Re: l1tf: Kernel suggests I throw away third of my memory. I'd rather not

From: Dave Hansen
Date: Wed Oct 17 2018 - 18:21:18 EST

Next message: Florian Weimer: "Re: statx(2) API and documentation"
Previous message: Jeffrey Hugo: "Re: [PATCH 1/2] serial: set suppress_bind_attrs flag only if builtin"
In reply to: Michal Hocko: "Re: l1tf: Kernel suggests I throw away third of my memory. I'd rather not"
Next in thread: Vlastimil Babka: "Re: l1tf: Kernel suggests I throw away third of my memory. I'd rather not"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 10/17/2018 04:32 AM, Pavel Machek wrote:
>> Well, that depends. Do you care about PROT_NONE attacks as well? If not
>> then no-swap would help you. But even then no-swap is rather theoretical
>> attack on a physical host unless you allow an arbitrary swapout to a
>> malicious user (e.g. allow a user controlled memcg hard limit that would
>> cause excessive local swapouts).
> PROT_NONE attack.. aha, so kernel stores not only information about
> swapped-out pages but also about file-backed pages that are currently
> not present? Hmm. That makes it more complex :-(.

There are also migration PTE entries that are "swap-like". They can
exist even if you swapoff -a.

Can we do better? Sure. I think we'd all be happy to review patches
that improve the situation if folks have simple ideas for improvement.

Attachment: signature.asc
Description: OpenPGP digital signature

Next message: Florian Weimer: "Re: statx(2) API and documentation"
Previous message: Jeffrey Hugo: "Re: [PATCH 1/2] serial: set suppress_bind_attrs flag only if builtin"
In reply to: Michal Hocko: "Re: l1tf: Kernel suggests I throw away third of my memory. I'd rather not"
Next in thread: Vlastimil Babka: "Re: l1tf: Kernel suggests I throw away third of my memory. I'd rather not"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]