Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp2947907rdb;
        Mon, 4 Dec 2023 11:54:59 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEuIddwY0cGO3Ukbvd2VGpboavd67Jz7DnUOcczrSS0s6hY2u5aYMDgih+48s2Q8Wok+4wO
X-Received: by 2002:a17:90a:450e:b0:286:6cc0:886a with SMTP id u14-20020a17090a450e00b002866cc0886amr73437pjg.87.1701719699120;
        Mon, 04 Dec 2023 11:54:59 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1701719699; cv=none;
        d=google.com; s=arc-20160816;
        b=CPw6N//+FhSIEUlHhqS0w3XKO6n4IiRGXJmgHweC+5vnEuiwgnEG7j2bBW/G5R1AF1
         M5Uek6opsHl3vJ01nLgyWuZAiBwjsbxvI85Mp5n/P0Rip7wG4oh9xE0JR3hqNaCuUAQ4
         HLjdLBlIcctnCsvbWOjeYQkjjHOk/JtTc802+g4IDBAGRh/rhg1BRf9dqWu6+RgZsVfj
         zlbwnSSPpczk8RfxJHhZ5J8Qdfb21trcN/EXG0xtRTs1rPXR2FnuIfxDMfcb/UpfEW1I
         /swiTVRKB4CwdfScu4mvz9XnQFt7GG3/b8D5WYBK7GKrL02ML38EENBlAVnMrqUZ5QZE
         NmTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:subject:cc:to:from:date
         :dkim-signature;
        bh=N8AC/l1FTNNa+MNT5w66lafh3Vlm6sI0sVjcSYzLYwo=;
        fh=5IuJknSA3KjuZFR6yhbimIEHj3Ij/hGOv5dvYcktQh0=;
        b=VkGl4ct2Qis1ilL8swK8ItDvTO54uxkM8+XnozrhZhXjSCWvoNMZFcApw7ooUmdRm6
         ykbYYxYRs0OX1neUhLX+3oAn+aeSWN3D3WEjBp/bN6+lxtRRyUNyYXXZf7rdTeIeNWCQ
         tIpJhWmhrQHWIbLwgiTqzZKF34nkhB1F852SCoSP/BTQYhl3c8Lckt3De79fF5LlVVId
         wZJWVWpUT3zZIy9HiBCPicq3GuyPwafq3WBbuL/szjte8nPkSz7YUHCx6qUmKPwre975
         MgUysEcasEQQTiImFI4t9IBSbA6PAWJTCSDedV3o8r/99NIO0YwgHvyDpHgWyZyVqG51
         HYeg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=fxL8hfcj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32])
        by mx.google.com with ESMTPS id q96-20020a17090a17e900b00286716a76fasi4184038pja.25.2023.12.04.11.54.58
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 04 Dec 2023 11:54:59 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linux-foundation.org header.s=korg header.b=fxL8hfcj;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by agentk.vger.email (Postfix) with ESMTP id 9F189805799F;
	Mon,  4 Dec 2023 11:54:56 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1345117AbjLDTya (ORCPT <rfc822;a.bouin@gmail.com> + 99 others);
        Mon, 4 Dec 2023 14:54:30 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33152 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S229983AbjLDTy3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Dec 2023 14:54:29 -0500
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B0A5DD2
        for <linux-kernel@vger.kernel.org>; Mon,  4 Dec 2023 11:54:35 -0800 (PST)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 27B65C433C7;
        Mon,  4 Dec 2023 19:54:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linux-foundation.org;
        s=korg; t=1701719675;
        bh=79u88kj0IH2fqDMmfbowSP2A7IK26YpGFzlDmV3B8uM=;
        h=Date:From:To:Cc:Subject:In-Reply-To:References:From;
        b=fxL8hfcjUVcVn0G4ahmmdQzvaG07Sb2V1KX/iHtWLP1y6q1szy36MbB5RuQBvcd1O
         ugR93TLbO2IoBvc5fMOELAqjhIngHdAWfnuTsD6LRN2BJYkvPWAZK7nP995lnW34bg
         m9Xhko5H87BBe8CuynWGLMmgeh3Sw3ROQgCm7ndk=
Date:   Mon, 4 Dec 2023 11:54:34 -0800
From:   Andrew Morton <akpm@linux-foundation.org>
To:     York Jasper Niebuhr <yjnworkstation@gmail.com>
Cc:     linux-kernel@vger.kernel.org, rppt@kernel.org,
        linux-security-module@vger.kernel.org
Subject: Re: [PATCH] mm: init_mlocked_on_free
Message-Id: <20231204115434.65f04d1de5041038ab5e2b8d@linux-foundation.org>
In-Reply-To: <20231202134218.151074-1-yjnworkstation@gmail.com>
References: <20231202134218.151074-1-yjnworkstation@gmail.com>
X-Mailer: Sylpheed 3.8.0beta1 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-5.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Mon, 04 Dec 2023 11:54:56 -0800 (PST)

On Sat,  2 Dec 2023 14:42:18 +0100 York Jasper Niebuhr <yjnworkstation@gmail.com> wrote:

> Adds the "PG_ofinit" page flag to specify if a page should be zeroed on
> free.

That's a problem - unused page flags are few, and are a treasured
resource.  Matthew Wilcox is a suitable reviewer, but you didn't cc the
linux-mm mailing list.

Please address this concern in future changelogs.

> Implements the "init_mlocked_on_free" boot option. When this boot option
> is set, any mlock'ed pages are zeroed on munmap, exit or exec. If the
> pages are munlock'ed beforehand, no initialization will take place. This
> boot option is meant to combat the performance hit of "init_on_free" as
> reported in commit 6471384af2a6 ("mm: security: introduce
> init_on_alloc=1 and init_on_free=1 boot options"). With
> "init_mlocked_on_free", only relevant data will be freed while
> everything else is left untouched by the kernel.

It would be helpful to provide a full description of the performance
benefits right here in the changelog, please.  Including example
quantitative testing results.  See if you can persuade us to consume
another page flag.  

Also, can we avoid using a page flag?   Can this be done on a per-vma
basis rather than per-page?

> Optimally, userspace programs will clear any key material or other
> confidential memory before exit and munlock the according memory
> regions. If a program crashes, however, userspace key managers will not
> be able to zero this data. If this happens, the memory will not be
> explicitly munlock'ed before exit either, so the kernel will zero the
> data and prevent data leaks. If the program finishes properly, no pages
> will be initialized again, as they were already munlock'ed.
> 
> In general, leaving memory mlock'ed until unmap, exit or exec can be used
> to specify exactly what memory should be initialized on free.
> 
> CONFIG_INIT_MLOCKED_ON_FREE_DEFAULT_ON can be set to enable
> "init_mlocked_on_free" by default.
> 

Please address the above and send us a v2?