Closed
Description
This is very crucial code, as part of the value proposition of s2n is that it will never leak user data. It feels like this code should have comments explaining why mlock & madvise. And tests, to the extent possible. It would be bad if these two were removed at some point (by accident or otherwise) and noone noticed.
I suppose madvise should be tested by writing a cookie into memory, provoking a segfault and "grepping" the core file to make sure the cookie was not found.
I guess mlock could also be tested this way, but would require a system wide effect where the process begins to swap, the reading the swap file attempting to find the cookie. But since it's swap it could be on a page boundary etc, more tricky...