On Mon, Mar 08, 2004 at 10:09:47AM -0500, Chris Friesen wrote:
> Arjan van de Ven wrote:
> >>Note that there are some applications for which it is a *bug* if an
> >>mlocked page gets written out to magnetic media.  (gpg, for example.)
> >>
> >
> >mlock() does not guarantee things not hitting magnetic media, just as
> >mlock() doesn't guarantee that the physical address of a page doesn't
> >change.
> 
> The mlock() man page sure seems to hint that they do, by explicitly 
> describing its use by high-security data processing as a way to keep the 
> information from getting to disk.

... and explicitly describing that this is not a 100% thing due to suspend
etc etc. 

----
mlock disables paging for the memory in the range starting at addr with
length len bytes. All pages which contain a part of the specified memory
range are guaranteed be resident in RAM when the mlock system call returns
successfully and they are guaranteed to stay in RAM until the pages are
unlocked by munlock or munlockall, until the pages are unmapped via munmap,
or until the process terminates or starts another program with exec.  Child
processes do not inherit page locks across a fork.
-----

that is what it guarantees. it guarantees that you don't hard-fault.
The rest of the manpage talks about potential usages but immediatly
describes the crypto one as non-solid