memfd_secret() in 5.14

IIUC, the „easy“ ways to access this data (/proc/kcore), application BUGs (e.g., accidentally using the secretmem area as a sending buffer) and kernel/CPU BUGs. When disabling other features (e.g., kdump) and extending other features (e.g., clearing all secretmem areas before kexec or before reboots) we can make it even harder for root to still read secretmem in the future. But it might be hard to get rid of all (kdb?) such ways for root to still read that memory.