From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753043AbdHIMnB (ORCPT <rfc822;w@1wt.eu>);
        Wed, 9 Aug 2017 08:43:01 -0400
Received: from mx1.redhat.com ([209.132.183.28]:40838 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1753018AbdHIMm7 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Aug 2017 08:42:59 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D27C78B95B
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=fweimer@redhat.com
Subject: Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK
To: "Kirill A. Shutemov" <kirill@shutemov.name>,
        Rik van Riel <riel@redhat.com>
Cc: Michal Hocko <mhocko@kernel.org>, linux-kernel@vger.kernel.org,
        mike.kravetz@oracle.com, linux-mm@kvack.org, colm@allcosts.net,
        akpm@linux-foundation.org, keescook@chromium.org, luto@amacapital.net,
        wad@chromium.org, mingo@kernel.org, dave.hansen@intel.com,
        linux-api@vger.kernel.org
References: <20170806140425.20937-1-riel@redhat.com>
 <20170807132257.GH32434@dhcp22.suse.cz>
 <20170807134648.GI32434@dhcp22.suse.cz> <1502117991.6577.13.camel@redhat.com>
 <20170809095957.kv47or2w4obaipkn@node.shutemov.name>
From: Florian Weimer <fweimer@redhat.com>
Message-ID: <8fe8040c-7595-ec09-6ce7-0da4fadc82c4@redhat.com>
Date: Wed, 9 Aug 2017 14:42:51 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <20170809095957.kv47or2w4obaipkn@node.shutemov.name>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 09 Aug 2017 12:42:59 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 08/09/2017 11:59 AM, Kirill A. Shutemov wrote:
> It's not obvious to me what would break if kernel would ignore
> MADV_DONTFORK or MADV_DONTDUMP.

Ignoring MADV_DONTDUMP could cause secrets to be written to disk,
contrary to the expected security policy of the system.

Thanks,
Florian