From 1e456f025d6b4e34a726180e7a27a04424fe79d1 Mon Sep 17 00:00:00 2001
From: He Sun <bochang.sh@antfin.com>
Date: Mon, 22 Jun 2020 10:49:26 +0800
Subject: [PATCH] Zeroize memory in munmap

1. Move the memory zeroization of mmap to munmap to increase mmap
performance
2. Do memory zeroizaiton during the drop of VMManager to guarentee all
allocated memory is zeroized before the next allocation
---
 src/libos/src/lib.rs           |  1 +
 src/libos/src/vm/vm_manager.rs | 27 ++++++++++++++-------------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/libos/src/lib.rs b/src/libos/src/lib.rs
index 61daa25b..bc51de48 100644
--- a/src/libos/src/lib.rs
+++ b/src/libos/src/lib.rs
@@ -11,6 +11,7 @@
 #![feature(alloc_layout_extra)]
 #![feature(concat_idents)]
 #![feature(trace_macros)]
+#![feature(slice_fill)]
 
 #[macro_use]
 extern crate alloc;
diff --git a/src/libos/src/vm/vm_manager.rs b/src/libos/src/vm/vm_manager.rs
index a0b7f642..1fee8865 100644
--- a/src/libos/src/vm/vm_manager.rs
+++ b/src/libos/src/vm/vm_manager.rs
@@ -24,26 +24,18 @@ impl VMInitializer {
                 // Do nothing
             }
             VMInitializer::FillZeros() => {
-                for b in buf {
-                    *b = 0;
-                }
+                // Filling zero is done in munmap
             }
             VMInitializer::CopyFrom { range } => {
                 let src_slice = unsafe { range.as_slice() };
                 let copy_len = min(buf.len(), src_slice.len());
                 buf[..copy_len].copy_from_slice(&src_slice[..copy_len]);
-                for b in &mut buf[copy_len..] {
-                    *b = 0;
-                }
             }
             VMInitializer::LoadFromFile { file, offset } => {
                 // TODO: make sure that read_at does not move file cursor
                 let len = file
                     .read_at(*offset, buf)
                     .cause_err(|_| errno!(EIO, "failed to init memory from file"))?;
-                for b in &mut buf[len..] {
-                    *b = 0;
-                }
             }
         }
         Ok(())
@@ -341,6 +333,9 @@ impl VMManager {
 
                 // Reset memory permissions
                 Self::apply_perms(&intersection_range, VMPerms::default());
+                unsafe {
+                    intersection_range.as_slice_mut().fill(0);
+                }
 
                 vma.subtract(&intersection_range)
             })
@@ -733,12 +728,18 @@ impl VMManager {
 
 impl Drop for VMManager {
     fn drop(&mut self) {
-        // Ensure that memory permissions are recovered
+        // Ensure that all allocated memories are restored to the default permissions and zeroed
         for vma in &self.vmas {
-            if vma.size() == 0 || vma.perms() == VMPerms::default() {
-                continue;
+            if vma.size() != 0 {
+                warn!("There are unmapped memories");
+
+                if vma.perms() != VMPerms::default() {
+                    Self::apply_perms(vma, VMPerms::default());
+                }
+                unsafe {
+                    vma.as_slice_mut().fill(0);
+                }
             }
-            Self::apply_perms(vma, VMPerms::default());
         }
     }
 }