Re: [PATCH v2 0/2] mm,fork,security: introduce MADV_WIPEONFORK
From: Florian Weimer
Date: Mon Aug 07 2017 - 10:19:32 EST
On 08/07/2017 03:46 PM, Michal Hocko wrote:
> How do they know that they need to regenerate if they do not get SEGV?
> Are they going to assume that a read of zeros is a "must init again"? Isn't
> that too fragile?
Why would it be fragile? Some level of synchronization is needed to set
things up, of course, but I think it's possible to write a lock-free
algorithm to maintain the state even without strong guarantees of memory
ordering from fork.
In the DRBG uniqueness case, you don't care if you reinitialize because
it's the first use, or because a fork just happened.
In the API-mandated fork check, a detection false positive before a fork
is not acceptable (because it would prevent legitimate API use), but I
think you can deal with this case if you publish a pointer to a
pre-initialized, non-zero mapping.