzhardinge wrote: > On 08/23/2010 12:26 PM, Peter Zijlstra wrote: > > On Mon, 2010-08-23 at 12:23 -0700, Jeremy Fitzhardinge wrote: > >> On 08/23/2010 12:07 PM, Peter Zijlstra wrote: > >>> mlock() simply avoids major faults, nothing more. > >>> > >>> I think both page migration and page-out for shared pages where some > >>> maps are !mlocked can cause unmaps and thus minor faults. > >>> > >>> mlock and dirty do not interact, they will still be cleaned/written out > >>> as normal. > >> So mlock is useless for preventing secret stuff from being written to disk. > > Well, if you put your sekrit in a file map, sure. > > > > Use a mmap(MAP_ANONYMOUS|MAP_LOCK) and madvise(MADV_DONTFORK) for your > > sekrits. > > Won't dirty anonymous pages also get written to swap? Not if all the maps are mlocked (private like above would only have a single map), there'd be no point would there. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/