On 15.03.2017 16:06, Steven Chamberlain wrote:> Also it is great to see INHERIT_ZERO was added to mmap(2)!It is not so great. For a program which forks very often zeroing even one page will be slowdown. It will be better and faster to implement it as fork syscall wrapper setting single variable, as it already done for threaded lib. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170315/8b52dd77/attachment.sig>
Andrey Chernov <ache at freebsd.org> writes:> Steven Chamberlain <steven at pyro.eu.org> writes: > > Also it is great to see INHERIT_ZERO was added to mmap(2)! > It is not so great. For a program which forks very often zeroing even > one page will be slowdown.Wouldn't it be possible to just set up the page entry but leave it unmapped, so that it is paged in (and zeroed if necessary) on first access? Thus, a process that uses arc4random() and fork()s would not incur a penalty until (and unless) the child uses arc4random() too.> It will be better and faster to implement it as fork syscall wrapper > setting single variable, as it already done for threaded lib.fork() and vfork() and pdfork() and... From a security point of view, I prefer to have it in a single place. DES -- Dag-Erling Sm?rgrav - des at des.no
On Wed, Mar 15, 2017 at 1:13 PM, Andrey Chernov <ache at freebsd.org> wrote:> On 15.03.2017 16:06, Steven Chamberlain wrote: >> Also it is great to see INHERIT_ZERO was added to mmap(2)! > > It is not so great. For a program which forks very often zeroing even > one page will be slowdown. It will be better and faster to implement it > as fork syscall wrapper setting single variable, as it already done for > threaded lib.I think it's exactly what it was done (and unlike a fork wrapper, the zeroing only happens on-demand, i.e. when the page is first touched). Cheers,