Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2353340yba; Thu, 25 Apr 2019 15:08:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqymR9speDrg6+0lQrtKuP5ZBQGcCdtJnKmYscP7AFsxfXasrMglxSgCTT+vn8a+FS1ZvbjU X-Received: by 2002:a63:a55:: with SMTP id z21mr39832420pgk.440.1556230119244; Thu, 25 Apr 2019 15:08:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556230119; cv=none; d=google.com; s=arc-20160816; b=cLEeA3glOB1usf9YuvPXUc1H1mCCg0iqTu8iACaJgcMfyK5cFqFrV3U+TiySD4B7Eu vgTAqsd+z7Hn8dkZOghxU2hq1Mlo501f+x6xYeKNRly5AjvaKE5HUJUrQD10vsT/3Dbh 54AxKjbnEnC84WxpfLy8VlAS036OghBePtxd+RyIH6rOnRmH6x6sTK9XUVktnjJIRvgJ Ta0zc5n7fKEmyoEZZL//6cUTyKk9Ao0a6Vbokx7pXl1TXDCAsIldbh49iWWdHSPsiWHZ eNKvm1UtlCAvJfGBagAg98V2LZnajk1NSczD9x304mlYtwAdtQU1OWfVzY2BIsAL1c9h dLEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=fTCIXrMkQw8DWjirY0wbyKHBu3z39INvewV6V58xb34=; b=DGXZkdQpPsu13Zq6QXrMf4BnmDh/NHEkimUoJfE9MInW4Qk3B1hPutah9AWqIR8BIB o8U+JoDWLrhFcPTTzoTGEvSqNrA3CsLZC9qFfPMehv6URSWFoSaH44gpAk7j1XvewdGt k8EWLy6968yK666vYzFxxJJigU8GO+yMeHHZxOV7g00IqMOrA9FitFwPAS2M2duSArWp PnAcc2+P4AJX/lds5nPlJSw0xkNGIAgZQbOKirahls2+e/oc/m/jfSLMRfSkDcoTYXr6 g+nQjkU4iMVfluoyWOMLCRXZGQP7BH8bqHbAdCOiaTBuohe6j2GuvuZwe/s17IWN+QKS hJFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=MRWUNUxA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l3si20987178pgq.84.2019.04.25.15.08.23; Thu, 25 Apr 2019 15:08:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=MRWUNUxA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387867AbfDYUpy (ORCPT + 99 others); Thu, 25 Apr 2019 16:45:54 -0400 Received: from mail-io1-f68.google.com ([209.85.166.68]:33337 "EHLO mail-io1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387769AbfDYUpy (ORCPT ); Thu, 25 Apr 2019 16:45:54 -0400 Received: by mail-io1-f68.google.com with SMTP id u12so1210180iop.0 for ; Thu, 25 Apr 2019 13:45:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fTCIXrMkQw8DWjirY0wbyKHBu3z39INvewV6V58xb34=; b=MRWUNUxAgMtfjEUKh5EiicK3Gw8p3WkCwK0DaRezcQPhpuLx8df5emcz4NTK4E5D1o gAu0JkwLC+9tUT8zbS9e51olKa2jyblmviizLkXanyqOnYG93fxu/gElGFUGcmWOp/OB IfKtowKQ+80dsUp4qfifBulhtVIsPHSkOGGHLmB3TAgUTCkCcfBTt3ncKeByczcklw+c 5YOVm2E0mHEqz+FQwKO+YAzhUkzxvF2dlEBEo0uyQ/CjOPgK7+JpfaFUw8R76QnHKmaX 8u7U2ZhFNXvy/CCqKWdoRxpJjYhvxFtD4Ta/5Ij26a4vTAxBONBuPgh04ErsTEKhI/JX uHSA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fTCIXrMkQw8DWjirY0wbyKHBu3z39INvewV6V58xb34=; b=PxDWUPrl5d4YyzIxWruXp1qotYvkedgMEvrHMsUS5/JKdMB/MfJP3aV41d/Wx6lgsC 7jiY5K235EOOMwB0yeV7TgHHhCeN8rgP9oeQS+1g3Byys+SyO2K3+/+GXjoCLUIvRIL7 c49wx4aWlZRCaHKs21GEjdWEPOIuBb1rOcABVwVP9jPYAqNwludk81qoFCEc6B/W94od wdl/mnPacITrhx4lT7t05vpLHz2JbZt7go1hOJsxk8mWuFjDYJqZXIjaCcYjYtuAgUJq w0oTQ46rS90Pm7J7WnaKC9Z/Sh7/mJhP0WJBJ7ScokdKF4EyF6KaD7ZcgPMKZf5RLIEq HwuQ== X-Gm-Message-State: APjAAAWXYaqfaTqAFGlN79+owMQ2e1ITJww8RRynBdAGW5t2NRFhRqCr EUDWQ0+gkDssM2viKUmfHR1VVhhkduFhtP3j0/MSK3Pw278= X-Received: by 2002:a6b:e20e:: with SMTP id z14mr24868217ioc.169.1556225153517; Thu, 25 Apr 2019 13:45:53 -0700 (PDT) MIME-Version: 1.0 References: <20190424211038.204001-1-matthewgarrett@google.com> <20190425121410.GC1144@dhcp22.suse.cz> <1df0ef0c-4219-c259-18a2-9abfb2782c08@suse.cz> In-Reply-To: <1df0ef0c-4219-c259-18a2-9abfb2782c08@suse.cz> From: Matthew Garrett Date: Thu, 25 Apr 2019 13:45:42 -0700 Message-ID: Subject: Re: [PATCH V2] mm: Allow userland to request that the kernel clear memory on release To: Vlastimil Babka Cc: Michal Hocko , Linux-MM , Linux Kernel Mailing List , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Apr 25, 2019 at 5:44 AM Vlastimil Babka wrote: > > On 4/25/19 2:14 PM, Michal Hocko wrote: > > Please cc linux-api for user visible API proposals (now done). Keep the > > rest of the email intact for reference. > > > > On Wed 24-04-19 14:10:39, Matthew Garrett wrote: > >> From: Matthew Garrett > >> > >> Applications that hold secrets and wish to avoid them leaking can use > >> mlock() to prevent the page from being pushed out to swap and > >> MADV_DONTDUMP to prevent it from being included in core dumps. Applications > > So, do we really need a new madvise() flag and VMA flag, or can we just > infer this page clearing from mlock+MADV_DONTDUMP being both applied? I think the combination would probably imply that this is the behaviour you want, but I'm a little concerned about changing the semantics given the corner cases described earlier in the thread. If we can figure those out in a way that won't break any existing code, I could buy this.