* Memory zeroed when made available to user process @ 2018-06-27 9:34 Jefferson Carpenter 2018-06-27 11:29 ` Richard Weinberger 0 siblings, 1 reply; 6+ messages in thread From: Jefferson Carpenter @ 2018-06-27 9:34 UTC (permalink / raw) To: Linux Kernel Mailing List Is there a way for a user process to mark memory as 'sensitive' or 'non-sensitive' when it is allocated? That could allow it not to have to be zeroed before being allocated to another process. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Memory zeroed when made available to user process 2018-06-27 9:34 Memory zeroed when made available to user process Jefferson Carpenter @ 2018-06-27 11:29 ` Richard Weinberger 2018-06-27 13:12 ` Michal Hocko 0 siblings, 1 reply; 6+ messages in thread From: Richard Weinberger @ 2018-06-27 11:29 UTC (permalink / raw) To: Jefferson Carpenter; +Cc: Linux Kernel Mailing List On Wed, Jun 27, 2018 at 11:34 AM, Jefferson Carpenter <jeffersoncarpenter2@gmail.com> wrote: > Is there a way for a user process to mark memory as 'sensitive' or > 'non-sensitive' when it is allocated? That could allow it not to have to be > zeroed before being allocated to another process. Isn't this what we have Meltdown and Spectre for? ;-) No, memory from the kernel is always zeroed. libc offers malloc() and calloc() for this purpose. -- Thanks, //richard ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Memory zeroed when made available to user process 2018-06-27 11:29 ` Richard Weinberger @ 2018-06-27 13:12 ` Michal Hocko 2018-06-27 13:18 ` Richard Weinberger 0 siblings, 1 reply; 6+ messages in thread From: Michal Hocko @ 2018-06-27 13:12 UTC (permalink / raw) To: Richard Weinberger; +Cc: Jefferson Carpenter, Linux Kernel Mailing List On Wed 27-06-18 13:29:05, Richard Weinberger wrote: > On Wed, Jun 27, 2018 at 11:34 AM, Jefferson Carpenter > <jeffersoncarpenter2@gmail.com> wrote: > > Is there a way for a user process to mark memory as 'sensitive' or > > 'non-sensitive' when it is allocated? That could allow it not to have to be > > zeroed before being allocated to another process. > > Isn't this what we have Meltdown and Spectre for? ;-) > > No, memory from the kernel is always zeroed. > libc offers malloc() and calloc() for this purpose. Well, except for the weird MAP_UNINITIALIZED. Anyway agreed that this is a bad idea and the flag should have never been merged. I've just mentioned it for completness. -- Michal Hocko SUSE Labs ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Memory zeroed when made available to user process 2018-06-27 13:12 ` Michal Hocko @ 2018-06-27 13:18 ` Richard Weinberger 2018-06-29 0:52 ` Jefferson Carpenter 0 siblings, 1 reply; 6+ messages in thread From: Richard Weinberger @ 2018-06-27 13:18 UTC (permalink / raw) To: Michal Hocko Cc: Richard Weinberger, Jefferson Carpenter, Linux Kernel Mailing List Am Mittwoch, 27. Juni 2018, 15:12:48 CEST schrieb Michal Hocko: > On Wed 27-06-18 13:29:05, Richard Weinberger wrote: > > On Wed, Jun 27, 2018 at 11:34 AM, Jefferson Carpenter > > <jeffersoncarpenter2@gmail.com> wrote: > > > Is there a way for a user process to mark memory as 'sensitive' or > > > 'non-sensitive' when it is allocated? That could allow it not to have to be > > > zeroed before being allocated to another process. > > > > Isn't this what we have Meltdown and Spectre for? ;-) > > > > No, memory from the kernel is always zeroed. > > libc offers malloc() and calloc() for this purpose. > > Well, except for the weird MAP_UNINITIALIZED. Anyway agreed that this is > a bad idea and the flag should have never been merged. I've just > mentioned it for completness. Oh, I forgot about the crazy nommu world. :-) Thanks, //richard -- sigma star gmbh - Eduard-Bodem-Gasse 6 - 6020 Innsbruck - Austria ATU66964118 - FN 374287y ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Memory