lockedpool: When possible, use madvise to avoid including sensitive information in core dumps

2019-03-14 13:36:24 +00:00 · 2019-03-14 13:36:24 +00:00 · b4b98d7ad0
parent 434ae2d95e
commit b4b98d7ad0
1 changed files with 3 additions and 0 deletions
--- a/src/support/lockedpool.cpp
+++ b/src/support/lockedpool.cpp
@ -230,6 +230,9 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess)
    addr = mmap(nullptr, len, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
    if (addr) {
        *lockingSuccess = mlock(addr, len) == 0;
+#ifdef MADV_DONTDUMP
+        madvise(addr, len, MADV_DONTDUMP);
+#endif
    }
    return addr;
 }