Date: Thu, 22 Aug 2002 19:34:54 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: "Un, SungKyong" <skun@etri.re.kr> Cc: freebsd-hackers@freebsd.org Subject: Re: userland malloc() and zeroed page allocation in Kernel Message-ID: <3D659F4E.75D50F09@mindspring.com> References: <001601c24a4a$121fbb60$1bf2fe81@etri.re.kr>
next in thread | previous in thread | raw e-mail | index | archive | help
"Un, SungKyong" wrote:
> But when I try to test this, something strange happed.
>
> for (i=0; i<200;i++) {
> malloc(1MB);
> check it's all zeroed;
> set this block to 'X';
> }
> free all allocated memory(200MB);
> for (i=0; i<200;i++) {
> malloc(1MB);
> check it's all 'X';
> }
>
> The first for loop shows that 200 1MB blocks are all zeroed. The second for
> loop shows that
> only the first 1MB has 'X' value and rest blocks are all zeroed.
>
> It seems that Kernel zero-out all free pages before allocation.
> I know the Kernel allocate pre-zeroed page for BSS area but not for heap
> area.
>
> Can anyone tell me the page allocation policy in Kernel?
I guess your confusion is that the pages you freed and then
reacquired maintained their previous contents?
Pages are zero'ed before being assigned to a process, in order
to avoid exposing information (this is a security requirement,
since the data may have been from a process with priviledges
that were nonintersecting with the process that filled the pages
in the first placE).
Once assigned to a process, if the process itself wishes to
compartmentalize security, it is the responsibility of the
application programmer to manage seperation of security domains
by clearing pages before they are released.
In this particular example, the pages were released, and then
they were reacquired, without having been returned to the
system. If the pages had been returned to the system, then
given to another process, they would have been zeroed.
Zero filling of released pages generally occurs as the pages are
returned to the system memory pool, after being released by the
application. This happens in the background, in the idle loop,
but can happen at fault time, when the page is first accessd,
if the system is under sufficient load that zeroing can't happen
in the background. See: /usr/src/sys/vm/vm_fault.c:vm_fault()
and look for "PG_ZERO".
For caching of malloc'ed mappings, you probably also want to look
at the phkmalloc implementation: /usr/src/lib/libc/stdlib/malloc.c;
there is a difference between freeing memory in an application, and
the process actually returning the memory to the system for reuse.
-- Terry
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D659F4E.75D50F09>