1

In Linux kernel, what does 'zeroed page' actually mean? I have tried corelate it with free pages but it does not make a lot of sense.

Ujjawal Jain
  • 11
  • 2

1 Answers1

2

Zeroed pages are pages where all bits in the page are set to 0. Not all zeroed pages are free, nor are all free pages necessarily zeroed (implementation specific):

A free page doesn't necessarily mean it is zeroed. It could be a page that is set to invalid (not in use by any process), but has old data from when it was last used. For security reasons, the OS should zero out pages before giving it to another program.

A zeroed page also doesn't mean it's a free page. When a process uses malloc() and then does a read (tested in Ubuntu 20.04), the memory that is allocated is all zeros, but, of course, at this point the page is not free. I wrote this C program to verify:

#include <stdio.h>
#include <stdlib.h>

#define PAGE_SIZE 4096
int num_pages = 32;

int main(){
    int i; 
    int bytes = num_pages * PAGE_SIZE;
    char * test = (char *)malloc(bytes);
    if (test == NULL){
        printf("Malloc failed.\n");
        return -1;
    }
 
    for(i =0; i < bytes; i++){
        // A zeroed page will have all (char) zeros in it
        if (test[i] != (char) 0)
            printf("Not (char) 0: %c\n", test[i]);
    }
    return 0;
}

As pointed out in the comments by @0andriy, my original example using calloc is implemented using the "Zero page", a single page filled with zeroes that all callocs can return using the copy-on-write optimization described here.

wxz
  • 2,254
  • 1
  • 10
  • 31
  • Ha-ha, `calloc()` actually is cheating due to CoW mechanisms used in kernel. So, no, `calloc()` does not return ‘zeroed’ pages, it returns Zero Page — special one which is zeroed and always mapped. https://stackoverflow.com/questions/35547665/linux-kernel-role-of-zero-page-allocation-at-paging-init-time/ – 0andriy May 05 '21 at 22:48
  • Good catch, I'll update my example. Do you agree that `malloc` returns zeroed pages if the OS zeroes them out before allocating? If so, I'll change my example to `malloc` instead. – wxz May 05 '21 at 23:33
  • No, `malloc()` returns an address from page list and marks that address space occupied. You really need to read something about modern MMU hardware and OS support of memory management. And if you got zeroed memory from `malloc()`, it’s libc allocator, not kernel one. – 0andriy May 06 '21 at 07:51
  • Yes and then after you read or write the memory it’s truly allocated, as I wrote in the post. I also said implementation specific so my answer still stands – wxz May 06 '21 at 13:02