Why not make this a default behaviour?
When userspace sbrks to increase memory the kernel must hand it cleared memory or data leaks will result. From a performance perspective clearing at free is probably superior to clearing at the time the memory is allocated.
I expect that there would be a performance hit from the clearing of sub-page kernel allocations. But it may be negligible and if it isn't then just that part of this patch could be made an optional parameter.
With userspace memory protected and kernel cryptographic memory protected that would eliminate a significant part of the attack surface... am I missing a reason why this couldn't perform well?
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds