Memory initialization

Memory initialization happens when physical pages are associated with virtual addresses via mmap() calls.

To protect confidential information, it’s essential to determine whether your memory has been initialized. When your code releases memory, any sensitive data previously stored in that memory can potentially be exposed during a future allocation. Therefore, the memory should either be initialized (memory is filled with zeroes) or overwritten with the contents of a secure object. The following scenarios outline when memory is initialized and when it isn't:

Memory is initialized to zero for:
  • anonymous allocations (MAP_ANON)
  • initial mappings of shared-memory objects, unless populated from non-SYSRAM typed memory
  • typed memory allocations from within SYSRAM
  • the tail of non-page-aligned file-backed allocations (e.g., when mapping a file of size 3000, the first 3000 bytes are from the file, and the remaining 1096 bytes are initialized)
Memory isn't initialized for:
  • mappings of existing shared memory objects
  • mappings of typed memory that isn't a subset of SYSRAM
  • direct mappings of explicit physical addresses (i.e., MAP_PHYS without MAP_ANON)

For file-backed mappings (with the exception of non-page-aligned file-backed allocations as mentioned above), the memory is initialized to the contents of the file.

Note:
Only system allocations undergo memory initialization. In-process allocations, such as those with a call to malloc(), don't guarantee that reclaimed memory within the process is reinitialized. However, since threads within the same process share all memory for that process, there is no way to hide data among them.
Page updated: