Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752024AbdHEPVs (ORCPT ); Sat, 5 Aug 2017 11:21:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:51656 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751262AbdHEPVr (ORCPT ); Sat, 5 Aug 2017 11:21:47 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 94B1B883C1 Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx02.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=riel@redhat.com Message-ID: <1501946504.6577.9.camel@redhat.com> Subject: Re: [PATCH 0/2] mm,fork,security: introduce MADV_WIPEONFORK From: Rik van Riel To: "Kirill A. Shutemov" Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, fweimer@redhat.com, colm@allcosts.net, akpm@linux-foundation.org, rppt@linux.vnet.ibm.com, keescook@chromium.org, luto@amacapital.net, wad@chromium.org, mingo@kernel.org Date: Sat, 05 Aug 2017 11:21:44 -0400 In-Reply-To: <20170804234435.lkblljl3f3ud2spm@node.shutemov.name> References: <20170804190730.17858-1-riel@redhat.com> <20170804234435.lkblljl3f3ud2spm@node.shutemov.name> Organization: Red Hat, Inc Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Sat, 05 Aug 2017 15:21:46 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 933 Lines: 23 On Sat, 2017-08-05 at 02:44 +0300, Kirill A. Shutemov wrote: > On Fri, Aug 04, 2017 at 03:07:28PM -0400, riel@redhat.com wrote: > > [resend because half the recipients got dropped due to IPv6 > > firewall issues] > > > > Introduce MADV_WIPEONFORK semantics, which result in a VMA being > > empty in the child process after fork. This differs from > > MADV_DONTFORK > > in one important way. > > > > If a child process accesses memory that was MADV_WIPEONFORK, it > > will get zeroes. The address ranges are still valid, they are just > > empty. > > I feel like we are repeating mistake we made with MADV_DONTNEED. > > MADV_WIPEONFORK would require a specific action from kernel, ignoring > the /advise/ would likely lead to application misbehaviour. > > Is it something we really want to see from madvise()? We already have various mandatory madvise behaviors in Linux, including MADV_REMOVE, MADV_DONTFORK, and MADV_DONTDUMP.