Merge bitcoin#15600: lockedpool: When possible, use madvise to avoid …

…including sensitive information in core dumps d831831 lockedpool: When possible, use madvise to avoid including sensitive information in core dumps (Luke Dashjr) Pull request description: If we're mlocking something, it's because it's sensitive information. Therefore, don't include it in core dump files, ~~and unmap it from forked processes~~. The return value is not checked because the madvise calls might fail on older kernels as a rule (unsure). ACKs for top commit: practicalswift: Code review ACK d831831 -- patch looks correct laanwj: ACK d831831 jonatack: ACK d831831 vasild: ACK d831831 Tree-SHA512: 9a6c1fef126a4bbee0698bfed5a01233460fbcc86380d984e80dfbdfbed3744fef74527a8e3439ea226167992cff9d3ffa8f2d4dbd5ae96ebe0c12f3eee0eb9e
PastaPastaPasta · Jul 1, 2021 · 56a8e0b · 56a8e0b
1 parent 2ee36d8
commit 56a8e0b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/support/lockedpool.cpp b/src/support/lockedpool.cpp
@@ -257,6 +257,9 @@ void *PosixLockedPageAllocator::AllocateLocked(size_t len, bool *lockingSuccess)
     }
     if (addr) {
         *lockingSuccess = mlock(addr, len) == 0;
+#ifdef MADV_DONTDUMP
+        madvise(addr, len, MADV_DONTDUMP);
+#endif
     }
     return addr;
 }