This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable

From: KOSAKI Motohiro <kosaki dot motohiro at gmail dot com>
To: Roland McGrath <roland at hack dot frob dot com>
Cc: Rich Felker <dalias at aerifal dot cx>, libc-alpha at sourceware dot org
Date: Mon, 30 Jul 2012 11:30:44 -0400
Subject: Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
References: <20120720162519.734e02eb@spoyarek> <5009A750.4050601@mentor.com><20120721012154.2de7da2b@spoyarek> <20120720212303.GT544@brightrain.aerifal.cx><20120720214753.639312C0DF@topped-with-meat.com> <20120720223800.GB26330@sunsite.ms.mff.cuni.cz><20120720224417.E8BEF2C0CA@topped-with-meat.com> <20120721061814.GC26330@sunsite.ms.mff.cuni.cz><20120721133217.GY544@brightrain.aerifal.cx> <20120725183634.E0C5F2C0B1@topped-with-meat.com>

>> I don't see the difference in MADV_FREE and mmap+MAP_FIZED+PROT_NONE
>> over top of the original map. If the latter is not fast enough it
>> should just be optimized for this special case since portable software
>> will already be using it for this purpose.
>
> They differ in the semantics they guarantee, though not in the apsect
> that malloc cares about (when not in the __libc_enable_secure case).
> With MADV_FREE, the kernel is not obliged to do anything at all, it can
> just do nothing at all or it can just mark internal data structures, or
> it can actually reclaim the pages right away--whatever it thinks is
> optimal.  With mmap, the kernel is required to immediately flush the
> pages so that any access is guaranteed to fault as soon as mmap returns.
> That could be much more expensive.

If I understand correctly, security paranoia want to discard pte entry
immediately likes MADV_DONTNEED otherwise it do nothing if system have
much much memory.

Example, if the process crash after MADV_FREE, security sensitive data
may store into core file.

... but, I don't understand the benefit of this proposal. nowadays,
security paranoia always do zero clear before calling free for
sensitive data. Can anyone please tell me which programs get a benefit
from this change?

Follow-Ups:
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Siddhesh Poyarekar
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: KOSAKI Motohiro

References:
- [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Siddhesh Poyarekar
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Carlos O'Donell
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Siddhesh Poyarekar
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Rich Felker
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Roland McGrath
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Jakub Jelinek
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Roland McGrath
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Jakub Jelinek
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Rich Felker
- Re: [PATCH][RFC] Allow explicit shrinking of arena heaps using anenvironment variable
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]