Merge pull request #2673 from patricklodder/1.14.5-2019-15947
security: Backport madvise() for lockedpool sensitive data from 1.21-dev
This commit is contained in:
commit
97c98cf0a6
|
@ -230,6 +230,11 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess)
|
||||||
addr = mmap(nullptr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
|
addr = mmap(nullptr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
|
||||||
if (addr) {
|
if (addr) {
|
||||||
*lockingSuccess = mlock(addr, len) == 0;
|
*lockingSuccess = mlock(addr, len) == 0;
|
||||||
|
#if defined(MADV_DONTDUMP) // Linux
|
||||||
|
madvise(addr, len, MADV_DONTDUMP);
|
||||||
|
#elif defined(MADV_NOCORE) // FreeBSD
|
||||||
|
madvise(addr, len, MADV_NOCORE);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
return addr;
|
return addr;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue