Memory initialization happens when physical pages are associated with virtual
addresses via mmap() calls.
To protect confidential information, it’s essential to determine whether your memory has
been initialized. When your code releases memory, any sensitive data previously stored
in that memory can potentially be exposed during a future allocation. Therefore, the
memory should either be initialized (memory is filled with zeroes) or overwritten with
the contents of a secure object. The following scenarios outline when memory is
initialized and when it isn't:
Memory is initialized to zero for:
- anonymous allocations (MAP_ANON).
- initial mappings of shared-memory objects, unless populated from non-SYSRAM
typed memory.
- typed memory allocations from within SYSRAM.
- the tail of non-page-aligned file-backed allocations (e.g., when mapping a file
of size 3000, the first 3000 bytes are from the file, and the remaining 1096
bytes are initialized).
Memory isn't initialized for:
- mappings of existing shared memory objects.
- mappings of typed memory that isn't a subset of SYSRAM.
- direct mappings of explicit physical addresses (i.e., MAP_PHYS
without MAP_ANON).
For file-backed mappings (with the exception of non-page-aligned file-backed allocations
as mentioned above), the memory is initialized to the contents of the file.
Note: Only system allocations undergo memory initialization. In-process allocations,
such as those with a call to malloc(), don't guarantee that
reclaimed memory within the process is reinitialized. However, since threads within
the same process share all memory for that process, there is no way to hide data
among them.