Re: [RFC] mm: why we should clear page when do anonymous page fault

[Jianyu Zhan <nasa4836@gmail.com>]

On Mon, Feb 22, 2016 at 10:56 AM, Xishi Qiu <qiuxishi@huawei.com> wrote:
> handle_pte_fault()
>         do_anonymous_page()
>                 alloc_zeroed_user_highpage_movable()
>
> We will alloc a zeroed page when do anonymous page fault, I don't know
> why should clear it? just for safe?
>
> If user space program do like the following, there are two memset 0, right?
> kernel alloc zeroed page, and user memset 0 it again, this will waste a
> lot of time.
>
> main()
> {
>         ...
>         vaddr = malloc(size)
>         if (vaddr)
>                 memset(vaddr, 0, size);
>         ...
> }
>
>
> Thanks,
> Xishi Qiu
>
> --
> To unsubscribe, send a message with 'unsubscribe linux-mm' in
> the body to majordomo@kvack.org.  For more info on Linux MM,
> see: http://www.linux-mm.org/ .
> Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>

I believe this is mainly for security reason.

To zero a highmem page, we could avoid another process peeking into the page
that is (highly likely) just released by another process, who might
well have put its confidential
data in that very page.

IIRC, Windows zeros the pages at freeing time. Linux instead does it lazily.

And for the userspace zeroing action,  it is another problem - user
just wants a clean, definitive
context to act on ( and we can be sure he/she is a self-disciplined
guy who does not peek into
other's secret,  but we can not assume that for all).


Thanks,
Jianyu Zhan

--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org.  For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>