zeroed when made available to user process 2018-06-27 13:18 ` Richard Weinberger @ 2018-06-29 0:52 ` Jefferson Carpenter 2018-06-29 6:10 ` Richard Weinberger 0 siblings, 1 reply; 6+ messages in thread From: Jefferson Carpenter @ 2018-06-29 0:52 UTC (permalink / raw) To: Richard Weinberger, Michal Hocko Cc: Richard Weinberger, Linux Kernel Mailing List On 6/27/2018 1:18 PM, Richard Weinberger wrote: > Am Mittwoch, 27. Juni 2018, 15:12:48 CEST schrieb Michal Hocko: >> On Wed 27-06-18 13:29:05, Richard Weinberger wrote: >>> On Wed, Jun 27, 2018 at 11:34 AM, Jefferson Carpenter >>> <jeffersoncarpenter2@gmail.com> wrote: >>>> Is there a way for a user process to mark memory as 'sensitive' or >>>> 'non-sensitive' when it is allocated? That could allow it not to have to be >>>> zeroed before being allocated to another process. >>> >>> Isn't this what we have Meltdown and Spectre for? ;-) >>> >>> No, memory from the kernel is always zeroed. >>> libc offers malloc() and calloc() for this purpose. Interesting. Let's say Process 1: free(use_memory(malloc(1024))); Then Process 2: malloc(1024); The physical RAM used to service Process 2's malloc call has to be zeroed to prevent it from leaking data from Process 1. However, if Process 1 could mark that memory as non-sensitive, then it would not have to be zeroed, saving the time it takes to do that. However, this would require at least a bit per memory page, so maybe it's not worth it. >> >> Well, except for the weird MAP_UNINITIALIZED. Anyway agreed that this is >> a bad idea and the flag should have never been merged. I've just >> mentioned it for completness. > > Oh, I forgot about the crazy nommu world. :-) > > Thanks, > //richard > ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: Memory zeroed when made available to user process 2018-06-29 0:52 ` Jefferson Carpenter @ 2018-06-29 6:10 ` Richard Weinberger 0 siblings, 0 replies; 6+ messages in thread From: Richard Weinberger @ 2018-06-29 6:10 UTC (permalink / raw) To: Jefferson Carpenter, Linux Kernel Mailing List; +Cc: Michal Hocko Am Freitag, 29. Juni 2018, 02:52:16 CEST schrieb Jefferson Carpenter: > On 6/27/2018 1:18 PM, Richard Weinberger wrote: > > Am Mittwoch, 27. Juni 2018, 15:12:48 CEST schrieb Michal Hocko: > >> On Wed 27-06-18 13:29:05, Richard Weinberger wrote: > >>> On Wed, Jun 27, 2018 at 11:34 AM, Jefferson Carpenter > >>> <jeffersoncarpenter2@gmail.com> wrote: > >>>> Is there a way for a user process to mark memory as 'sensitive' or > >>>> 'non-sensitive' when it is allocated? That could allow it not to have to be > >>>> zeroed before being allocated to another process. > >>> > >>> Isn't this what we have Meltdown and Spectre for? ;-) > >>> > >>> No, memory from the kernel is always zeroed. > >>> libc offers malloc() and calloc() for this purpose. > > Interesting. Let's say > > Process 1: > free(use_memory(malloc(1024))); > > Then Process 2: > malloc(1024); > > The physical RAM used to service Process 2's malloc call has to be > zeroed to prevent it from leaking data from Process 1. However, if > Process 1 could mark that memory as non-sensitive, then it would not > have to be zeroed, saving the time it takes to do that. However, this > would require at least a bit per memory page, so maybe it's not worth it. Is this really a measurable overhead on your system? Do you have numbers? Thanks, //richard ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-06-29 6:10 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2018-06-27 9:34 Memory zeroed when made available to user process Jefferson Carpenter 2018-06-27 11:29 ` Richard Weinberger 2018-06-27 13:12 ` Michal Hocko 2018-06-27 13:18 ` Richard Weinberger 2018-06-29 0:52 ` Jefferson Carpenter 2018-06-29 6:10 ` Richard Weinberger
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox