On Thu, Jan 19, 2012 at 12:21 AM, Arun Sharma <asharma@xxxxxx> wrote: > > This enables malloc optimizations where we might > madvise(..,MADV_DONTNEED) a page only to fault it > back at a different virtual address. > > To ensure that we don't leak sensitive data to > unprivileged processes, we enable this optimization > only for pages that are reused within a memory > cgroup. > So the assumption is that only apps that have access to each others VMA's will run in this cgroup? > The idea is to make this opt-in both at the mmap() > level and cgroup level so the default behavior is > unchanged after the patch. > Sorry, I am not convinced we need to do this 1. I know that zeroing out memory is expensive, but building a potential loop hole is not a good idea 2. How do we ensure that tasks in a cgroup should be allowed to reuse memory uninitialized, how does the cgroup admin know what she is getting into? So I am going to NACK this. Balbir -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>