[Cryptography] WIPEONFORK in Linux 4.14

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Nov 26 06:16:00 EST 2017

Colm MacCárthaigh <colm at allcosts.net> writes:

>For crypto libraries this is particularly useful:

It's actually not that useful unless you rewrite your code's memory handling
just so you can use it.  madvise() works on a granularity of page boundaries,
despite the appearance of working on arbitrary memory regions.  This means
that unless the start address is page-aligned, it'll fail.  In addition it
functions at a much lower level than malloc(), so if you madvise() malloc'd
memory you'll end up messing with your heap in ways that will break memory
allocation.  For example MADV_WIPEONFORK will wipe the entire page or page
range containing the heap that the client gets, corrupting the heap on fork.

What this means is that you need to mmap() memory in order to madvise() on it,
and then implement your own allocator on top of that.  Or, every time you
allocate anything, make it a full page, again via mmap().  The chances of
something going wrong when you do your own memory management are probably a
lot higher than the chances of something ending up in a core dump when you


More information about the cryptography mailing list