From owner-freebsd-hackers Thu Aug 22 19:36:26 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48E0A37B400 for ; Thu, 22 Aug 2002 19:36:22 -0700 (PDT) Received: from harrier.mail.pas.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12]) by mx1.FreeBSD.org (Postfix) with ESMTP id E2BB743E72 for ; Thu, 22 Aug 2002 19:36:21 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from pool0311.cvx21-bradley.dialup.earthlink.net ([209.179.193.56] helo=mindspring.com) by harrier.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 17i4Iu-000483-00; Thu, 22 Aug 2002 19:36:04 -0700 Message-ID: <3D659F4E.75D50F09@mindspring.com> Date: Thu, 22 Aug 2002 19:34:54 -0700 From: Terry Lambert X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Un, SungKyong" Cc: freebsd-hackers@freebsd.org Subject: Re: userland malloc() and zeroed page allocation in Kernel References: <001601c24a4a$121fbb60$1bf2fe81@etri.re.kr> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Un, SungKyong" wrote: > But when I try to test this, something strange happed. > > for (i=0; i<200;i++) { > malloc(1MB); > check it's all zeroed; > set this block to 'X'; > } > free all allocated memory(200MB); > for (i=0; i<200;i++) { > malloc(1MB); > check it's all 'X'; > } > > The first for loop shows that 200 1MB blocks are all zeroed. The second for > loop shows that > only the first 1MB has 'X' value and rest blocks are all zeroed. > > It seems that Kernel zero-out all free pages before allocation. > I know the Kernel allocate pre-zeroed page for BSS area but not for heap > area. > > Can anyone tell me the page allocation policy in Kernel? I guess your confusion is that the pages you freed and then reacquired maintained their previous contents? Pages are zero'ed before being assigned to a process, in order to avoid exposing information (this is a security requirement, since the data may have been from a process with priviledges that were nonintersecting with the process that filled the pages in the first placE). Once assigned to a process, if the process itself wishes to compartmentalize security, it is the responsibility of the application programmer to manage seperation of security domains by clearing pages before they are released. In this particular example, the pages were released, and then they were reacquired, without having been returned to the system. If the pages had been returned to the system, then given to another process, they would have been zeroed. Zero filling of released pages generally occurs as the pages are returned to the system memory pool, after being released by the application. This happens in the background, in the idle loop, but can happen at fault time, when the page is first accessd, if the system is under sufficient load that zeroing can't happen in the background. See: /usr/src/sys/vm/vm_fault.c:vm_fault() and look for "PG_ZERO". For caching of malloc'ed mappings, you probably also want to look at the phkmalloc implementation: /usr/src/lib/libc/stdlib/malloc.c; there is a difference between freeing memory in an application, and the process actually returning the memory to the system for reuse. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message