Good article. Two minor nits:
1. The article says:
"Additionally, if the parent had used mlock() to lock the original page into memory, that lock, too, will remain with the original page. The page which the parent had thought was pinned into RAM will become pageable, with potentially bad effects on performance and security."
AFAIK this is not 100% true: I think the page stays locked for parent, too.
- Parent will still get a fault on write access.
- Child has a copy of the page, along with any secret information
parent kept there.
2. There's another possible use for MADV_DONTFORK: to speed up fork
by not copying the irrelevant vmas, ptes etc.
This might become more important if plans to add support for early-copy
on fork materialize.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds