Received: by 2002:ac0:a581:0:0:0:0:0 with SMTP id m1-v6csp421139imm; Thu, 28 Jun 2018 23:34:18 -0700 (PDT) X-Google-Smtp-Source: ADUXVKKFtAYMDGWUdw3jSvoB/od4eNbLts5vMoBuNU/irMV2hecIu3awy7+OBj1q9euxdSEkRxgh X-Received: by 2002:a65:660a:: with SMTP id w10-v6mr11217316pgv.366.1530254058465; Thu, 28 Jun 2018 23:34:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530254058; cv=none; d=google.com; s=arc-20160816; b=atCtkdWfLKjGtJNcwT0PBQuUcQDKmLm/qbzCk2JLt6oX5e7chAQ8dAuTi1capZm78U zgucE20rxYT7pgxTAEfDZNn7diP7yF9vLN4oj5yqlIE9K2SX7ECkQcuSKtJTWN8QBXE7 SBgkCttKLgJ/bRzYj6GLl2r2/5lx0H/VjxwtOhnP20b4LsGHVRTCJo4sxDIyrww04jJV emLzU+7Su5Eeim5okpInsGg8nxDU0WElF/ubSYf5wCFghSOYsghaaUK1uo16mJfh1/qn 0bD7EKgtCLlhk01ALwkcS+f6S7pJsBv3FNqznIt8Q2ArqouiyFUKFFuWnngveQMfOk9s Of5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature :arc-authentication-results; bh=zIyVs41jfppXAoRVFzsOGK/t/A013DuefWd4HcLkE9M=; b=A881bhLKtKuKdwf61deGjmYbD813sQMcgXetDTdP81q6sZocESTrzeTgNLoGRduKs9 588DJyXK+a9+FIgCPhAPpXS9kyqrv+Qo3DUNbuQVzhKKgZCPWUrwS1OICG3CNDi7AIXb LGRlr3j7TxmQxWJTdh8rKV8ZH+bS94+UUiHNPrb/Q/O94Iws0/CHbDVUVL3iDVAhOCzE UmtwQHTxT7IpUftKmH4DkF+xA25qbLEPh0rsRCj4X7j3lIPsNoFZyPInfnsNTHvbTPDM QSTaKTwrd1mZEGU3AnpvuXqXIwIyn+ReuohJ5yZSF7fdiwVDOfREMCr7YzRPHjRWtA2+ TlHw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=asDyhqn4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z18-v6si5500854pfl.209.2018.06.28.23.34.04; Thu, 28 Jun 2018 23:34:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=asDyhqn4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755112AbeF2Awa (ORCPT + 99 others); Thu, 28 Jun 2018 20:52:30 -0400 Received: from mail-it0-f67.google.com ([209.85.214.67]:37489 "EHLO mail-it0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753663AbeF2Aw2 (ORCPT ); Thu, 28 Jun 2018 20:52:28 -0400 Received: by mail-it0-f67.google.com with SMTP id p17-v6so596718itc.2 for ; Thu, 28 Jun 2018 17:52:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=zIyVs41jfppXAoRVFzsOGK/t/A013DuefWd4HcLkE9M=; b=asDyhqn49ZiXUiHLAlix0RaNiylVlsYyN9oBzvjOGS01QO0ct7XVuYgg6r4dzrBVi0 GZr+qnKRm9Nmjmexf8eWw9DEzZJkpleHHtTIii9mr5G9NoQNKHth4T/+cb++vhL6nWAM cAT0wJI/smnVkJkSg30Berk3h+Jd4p6tVe9B9jvjz4bDJfPJF3iNF3Yifm0wQKf6s50j 6KBNN9dpcbQCB6ZAh7aUvTP0xgSDTKo+a8kqLULkbsqLMiADZS2+tC1/Y3vfE58z68GY QN/DLTZLqzSeqWn7Zd91FsX/s3LqizkiHHJfPh+wzxinoMIw/loXNkIF5lteBLnpVylc 5x4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=zIyVs41jfppXAoRVFzsOGK/t/A013DuefWd4HcLkE9M=; b=FExddZTU4z0La0i5D531dz6xIdI4Mx9JtsnBpEekUFPY2agoIAslxWDo18HqI5n16T fMOO5krdy4cb2g+aptCV4K+Cuurr0+4UclxrXmzAXheJI/jNBk6sR24tDCcsoF8v5sCJ 3cud/vd3LcUZulu/rT3lEtBBQGmI3mnevyNfpKIMrK2yyM2l4bNgmkAbSoXuTN6tx3Tz UVCVZvsI8afI1ST8YtcVQ/hTTpsjJr7X2AlYlCHH9TxrMM8oWo+iW69ECkZ32QaNV7Yv bp7q2SDRlz0Bww69HNsdhA9bauSpseIl/tw8j3LS65A7QfZa0PScgiW5DsiVMnebgxT3 cjfA== X-Gm-Message-State: APt69E2xxHIIz+V1CgAx1UM241DuGLCh8twq/d0pet7qa9T+MVlRy5ma iwag4PrcpBDFpsk3hEnorFi9ZBve X-Received: by 2002:a02:5f92:: with SMTP id x18-v6mr10262822jad.22.1530233548062; Thu, 28 Jun 2018 17:52:28 -0700 (PDT) Received: from [192.168.1.196] (c-69-180-151-171.hsd1.mn.comcast.net. [69.180.151.171]) by smtp.gmail.com with ESMTPSA id a77-v6sm98299itd.4.2018.06.28.17.52.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 28 Jun 2018 17:52:26 -0700 (PDT) Subject: Re: Memory zeroed when made available to user process To: Richard Weinberger , Michal Hocko Cc: Richard Weinberger , Linux Kernel Mailing List References: <71d13d76-4591-9206-ebbb-5e9599f10c7c@gmail.com> <20180627131248.GA3032@dhcp22.suse.cz> <2634793.Cb5OrAPIO5@blindfold> From: Jefferson Carpenter Message-ID: Date: Fri, 29 Jun 2018 00:52:16 +0000 User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <2634793.Cb5OrAPIO5@blindfold> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/27/2018 1:18 PM, Richard Weinberger wrote: > Am Mittwoch, 27. Juni 2018, 15:12:48 CEST schrieb Michal Hocko: >> On Wed 27-06-18 13:29:05, Richard Weinberger wrote: >>> On Wed, Jun 27, 2018 at 11:34 AM, Jefferson Carpenter >>> wrote: >>>> Is there a way for a user process to mark memory as 'sensitive' or >>>> 'non-sensitive' when it is allocated? That could allow it not to have to be >>>> zeroed before being allocated to another process. >>> >>> Isn't this what we have Meltdown and Spectre for? ;-) >>> >>> No, memory from the kernel is always zeroed. >>> libc offers malloc() and calloc() for this purpose. Interesting. Let's say Process 1: free(use_memory(malloc(1024))); Then Process 2: malloc(1024); The physical RAM used to service Process 2's malloc call has to be zeroed to prevent it from leaking data from Process 1. However, if Process 1 could mark that memory as non-sensitive, then it would not have to be zeroed, saving the time it takes to do that. However, this would require at least a bit per memory page, so maybe it's not worth it. >> >> Well, except for the weird MAP_UNINITIALIZED. Anyway agreed that this is >> a bad idea and the flag should have never been merged. I've just >> mentioned it for completness. > > Oh, I forgot about the crazy nommu world. :-) > > Thanks, > //richard >