memfd_secret() in 5.14

I was told that even exposing secretmem pages for a very short time in the direct map, for example when hibernating, is a security risk. As one example. other CPUs could expose that data.

It‘s the same reasoning that blocks these pages to be movable: migration code would have to temporarily map them. One approach discussed is using temporary per-cpu page tables for page migration.