Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release

On Thu, Apr 25, 2019 at 8:32 AM Christopher Lameter wrote: > > On Wed, 24 Apr 2019, Matthew Garrett wrote: > > > Applications that hold secrets and wish to avoid them leaking can use > > mlock() to prevent the page from being pushed out to swap and > > MADV_DONTDUMP to prevent it from being includ

Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release

On Wed, 24 Apr 2019, Matthew Garrett wrote: > Applications that hold secrets and wish to avoid them leaking can use > mlock() to prevent the page from being pushed out to swap and > MADV_DONTDUMP to prevent it from being included in core dumps. Applications > can also use atexit() handlers to over

Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release

On Wed, Apr 24, 2019 at 1:20 PM Matthew Wilcox wrote: > It depends on the semantics you want. There's no legacy code to > worry about here. I was seeing this as the equivalent of an atexit() > handler; userspace is saying "When this page is unmapped, zero it". > So it doesn't matter that somebod

Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release

On Wed, Apr 24, 2019 at 12:33:11PM -0700, Matthew Garrett wrote: > On Wed, Apr 24, 2019 at 12:28 PM Matthew Wilcox wrote: > > But you can't have a new PageFlag. Can you instead zero the memory in > > unmap_single_vma() where we call uprobe_munmap() and untrack_pfn() today? > > Is there any way t

Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release

On Wed, Apr 24, 2019 at 12:28 PM Matthew Wilcox wrote: > > On Wed, Apr 24, 2019 at 12:14:40PM -0700, Matthew Garrett wrote: > > Unfortunately, if an application exits uncleanly, its secrets may still be > > present in RAM. This can't be easily fixed in userland (eg, if the OOM > > killer decides t

Re: [PATCH] mm: Allow userland to request that the kernel clear memory on release

On Wed, Apr 24, 2019 at 12:14:40PM -0700, Matthew Garrett wrote: > Unfortunately, if an application exits uncleanly, its secrets may still be > present in RAM. This can't be easily fixed in userland (eg, if the OOM > killer decides to kill a process holding secrets, we're not going to be able > to

[PATCH] mm: Allow userland to request that the kernel clear memory on release

From: Matthew Garrett Applications that hold secrets and wish to avoid them leaking can use mlock() to prevent the page from being pushed out to swap and MADV_DONTDUMP to prevent it from being included in core dumps. Applications can also use atexit() handlers to overwrite secrets on application