Is memory cleared by the Linux kernel when brk is reduced then increased again?

Question

I'm just wondering about what happens to memory that a user program releases through a brk system call, then gets back again. Does the kernel clear it out or is the contents left undefined?

I believe that the kernel clears out pages when they are newly allocated via brk, but I can't work out if it zeros them all if that page is returned, then requested back again. I'm looking through lxr.linux.no to try to find out. I'll also have a look at the book suggested in this post.

Thanks for your replies.

Tim

Answer 1

You get a fresh zeroed page: http://lxr.linux.no/#linux+v2.6.30.5/mm/memory.c#L2580

The content of a fresh page has to be cleared out. It could contain sensitive information, think about security.

Answer 2

IIRC it is clear on demand. So when a page is evicted the kernel leaves it alone, however it will get cleared when allocated to a new user/use (of which a re-growing brk would count). There are various hacks to map fresh anonymous pages to "zero page" and then swap it for a real cleared page on write.

Unallocated pages shouldn't get get pushed to swap if you are worrying about information leakage, although various cold boot attacks may work against them.

See the recent LWN article for more info: http://lwn.net/Articles/340370/