Re: [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users

From: Dan Williams
Date: Mon Feb 22 2021 - 14:24:37 EST

Next message: Thomas Gleixner: "[GIT pull] timers/urgent for v5.12"
Previous message: pr-tracker-bot: "Re: [GIT PULL] livepatching for 5.12"
In reply to: Matthew Garrett: "Re: [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users"
Next in thread: James Bottomley: "Re: [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 22, 2021 at 2:24 AM Mike Rapoport <rppt@xxxxxxxxxx> wrote:
>
> On Mon, Feb 22, 2021 at 07:34:52AM +0000, Matthew Garrett wrote:
> > On Mon, Feb 08, 2021 at 10:49:18AM +0200, Mike Rapoport wrote:
> >
> > > It is unsafe to allow saving of secretmem areas to the hibernation
> > > snapshot as they would be visible after the resume and this essentially
> > > will defeat the purpose of secret memory mappings.
> >
> > Sorry for being a bit late to this - from the point of view of running
> > processes (and even the kernel once resume is complete), hibernation is
> > effectively equivalent to suspend to RAM. Why do they need to be handled
> > differently here?
>
> Hibernation leaves a copy of the data on the disk which we want to prevent.

Why not document that users should use data at rest protection
mechanisms for their hibernation device? Just because secretmem can't
assert its disclosure guarantee does not mean the hibernation device
is untrustworthy.

Next message: Thomas Gleixner: "[GIT pull] timers/urgent for v5.12"
Previous message: pr-tracker-bot: "Re: [GIT PULL] livepatching for 5.12"
In reply to: Matthew Garrett: "Re: [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users"
Next in thread: James Bottomley: "Re: [PATCH v17 08/10] PM: hibernate: disable when there are active secretmem users"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]