Merge pull request #2673 from patricklodder/1.14.5-2019-15947

security: Backport madvise() for lockedpool sensitive data from 1.21-dev
2021-11-06 17:49:43 +00:00 · 2021-11-06 17:49:43 +00:00 · 97c98cf0a6
parent df8adf098e 09f86e7494
commit 97c98cf0a6
1 changed files with 5 additions and 0 deletions
--- a/src/support/lockedpool.cpp
+++ b/src/support/lockedpool.cpp
@ -230,6 +230,11 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess)
    addr = mmap(nullptr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
    if (addr) {
        *lockingSuccess = mlock(addr, len) == 0;
+#if defined(MADV_DONTDUMP) // Linux
+        madvise(addr, len, MADV_DONTDUMP);
+#elif defined(MADV_NOCORE) // FreeBSD
+        madvise(addr, len, MADV_NOCORE);
+#endif
    }
    return addr;
 }